WHAT THE EFFFF spits drink

See this image for reference https://i.imgur.com/Uq4Xfxk.jpg

See this image for reference https://i.imgur.com/Uq4Xfxk.jpg

The purpose is only for this to reach more audiences. I have documented this over many years.

Archived: https://web.archive.org/web/20220501212233/https://old.reddit.com/r/privatelife/comments/ug9qnc/writeup_criticism_of_rprivacyguides_grapheneos/ **I wanted to publish this a week ago, but my machine was begging for repairs and it gave up, so it stayed dead for a week. So, here we are.** Hello! The dust has settled. There is something I want to talk to all of you once again, something that I wrote approximately 23 months ago about, and has been stickied on this subreddit ever since. No, it is not the smartphone guide, and it is a lore that I do not think anybody except me has ever attempted to shed a light on, except until a month ago when BurungHantu, founder of PrivacyTools.io, did. As always, my aim is to stay objective throughout, and drop my opinions separately in a section at the very end. I also want to mention that this is a lore that basically nobody other than me has tracked in this depth, and nobody else carries a record of these events in this manner to date or ever can. **REMINDER: NONE OF THIS WILL MAKE SENSE IF YOU KEEP ON READING WHILE NOT READING LINKED ARTICLES/SCREENSHOTS I MENTION AS I GO ON.** # A BRIEF OVERVIEW A lot of people seemed to appreciate BurungHantu's blog post, and openly saw the censorship attempted across subreddits r/privacy, r/opensource and r/PrivacyGuides. This last one is the new "privacy" cool hangout cafe of the mainstream privacy subreddit circle. # THE PLAYERS IN THE GAME Before we move ahead, it is a good thing to make transparent the characters involved, so that we know who plays what role. A lot do not like this, apparently, because they want to fake objectivity. TheAnonymouseJoker (shameless plug): the "arbiter of truth" <insert Micay comment link>, ["false privacy prophet"](https://archive.is/Lm86i), wumao, 50cent, Chinese plant (https://i.imgur.com/vOyaidS.png), Putin bot these days... I am an independent privacy/freedom writer in the community with no donation/money channels and no links to YouTubers (Techlore, The Hated One, other privacytubers) and privacy communities in any form or way whatsoever. I am also a long term active user and promoter of the Fediverse platform Lemmy. trai_dep: A power moderator on Reddit. Moderator of r/privacy, r/PrivacyGuides, r/privacytoolsio (now defunct). I have spoken about him extensively in my 2 year old criticism writeup. One of the 2 characters in BurungHantu/PTIO's recent blog post. Jonah Aragon: A power moderator on Reddit. Moderator of r/PrivacyGuides and r/techlore, and Techlore Matrix room. The other person and focal point of BurungHantu/PTIO's blog post with many revelations. carrotcypher: Another power moderator of Reddit. Moderator of r/privacy, r/opensource and dozens of micro digital privacy/censorship subreddits. Daniel Micay: Developer of GrapheneOS, a security focused AOSP-based custom ROM exclusively for Google Pixels. Known to submit hardened malloc() patches for Linux kernel. A very controversial figure in privacy and FOSS/Linux communities. Uses @strcat and u/GrapheneOS handles across various platforms. madaidan: Admin of GrapheneOS, NoGoolag, SpiteChat communities/chatrooms across various platforms. The "insecurities" blog chap, notorious for a lot of misinformation in FOSS and Linux communities but opposite in a big chunk of mainstream privacy community. A staple of the "redditor hackerman" starterpack, for people who know nothing better. anupritaisno1/clannad/Coooom Yuki Nagato/randomhydrosol: same user, multiple names over time. They are one of the GrapheneOS members who use a lot of sockpuppets and frequently change pseudonym username. madaidan's friend. Note: clannad is seen changing username across Telegram and Reddit over time: https://i.imgur.com/V7McLFO.jpg cn3m: a friend of madaidan, who regularly spreads pro-Apple propaganda in privacy communities. For the most part, the account serves as a sockpuppet of someone since it has stayed inactive since 10 months. Lunacy: one of the newer GrapheneOS community parrots out there on Lemmy (now defunct). Comment activity was suspiciously similar to that of madaidan. An active member of GrapheneOS community. akc3n: moderator of GrapheneOS community, and active on PrivacyGuides and GrapheneOS subreddits, as well as on XMPP hunting users. Note: * He is one of the GrapheneOS Matrix room moderators. This will be important information later on. Proof: https://i.imgur.com/Uq4Xfxk.jpg * Notorious for practicing censorship beyond the Matrix room to practice censorship and/or suppress any GrapheneOS dissent, on Lemmy (https://i.imgur.com/4HtArcj.jpg) and XMPP (https://i.imgur.com/Hi089y6.jpg). Tommy_Tran/B0risGrishenko: New moderator of r/PrivacyGuides with suspiciously proven close links to GrapheneOS community. Did a hitpiece on me