It is never a requirement to perform 100% of all “Privacy best practices” 24 hours a day and 7 days a week with perfect execution. Simply put, nobody has that level of threat on average unless they are someone like Snowden, a Journalist covering a story, or are working as an intelligence agent.

It is best to assess your threat level and choose Privacy preserving techniques and tools according to what best suits your life and situation first. Don’t overdo it, don’t try to achieve perfect privacy, don’t try to keep up with the metaphorical Joneses. There will always be new threats to your privacy to assess; and you shouldn’t be ignorant of them; but you also should not ever let that growing list of threats overwhelm you.

If you need to take time to stop reading privacy news…do so. Just like regular world and national news; it can put you in a state of constant panic. Manage your mental health and state first before you ever allow yourself to address your privacy issues at hand.

Once your mental state is clear and your focus is sharp; focus specifically on little things you can easily do to protect your privacy. Maybe make sure you have a VPN set up or ensure you go over critical privacy settings on your devices to ensure none have changed or shifted since you last visited them. Then consider other small things you can do; if you can say, for example, choose a new email provider, then do so. If not, pick a new thing to address and move on. Do not make managing your privacy a chore if you can possibly help it. Take improving it one step at a time, take breaks for your sanity and make sure you don’t overdo it all at once.

I don’t think any alternatives exist that are easily viable.

Most require you to buy specific phones and flash the OS or buy them from a specific supplier who pre-images them.

Carrier compatibility is also a major issue if you’re in any country with a cellular network requiring that you use VoLTE services in general…these third party OSes can’t always get at the vendor binary blobs or simply won’t include them because legal and privacy preserving reasons.

You may have some luck with GrapheneOS or maybe LineageOS but those are the only mainstream “alternates” to Android that exist; which actually have a decent chance of working well and can usually be installed to a fair number of different devices; as long as you can unlock their bootloaders and root them day one.

No.

It sold out on it’s privacy promise years ago. Brave Browser CANNOT be trusted if you are someone who must ensure Privacy Preserving featurs must remain on at all times.

I recommend the Tor Browser. DO NOT USE THE TOR BROWSING CAPABILITIES OF BRAVE! YOU WILL BE DEANONYMIZED! Likely anything you’d be using Tor for, you don’t want your browser slipping up and leaking anything.

Personally I use a blend of hand-hardened Firefox (Via plugins), Librewolf and Ungoogled Chromium (for very rare cases where the site is actually trusted and requires Chrome to function predictably)

Ironically this does not prevent technologies like Monero from becoming the next big platform; nor will it really prevent people from evacuating their coins to a more private and self-custodial wallet.

In general it really only puts a few more onerous steps into the equation where there will be fences and people who are expected to digitally mule bitcoin around.

In the same manner that organized criminals work around modern financial regulations aimed at capturing them; they can also work around regulations surrounding Bitcoin itself; and once the Bitcoin itself is fenced off into a Monero or other privacy preserving coin; it will remain there ‘burned’ or get ‘laundered’ by a group of gang members a few hundred times to re-mint coins clean enough to be re-deposited and re-used in the same manner.

It won’t matter in the long run that they are tracking the provenance of every satoshi. Especially not if it’s far too common that anyone making a suspicious move turns out to be a privacy conscious, law-abiding, yet innocent citizen.

Agreed with the dislike of Brave; but my reasons of not using it are because the person(s) running that project have proven that they do not have user privacy as a priority over their own ability to stay profitable enough to operate. This lack of principal I feel makes Brave privacy hostile at random times when their company runs low on money and is vulnerable to making deals with the devils they’re trying to keep at bay. Usually these deals are horrific blows to user privacy, or introduce unwanted and unneeded bloat to the software.

I’ve seen this when bopping around in the F-Droid catalogue. Never took it seriously because it didn’t seem to communicate well what it was doing.

