Privacy

So, my old Pixel Watch 2 broke and now I'm looking for a replacement, and in the time since I got the Pixel Watch 2 I've started to care more about privacy, open source, repairability, longevity, etc. So I've been looking at two smartwatch replacements, the PineTime, and the CMF Watch Pro 3. I like the idea and values of the PineTime, but I like the aesthetic of the CMF watch more. I can't find any resources on how the privacy of CMF/Nothing is though, so, which of the two would you recommend?

(I mainly use my smartwatch for notifications, checking time/weather)

I have a pixel 6, so I have ~1 year of security updates left.

I would like my next phone to use a data-only sim card/esim.

Now I still need my current number, and am okay with paying for it in addition to a data-only plan. What I would like is to leave the pixel 6 at home 24/7, and have a way of forwarding notifications to the new phone.

I am self-hosting many things, including ntfy, so if the phone could send an SMS to ntfy that would be amazing.

Are there any apps that do this? It doesn't have to just forward SMS, but all notifications would also work.

Should I even bother? Just leave it at home and check the SMS whenever I can? (Benefit of forcing people to use Signal)

cross-posted from: https://programming.dev/post/36285037

Full PDF report.

cross-posted from: https://programming.dev/post/36111319

EFF: Atlas of Surveillance.

cross-posted from: https://programming.dev/post/36109840

Photo by Sora Shimazaki

by Nikita Biryukov, New Jersey Monitor
August 19, 2025

Police did not act improperly when an officer gained access to the phone of an individual detained for kidnapping, sex assault, and other serious charges after watching the man enter his cellphone passcode and committing it to memory, a New Jersey appeals court ruled Tuesday.

Tyrone Ellison, who was arrested and convicted after kidnapping a minor with substance abuse issues from a Newark hospital, had no reasonable expectation of privacy when he unlocked his phone while in police custody and under the supervision of a detective, the court ruled.

“There was no violation of defendant’s Fifth Amendment right against self-incrimination where defendant voluntarily requested his cell phone, was not compelled to provide the passcode and voluntarily entered the passcode in the officer’s presence,” the judges wrote.

Police could not leave Ellison unattended with his phone without risking him deleting evidence, the ruling adds.

The judges said prior case law that found an arrestee maintained a reasonable expectation of privacy when making a call from a police station without being told that call may be monitored or recorded does not apply to Ellison’s case.

Ellison, the judges wrote, was aware of the detective’s presence when entering his passcode, did not attempt to conceal his password, and was not stopped from concealing his passcode from police.

“There was no deception or trickery used to obtain defendant’s passcode. Nor did the police orchestrate the situation to induce defendant to reveal the passcode,” the court wrote.

In effect, Ellison’s expectation of privacy vanished when he chose to unlock his phone in the presence of police, the court found.

A divided New Jersey Supreme Court in 2020 ruled in Andrews v. New Jersey that while the Fifth Amendment presumptively protects individuals’ passcodes, they can be compelled to reveal them under the foregone conclusion exception to the amendment. That exception allows the compelled disclosure of documents and passcodes as long as authorities know they exist and the individual subject to the warrant knows and possesses them.

Tuesday’s ruling says another doctrine that allows authorities to use improperly obtained information if it would have inevitably come into their possession through proper channels would have allowed police to use the passcode even if it was initially obtained improperly.

Police obtained a communications data warrant to search the phone and could have obtained an order to compel Ellison to disclose his passcode, the judges wrote.

“Once the passcode was compelled, law enforcement would have been able to access the contents of the phone,” the judges wrote.

The New Jersey Office of the Public Defender represented Ellison. Alison Perrone, deputy of the office’s appellate section, called the ruling concerning and said her office will ask the New Jersey Supreme Court to review the case.

“The ability of law enforcement to observe and later use a person’s private phone passcode while in custody presents serious questions about constitutional rights in the digital era,” Perrone said in a statement.

GET THE MORNING HEADLINES.SUBSCRIBE

New Jersey Monitor is part of States Newsroom, a nonprofit news network supported by grants and a coalition of donors as a 501c(3) public charity. New Jersey Monitor maintains editorial independence. Contact Editor Terrence T. McDonald for questions: info@newjerseymonitor.com.