to gain recognition with PrivacyGuides team. Uses sockpuppets and identity obfuscation a lot on internet. # THE STORY. ONCE UPON A TIME... # GRSECURITY/SPENGLER SAGA Let me dial back the time machine to a few years ago, when madaidan's "insecurities" blog came into existence. It brought in a fair amount of fandom to him for some bizarre reason, which nobody has been able to pin down realistically. I can pinpoint it down to one big reason - anti-Linux faction of FOSS community, a large part of which is Brad Spengler, head of grsecurity, a security team that makes Linux kernel patches but gets rejected due to very arrogant behaviour, and even got reprimanded by Linus Torvalds, creator of Linux kernel in a mailing list. Some related threads on grsecurity: https://web.archive.org/web/20220401163814/https://www.theregister.com/2017/06/26/linus_torvalds_slams_pure_garbage_from_clowns_at_grsecurity/ https://web.archive.org/web/20220416203735/https://old.reddit.com/r/linux/comments/pupumh/brad_spengler_grsecurity_brags_about_hoarding/ https://archive.is/f5djI https://web.archive.org/web/20220416203035/https://nitter.42l.fr/spendergrsec/status/1486366129438212098 madaidan's certain amount of influence comes from the kind of Reddit and internet community that revolves around a particular group, a faction that I see as very anti-Linux and anti-FOSS for the most part, not because criticism is bad, but grift in the name of criticism is bad. I will expand upon this more in a moment. I am sure, most are wondering what does madaidan have to do with this. Apparently, there have been way too many instances where, upon criticisms in discussions, GrapheneOS community proponents often cite a bunch of URLs, among which grsecurity is one of them. And this is not a one off instance, so I will link a couple screenshot threads from Lemmy from 6 months ago, which is an exchange between u/Lunacy and me. I will cite this in a later part of article as well. < Lunacy Lemmy thread pic> https://i.imgur.com/dgWcn2J.jpg https://i.imgur.com/fRXHRoR.jpg # ENTER THE DANIEL MICAY He is a very underrated but important part of this whole story. I assume many people have an idea of CopperheadOS company splitting between Micay and James Donaldson (u/darknetj on Reddit) due to a lot of controversies and tussle I have nothing to do with, and therefore I will avoid commenting on. After this tussle, GrapheneOS project was born, essentially a fork of CopperheadOS in layman terms, which was also developed heavily by Micay. GrapheneOS is largely an AOSP fork of a fork with some security patchwork on top of it. Here I would like to mention a little anecdote from 2 years ago, something Micay always avoids acknowledging for some funny reason. This screenshot is from my reddit inbox, where I was messaged by CopperheadOS CEO regarding something. ### COPPERHEADOS CEO MODMAIL https://i.imgur.com/hujn4P1.jpg I will let the readers interpret this on their own. ### DANIEL MICAY AND MADAIDAN'S POWER OF FRIENDSHIP Moving on, there is a thread and mailing list I want to mention, which will help connect the dots as to how Micay and madaidan are not just related, but intertwined into each other, like a grandma's woven sweater. Most have no clue about this, so I will share the mailing list URL and screenshot here. In the below reddit thread/screenshot, Daniel Micay and madaidan argue together against Firefox. Before the Tor Project mailing list happened in August 2019, the whole anti-Firefox sentiment mysteriously used to not exist in GrapheneOS community. https://lists.torproject.org/pipermail/tor-dev/2019-August/013995.html https://www.unddit.com/r/firefox/comments/gokcis/firefox_is_insecure_refuted/ Screenshot: https://i.imgur.com/8nkO5Ll.jpg # A SERIES OF COLLECTED THREADS OVER THE PAST FEW YEARS... I will now share a Lemmy masterlist I made, perhaps a collection of various conversations by madaidan and his friend cn3m. Here is the URL: https://lemmy.ml/post/73800/comment/66676 I will relink the Lunacy Lemmy exchange screenshot once again, since Lunacy's comments are important for context. https://i.imgur.com/fRXHRoR.jpg I have never explained anything about the comment threads in my masterlist before, so this should help. https://i.imgur.com/UHhQRIU.jpg I think this is self explanatory and shows madaidan's argumentation that is otherwise deleted by him. https://i.imgur.com/FiYhbkk.jpg: madaidan being very 4chan-y in terms of blaming the computer language for problems in particular software code (in this case Linux kernel), while dismissing everything when it comes to Windows. His blog page about Linux is a massive piece of "toilet paper" repeatedly debunked at this point. If you think the phrase "toilet paper" is mine, come, have a look. https://web.archive.org/web/20210929053611/https://old.reddit.com/r/linux/comments/pwi1l9/thoughts_about_an_article_talking_about_the/ https://web.archive.org/web/20220111035527/https://news.ycombinator.com/item?id=25590079 https://archive.is/zxS72 (1/3)

