@PaulaToThePeople
Flyers

"*Fed up?* Join the Fediverse."

Fed up with Facebook and Twitter dictating what you can and can't say online? Then join the Fediverse, the decentralised social media system that they've been hiding from you for years.

The word Fediverse is a portmanteau of…"

See the new logo design we published for Fediverse yesterday morning.

Add Cloudglare to your list if you like, they seem to be training drones with #hCaptcha.

@dsfgs Flyers are a great idea. I've been meaning to create flyers and/or stickers for a long time.

Where can I find that logo and do you have a link to Cloudglare?

@PaulaToThePeople @dsfgs I believe "Cloudglare" is dsfgs's deliberate misspelling of , which is the elephant in the room that your otherwise comprehensive article neglects while actually referring users to , a CF site that should be avoided.

@dsfgs @PaulaToThePeople You propose as a Playstore app compromise. The fake acct still keeps track of all your installations, and if Orbot is not in the loop links your fake acct to your real acct.

@resist1984 Well obviously you're not supposed to have a real Google account.

Follow

@PaulaToThePeople tracks everything. Even without an acct, Google sees your IP address in all activity that touches a Google asset. So the fake accounts get associated together and also associated with logged out activity. If you start using Google Play app then switch to , Google already has your IMEI# from the 1st use, and that number is part of the dataset.

@PaulaToThePeople I had a few fake accts and noticed google linked them together. It was something like google sending an email that greeted me by the fake name of another acct, so it's clear that Google is making an effort to link different burner accts together. So I no longer use any google acct, and if I touch a google asset w/out acct I still use Tor & try to counter fingerprinting

@resist1984
But we can intermix the Accounts and thus weaken the profiles.
@PaulaToThePeople

@resist1984
Yes. Joining Accounts would weaken the profile. Because it could not be linked to a single person, but just to the big group of people using the account mixing / sharing.
@PaulaToThePeople

@resist1984 @PaulaToThePeople
I coud send you my cookies and get yours. Put it in the browser profile, and Googles algorithm is confused.

@wend @PaulaToThePeople Account *sharing* is a different thing, and indeed a way to disrupt Google. But how do you carry that out? Are you manually swapping creds w/trusted family/friends? Or is there a tool for that?

@wend @PaulaToThePeople You've misunderstood the account aggregation that Google does. Google doesn't aggregate accounts controlled by different ppl (that would defeat Google's purpose for aggregation). Google aggregates accts that it finds under the control of the same person.

@resist1984
But we can make google aggregate accounts from different people. I could make my pssword public or share it with others. Or - if you think thid would be too dangerous - do this with cookies. Them the algorithm thinks we are using the same browser and assumes we are one person. And finally every account we log in from our brouwsers look belonging to a single person. The cookiesharing could be done by a p2p service automatically.
@PaulaToThePeople

@wend @PaulaToThePeople it's a sound theory, but where are the tools? I suspect if you automate the sharing of cookies or creds, Google will eventually discover it and kill it. Would be easy to kill. Google would just sign up for the exchange program to see which accts are on rotation and suspend those accts.

@resist1984
If google stops taking data on these groups of accounts -- well this would be OK by me. But you are right. No tools so far. Who would be pushing this ? It could be a browser plugin, configured with whitelists of useful cookies. All others will be shared. No need for a cookieblocker forthon... After a while no big company can use cookies anymore for tracking. So they need to find something else...
@PaulaToThePeople

@wend @PaulaToThePeople it's a good idea and would be interesting to see how the cat/mouse/whack-a-mole game plays out. But ATM this acct sharing mechanism doesn't exist, so it can't yet be used as rationale for accessing Googleplay store.

@resist1984
Yes. I see. The Android apps are more tricky. The phones hardware needed to be faked, but therefor the operating system would need to be modified or altered. Best wold be to access the store from a simulator and then pass the .apk file to the phone.
@PaulaToThePeople

@wend @PaulaToThePeople i don't think there is a Google acct sharing tool or service of any kind, desktop or phone. Once it does, indeed phone h/w is another hurdle. I've use back in the day when I was willing to download from Playstore. It's very non-trivial because the simulated phone must resemble the real phone enough to download a compatible version.

@resist1984
Yep. But on the long term I hope that free stores like #fdroid will dominate. They will probably not steal your data. At least you would have the choice to use alternatives...
@PaulaToThePeople

@resist1984 @PaulaToThePeople If you're using a non-ungoogled device, I don't think there are any really helpful measures to stop them from spying. Using something like Yalp or Aurora is probably only useful on Lineage etc.

@datenschutzratgeber @PaulaToThePeople your double-negative threw me off at 1st. There are ways to degoogle an Android phone without replacing the OS. I've written a script that connects over ADB to disable the Google garbage.

@resist1984 @PaulaToThePeople Just disabling Google services and apps isn't enough. That's only a temporary solution and AFAIK the manufacteurer cannot be really stopped from watching without actually replacing the OS. Also, I've seen disabled Google services re-enabling themselves (or being re-enabled by some third party?) after some time including re-granting themselves several permissions (that was on an Asus device).

Where do you have that script? Does it need ADB root access?

@datenschutzratgeber @PaulaToThePeople sorry, it's not a script. It's been a while since I bought a phone to harden. I have notes to myself on the manual process that I follow. I've just dumped them here: paste.debian.net/1180672/ but note that wasn't intended for other ppl to consume, just to jog my memory. So some steps are not detailed (they get me to a screen where I know what to do). Root is not needed.

@PaulaToThePeople @datenschutzratgeber And to be clear, root is not needed on the phone but root is needed on the linux system.

@resist1984 @PaulaToThePeople It says one should enable Netguard and later start Orbot. Is it possible to use both at the same time? Last time I tried that myself, I wasn't able to do that 🤔

@datenschutzratgeber @PaulaToThePeople On recent versions, it's recommended (by Tor Project iirc) to put Netguard in control and have netguard force traffic through Orbot. So that's what I have been doing. Older versions can't do that.. iirc there's a conflict with older versions.

@datenschutzratgeber @PaulaToThePeople Orbot creates a local port 9050, and Netguard allows Orbot's uplink to pass through unmolested. The virtual VPN feeds into Netguard, not Orbot, and Netguard then routes traffic to Orbot.

@PaulaToThePeople @datenschutzratgeber Netguard let's you choose on and app-by-app bases whether to cut off the net completely (e.g. apps that shouldn't need the net) or to force over Tor, or to allow non-Tor access.

@PaulaToThePeople @datenschutzratgeber I still have an Android 2.2 phone, which uses Orbot without Netguard. Also, everything i've said assumes an unrooted phone. If you have a rooted phone i think you can force a transparent proxy.

@resist1984

It is still possible on a phone with stock-android to skip making an account at first start and use aurora/yalp instead. Maybe that's a solution to your problem?
With play-services I guess they still track a lot.

But: In my opinion every step counts and some is better than nothing. And even if you don't want to change os you can deactivate all google stuff I guess, all relevant stuff works for me without google services, so it should work on stock-android too.

Sorry for bad english. So it sounds sometimes rude.

@PaulaToThePeople

@huodong @PaulaToThePeople Indeed but privacy is like virginity- once you lose it you can't have it back. I always degoogle an Android phone as a 1st step, but Paula's audience would largely include those whose phones are already compromized.

Sign in to participate in the conversation
Mastodon 🔐 privacytools.io

Fast, secure and up-to-date instance. PrivacyTools provides knowledge and tools to protect your privacy against global mass surveillance.

Website: privacytools.io
Matrix Chat: chat.privacytools.io
Support us on OpenCollective, many contributions are tax deductible!