So I am attempting to swap phones, but because I am trying to use a pixel 9 xl and it was not previously on my network, I have to wait 40 days to unlock it so I can install GrapheneOS.
I saw on Monday that suddenly there were a lot of photos dated from last Sunday on the phone's default "Photo" app. I have been keeping things to a minimum: I haven't logged into anything Google, and I've only installed F-Droid apps. Also, I had some issues with my desktop and did a clean reinstall 2 weeks ago.

But still disturbingly, my ENTIRE ~/Picture directory (and subdirectories) from my PC were loaded onto my phone.

Now, I'd like to clarify, I do have a few Google accounts, but I have them logged into my desktop with containers on Firefox (particularly, I use one for a current hobby type situation that I have to use, and the other is a 20+ account that I've moved away from, but I still want to monitor).

I want to find out why anything from my PC ended up on this somewhat secluded phone. I have not attached it via USB, and while I have been attempting to limit my connections, I do need to access some of my rl/PC stuff on the phone. But I haven't logged into a google account on it, yet, all my photos showed up on it. I have not plugged it into the computer since I tried putting GrapheneOS on it, which failed due to it not being unlocked (PLEASE CORRECT ME IF I'M WRONG HERE, BECAUSE I STILL HAVE TO WAIT 2 WEEKS!), yet all these pictures that I would have never expected ended up on this phone.

And I just was looking around my ~/ directory, and I saw a directory titled .nuget... I checked pacman (I'm on Arch, so that's my package manager), and it's not installed, but I deleted it because it had a lot of sketch files that ... okay, so I deleted the directory and honestly I don't have it anymore to state what exactly was in it. But I'm really tired and it triggered issues, and I looked and I see that nuget is not installed... so okay, I'm just gonna end this here because I do need to go to bed.

But, would anyone be able to provide any assistance/advice/suggestions on how the heck my phone magically obtained my Linux desktop Picture files?

I think most people would agree that the internet and technology in general have absolutely gone to shit over the past decade or so. There is no corner of the internet nor of the software world that hasn't been affected by enshittification. Everything exists to serve you ads. Everyone wants to extract as much money from you as possible. Every website is in a race for the bottom as they try to find the lowest effort content that makes them the most money. Every piece of software is pushed out half-baked and/or stripped down to the bare minimum with the rest paywalled or with the devs pinky promising to fix it 5 updates down the road.

Every social medium is just bots. The front page of Reddit is easily 35% easily detectable bots at least and who knows what the rest is comprised of. And it's probably the one that's doing the best at the moment, Facebook, Twitter, Instagram, Tiktok, all of them are just bots and propaganda and engagement farming the whole way down. And the worst thing is, they're complicit. Hell, they're actively encouraging it and trying to find ways to make it worse. And I have no doubt Reddit will bend the knee soon enough too (they just banned /r/whitepeopletwitter because Musk made a tweet critical of the sub).

There's probably some element of rose-tinted glasses here, but the old internet was just so much better looking back. Like, early 2000's to maybe 2012, 2013 or so, that was the peak. No colossal data harvesting schemes feeding into algorithms designed to keep you engaged on their site 24/7 for the purpose of shilling you advertisements and selling your data, no mass propaganda, no Dead Internet Theory (which can hardly be considered a theory anymore). Yeah there was shit content, there was tons of it, but I can deal with shit content and petty forum drama and whatnot; what I can't deal with is all the multi-billion dollar corporations trying to shape the entire landscape of the Web into the perfectly minmaxxed cash-generating machine that does as little as possible for as much data and advertising as possible.

Modern software isn't much better. Windows and MacOS are filled with anti-user features, telemetry you just can't turn off, Windows will often just install shit on your computer without telling you. They turn your computer into a walled garden, where you can do what you want as long as you play by their rules, but without giving you any real control over what your computer does. Yeah you can delete system files and brick your laptop if you feel like it, but anyone who's ever tried to permanently disable Windows updates will know that in the end you're not the one calling the shots: Microsoft are. And... Like, that's insane, right? It's running on my fucking computer, it's my CPU doing the work, I want to know what the hell it's doing and not just the parts it lets me see, and if I want it to do something different then I should be able to make it so.

I hate it all. I'm tired. I want out.

These are my problems. Here's what I've done about it so far.

• Obsessive privacy on the web. No Google services. Firefox with as much telemetry turned off as possible. Protonmail and ProtonVPN for everything (and I'm considering getting out of those too with the pro-Trump stances they've been taking recently). As minimal an online footprint as I can get, I make as few accounts as possible and I don't use shared or even slightly related usernames (my username here is an exception as it's my Reddit username, and no, it's not my real name), I delete accounts whenever I can and I GDPR request the services afterward. Virtual cards for online payments as much as possible. Will probably make a Javascript whitelist at some point too. Is all of this overkill? Yes. Why do I bother? Because fuck them.