Relevant reading: https://github.com/zlw9991/node-ipc-dependencies-list https://web.archive.org/web/20220318095406/https://github.com/RIAEvangelist/peacenotwar/issues/45 https://security.snyk.io/vuln/SNYK-JS-NODEIPC-2426370

Relevant reading: https://github.com/zlw9991/node-ipc-dependencies-list https://web.archive.org/web/20220318095406/https://github.com/RIAEvangelist/peacenotwar/issues/45 https://security.snyk.io/vuln/SNYK-JS-NODEIPC-2426370

I am observing a very similar sentiment to Sinophobia, now regarding Russia. Reddit's audience is primarily 80% USA + West EU, and the rest 20% also includes a lot of East Europe and other countries, leaving for 5-10% anti-hatred people. On the other hand, Western world makes up for a mere 12% of the world's population. This speaks volumes about how majoritarianism is flipped on the internet by Western world to suit their narratives and loudmouth whatever they want dominating in virtual space. And since moderators are also from said Western countries, the biases are completely intentional and systematic. For all the "human rights" and "no censorship" nonsense these Western countries spout with the assumption of having high horse on moral grounds, they lie a lot systematically. Just an observation.

cross-posted from: https://lemmy.ml/post/177032 > Combined with access timestamps, they can uniquely identify the source of any shared PDFs. > > Source: https://social.coop/@jonny/107685726645817029 -- Also includes tips for removing this data.

cross-posted from: https://lemmy.ml/post/143981 > Mod statement: https://np.reddit.com/r/PrivacyGuides/comments/rxf02a/theanonymousjoker_false_privacy_prophet/hs1dxux?context=3 > > https://i.imgur.com/LahmNkO.jpg > > dng99/dngray has branded a citation-less slander post as facts. These are the "community standards" of r/PrivacyGuides. Always remember this. > > u/trai_dep, the record stands corrected once again > > Moreover, my theory about GrapheneOS community using sockpuppets is true, as confirmed by... > > https://np.reddit.com/r/fdroid/comments/rxtc14/came_across_this_thoughts/hs1o6no?context=3 > > https://i.imgur.com/JX6uTpx.jpg > > Tommy_Tran = B0risGrishenko (OP of slander post). Thanks for confirming my GrapheneOS community sockpuppet theory.

Mod statement: https://np.reddit.com/r/PrivacyGuides/comments/rxf02a/theanonymousjoker_false_privacy_prophet/hs1dxux?context=3 https://i.imgur.com/LahmNkO.jpg dng99/dngray has branded a citation-less slander post as facts. These are the "community standards" of r/PrivacyGuides. Always remember this. u/trai_dep, the record stands corrected once again Moreover, my theory about GrapheneOS community using sockpuppets is true, as confirmed by... https://np.reddit.com/r/fdroid/comments/rxtc14/came_across_this_thoughts/hs1o6no?context=3 https://i.imgur.com/JX6uTpx.jpg Tommy_Tran = B0risGrishenko (OP of slander post). Thanks for confirming my GrapheneOS community sockpuppet theory.

https://teddit.net/r/PrivacyGuides/comments/rxf02a/theanonymousjoker_false_privacy_prophet/ This is one of key GrapheneOS community members doing it, and r/PrivacyGuides has the same moderation team as r/privacytoolsio before, and the main moderator of r/privacy is also same. Has anyone seen this kind of behaviour in overall privacy community? Edit: https://ghostarchive.org/archive/ttkkU reddit post archived

https://lemmy.ml/post/128667 Crosspost but the guide body is so long, I had to break it into 5 parts.

https://lemmy.ml/post/128667 Lemmy unfortunately has a word limit for posts, and I had to break my post into 5 parts, 4 as comments, to be able to post it. So, comments and questions can be put here.

