@PaulaToThePeople
Flyers

"*Fed up?* Join the Fediverse."

Fed up with Facebook and Twitter dictating what you can and can't say online? Then join the Fediverse, the decentralised social media system that they've been hiding from you for years.

The word Fediverse is a portmanteau of…"

See the new logo design we published for Fediverse yesterday morning.

Add Cloudglare to your list if you like, they seem to be training drones with #hCaptcha.

@dsfgs Flyers are a great idea. I've been meaning to create flyers and/or stickers for a long time.

Where can I find that logo and do you have a link to Cloudglare?

Follow

@PaulaToThePeople @dsfgs I believe "Cloudglare" is dsfgs's deliberate misspelling of , which is the elephant in the room that your otherwise comprehensive article neglects while actually referring users to , a CF site that should be avoided.

@dsfgs @PaulaToThePeople You propose as a Playstore app compromise. The fake acct still keeps track of all your installations, and if Orbot is not in the loop links your fake acct to your real acct.

@PaulaToThePeople @dsfgs You propose . That would have been a good suggestion a couple years ago but now most of Mint's docs have been jailed in the abusing walled garden of . So I've started moving ppl away from .

@dsfgs @PaulaToThePeople is really a terrible option. IIRC DDG has moved from to , but there is a huge list of reasons to stay away from : techrights.org/2020/07/02/ddg- is actually hosted & fed, & you don't caution that. Amazon & Microsoft are both very harmful to the environment.

@PaulaToThePeople @dsfgs does their own crawling, and so unlike & , Mojeek is not dependant on , which is an environmental perk above & beyond their green data center. DDG & Ecosia should really be removed, and there are several decent nodes that could replace them. Searx is just software used by good and bad services, so it's better to name the good nodes.

@dsfgs @PaulaToThePeople I would either remove , or at least heavily caution that the Kodi docs are -jailed (same place as docs). I quit using Kodi for that reason. is a decent noteworthy choice but it's not the same thing as Kodi. It's more compatible with the free world than Kodi, as MythTV gets non-DRM content from free local broadcast.

@PaulaToThePeople @dsfgs is a site. It's especially a bad idea to use a CF site for shopping because CF gets sensitive info (name, address, payment info, user and pass [which some ppl foolishly reuse on multiple sites])

@dsfgs @PaulaToThePeople .com is a terrible suggestion particularly when there are so many viable alternatives. There are bigger problems w/Gitlab.com than : lemmy.ml/post/30312/comment/22 GL s/w is fine but most ppl don't run their own. It makes more sense to not even mention gitlab.com, & mention the other services that use GL s/w (framagit, git.feneas.org).

@PaulaToThePeople @dsfgs Other options (non-GL): git.teknik.io, sourcehut.org, git.nixnet.xyz, git.openprivacy.ca, yerbamate.dev

@resist1984 @PaulaToThePeople @dsfgs don't forget @codeberg which not only runs on free software, but is managed by a non-profit association of FOSS and libre people, financed by its members, very supportive… (stop me, please 🤣)

@resist1984 Mind to mention what alternative you recommend those you move away from Mint? I find Mint still the much better alternative to any *buntu (let alone the Redmonds & Co). Especially easy to Newcomers, and still flexible enough for those wanting more. A guess: MxLinux?

Always good to name the recommendations – not just the non-recommendations :wink:

@IzzyOnDroid there are hundreds of linux distros which vary wildly on subjective matters of taste. I'm biased toward Debian which is already a listed. Ubuntu is problematic b/c of the PPAs & tendency to serve as an enabler for proprietary s/w as well as unvetted s/w. I'm moving some Mint users to .

@resist1984 PPAs I see less critically. For me the more strong argument is their "snap" enforcement starting with 20.04 – and their bad history of similar things in the past (just think of that Amazon integration with their desktop search in 14.04, which made me quit Ubuntu back then).

I'm Debian focused as well, most of my machines run either Debian or a derivate. Need to give Sparky a look then, for where that question arises. Thanks!

@IzzyOnDroid PPAs are typically a means to deliver binaries. The harm is not just being an enabler for proprietary s/w, it also introduces exclusivity, as genuine Debian does not have stock support for PPAs, deliberately. The PPA apps not only leave out Debian users, but they circumvent the high quality standards that Debian requires of all official pkgs.

@IzzyOnDroid some would say live-and-let-live, but by putting a majority of users on Ubuntu which then facilitates PPAs, this encourages marginalization of Debian users who an app creator would otherwise accommodate. It also cultivates relaxed trust on the part of the users, lowering the quality standards of free software overall.