• As little social media presence as possible. Real life necessitates some amount of social media interaction of course, I have Facebook and Instagram but use them exclusively for messaging. I often see people excluding Reddit from social media but I don't fully agree, even if it's not exactly in the category it still targets a lot of the same psychological weak points in us, encouraging doom scrolling and shaping our opinions through echo chambers and propaganda (it's always important to remember that echo chambers and propaganda you agree with are still echo chambers and propaganda). I still use Reddit admittedly, but I've tried to minimise my usage as much as possible and I'm shopping for alternatives.

• Free and Open Source software as much as possible. I'm all in on GNU these days. Yes, it's a massive pain in the ass. My job unfortunately requires some Windows-only software so I'm running a dual partition but I'm trying to get as much of my computer usage onto Linux as possible (I use Arch btw). Like I said above, it's my computer, if I can't control what it's computing then it stops being my computer, it's at best shared between me and all the developers of the proprietary software I have installed on it.

That's my rant. It's been a long time coming.

There are still things I'm looking to change, especially with how I use the internet. Getting rid of Reddit is the next big step for me, I think. I just can't be bothered with it anymore, but there is still something about it that I love, every time I look through a small niche topic community, or an interesting new hobby sub I've never seen before with years of cool posts for me to go through. And yeah, I do still enjoy browsing through /r/all even when it's 80% shit and objectively bad for my mental health. But at this point the overwhelming mass of utter shit is just not worth digging through anymore. I'm tired.

Tildes is really cool. It reminds me of the old internet, the ideal usage of the Web. I open the site, I see a link to an interesting article, I read it, I give it a like, I read and/or contribute to the discussion in a comments section. I want more of this.

If anyone has any links to cool sites that I should check out I'd greatly appreciate it.

I've been thinking perhaps I'll need to get one of the desktop LLM UI. I've been out of touch with the state of the art of end user LLM as I've been exclusively using it via API, but tech-y people (who are not developers) mostly talk about the end-user products that I lack the knowledge of.

Ethical problems aside, the problem with non-API usage is, even if you pay, I can't find one that have better privacy policy than API. And the problem with API version is that it is not as good as the completed apps unless you want to reinvent the wheel. The apps also may include ads in the future, while API technically cannot as it would affect some downstream usecases.

As a dual use technology, the table doesn't include the extra retention period if they detect an abuse. Additionally, if you click on thumbs up/down it may also be recorded for the provider's employee to review.

I don't think OpenWebUI, self hosted models, etc. would suffice if they are not built to the same quality as the first party products. I know I'm probably asking for something that doesn't exists here, but at least I hope it will bring to people's attention that even if you're paying for the product you might not get the same privacy protection as API users.

Hello to everyone who's reading this post :)

Now LLMs are increasingly so useful (of course after careful review of their generated answers), but I'm concerned about sharing my data, especially very personal questions and my thought process to these large tech giants who seem to be rather sketchy in terms of their privacy policy.

What are some ways I can keep my data private but still harness this amazing LLM technology? Also what are some legitimate and active forums for discussions on this topic? I have looked at reddit but haven't found it genuinely useful or trustworthy so far.

I am excited to hear your thoughts on this!

So I've been playing a lot of WoW lately and that includes a ton of raids, always with voice chat on discord. Just now I found out that someone is a streamer and broadcast a full raid + the voice chat.

I was not part of this particular raid thankfully. And as far as I can tell he doesn't have a lot if any viewers. But it still made me uncomfortable that someone has been streaming my voice without my consent, without my knowledge even. I do not feel that it is unreasonable of me to expect someone to ask for permission before doing this, but maybe I am just completely out of the loop about streaming?

Is it naive to expect privacy in this regard? Is this what one should expect from online gaming nowadays?

As the years go by, I’ve become increasingly annoyed (I choose that word intentionally) at the thought that there’s some “record” of my activity on the Internet somewhere, which was probably put together by my ISP. I “don’t have anything to hide” (other than perhaps the one or other ROM or movie that I download), but I also don’t want to randomly get fined or put in prison if, in a few years, our governments decide to retroactively criminalize certain activities (I’m thinking mostly about piracy).

I’m not tech savvy though. That’s not because I haven’t tried. I have. I spent countless hours reading about how one can keep one’s activity on the Internet “private”. To my knowledge, it isn’t actually possible. I mean, even if I didn’t use my real name anywhere, or didn’t have any social media accounts (thankfully, I don’t), just the fact that I have to use an ISP to surf the web means that at least they are “spying” on me.

So, I’m approaching all of you wonderful, tech savvy people (rather than ChatGPT or a search engine) to ask you if there’s something that I’m missing, and if there is a way (preferably a fool-proof one) to stop my ISP (or “anyone” for that matter) from collecting data on my activity on the Internet (particularly when I download ROMs or movies, which is the only “illegal” thing that I ever do).

eBay is updating its privacy policy, effective next month (2025-04-27). The major change is a new section about AI processing, accompanied by a new user setting with an opt-out checkbox for having your personal data feed their models.

While that page specifically references European areas, the privacy selection appears to be active and remembered between visits for non-Europe customers. It may not do anything for us at all. On the other hand, it seems nearly impossible to find that page from within account settings, so I thought I'd post a direct link.