Creative Commons license CC BY-NC-ND 4.0.

I dont like what samsung is doing and it seems like their gallery app is likely stealing all my photo data to train ai. Whats a good foss alternative and how can I disable all that shit?

Fuck samsung. Getting rid of this phone soon.

cross-posted from: https://lemmybefree.net/post/1243814

Hi! I'm looking for a privacy respecting Android tablet.

I ruled out the google tablet due to it being too expensive with an LCD screen

I would prefer a nice OLED screen if possible (or similar), and preferably cheap. Must be able to stream HEVC encoded videos (not 10 years old hardware), and preferably more (VP9, AV1, for future proofing)

The main use will be to watch content (movies, series, videos) from YouTube and Jellyfin, and sometimes some other apps if they're not enforcing the Play Integrity API

So far I've searched some OS and I'm considering LineageOS or /e/OS, with /e/OS looking better in terms of privacy. Don't want google to track everywhere I go and everything I do.

Any recommendations for good cheap hardware with bootloader unlocking, and recommendations for a good Android ROM?

I’ve already got a ton of ‘em but I’m always on the lookout for more. What are your favorite lesser-known DNS blocklists?

So we know the UK, France, Sweden and Australia all have “pondered out loud” about getting platforms like Signal to allow backdoors into encrypted calls and messages.

This creates a sense of safety about these platforms being secure, because governments want to come after them.

Here’s a tinfoil hat take: Five Eyes is significantly reducing inter cooperation. The non-fascist parts of the alliance don’t want to share with the obvious authoritarian, but the authoritarian one used to share the fruits of their established backdoors with them, and now they don’t.

Note that the US isn’t asking signal for a backdoor. Why? Back in 2015-2016 (last years of Obama), Apple had a loud and visible feud with the FBI. Since the authoritarian came to power, this all disappeared from the media. Interestingly, 10 years have gone by since that moment, every single aspect of our lives has become more surveilled, and somehow the US govt has stopped trying to get into phones? *While the CEO is making hand deliveries of 24 karat gold bars to the Oval Office?

TLDR; I think a safe assumption that they are in our devices by now. Fundamentally people misunderstand encryption. Encryption is only as strong as the weakest link. If your signal chats are unencrypted for consumption on your device, then that’s when the unencrypted content can be captured.

For the longest time, Apple stored your iCloud backups encrypted. Looked good in marketing materials, until they casually admitted the decryption key is stored in the same cloud.

Combine this with ICE capturing citizens without due process. If you have a vanilla smart device, you’re doing the surveillance for them. /tinfoilhat

cross-posted from: https://discuss.tchncs.de/post/43028460

Recently I had to go through a almost one year process of Degoogling and canceling a lot of my data from the Internet. Unfortunately I noticed that a lot of specific information are not available in only one source and I had to do separate researches for each problem that I had. So I decided to write this guide to share my experience hoping that it will make this process easier for who will read it. You are free to share this guide here, on other sites, with your friends and family. Feel also free to comment, add a feedback or also different software and methods.

Firstly, always remember that e-mail providers, VPNs, cloud servers are normally owned by private companies. No matter how much they stress the "privacy" argument, you cannot have the guarantee that your data its going to be safe forever, also because of data breaches. The better solution is to store your data like photos and music, on a "cold" storage like USB sticks or CDs and possibly encrypt them. Remember also that Free and Open-Source software doesn't automatically mean privacy-friendly, even if it tents to be like that. Many LLMs (Large Language Models) used in the Artificial Intelligence context are open to be improved by a community but in fact, they are owned by companies that doesn't respect users privacy at all. There are many different licenses for Free and Open-Source software with different terms listed on them and they may vary with the license's version, some of the most known Open-Source licenses are: GPL, MPL, BSD, Apache.

I want to start with a list of FOSS applications that I’m using on my Degoogled Android phone. The most important thing here is to never login with Google on your phone and also never use it to login to internet services such as forums or news websites.

System administration

*MicroG suite : This provides minimal libraries for applications that uses Google Play Services.