(1/5) Edit(11/1/2022): * MIUI has no biometric Lockdown, solution. * FFUpdater and UntrackMe apps recommended. * Added back Vinyl Music Player. **NOTE (June) 15/06/2020**: r_privacy moderator trai_dep [revengefully](https://np.reddit.com/r/privatelife/comments/h8hsdh/exclusive_rprivacy_moderator_deleted_smartphone/) deleted my highly gilded 1.0 guide [post](https://np.reddit.com/r/privacy/comments/em8doj/smartphone_hardening_guide_for_normal_people/) before. # NOTE: I will NOT respond to prejudiced and political trolls. Hello! It took a while before I could gather enough upgrades to create this fourth iteration of the smartphone guide so many people love. It seems to have benefitted many people, and it was only a matter of time before things got spicier. It is time to, once again, shake up the expectations of how much privacy, security and anonymity you can achieve on a non rooted smartphone, even compared to all those funky "security" custom ROMs. It is time to get top grade levels of privacy in the hands (pun intended) of all you smartphone users. Steps are as always easy to apply if you follow the guide, which is a pivotal foundation of this guide I started 2 years ago. After all, what is a guide if you feel unease in even being able to follow its lead? Unlike last year, I want to try and fully rewrite the guide wherever possible, but some parts will seem similar obviously, as this, while technically being an incremental improvement, is also a massive jump for darknet users. This version of the guide took a while compared to the previous versions. **A kind request to share this guide to any privacy seeker.** ----- # User and device requirement * ANY Android 9+ device (Android 10+ recommended for better security) * knowledge of how to copy-paste commands in Linux or Mac Terminal/MS-DOS Command Prompt (for ADB, it is very simple, trust me) * For intermediate tech users: typing some URLs and saving them in a text file ----- # What brings this fourth iteration? Was the previous version not good enough? No, it was not, just like last time. There is always room for improvement, but I may have started to encounter law of diminishing returns, just like Moore's Law has started to fail with desktop CPU transistor count advancements. This does not mean I am stopping, but upgrades might get marginal from here on. The upgrades we now have are less in number, higher in quality. So, we have a lot explanation to read and understand this time around. A summary of new additions to the [3.0 guide](https://np.reddit.com/r/privatelife/comments/lpyl1s/100_foss_smartphone_hardening_nonroot_guide_30/): * Update to the Apple section * Many additions in section for app recommendations and replacements * NetGuard replaced with Invizible Pro (this is massive) * A colossal jump in your data security in the event of a possible physical phone theft using a couple applications * An attempt at teaching the importance of Android/AOSP's killswitch feature for VPNs/firewalls * (FOR XIAOMI USERS) How to configure Work Profile, as Second Space causes issues, and adding back biometric Lockdown * How to be able to copy files from work profile to main user storage without Shelter/Insular's Shuttle service * Some changes in phone brand recommendations * Caveat(s) ----- # Why not Apple devices? iPhone [does not allow you to have privacy](https://gist.github.com/iosecure/357e724811fe04167332ef54e736670d) due to its blackbox nature, and is simply a false marketing assurance by Apple to you. Recently, an unpatchable hardware flaw was [discovered](https://9to5mac.com/2020/08/01/new-unpatchable-exploit-allegedly-found-on-apples-secure-enclave-chip-heres-what-it-could-mean/) in Apple's T1 and T2 "security" chips, rendering Apple devices critically vulnerable. Also, [they recently dropped plan for encrypting iCloud backups after FBI complained](https://www.reuters.com/article/us-apple-fbi-icloud-exclusive/exclusive-apple-dropped-plan-for-encrypting-backups-after-fbi-complained-sources-idUSKBN1ZK1CT). They also collect and sell data [quite a lot](https://i.imgur.com/n8Bk0bA.jpg). Siri still records conversations 9 months after Apple [promised not](https://www.theregister.co.uk/2020/05/20/apple_siri_transcriptions/) to do it. Apple Mail app is vulnerable, yet Apple stays in [denial](https://9to5mac.com/2020/04/27/iphone-mail-vulnerabilities-2/). Also, [Apple sells certificates to third-party developers that allow them to track users](https://www.theatlantic.com/technology/archive/2019/01/apples-hypocritical-defense-data-privacy/581680/), [The San Ferdandino shooter publicity stunt was completely fraudulent](https://www.aclu.org/blog/privacy-technology/internet-privacy/one-fbis-major-claims-iphone-case-fraudulent), and [Louis Rossmann dismantled Apple's PR stunt "repair program"](https://invidio.us/watch?v=rwgpTDluufY). [Apple gave the FBI access to the iCloud account of a protester **accused** of setting police cars on fire](https://www.businessinsider.com/apple-fbi-icloud-investigation-seattle-protester-arson-2020-9). [Apple's authorised repair leaked a customer's sex tape during iPhone repair.](https://www.youtube.com/watch?v=xt3YSD36ZNc) This is how much they respect your privacy. You want to know how much more they respect your privacy? Apple's Big Sur(veillance) fiasco seemed [not enough](https://np.reddit.com/r/privatelife/comments/jvdokk/writeup_beware_of_shills_defending_apple_big/), it seems. Still not enough to make your eyes pop wide open? Apple's CSAM mandatory scanning of your local storage is a fiasco that will echo forever. This blog [article](https://www.hackerfactor.com/blog/index.php?%2Farchives%2F929-One-Bad-Apple.html) should be of help. But they [lied](https://www.icenterpro.eu/apples-csam-system-was-hacked-but-the-firm-claims-it-is-protected/) how their system was never hacked. I [doubt](https://np.reddit.com/r/MachineLearning/comments/p6hsoh/p_appleneuralhash2onnx_reverseengineered_apple/). They even [removed CSAM protection references](https://www.macrumors.com/2021/12/15/apple-nixes-csam-references-website/) off of their website for some reason. Pretty sure atleast the most coveted privacy innovation of App Tracking protection with one button tracking denial would work, right? [Pure. Privacy. Theater.](https://www.yahoo.com/news/former-apple-engineer-says-button-164452709.html) Surely this benevolent company blocked and destroyed Facebook and Google's ad network ecosystem by blocking all those bad trackers and ads. Sigh. [Nope.](https://twitter.com/PatrickMcGee_/status/1449608262492459011) Now it is just Apple having monopoly over your monetised data. Also, Android's open source nature is starting to pay off in the long run. Apple 0-day exploits are far [cheaper](https://www.wired.com/story/android-zero-day-more-than-ios-zerodium/) to do than Android. ----- # LET'S GO!!! **ALL users must follow these steps except the "FOR ADVANCED/INTERMEDIATE USERS" tagged points or sections.** **Firstly, if your device is filled to the brim or used for long time, I recommend backing up your data and factory resetting for clean slate start.** * **Sign out all your** Google and phone brand **accounts** from your device so that Settings-->Accounts do not show any sign-ins **except WhatsApp/Signal/Telegram** * Install ADB on your Linux, Windows or Mac OS machine, simple guide: https://www.xda-developers.com/install-adb-windows-macos-linux/ * Use ["Universal Android Debloater"](https://gitlab.com/W1nst0n/universal-android-debloater) to easily debloat your bloated phone. NOTE: Samsung users will lose Samsung Pay, as Samsung has been caught and declares they sell this data: https://www.sammobile.com/news/samsung-pay-new-privacy-policy-your-data-sold/ * Install **F-Droid app store** from [here](https://f-droid.org/en/) * Install **NetGuard** app firewall (see NOTE) from F-Droid and set it up with privacy based DNS like *AdGuard/Uncensored/Tenta/Quad9 DNS*. NOTE: NetGuard with [Energized Ultimate](https://block.energized.pro/ultimate/formats/hosts.txt) HOSTS file with any one of the above mentioned DNS providers is the ultimate solution. **NOTE: Download the Energized Ultimate hosts file from https://github.com/EnergizedProtection/block and store it on phone beforehand. This will be used either for NetGuard or Invizible, whichever is picked later on.** **(FOR ADVANCED USERS)** If you know how to merge HOSTS rules in one text file, you can merge Xtreme addon pack from Energized GitHub. You can also experiment with the Porn and Malicious IP domain lists. NOTE: Set DNS provider address in Settings -> Advanced settings --> VPN IPv4, IPv6 and DNS * Install **Invizible Pro** from F-Droid (LONG SECTION FOR THIS BELOW) * In F-Droid store, open Repositories via the 3 dot menu on top right and add the following repositories below: 1. https://gitlab.com/rfc2822/fdroid-firefox 2. https://apt.izzysoft.de/fdroid/index.php 3. https://guardianproject.info/fdroid/repo/ Go back to F-Droid store home screen, and hit the update button beside the 3 dot menu. (This may vary if you have newer F-Droid store app with new user interface.) -----

