Looks slick, sounds sweet. Maybe there’s deeper lore, but all I think of is the Librem 5 when I hear about hardware kill switches. Might consider it if it includes amenities like a decently replaceable battery, headphone jack, micro SD slot, and relockable bootloader.
Still, when im forced to use windows I see how bad its become, so im sticking with linux!
That’s the right attitude. A lot of the comfort of Windows comes down to habit and mere exposure. Every Windows user who dives beyond the surface also spends a lot of time learning, but with the added burden of having to sift through every forum post suggesting sFc /ScAnNoW. And if you keep the same hardware for a few years, the Linux experience ages like a fine wine as drivers improve and features get some subtle polish.
Sometimes I wonder if my health takes a toll each time I help someone set up Windows. I can literally feel my heart rate increase as I go through the privacy-related settings.
Learned to make use of this the hard way when transferring a directory over a FAT32 USB drive messed up the permissions.
Nice! Glad to hear it worked out for you
Still rocking that tape deck. Great thing about cassette adapters is that they work as long as the read head is intact, doesn’t matter if anything else in the tape mechanism is rotted out.
Same in Germany, but thanks to roaming between EU states not incurring extra charges and Netherlands not asking for ID at the time, one could just cross the border to pay in cash, or order a Dutch LycaMobile SIM pseudonymously.
Active Desktop for Linux! But seriously, ever since I ditched desktop icons, I’ve thought about making the desktop useful by having it display a HTML dashboard of sorts. Now I can.
I think we can safely rule out anything on the hardware side since accessing any internal component of the Surface Go is tantamount to destroying it.
Assuming Microsoft’s UEFI implementation is somewhat standard, Grub2Win should set you on the right path. Have you inspected the underlying grub.cfg? Make sure the entry for the ISO doesn’t make any attempt to boot from network.
Ethernet on Surface requires a USB adapter
They’ve worked fine for me, unless the issue of file permissions starts to rear its ugly head.
Cash is pretty accessible where I live, but I’m always in for a surprise when I gravitate towards self-checkout and realize that it’s a card-only machine.
Prepaid cards used to be my go-to online, but it seems that fewer and fewer payment processors are letting them through their “security” checks. They were also next to impossible to obtain when I was in Europe. For a lack of better options on hand, I went with privacy.com’s virtual cards, which doesn’t really anonymize things in the eyes of MasterCard, but I suppose it’s better than nothing.
The only other thing I could think of is signing up for eBay or Amazon with a pseudonym, paying with gift cards purchased at a store with cash, and shipping to a PO box or Amazon pick-up location.
Ideally Monero, but it’s not as straightforward to obtain and there’s a very limited selection of vendors that accept it.
Building a threat model helped me figure out what was worth my energy and what can be put off to be done later at my leisure. This should be your first step.
What kind of phone and OS do you use? You can contain the spying a bit if you set up a work profile with Insular or Shelter, install your proprietary apps there, set a schedule for checking those, and turn off the profile otherwise. I realize that it’s not the easiest, but if you can find people to talk to in real life regularly, frequent access to messages / social media need not be a prerequisite to a healthy social life.
Getting hacked through the BIOS/Intel ME, while possible, is statistically highly unlikely, activist or not. If there’s a piece of technology I have to use, but don’t trust, I just keep it at my desk, fine as long as it can’t actively track me moving around. Don’t let perfection get in the way of your bigger goals.
While we’re at it, have you considered libreboot on the T480? A few tiny scraps of the Intel ME do have to be left in place, but realistically they’re not going to see an exploit anytime soon. And you’ll still have most of the satisfaction of liberating your computer.
I credit a good part of my success bringing friends and family over to Signal to the fact that it emulates what ordinary people are used to: a centralized service where people’s identities are associated with phone numbers. No need to teach them anything new, just download it, punch in your number, and then punch in my number. I think Signal is targeting exactly that and putting more anonymous and decentralized models way on the back burner. Concepts as simple to us as ‘instances’ are surprisingly difficult to explain to newcomers, and I wouldn’t be surprised if accounts not associated with phone numbers pose a discoverability issue.
This all might be sidestepping the question a bit since I haven’t dug deep into the issue, but my thinking is that Signal, in its current state, should be seen as a transitional solution until things like SimpleX become more mature and widespread.
Can confirm, to a lesser extent. Each query takes a few seconds to resolve, which isn’t a huge deal, except when browsing, so I set Adguard DNS within the browser.
Personally a fan of XMPP, it’s about the only decentralized alternative to Signal that’s worked well and reliably “out of the box” for me. SimpleX is really nice in principle, but my messages end up stuck in limbo sometimes and it burns through my phone’s battery.
Haven’t used Briar much, was missing a couple features I wanted.
WiFi scanning itself does require location permissions, but I have no idea why a DNS app needs to also scan WiFi. Also, a closed-source app like that just doesn’t inspire confidence. Consider using Rethink DNS from F-Droid.
Makes me feel like I’m doing the best I reasonably can, even if it’s of limited effect. Also, built-in aliasing service.
I sorely miss DivestOS for this purpose, but I’d consider CalyxOS (development sadly on pause) and iodeOS as runners-up. /e/OS got caught sending voice-to-text data to OpenAI, so I’d stay away for the time being.
edit: sad to see that iode has a freemium model on some of its features. see replies for more nuance on the /e/OS situation.
LineageOS will get the most years of support out of the most devices. While leagues ahead of Android for privacy, bear in mind that it still isn’t airtight with regard to the occasional piece of telemetry data sent back to Google. It’s about the only thing that can keep one of my older Pixels somewhat up-to-date.
LeOS is like LineageOS with all Google telemetry stripped out, but only in GSI form (no builds optimized for specific devices), so YMMV with hardware compatibility. I have this on my Samsung tablet.
I’ve also heard about Volla Phones (with VollaOS) and Brax Phones (with iodeOS or Ubuntu Touch), but haven’t taken a serious look since the screen sizes offered are too big for me.
I might try out a Linux phone next, but the relative lack of battery optimizations and edge-case issues leave me a bit hesitant. Also, check out detailed comparison of the common Android ROMs with regard to privacy and security: https://eylenburg.github.io/android_comparison.htm
First time I’ve heard about libadapta. Very happy that folks are doing something about GNOME’s anti-theming dogma and I’m excited to see what libadapta or a derivative might bring in the future.
Same. Immeasurably disappointed whenever the repo for a GUI program does not include any screenshots.