@resist1984 You can add 3rd party repos to other Debian flavors in other ways. So if by PPA you mean those bould to Launchpad and having that wrapper to easily add them, that just makes them more convenient to use. And whoever side-loads *.debs should always know the consequences (or will feel them on the next dist-upgrade)…

@IzzyOnDroid Indeed one can always supply a 3rd party repo, PPA or not. But a PPA *must* be 3rd party wrt Debian. All 3rd party repos are exempt from Debian's quality standards. The goal should be for projects to get into the official repos, as this reassures users that it reached a QA standard & thus broadens the selection of quality s/w. It also gives the app some worthy recognition.

@resist1984 Yupp, that somehow matches F-Droid "proper" (as Debian) and my repo (as 3rd party). While it's easier to get a FLOSS (!) app into my repo, I always encourage to "aim higher". More than 200 apps have landed in F-Droid this way, after eeking out the edges.

So, such 3rd-party repos can serve a good reason. And no, they cannot succeed with every single app. Still, each single success counts.

@IzzyOnDroid BTW, anyone who wants to voice the problem with locking up their docs in or devs use of , comments can go here: github.com/linuxmint/mintsyste

@resist1984 @IzzyOnDroid
Using LM (#LMfanboy) since 5 years and didn't even noticed that documentation exists 😅

@toxision @IzzyOnDroid "First they came for the socialists, and I did not speak out— Because I was not a socialist. Then they came for the trade unionists, and I did not speak out— Because I was not a trade unionist....Then they came for me— and there was no one left to speak for me."

@resist1984 Well obviously you're not supposed to have a real Google account.

@PaulaToThePeople tracks everything. Even without an acct, Google sees your IP address in all activity that touches a Google asset. So the fake accounts get associated together and also associated with logged out activity. If you start using Google Play app then switch to , Google already has your IMEI# from the 1st use, and that number is part of the dataset.

@PaulaToThePeople I had a few fake accts and noticed google linked them together. It was something like google sending an email that greeted me by the fake name of another acct, so it's clear that Google is making an effort to link different burner accts together. So I no longer use any google acct, and if I touch a google asset w/out acct I still use Tor & try to counter fingerprinting

@resist1984
But we can intermix the Accounts and thus weaken the profiles.
@PaulaToThePeople

@resist1984
Yes. Joining Accounts would weaken the profile. Because it could not be linked to a single person, but just to the big group of people using the account mixing / sharing.
@PaulaToThePeople

@resist1984 @PaulaToThePeople
I coud send you my cookies and get yours. Put it in the browser profile, and Googles algorithm is confused.

@wend @PaulaToThePeople Account *sharing* is a different thing, and indeed a way to disrupt Google. But how do you carry that out? Are you manually swapping creds w/trusted family/friends? Or is there a tool for that?

@wend @PaulaToThePeople You've misunderstood the account aggregation that Google does. Google doesn't aggregate accounts controlled by different ppl (that would defeat Google's purpose for aggregation). Google aggregates accts that it finds under the control of the same person.

@resist1984
But we can make google aggregate accounts from different people. I could make my pssword public or share it with others. Or - if you think thid would be too dangerous - do this with cookies. Them the algorithm thinks we are using the same browser and assumes we are one person. And finally every account we log in from our brouwsers look belonging to a single person. The cookiesharing could be done by a p2p service automatically.
@PaulaToThePeople

@wend @PaulaToThePeople it's a sound theory, but where are the tools? I suspect if you automate the sharing of cookies or creds, Google will eventually discover it and kill it. Would be easy to kill. Google would just sign up for the exchange program to see which accts are on rotation and suspend those accts.

@resist1984
If google stops taking data on these groups of accounts -- well this would be OK by me. But you are right. No tools so far. Who would be pushing this ? It could be a browser plugin, configured with whitelists of useful cookies. All others will be shared. No need for a cookieblocker forthon... After a while no big company can use cookies anymore for tracking. So they need to find something else...
@PaulaToThePeople

@wend @PaulaToThePeople it's a good idea and would be interesting to see how the cat/mouse/whack-a-mole game plays out. But ATM this acct sharing mechanism doesn't exist, so it can't yet be used as rationale for accessing Googleplay store.