*F-droid : Is an alternative store that can be used in place of Google Play. Many apps listed here can be found on this store. You can download the .apk file directly on their site.

*Aurora Store : A Open Source front-end for Google Play. However, downloading applications from it does not guarantee that you will not be tracked by Google.

*Obtainium: A software to update your apps directly from the source. It has a support forum and a wiki with per-configured settings for apps like the Firefox browser, so you don't have to install them from Aurora Store.

*App Manager – Android package manager : This gives you a lot of control on applications that are installed in your phone. It shows also the trackers and eventual vulnerabilities.

*Shelter : This is one of the most useful apps on F-droid, it permits you to clone preparatory apps such as Instagram in a sandboxed environment on the work profile.

*Logcat Reader

*PCAPdroid : A network monitor

*Irregular Expressions : A Keyboard to write with different styles

*Simple Keyboard : This is very important, a keyboard on your phone should be as lightest as possible.

*Termux : This is more than a terminal emulator. It comes with a almost complete GNU/Linux environment and lets you to install many CLI applications used on these machines. This is actually very useful because you can install linux software different from standard Android apps. For example, you can install GNU privacy guard to encrypt files but without having it directly visible on your phone.

Generic

*Organic Maps : An alternative to Google Maps. It uses OpenStreetMaps and works quite well. It is also true that it relies a lot on user’s contributions. So if you will visit a place which is not on the map, remember to add it.

*SatStat: A GPS status app with a compass. You can use it to download the latest A-GPS data from the internet.

*Trail Sense: A trekking app with many survival utilities. For example, you can control the flashlight to send SOS signals.

*Fossify Suite (es:Calendar, gallery, voice recorder, contacts, messages, phone) : A FOSS fork of the old “simple mobile tools” suite that was acquired by a private company.

*OpenCalc : A calculator app

*Arity: A scientific calculator app

*VLC : A well known audio/video player which supports a lot of different formats.

*Librera Reader : A pdf and document reader

*Open Camera

*ObscuraCam : Use it to blur faces

*Scrambled Exif : Remove metadata from pictures. (use it before publishing a photo on social medias)

*PixelKnot : Embed a secret message in a picture

*QR Scanner (PFA)

*Collabora Office : (Not directly present on F-Droid but they have their own repository, check on their website)

*Nextcloud : A very good alternative to Google Drive. Be careful, it has many different instances with different terms of service.

*Call Recorder

*Firefox and Thunderbird : Be careful, even if Firefox browser is generally more privacy friendly than others, it cannot avoid fingerprinting. The only way to avoid it is to use the Tor Browser. However, you can still install some extensions like CanvasBlocker to mitigate it.

*Tor Browser for Android : This is a modified version of Firefox that uses Tor to connect to the Internet in order to protect your anonymity.

*Print

*Signal

Security

*Aegis : A 2FA app (two-factors authentication)

*Bitwarden: A password manager (Not directly present on F-Droid but they have their own repository, check on their website)

*DroidFS : It permits you to crypt files in vaults that are not readable by other apps.

*Orbot : A proxy to route app activities through Tor

*LocationPrivacy

*Fake Traveler

*Ripple : A panic button that will trigger apps with a panic responder.

*I2P : An alternative to Tor

*InviZible Pro : An app that permits you to enhance your privacy on the Internet by using DNSCrypt, Tor or I2P. Be careful, this is an all-in one application and should not be used if you are already connected to tor. *Léon – The URL Cleaner : Remove trackers from URLs

*PersonalDNSfilter : Use it to block unwanted ads

*PilferShush Jammer : Block the microphone usage by other apps.

**Not on F-Droid **

*Prey : An Anti-thief app. The free version is GPL licensed

But this list is not enough in my opinion. It is important also to know how to protect our privacy with actions that are not directly involved in setting up applications and filters. If we are going to think that our privacy will be protected just by pushing a button, we are doing a mistake. Using DuckDuckGo and Searx as search engines its a good thing but not enough.

Important mistake to avoid : If you have your Google account as a login for some websites wait before closing it, you may lose access to them. Your Google account should be the last thing that you are going to delete. Make sure that you have deleted all relevant information from the Internet before closing it.