cross-posted from: https://lemmy.ml/post/84636 > > > https://bugzilla.mozilla.org/show_bug.cgi?id=1727907 > > 'Offline' is currently the default which is explained in the [source code](https://searchfox.org/mozilla-central/rev/d488f68d845a87cc107612b667951152c34fb116/browser/components/urlbar/UrlbarPrefs.jsm#543): > > "This is the scenario for the "offline" rollout. Firefox Suggest suggestions are enabled by default. Search strings and matching keywords are not included in related telemetry. The onboarding dialog is not shown." > > Switching to 'online' would trigger a dialog that comes up when you start the browser. Only clicking 'Allow suggestions' on the dialog would opt you into the search query collection.

cross-posted from: https://lemmy.ml/post/76603 > I think this highlights a more general problem of data ownership. People do not own devices and services they pay for in a traditional sense because the company gets the final say on how they're used. Companies can decide to analyzer your data, share it with partners, and even prevent you from accessing it.

From the article: > Reuters revealed some of America’s biggest tech companies will let “Five Eyes” and the U.N. decide whose stories the “Global Internet Forum to Counter Terrorism” should censor. > “Until now, the Global Internet Forum to Counter Terrorism’s (GIFCT) database has focused on videos and images from terrorist groups on a United Nations list and so has largely consisted of content from Islamist extremist organizations such as Islamic State, al Qaeda and the Taliban.” > Big Tech’s GIFCT is essentially a Five Eyes censorship program, masquerading as a Big Tech social media forum to stop terrorism and extremism. > “Over the next few months, the group will add attacker manifestos — often shared by sympathizers after white supremacist violence — and other publications and links flagged by U.N. initiative Tech Against Terrorism. It will use lists from intelligence-sharing group Five Eyes, adding URLs and PDFs from more groups, including the Proud Boys, the Three Percenters and neo-Nazis.” > Twitter and YouTube are also helping help Five Eyes spy on the world’s social media. > “The firms, which include Twitter and YouTube, share “hashes,” unique numerical representations of original pieces of content that have been removed from their services. Other platforms use these to identify the same content on their own sites in order to review or remove it.” > Other companies that have access to the GIFCT database are Reddit, Snapchat, Instagram, Verizon Media, LinkedIn, Dropbox, MailChimp and Airbnb.

cross-posted from: https://lemmy.ml/post/75411 > From it's Telegram channel: > > > Hello,\ > \ > At approximately 21:33 UTC July 26 2021, I have been hit with a cease & desist letter from a law firm repsenting Facebook. The letter was sent to one of my personal email address as well as Barinsta's public inbox (and as a result, it is published). In response, the source code has been taken down, and all promotional materials within my control has been adjusted to reflect the fact.\ > \ > While I believe it is nearly impossible to fight a resourceful multinational firm and reinstate the app, we will still try to get as much resources as we could to navigate in this crisis. > \ > At this dire moment, I ask you to do 1 thing: Please let others know what is happening here. Such bullying behaviour against a young university student is in no way excusable. Such bullying behaviour against many internet users is in no way excusable.\ > \ > It has been an honour of a lifetime to serve as one of the main contributors of Barinsta. I am forever grateful for the countless supporters along the way.\ > \ > Thank you & Best Regards, > \ > Austin Huang https://austinhuang.me > > The letter was posted in the [Barinsta GitHub](https://github.com/austinhuang0131/austinhuang0131/issues/2) as a sadly notice of the end of the project.