In general; I usually dislike using Chrome anyways…so much so that I hard disable Chrome on my device, oftentimes via ADB, and download a wide range of alternatives; Kiwi (Plugin enabled), Hermit ([Closed source] Forced Isolation of all domains/sites along a side of ad-blocking and web-app caching baked into the app wrapping it’s renderer; which is, of course System Webview. Unfortunately this one is not open source, so I do not often recommend it here and while I trust it; your decisions may be different.) and Firefox (Plugins installed, seems to be replacing Kiwi because it’s likely a dead/gone/depreciated/archived project.) I even use URLCheck from F-Droid itself as my “Default Browser” so that I have the power to review each URL and open it in a browser I feel is most appropriate to the context of my browsing and choose the browser I feel can best protect my privacy for a given site. One-off visits often go to Hermit; which promptly isolates away and forgets I ever visited the site while blocking ads with a lighter touch than most plugins I’ve seen that exist. If a site often breaks in Hermit; usually due to ad-blocking hostile scripts; I kick it over to Firefox where I have extensive plug-in tooling to defang the beast…including tools like JShelter, Canvas Blocker, LocalCDN, Chameleon, Decentraleyes and uBlock Origin.

What I do know is that Android System Webview is far more configurable than you might realize; and that it is absolutely possible to build a browser on top of it. Most importantly; Android System Webview IS NOT Chrome! Yes, it is extremely similar and it behaves mostly the same; but it is based on the Chromium project; which is basically what Chrome is before Google applies all of its own Branding, Customization, Policies and Application touches on it. Does Chromium project mirror what Chrome needs? Absolutely yes, but it does not follow Chrome exactly. In general; Android System Webview is a Web rendering component that other applications can call on and wrap their own code around. This means you are basically free to implement whatever other features you want around the webview; including adding plugins and other things like ad-blocking. My favorite closed-source lite-app browser Hermit does this; and I’m not seeing any significant privacy concerns with that one.

If you main frustration is Youtube; I recommend trying Invidious or Piped, as these frontends for Youtube do not have such aggressive scripts; and can be hosted locally on your machine.

Hint: I strongly recommend self-hosting Invidious on your PC using Docker and Podman for ease of use and administration. You can also self-host other privacy oriented front-ends for other sites as well, such as redlib for reddit and any others you can imagine.

Seriously; don’t bother with the public instances. They don’t work well. Self-host the software on your local PC and use Tailscale if you need to help other devices access your self-hosted instance.

Similarly FreeTube would work as well and pairs nicely if you self-host Invidious locally.

No. You should not turn this feature off; no matter how infuriating you find it to be. You will eventually find it useful. It was put there for a reason; and your usage of the addon to find tab sounds is not a common thing people do. Additionally if your plugin begins to fail or is suddenly no longer maintained; you will have a UI element to immediately fall back on using to help you manage tab sounds.

As the Messages RCS implementation is supposedly E2EE from device to device; No. It is not possible that a log of your messages’ contents are being kept.

Can it stop them from storing your encrypted messages to decrypt later if law enforcement should be able to confiscate your phone and extract the encryption key? Also No. It is not possible for E2EE to prevent “Store ciphertext and decrypt later” attacks.

It also cannot prevent companies from logging who you are conducting an encrypted conversation with; even if the contents cannot be seen and this information cannot be used to infer anything about the contents. It cannot stop companies from making inferences about your messaging activity due to timing of messages sent or who they are sent to.

If these kinds of attacks are on your threat model; you need to ensure you are not sending messages or information via electronic means via your phone to begin with, wherever possible.

It is absurd to assume that they have backdoored the RCS protocol without proof or evidence. This isn’t saying it’s a verifiably secure or private protocol; but I think you could trust an E2EE RCS message for long enough to help you get someone else onboarded on to Signal or another more properly encrypted messenger without needing to worry about being put on a watch list. I would trust it with my grocery list or trivial communications with family; even if I wouldn’t trust it with my truly personal or private conversations.

I don’t like it. It screams “FINGERPRINT ME!”

