resist1984 @resist1984@social.privacytools.io

@wswartzendruber credit unions are a big bump up in trustworthiness, but even US CUs are jailing their closed-source apps in #Google's untrustworthy #Playstore, so Google knows where you bank, as well as any insiders happy to sell that data.

So users & the public can't audit the code. The bank is also untrustworthy. Perhaps you can trust your EU bank, but US banks are like a fusion between surveillance capitalism & police agencies. The only way to have a fighting chance at a trustworthy app is if it's signed #FOSS on #Fdroid.

Where I bank is sensitive information. It has value, most especially to debt collectors, hackers, and adversaries. Hackers would love to have that info not necessarily to attack the acct but to write a convincing ransom demand. Google ties downloads to identities. The app can only be exclusively jailed in a walled garden if the source code is secret (and it is).

@wend @PaulaToThePeople i don't think there is a Google acct sharing tool or service of any kind, desktop or phone. Once it does, indeed phone h/w is another hurdle. I've use #Raccoon back in the day when I was willing to download from Playstore. It's very non-trivial because the simulated phone must resemble the real phone enough to download a compatible version.

To those who think #Twitter is irrelevant to the US First Amendment & body of free speech laws, the courts find otherwise => https://www.nytimes.com/2019/07/09/us/politics/trump-twitter-first-amendment.html

@sadmin @IzzyOnDroid @dsfgs @PaulaToThePeople that wouldn't be an alternative to #Yalp b/c playstore apps are not in that catalog. All banks jail their apps in #Google Playstore, but when searching for "bank" in the /money/ category there are no bank apps in the results.

@wend @PaulaToThePeople it's a good idea and would be interesting to see how the cat/mouse/whack-a-mole game plays out. But ATM this acct sharing mechanism doesn't exist, so it can't yet be used as rationale for accessing Googleplay store.

@wend @PaulaToThePeople it's a sound theory, but where are the tools? I suspect if you automate the sharing of cookies or creds, Google will eventually discover it and kill it. Would be easy to kill. Google would just sign up for the exchange program to see which accts are on rotation and suspend those accts.

@wend @PaulaToThePeople Account *sharing* is a different thing, and indeed a way to disrupt Google. But how do you carry that out? Are you manually swapping creds w/trusted family/friends? Or is there a tool for that?

@wend @PaulaToThePeople You've misunderstood the account aggregation that Google does. Google doesn't aggregate accounts controlled by different ppl (that would defeat Google's purpose for aggregation). Google aggregates accts that it finds under the control of the same person.

@PaulaToThePeople @datenschutzratgeber Netguard let's you choose on and app-by-app bases whether to cut off the net completely (e.g. apps that shouldn't need the net) or to force over Tor, or to allow non-Tor access.

@datenschutzratgeber @PaulaToThePeople Orbot creates a local port 9050, and Netguard allows Orbot's uplink to pass through unmolested. The virtual VPN feeds into Netguard, not Orbot, and Netguard then routes traffic to Orbot.

@PaulaToThePeople @datenschutzratgeber I still have an Android 2.2 phone, which uses Orbot without Netguard. Also, everything i've said assumes an unrooted phone. If you have a rooted phone i think you can force a transparent proxy.

@datenschutzratgeber @PaulaToThePeople On recent versions, it's recommended (by Tor Project iirc) to put Netguard in control and have netguard force traffic through Orbot. So that's what I have been doing. Older versions can't do that.. iirc there's a conflict with older versions.

@PaulaToThePeople @datenschutzratgeber And to be clear, root is not needed on the phone but root is needed on the linux system.

@datenschutzratgeber @PaulaToThePeople sorry, it's not a script. It's been a while since I bought a phone to harden. I have notes to myself on the manual process that I follow. I've just dumped them here: http://paste.debian.net/1180672/ but note that wasn't intended for other ppl to consume, just to jog my memory. So some steps are not detailed (they get me to a screen where I know what to do). Root is not needed.

@kirschner This is the article: https://web.archive.org/web/20201107024424/https://steemit.com/liberty/@apertus-cogitari/which-printer-and-scanner-brands-are-ethical-get-your-boycott-on-the-evil-has-been-charted I regret that that site has become a #CloudFlare site, so I give the archive.org link. But an important diagram is missing from archive.org, so you might have to go straight to steemit.

@kirschner the only notable shortcoming is that if feeding multiple pages, it often grabs more than 1 page. So you need to keep a grip on all pages below the top page as it goes

@kirschner a few yrs ago I analzed the ethical factors on every consumer scanner manufacturer I could find. The answer I came up with was "Avision MiCube". Takes an SD card and can also attach as a USB mass storage device, so it's totally platform neutral.

@huodong @PaulaToThePeople Indeed but privacy is like virginity- once you lose it you can't have it back. I always degoogle an Android phone as a 1st step, but Paula's audience would largely include those whose phones are already compromized.