(1/2) Lemmy does not allow too long post walls **UPDATED 16/8/2020: Major edit, replaced closed source App Ops and Shizuku with AppOpsX (Free Open source) on F-Droid. ~~This guide is nearly FOSS supported now.~~** **UPDATED 17/9/2020: MAJOR EDIT, replaced closed source Access Dots with Privacy Indicator (FOSS) on Izzy's F-Droid repo. This guide is completely FOSS.** Hello! I am the founder of /r/privatelife . Finally my smartphone non root guide is back, and there are some big upgrades. I was taking time to test everything myself on my daily driver, so apologies for keeping everyone in the wait, but stability and ease of use is the important goal to strive in my playbook. Privacy must be accessible to maximum amount of people without being annoying or tedious. **A kind request to share this guide to any privacy seeker.** #User and device requirement * ANY Android 9+ device * knowledge of how to copy-paste commands in Linux or Mac Terminal/MS-DOS Command Prompt (for ADB, it is very simple, trust me) #Why not Apple devices? iPhone [does not allow you to have privacy](https://gist.github.com/iosecure/357e724811fe04167332ef54e736670d) due to its blackbox nature, and is simply a false marketing assurance by Apple to you. Recently, an unpatchable hardware flaw was [discovered](https://9to5mac.com/2020/08/01/new-unpatchable-exploit-allegedly-found-on-apples-secure-enclave-chip-heres-what-it-could-mean/) in Apple's T1 and T2 "security" chips, rendering Apple devices critically vulnerable. 17/9/2020: [Apple gave the FBI access to the iCloud account of a protester **accused** of setting police cars on fire](https://www.businessinsider.com/apple-fbi-icloud-investigation-seattle-protester-arson-2020-9). Also, [they recently dropped plan for encrypting iCloud backups after FBI complained](https://www.reuters.com/article/us-apple-fbi-icloud-exclusive/exclusive-apple-dropped-plan-for-encrypting-backups-after-fbi-complained-sources-idUSKBN1ZK1CT). They also collect and sell data [quite a lot](https://i.imgur.com/n8Bk0bA.jpg). Siri still records conversations 9 months after Apple [promised not](https://www.theregister.co.uk/2020/05/20/apple_siri_transcriptions/) to do it. Apple Mail app is vulnerable, yet Apple stays in [denial](https://9to5mac.com/2020/04/27/iphone-mail-vulnerabilities-2/). Also, [Apple sells certificates to third-party developers that allow them to track users](https://www.theatlantic.com/technology/archive/2019/01/apples-hypocritical-defense-data-privacy/581680/), [The San Ferdandino shooter publicity stunt was completely fraudulent](https://www.aclu.org/blog/privacy-technology/internet-privacy/one-fbis-major-claims-iphone-case-fraudulent), and [Louis Rossmann dismantled Apple's PR stunt "repair program"](https://invidio.us/watch?v=rwgpTDluufY). Also, Android's open source nature is starting to pay off in the long run. Apple 0-day exploits are far [cheaper](https://www.wired.com/story/android-zero-day-more-than-ios-zerodium/) to do than Android. ----- #LET'S GO!!! **ALL users must follow these steps before "for nerdy users" section.** **Firstly, if your device is filled to the brim or used for long time, I recommend backing up your data and factory resetting for clean slate start.** * **Sign out all your** Google and Huawei/Samsung/other phonemaker **accounts** from your device so that Settings-->Accounts do not show any sign-ins **except WhatsApp/Telegram** * Install ADB on your Linux, Windows or Mac OS machine, simple guide: https://www.xda-developers.com/install-adb-windows-macos-linux/ * Use ["Universal Android Debloater"](https://gitlab.com/W1nst0n/universal-android-debloater) to easily debloat your bloated phone. NOTE: Samsung users will lose Samsung Pay, as Samsung has been caught and declares they sell this data: https://www.sammobile.com/news/samsung-pay-new-privacy-policy-your-data-sold/ * **Make DIY camera covers**, for front camera notch use a tiny appropriate-sized thin opaque plastic cutout and use an invisible tape to stick it in place, replace every month (cost: tape roll and one minute of your time per month). [**My rear camera cover**](https://i.postimg.cc/T37Qvc52/image.jpg) * Install **F-Droid app store** from [here](https://f-droid.org/en/) * Install **NetGuard** app firewall (see NOTE) from F-Droid and set it up with [privacy based DNS like Uncensored DNS or Tenta DNS or AdGuard DNS] NOTE: NetGuard with [Energized Ultimate](https://block.energized.pro/ultimate/formats/hosts.txt) HOSTS file with any one of the above mentioned DNS providers is the ultimate solution. NOTE: Set DNS provider address in Settings -> Advanced settings --> VPN IPv4, IPv6 and DNS * In F-Droid store, open Repositories via the 3 dot menu on top right and add the following links below: 