@resist1984
Yes. I see. The Android apps are more tricky. The phones hardware needed to be faked, but therefor the operating system would need to be modified or altered. Best wold be to access the store from a simulator and then pass the .apk file to the phone.
@PaulaToThePeople

@wend @PaulaToThePeople i don't think there is a Google acct sharing tool or service of any kind, desktop or phone. Once it does, indeed phone h/w is another hurdle. I've use back in the day when I was willing to download from Playstore. It's very non-trivial because the simulated phone must resemble the real phone enough to download a compatible version.

@resist1984
Yep. But on the long term I hope that free stores like #fdroid will dominate. They will probably not steal your data. At least you would have the choice to use alternatives...
@PaulaToThePeople

@resist1984 @PaulaToThePeople If you're using a non-ungoogled device, I don't think there are any really helpful measures to stop them from spying. Using something like Yalp or Aurora is probably only useful on Lineage etc.

@datenschutzratgeber @PaulaToThePeople your double-negative threw me off at 1st. There are ways to degoogle an Android phone without replacing the OS. I've written a script that connects over ADB to disable the Google garbage.

@resist1984 @PaulaToThePeople Just disabling Google services and apps isn't enough. That's only a temporary solution and AFAIK the manufacteurer cannot be really stopped from watching without actually replacing the OS. Also, I've seen disabled Google services re-enabling themselves (or being re-enabled by some third party?) after some time including re-granting themselves several permissions (that was on an Asus device).

Where do you have that script? Does it need ADB root access?

@datenschutzratgeber @PaulaToThePeople sorry, it's not a script. It's been a while since I bought a phone to harden. I have notes to myself on the manual process that I follow. I've just dumped them here: paste.debian.net/1180672/ but note that wasn't intended for other ppl to consume, just to jog my memory. So some steps are not detailed (they get me to a screen where I know what to do). Root is not needed.

@PaulaToThePeople @datenschutzratgeber And to be clear, root is not needed on the phone but root is needed on the linux system.

@resist1984 @PaulaToThePeople It says one should enable Netguard and later start Orbot. Is it possible to use both at the same time? Last time I tried that myself, I wasn't able to do that 🤔

@datenschutzratgeber @PaulaToThePeople On recent versions, it's recommended (by Tor Project iirc) to put Netguard in control and have netguard force traffic through Orbot. So that's what I have been doing. Older versions can't do that.. iirc there's a conflict with older versions.

@datenschutzratgeber @PaulaToThePeople Orbot creates a local port 9050, and Netguard allows Orbot's uplink to pass through unmolested. The virtual VPN feeds into Netguard, not Orbot, and Netguard then routes traffic to Orbot.

@PaulaToThePeople @datenschutzratgeber Netguard let's you choose on and app-by-app bases whether to cut off the net completely (e.g. apps that shouldn't need the net) or to force over Tor, or to allow non-Tor access.

@PaulaToThePeople @datenschutzratgeber I still have an Android 2.2 phone, which uses Orbot without Netguard. Also, everything i've said assumes an unrooted phone. If you have a rooted phone i think you can force a transparent proxy.

@resist1984

It is still possible on a phone with stock-android to skip making an account at first start and use aurora/yalp instead. Maybe that's a solution to your problem?
With play-services I guess they still track a lot.

But: In my opinion every step counts and some is better than nothing. And even if you don't want to change os you can deactivate all google stuff I guess, all relevant stuff works for me without google services, so it should work on stock-android too.

Sorry for bad english. So it sounds sometimes rude.

@PaulaToThePeople

@huodong @PaulaToThePeople Indeed but privacy is like virginity- once you lose it you can't have it back. I always degoogle an Android phone as a 1st step, but Paula's audience would largely include those whose phones are already compromized.

@resist1984 @dsfgs @PaulaToThePeople Well, that's only true if you actually have a "real" Google account (which you definitely shouldn't). In the similar app Aurora there's even the pre-configured Google account auroraoss@gmail.com ready-to-use.

@PaulaToThePeople has a . Run this: "curl --ssl --socks4a 127.0.0.1:9050 -L --head nomoregoogle.com/ | grep cf.ray" Their site is also configured to block Tor, so you'll get 403 forbidden if you run 'torsocks lynx "nomoregoogle.com/"'. The IP address is also in the known ranges of CF assets.

Sign in to participate in the conversation
Mastodon 🔐 privacytools.io

Fast, secure and up-to-date instance. PrivacyTools provides knowledge and tools to protect your privacy against global mass surveillance.

Website: privacytools.io
Matrix Chat: chat.privacytools.io
Support us on OpenCollective, many contributions are tax deductible!