Today corporations and repressive governments are using a variety of methods to profile users and some of them are very subtle.

Fingerprinting This is a way to identify a user by looking at unique characteristics of his browser. When we connect to a website, our browser must exchange some basic information in order to load a page. Some of these information can be the type of device, screen size, browser settings, language settings, operating system, ecc. With all these information together it is possible to recognize a specific user in the middle of many others. This is unfortunately very difficult to avoid but Tor Browser can be a solution while a VPN cannot really help here.

Firefox also permits to activate a resist fingerprint setting but this solution will break some websites and probably is not effective as Tor Browser. Instructions to activate it can be found here: https://support.mozilla.org/en-US/kb/resist-fingerprinting

Open Source Intelligence (OSINT) It has little to do with free software. This is a method of data collection that looks for information about something or someone through public available sources. The problem is that today these sources are much more difficult to control for an average user than 20 years ago.

A classic example: You are a very careful person about your social medias, you don’t post anything controversial and maybe you don’t even have a real name on Instagram. But You may have some relatives that likes to share a of lot pictures and for your birthday you have been tagged by them and they wrote your name in a post. If they have a very loose privacy settings (which is likely), this information will be publicly available on the Internet.

Another example : You are a exchange student in a foreign university and of course you want to meet new people. You may take a group photo during a party with some people that you don’t really know. This photo gets shared many times and maybe becomes also a post. After a lot of years one of the persons in the photo gets convicted for a serious crime. This photo will continue to be available on the internet and a insurance company that you asked for a service may increase the price or not provide it since you “are a person with criminal contacts”

Last example (and this is what really happened to me) : You are a 18-19 old teen writing dumb comments and posts on Facebook or Instagram. This gets cached by search engines and external websites. Many years after, you are just searching your name and surname on the internet and you find out that a search engine has cached a very dumb comment from many years ago that you have even deleted.

All these examples shows how its easy to lose control over our data. Many companies uses automated software to see websites on which you are registered just by putting the email on your CV in a box.

You must also be aware of data breaches. You can be registered on a website with your email set as private. If a data breach happens, your address is going to be disclosed and become publicly available. You can check this on: https://haveibeenpwned.com/ If you don’t use a site for years, delete your account.

Another tool that is frequently used to see where a user is registered is: https://epieos.com/ This website searches where your email address is set as public. It can also search for a phone number.

So the problem here is not only to DeGoogle but also to remove our personal information for all other places. Removing a content from Google is a little thing today.

Fortunately, there are some ways to remove our contents from the Internet but they must be planned well. The first thing to do is always to remove the content from the original site, in this way the content on search engines becomes outdated and easier to delete even if you don’t live in the EU.

Social medias

First thing: Never publish photos of your children on the Internet, in the future they may hate you for that. We are going to live in times where nontransparent AI will scrap for all possible content.

Now, even if you have a private profile on Instagram, your likes and comments are going to be visible on public pages and reels. Delete them all. Why someone should be able to find what you liked 6-7 years ago? Does the discussion that you had on a Facebook page of your local newspaper still matter? You may need months to delete all these stuff but it is worth. Remember to do a regular follow up on the deletion page to see if some buggy content still reappears after some weeks.

Use different usernames for every social media and never put your real name.

Power move : If you have your real name on Instagram and you want to delete it from search engines : first modify your real name, then change your username. By doing this, you will modify the link of your profile and it will be cached by search engines without your name. Change also a photo in order to avoid the possibility of reverse photo lookup.

**Other sites **

In some cases you will have to contact the webmaster of a specific site in order to cancel your data. It happened to me with a local news page.

**Search engines **

Here we are, this is the magic moment. Remember that if you are going to just remove something from a search engine without actually deleting the original content, this will continue to be available and someone may find it even without Google.