1. https://rfc2822.gitlab.io/fdroid-firefox/fdroid/repo?fingerprint=8F992BBBA0340EFE6299C7A410B36D9C8889114CA6C58013C3587CDA411B4AED 2. https://apt.izzysoft.de/fdroid/repo?fingerprint=3BF0D6ABFEAE2F401707B6D966BE743BF0EEE49C2561B9BA39073711F628937A 3. https://guardianproject.info/fdroid/repo?fingerprint=B7C2EEFD8DAC7806AF67DFCD92EB18126BC08312A7F2D6F3862E46013C7A6135 Go back to F-Droid store home screen, and hit the update button beside the 3 dot menu. ----- ###LIST OF APPS TO GET * Get **Firefox Preview** web browser from F-Droid (install uBlock Origin addon inside ([if technically advanced, try doing this](https://github.com/gorhill/uBlock/wiki/Blocking-mode:-medium-mode))). Also get **Firefox Klar** if you like a separate incognito browser. * Get **Aurora Store** from F-Droid for apps from Play Store without actually using Play Store, use Anonymous option to sign in * for 3rd party APKs source them only from **APKMirror** OR **APKPure** OR **APKMonk**, quite trusted, BUT **TRY AND AVOID IT IF POSSIBLE** * Get **Privacy Indicator** from F-Droid for **iOS 14 like camera/mic dot indicator feature** * Get **OSMAnd+** from F-Droid or **Qwant Maps inside web browser** for maps and/or print physical maps if you live and travel in one or two states or districts. NOTE: Qwant Maps has better search results than OSMAnd+ * Get **PilferShush Jammer** from F-Droid to block microphone (use this in malls, restaurants or such public places if you can to prevent beacon tracking) * Get **OpenBoard** (user friendly) OR **AnySoftKeyboard** (nerd friendly) from F-Droid instead of Google GBoard, Microsoft SwiftKey et al, they are closed source keylogger USA spyware * Get **FTP Server (Free)** from F-Droid and **FileZilla on computer** for computer-to-phone internet less file sharing NOTE: for phone-computer sync or sharing, can TRY **KDE Connect**, available for Android, Windows, Linux * Get **TrebleShot** instead of SHAREIt for phone to phone file sharing * Get **K-9 Mail** or **FairEmail** as e-mail client * Get **NewPipe** for YouTube watching, or YouTube in Firefox Preview/Klar * Get **QKSMS** from F-Droid as SMS client app * Get **Shelter** from F-Droid to sandbox potential apps that you must use (eg WhatsApp or Discord or Signal) * Get **SuperFreezZ** from F-Droid to freeze any apps from running in background * Get **Librera Pro** from F-Droid for PDF reader * Get **ImgurViewer** from F-Droid for opening reddit/imgur/other image links without invasive tracking * Get **InstaGrabber** from F-Droid for opening Instagram profiles or pictures without invasive tracking (seems like a revived fork is [here](https://github.com/austinhuang0131/instagrabber/releases), thanks u/sad_plan ) * Get **GreenTooth** from F-Droid to set Bluetooth to disable after you have used it * Get **Material Files** or **Simple File Manager** from F-Droid for file manager app * Get **ImagePipe** from F-Droid if you share lot of pictures, and want to clear EXIF metadata snooping (often photos contain phone model, location, time, date) * Get **Note Crypt Pro** from F-Droid for encrypted note taking app * Get **Vinyl Music Player** from F-Droid for music player * Get **VLC** from F-Droid for video player ----- ###CRITICAL FOR CLIPBOARD, LOCATION AND OTHER APP FUNCTION BLOCKING I would say this is one of the critical improvements in my guide, and will solve the problem of clipboard and coarse location snooping among other things. AppOpsX is a free, open source app that allows to manage granular app permissions not visible normally, with the help of ADB authorisation without root. This app can finely control what granular information apps can access on your phone, which is not shown in app permissions regularly accessible to us. Now that you would have set up your phone with installing apps, now is a good time to perform this procedure. Step 1: Install **AppOpsX** from F-Droid. (https://f-droid.org/en/packages/com.zzzmode.appopsx/) Step 2: Plug phone to computer, and enable USB debugging in Settings --> Developer Options (you probably already did this in the starting of the guide) Step 3: Keep phone plugged into computer until the end of this procedure! Open AppOpsX app. Step 4: On computer, type commands in order: ```adb devices``` ```adb tcpip 5555``` ```adb shell sh /sdcard/Android/data/com.zzzmode.appopsx/opsx.sh &``` Step 5: Now open "AppOpsX" app, and: * disable "read clipboard" for apps except your messengers, notepad, office suite, virtual keyboard, clipboard monitor apps et al. NOTE: Most apps that have text field to copy/paste text require this permission. * disable "modify clipboard" for every app except for your virtual keyboard or office suite app or clipboard monitor/stack special apps. * disable "GPS", "precise location", "approximate location" and "coarse location" for every app except your maps app (Firefox and OSMAnd+) (2/2) in comment below.