A symbol for privacy should imply privacy. Not show things that which should be protected. (like your handprints or fingerprints)

No. Not without paying a hefty license upgrade fee (Retail copy) or doing something incredibly shady. (Piracy tools which I won’t specifically name but I’m sure you can find and likely know the dangers of obtaining for some users.)

Unfortunately no. Home edition will actively ignore Group Policies and Registry keys relating to privacy.

You would be better off using a 10 Pro license or pirating 10 Pro and keeping it from phoning home.

If you have to ask that; you really must have been living under a rock for the past 3-5 years.

As someone who formerly modded on reddit for over a decade; I do know what trips the alerts typically. The steps I give are important to establish a fresh account with nothing an idle internet sleuth can link back to you; as well as preventing Mod(Bots) from detecting you. Reddit Automoderator has ‘Admin eyes’…even if it lacks the permissions to act like one. It can, and will use algorithms on those eyes to assess your ‘threat level’. Knowing the trajectory of reddit when I quit; it probably uses AI now. Before it was a dumb blackbox of algorithmic rules the Admins never really made fully clear about how it worked. This dumb blackbox made frequent mistakes.

I’d say you can try do it; but I caution you on doing so. It will be problematic

You cannot be completely undetected if using the reddit app. You must avoid using a mobile device; these are too easily trackable and the browsers on mobile devices lack sufficient privacy protections.

• First and foremost you’ll have to setup to access reddit from a completely unique device. I recommend a virtual machine on a computer using a privacy respecting browser like Librewolf.
• Secondly, you’ll need a good paid VPN…I recommend Mullvad. Do not create your account with this VPN! It will trip alarms.
• Third, you’ll need a laptop with a similar private browser. do not use your main Windows user account. Create a new local account. This is to enforce that you do not access reddit for account creation using a “known” browser fingerprint.
• Fourth, you will need to travel. It must be somewhere out of town; and you should be using a public wifi network when creating the reddit account. Be aware of the ISP coverage in your area and travel far enough that you do not use the same ISP as your own. If you don’t know their coverage area; look it up online. Travel to a place they don’t offer service.
• Fifth, Once you have traveled, use the clean windows account you created to create the new reddit account. Do not name your account similar to your banned account, or subscribe to any subreddits that are outside of /r/popular.
• Farm some karma. Ideally 1k is enough. 100 will do in a pinch but you’ll need to keep farming it; which is a dumb idea to do on a VPN.
• Verify a fresh email address. Use only tuta.com as your mail provider.
• Stay off the reddit account on your home PCs and network. Use reddit only in a public wifi setting on the laptop as described above. Do this for no less than 30 days while farming karma. No need to travel out of town; local public/private wifi will do. (Just not yours).
• Once the account has aged a month; you can log in with the VPN as mentioned above at home using the virtual machine at home. Continue using the VPN for the foreseeable future. Enjoy sticking it to Spez.

I would recommend resurrecting it.

Once you do so; Lock it down, make everything private that you can.

Secondly change all the privacy settings and opt out of any AI training.

Then slowly go back through your history and scrub out your posts; replacing them with gibberish and junk. Do not use AI text IMHO; use something like ‘lorem ipsum’ or some kind of ‘Markov chain babbler’.

I would just suggest scrubbing back through your history slowly once a day; editing a few posts here or there. Look into what exactly the rate-limits might be; so that you can avoid triggering whatever automated suspensions that exist and edit one or two posts less than that a day.

Avoid using automation, as this too can be detected possibly…but do remember you can use other tools that run on your PC only to help streamline your editing.

In general, it’s better if you can manually review and scrub over your old posts slowly. That way you can best decide how each posting and image will be scrambled. Maybe one post gets lorem ipsum in strategic places and the other gets 1000xTranslated into a barely plausible word salad.

Perhaps other times you feed the post into a markov babbler and let it babble on for a few minutes. Perhaps you leave a few otherwise innocuous posts alone so that the poison doesn’t look so suspicious while you sanitize anything that you might consider sensitive.