So, I can speak for what I know : These solutions refers for content removal in the EU. If its not relevant to you, skip to “How to use email addresses”

Google

This is the page for content removal in the European Union: https://support.google.com/websearch/answer/9673730?hl=en#zippy=%2Cwhich-removal-option-do-i-choose Note that if you are living in the EU and ask to remove results about you, it will usually remove these results only for all EU versions of Google. This means that if someone has a VPN he can actually see them by connecting to a United States server. The best strategy is to remove the original contents from sites also by contacting the owners. Then the results on Google will become outdated and most of them will disappear. In some cases like Facebook comments, they can remain in the search results even if they are already removed because they were cached by the search engine. In this case, this tool should be used once the content is removed: https://support.google.com/webmasters/answer/7041154?hl=en If you are from a EU country and you already removed it so it continues to exist in external Google versions, make this request with a VPN connected to a foreign server.

Bing

Bing (EU citizens):https://www.bing.com/webmaster/tools/eu-privacy-request Bing (Non-EU citizens):https://www.microsoft.com/en-us/concern/bing

For cached pages : https://www.bing.com/webmasters/help/bing-content-removal-tool-cb6c294d

Many search engines (also DuckDuckGo) are partnered with Bing and removing content from it will also remove content from them most of the time.

DuckDuckGo For who lives in the EU, this is this page: https://duckduckgo.com/duckduckgo-help-pages/r-legal/privacy-rights/

Internet archive

Be careful: some of your content was maybe cached by the Wayback Machine. Always check if this is the case. This is a very useful internet museum but sometimes it may be problematic since a lot of people does not even know about its existence while it takes data from a lot of sites. This is the removal page: https://help.archive.org/help/how-do-i-request-to-remove-something-from-archive-org/

**How to use email addresses **

My advice is to have as many addresses as possible and split the websites login between them. You can write a .txt file with lists of services attached to every address. Like this :

Logins: Mail xxxxx1 Instagram, Facebook, Tinder

Mail xxxxxx2 Bank 1, bank 2

Mail xxxxxx3 Local news1, other site2, ecc

I would suggest you to have at least: One email with a fake name and surname One email with a completely invented username in a foreign language (Tutanota is great for this)

Personally, I would recommend Protonmail and Tutanota for communications with real people. Then, one email should be left only for banking and government accounts. Also VFemail seems good but you have very limited space with the free version, so you have to store the emails on your pc directly. Remember that these providers are private companies. Read their terms of service and then chose the best one that suits your needs.

Use fake emails to register to websites that you will not use often but they are pushing you to create an account. Of course, this applies only to sites that are not related with shopping. An online transaction will reveal your identity.

A normal email provider such as Yahoo is ok for professional life, so no one will make too much questions. Eventually, your Linkedin account should be linked only to this address. Use it with Thunderbird so you can avoid proprietary JavaScript. I would also recommend to use a separate phone number for work.

Bonus: Other Alternatives to Google and AI

If you are pushed to use Google Maps because the place that you are looking for is still not on OpenStreetMaps, remember to add it so other people will not have to use Google to find it. Remember that public transport information that you find on Google Maps is always available on local transports websites. Its just 2-3 minutes of research.

Remember that it is possible to use fair and open source AI models on your computer with: https://gpt4all.io/index.html?ref=top-ai-list Download a model that will not send your data to corporations, there are plenty of them.

This is more or less everything that I learned during this year, remember that human factor makes always the difference. Think about your personal situation. What do you want to show? To who ? And what do you what to hide? From who? And how? Think in a way to protect your privacy according to your personal situation.

I usually don’t try using coupons since many of the codes shown on websites don’t work, but I feel bad for not trying hard or smart enough. I’ve heard good things about Retailmenot, I haven’t tried it yet but I wondering if there are privacy trade-offs.

Accrescent, for those who don't know, is an alternative android app store. They aim to compete directly with the play store, so unlike F-Droid they include both FOSS and proprietary apps. They are also very security focused. They're still small but I find their approach interesting and their ambition worth supporting.

Unfortunately, as with many FOSS projects, funding is a challenge. If you believe they are worth supporting, please read the linked blog post.

Disclaimer: I'm not affiliated with the project in any way, just a fan trying to raise awareness.

cross-posted from: https://programming.dev/post/35752925

GitHub Repo.

• 繁體中文;
• Deutsch;
• 日本語;
• Türkçe.

Saw this by way of https://filen.io/hub/help-us-fight-chat-control-our-privacy-and-security-are-under-threat-again/. Not shillin', just sayin'.