I'm well aware that I'm anomalous for having read this to begin with, much less diffed it against the previous version. But since I already know that I'm weird, and this wouldn't be much of a discussion post without questions:

• How do you stay up to date with contract changes that might affect you, outside of widespread Internet outrage (such as recent Firefox news)?
• What's your threshold -- if any -- for deciding whether to quit a company over contract changes? Alternatively, have you ever walked away from a purchase, service, or other acquisition over the terms of the contracts?

I was going to post a question regarding the topic logs but looking through my old posts, I see that much less than I remember have any topic logs on them.

I can't tell if I am imagining that alot more of them used to have topic logs or Deimos coded it to be a temporary record of the changes that the mods here make?

and if so, why temporary?

Why is it so hard get most people to care or even get them to engage in actual discussion about indirect effects of their actions?

I'm mainly going to be talking in the context of tech and privacy since that is my main sphere of concern but it applies to a lot more things.

I am not dismissing the effects of systemic incentives but there are trivial actions that anyone could do to lessen the likely negative effects that almost no one does.

The current climate makes it incredibly hard to actually eliminate personal impact but it still easy to minimize it with negligible impact on one's own life. Like in sw development the first 90% take 90% of the time and the other ten procent take the other half of the time.

Getting a minimal computer literacy of being able to navigate an unfamiliar GUI, explore and understand the settings and be able, read the messahes they are getting on the screen and willing to search their problems would make anyone much more resistant to any number of dark patterns, yet there is a tendency to defend tech illiteracy.

Personally I don't really do that much and I make compromises easily but sadly I get the impression that I am still in the small minority.

Hello everyone! I have been currently debating switching email providers. I have been with Proton for a few years now (free user), but I have become increasingly disappointed. Firstly, I am not exactly a fan of the “we have apps for everything” model, particularly the integration of a password manager is just strange and the crypto wallet feels a bit nauseating, as I have my reservations about cryptocurrency. Consolidating all of my services in a company such as Proton feels misguided if the goal is to avoid walled gardens from the tech giants. There are also some other more recent things that have come up in relation to Proton that just make me question the legitimacy of Proton's “guiding moral imperative” as a privacy focussed company.

Moving on from that, I have mostly settled on two options due to their

• low cost
• generally adequate security (I understand email's limitations on this front, I just want something to be secure enough)
• transparency reports
• location of operation

The main thing I am struggling with here are the pros and cons between the two platforms.

Posteo seems to be less ideal of an email provider because they do not support ARC and lack a good DMARC policy. BUT they claim to support encryption with their calendars, but does this even matter if you are accessing the calendars with CalDAV (which I do not beliece is an E2EE connection)?

I think I trust Mailbox.org more when it comes to security, but I think their contacts / calendar situation is somewhat worse, and their French translation seems … lacking in spots (not that it matters to me much, but still is somewhat jarring for me).

I could just ignore the contacts/calendar problem, and use something like EteSync, but that would become just another thing to pay for, and another app to operate (if I need to use the WebDav bridge).

Any feedback on this would be greatly appreciated, I am really hoping this inspires some interesting conversations! And of course, feel free to tell me about better options if I have overlooked something. Have a lovely day :)

This is a topic I keep revisiting. It's constantly evolving, with new laws in different parts of the world happening pretty often. And also there's a lot of grey area with vague or incomprehensive language that hasn't yet been tested in courts.

I recognize that it's a bit of a niche topic, but I think there are a lot of us at Tildes who have to think about it. After all it potentially impacts anyone maintaining or building a non-platform web presence. It also applies to less obvious things like running an advertising campaign that involves media requested from a server you control (which can therefore potentially log requests).

For my part, I've needed to research laws relating to PII in order to come up with policies and practices in various contexts. In broad strokes it's pretty simple but as you get into details what I continue to find is that there are a lot of conflicting opinions both from professionals and lawyers. A lot of it is still open to interpretation.

I'm wondering what kinds of experience other tildenauts have around data protection and PII? Have you implemented solutions? Do you wonder about it for your own websites? Have you been involved with it at companies where you've worked? Do you have questions about it?

I've gone down the rabbit hole of self-hosting, and I'm wondering if I should try self-hosting my blog. The blog is currently on Netlify. I've left it there because I figure their infrastructure is much better than mine... but part of that is a CDN, and, despite the performance benefits, I'm not thrilled about the privacy implications of subjecting my users to that. I'm torn on that point.

That said, I'm on cable internet, so my upstream is abysmal. My site is mostly text and the site is low traffic, so maybe it's not a problem. What do you think? What are some of the implications of self-hosting the blog that I'm not considering?

Edit: Wanted to clarify a couple of things I realize weren't clear in my original posting. I'm already self-hosting a few dozen services from home on my own hardware. Port 80 and 443 both work, and I'm already running a Caddy reverse proxy to proxy to the other services. My question is less about whether self-hosting is a good idea and whether I should be keeping my blog on Netlify for the reasons above. My biggest concerns are the privacy implications of keeping with Netlify and their CDN vs. the performance implications of losing the CDN and serving via a ~30Mbps upstream connection.

Thank you for all the comments so far!