**UPDATED 16/8/2020: Updated the dead Smartphone non root privacy hardening guide link with new 2.0 guide link.** Hello! Since I am a privacy advocate and help folks with threat modelling, it would be idiotic and ignorant not to have worked on such a guide for activists engaged with the protests going on in USA and other places. This serves as a handbook, and I will improve it if there is a need (always room for improvement). #WHAT IS A THREAT MODEL? A threat model is simply analysing the requirements and the degree to which you need to utilise tools (in case of digital, software and hardware) for privacy in all aspects of life. It consists of: * threat actors (entities that can affect you like corporations, governments, police) * threat vectors (sources of spying or malware) * threat causes (X --> Y --> Z correlations) #KNOWING THE PROTEST LOCATION AND YOURSELF * Use EFF's [guide](https://www.eff.org/deeplinks/2020/06/how-identify-visible-and-invisible-surveillance-protests) on identification of type of surveillance (police cameras, drones, FLIR/thermal cameras). * If possible, take a covert trip yourself (or if your trusted comrade can) to the protest area before the actual protest to identify locations, area setup, objects like trees or area divisions or mini-landmarks, and prepare code words for these with your team or fellow activists secretly. You can photograph these places for better planning. Plotting 101. * Timing is key. Pre plan times you would send messages to each other, so you can keep device connectivity to a minimum. This allows for lesser chance of device comms interception. * Use masquerade eye masks, they are good enough for face recognition protection. Cheap and effective. * Wear less crafty and fashion-y clothes with complicated structures that could hinder your own mobility during running or sitting in protest area. * Someone could grab your hoodie hat to immobilise you. Wear a tight fitting T shirt or jeans with less pockets to not become an obstruction to your mobility. You get the drift. * The lighter stuff you carry on you, the more mobile you are. The lesser stuff you carry, the more independent you are. * COVID-19 instruction: **wear a** 3 ply **mask** or 3M N90xx mask to stay safe from virus breeding in crowds, **do not be an idiot**, keep and **use 70% isopropyl alcohol sanitiser** on you at all times **before eating** #PROTESTOR/ACTIVIST THREAT MODEL ###Threat actors: * any ultra patriotic acquaintance of your friends or family or company coworkers * government or national surveillance programs by spying authorities (NSA in USA, CCP in China, NATGRID and CMS in India, [Fourteen Eyes](https://en.wikipedia.org/wiki/Fourteen_Eyes#Fourteen_Eyes) * police and other legal goons force suppressing your protest rights ###Threat vectors: * backdoors in phone software or hardware (from company of same country in which you live) * any SMS, Contacts, Telephone reading closed source apps * any app with Google or Facebook SDKs and internet permissions (use [apps_Packages info](https://f-droid.org/app/com.oF2pks.applicationsinfo) from F-Droid to check such apps) * spying camera and microphone apps like Facebook (see [this](https://twitter.com/JoshuaMaddux/status/1193434937824702464)) * location misusing apps like [Instagram](https://www.fastcompany.com/90247126/now-instagram-might-let-facebook-spy-on-your-location) or Snapchat (that openly uses location at all times to track friends and yourself) ###Threat causes: * backdoors in phone used by government in which you live (via phonemaker cooperating with government, subpoenas, data requests) * SMS, Contacts misusing apps that collect data to coordinate with government surveillance apparatus for legal threats and action * microphone, camera, location data easy to misuse against you for political opinions against own government * any closed source app with internet data or location access ###Safeguard measures: * **DO NOT USE FINGERPRINT OR FACE UNLOCK.** USE A STRONG ALPHANUMERIC PASSWORD WITH SYMBOLS. Plausible deniability is a great tool. * use the Lockdown feature in Android and iOS to cripple biometrics, or restart your phone quickly. * **keep WiFi, GPS location, Bluetooth and cellular mobile data off as much as you can** * use as much open source apps as possible * throw out those Google and Apple signed in accounts from your device * **use [Briar](https://f-droid.org/en/packages/org.briarproject.briar.android) from F-Droid for anonymous nearby communication via WiFi and Bluetooth, no internet needed** * use **NetGuard app firewall** from F-Droid to whitelist internet and WiFi app access, **minimise list of apps that require internet** * **sandbox** closed source apps or **deny** them their permissions as needed using Shelter from F-Droid * **use [CameraV](https://guardianproject.info/archive/camerav/) app to click photos** * use **PilferShush Jammer** from F-Droid with **passive jamming to block microphone** if not using * keep phone in secure pockets so it is not easily snatchable * use back covers with straps that allow stronger phone gripping ###Devices to use: * if possible, WiFi only tablet or device (Necunos Phone) or a smartphone without SIM card * if you **must** use a smartphone with SIM card, use a Huawei. ([Cellebrite](https://www.androidauthority.com/android-encryption-forensics-1078668/) showed that Huaweis are uncrackable, while Samsungs or Pixels are less compromised, and iPhones are completely crackable. Also, Huawei attained BSI [certification](https://www.commsmea.com/21150-huawei-mobile-services-wins-the-worlds-first-batch-of-isoiec-27701-2019-certification) for data privacy management.) Huawei does not cooperate with governments which is proven by the lack of evidence to date. * rooted Asus/Motorola/FairPhone/LG/Sony with LineageOS and NetGuard app firewall, **but** these are easily crackable by Cellebrite's tools so **beware** --- * If you have other brand device, apply all of the hardening measures either from [~~my guide~~](https://www.reddit.com/r/privacy/comments/em8doj/smartphone_hardening_guide_for_normal_people/) [here](https://old.reddit.com/r/privatelife/comments/i5xhum/smartphone_hardening_nonroot_guide_20_for_normal/) in conjunction with above practices * Get a cheap $150-200 Android you can harden, but **DO NOT USE iPHONES** as they [comply](https://www.businessinsider.in/tech/news/apple-shared-customer-data-with-us-government-in-a-record-high-90-of-cases-even-as-trump-administration-complains-its-not-doing-enough/articleshow/73357706.cms) with US government in 90% of the cases, and since iPhone [does not allow you to have privacy](https://gist.github.com/iosecure/357e724811fe04167332ef54e736670d) due to its blackbox nature, and is simply a false marketing assurance by corporates to you. Also, [they recently dropped plan for encrypting iCloud backups after FBI complained](https://www.reuters.com/article/us-apple-fbi-icloud-exclusive/exclusive-apple-dropped-plan-for-encrypting-backups-after-fbi-complained-sources-idUSKBN1ZK1CT). The [San Ferdandino shooter publicity stunt was completely fraudulent](https://www.aclu.org/blog/privacy-technology/internet-privacy/one-fbis-major-claims-iphone-case-fraudulent) #CONCLUSION I guess this should do the job. If you have any suggestions, comment on the writeup. Good luck, fight for your rights, activists!