Once a few months have passed and you’ve deleted all the sensitive information from the account that you can possibly edit or change; then you can proceed to deleting the account and waiting out that process.

1. Get help. Your mental health and physical health must always come first.
2. Privacy is not an all or nothing thing. Your mental health and physical health must always come first.
3. Continue practicing good privacy habits at a rate, level and depth that fits your situation and needs. No need to constantly adhere to Snowden levels of privacy seeking and hiding under rocks. There never was a need for this unless you are in a situation like Snowden. Your mental health and physical health must always come first.
4. It’s totally fine to be as genuine or as pseudonymous as you feel as your needs and wants demand. However, Your mental and physical health must always come first.
5. Relax. Current events have a way of making you paranoid but there truly is not usually a state level actor hovering over you waiting for your tiniest of mistakes. If you usually obey the law and do no significant harm to others, I doubt you have any significant worries. Your mental health and physical health must always come first though. Don’t obsess over it if it makes you feel mentally unwell.

lol

It is likely they have the ability to sign the public key of your console with a “Suicide Key” which would signal your console to commit suicide by burning some internal e-fuse.

It is also equally likely this is an over-broad version of “Legal Rear Armor” that means nothing explicitly about what they can do. This is because modifying your system has long carried risk of bricking and their security systems to prevent modifications have only increased in strength.

It’s likely the new security system in the Switch 2 is so naively hair-trigger sensitive that it absolutely will brick you or disable some functionality permanently if it thinks you even so much as modified a backup copy of a save file or encrypted binary stored on your SD card itself. It’s very likely that any kind of attempt to write invalid foreign files onto an SD may result in issues. I’d expect Switch 2 systems to spontaneously self destruct if exposed to bad quality or fake SD cards with insufficient capacity; or an SD card that is failing if what I am guessing is true.

Is this confirmed? No; it’s just idle wild speculation. But it is what I expect from Nintendo; given that their creatives have all been driven away from the executive positions of power and only money driven executives are left at the helm.

Given that the Switch has already been thoroughly cracked; it’s likely now more than a want or need, Nintendo now has a mania or obsession with making their consoles un-exploitable. Likely, this is because they’re too naive to avoid promising their consoles are ‘unbreakable’ to their third parties and publishers.

Unfortunately Nintendo is full of foolish pride and stubbornness. Tinkerers and video game preservers the world over will need to once again break the Switch 2 security to pieces to prove to Nintendo that this endeavor is futile.

In the meantime; don’t tinker with a Switch or Switch 2 you can’t afford to lose. Hell, don’t even buy one if you’re sensitive to it being un-tinkerable. Don’t gift them to any children in your life either. Instead; gift them something more useful; like teaching them how to emulate one of the older Nintendo Systems and gift them a Library of ROMs so they don’t have to torrent it themselves and ‘give the family computer a virus’ or ‘cause a scary letter to be sent to their parents’ with their inexperience. If you can’t bear piracy; then go pick up one of the old legitimate retro systems. Buy it somewhere used and pick up whatever used games you can for them at any occasion.

There’s something you need to know about the “anti-features” flags on F-Droid.

They’re too “greedy” and widely defined. What you really need to do is examine the app and how the developer might use said “Anti-Feature”. Not all internet access and telemetry is an anti-feature, and neither is reliance on a “third party service” where you can simply configure your app to use your own self-hosted server instance.

An app having no “Anti-Features” flag on F-Droid is absolutely not an informative indicator that it respects your privacy. Merely, it indicates common privacy foot-guns may not be present.

Frequently F-Droid also is far too opinionated in it’s application of the anti-feature flags; giving developers no reason or chances to appeal or change the decisions. It does not matter if the anti-feature flag is mis-applied in any specific situation; nor does it matter if the developer shouldn’t be getting an anti-feature label because they have everything open sourced and it’s clear to see there is no anti-feature there.