I figure if they can do it, other people can do it. Someone somewhere would get paid to do this if not them. I know thats a terrible outlook on it but gestures broadly at everything
I figure if they can do it, other people can do it. Someone somewhere would get paid to do this if not them.
I know thats a terrible outlook on it but gestures broadly at everything
Thank you for posting this. I've been considering whether or not I should be using a password manager instead of my old system even though intuitively it feels less safe to have my passwords on a...
Thank you for posting this.
I've been considering whether or not I should be using a password manager instead of my old system even though intuitively it feels less safe to have my passwords on a digital device. I guess the intuition isn't entirely misplaced. I very much hate the idea that anyone, in any circumstance, could get their hands on all my passwords!
Overall, I'd say it's still better to use a password manager than not. However, best practice would be to use a different vendor than your OS, use a good password for first unlock, and have it...
Overall, I'd say it's still better to use a password manager than not.
However, best practice would be to use a different vendor than your OS, use a good password for first unlock, and have it force a full password lock instead of biometrics after a few minutes.
That said, you should 100% have your email address and password manager password memorized and not in any password manager. A compromised email address is almost worse than literally every password.
Why? You either trust your OS vendor enough to use it or you don't and you shouldn't use that OS anyway. Putting trust in two parties just increases your attack surface.
Why? You either trust your OS vendor enough to use it or you don't and you shouldn't use that OS anyway. Putting trust in two parties just increases your attack surface.
An old idiom: Don't put all your eggs in one basket. Single-party trust is fine, until that single party gets attacked (legally or otherwise), then you lose everything. You should always be able...
An old idiom: Don't put all your eggs in one basket.
Single-party trust is fine, until that single party gets attacked (legally or otherwise), then you lose everything.
You should always be able to change providers if you lose trust in one.
I used to think like you when Gmail first came around. Now extracting myself from all Google is hard. Conversely, now if Bitwarden goes to shit the way Lastpass did, it becomes trivial to change just my password manager without uprooting my entire life.
I use paid Protonvpn. I don't use their password manager or docs. Different email providers and accounts for different things. My savings account is not tied to the same email as my checking.
Sure, more parties have potential to be compromised. But the impact of any one is much lower.
I don't have to be concerned about losing trust to a provider because I'm not using one for password management. How is that less secure than using them? I can't count on myself to stay in the...
I used to think like you when Gmail first came around. Now extracting myself from all Google is hard. Conversely, now if Bitwarden goes to shit the way Lastpass did, it becomes trivial to change just my password manager without uprooting my entire life.
I don't have to be concerned about losing trust to a provider because I'm not using one for password management. How is that less secure than using them? I can't count on myself to stay in the loop regarding when some provider "goes to shit", or my ability to promptly research and switch to another.
If you are already using unique, complicated passwords that are at least 14 characters long for every single service you care about, you don't need a password manager. I can only really memorize 4...
If you are already using unique, complicated passwords that are at least 14 characters long for every single service you care about, you don't need a password manager.
I can only really memorize 4 of those. And I have a lot more than 4 important logins. Especially when you need to rotate passwords.
I have a system that makes it easy for me to "remember" my passwords (I don't even know what the accurate term would be because I don't actually have to memorise them) but is indecipherable to...
I have a system that makes it easy for me to "remember" my passwords (I don't even know what the accurate term would be because I don't actually have to memorise them) but is indecipherable to other people, let alone machines.
I don't use it for every mundane unimportant login. For those I use a separate email and short passwords I can easily remember because I don't care if someone gets into an account that I made with an online magazine for doing a daily wordle.
If my OS is compromised, a third-party password manager is likely just as compromised as the OS password manager. I personally use Apple devices, so only know this to be true for Apple, but their...
If my OS is compromised, a third-party password manager is likely just as compromised as the OS password manager. I personally use Apple devices, so only know this to be true for Apple, but their password manager also supports export so I can swap at any point to another platform. I see what you're saying about Gmail, but passwords being stuck on a platform is much less likely to be an issue.
However, best practice would be to use a different vendor than your OS, use a good password for first unlock, and have it force a full password lock instead of biometrics after a few minutes.
Your biometrics are not protected like your password is. Law enforcement can fingerprint you within the law, ergo they can use your fingerprint for your phone. Conversely, your password is in your...
Your biometrics are not protected like your password is. Law enforcement can fingerprint you within the law, ergo they can use your fingerprint for your phone. Conversely, your password is in your head only (hopefully) and will remain there unless you speak up. You have no obligation to provide a password to anyone.
Very relevant, but odds are the local cop or judge demanding a phone unlock for data discovery isn't gonna kneecap you. All bets are off for criminals and three-letters though.
Very relevant, but odds are the local cop or judge demanding a phone unlock for data discovery isn't gonna kneecap you.
All bets are off for criminals and three-letters though.
Yes, absolutely. I don't use biometrics on my devices at all and this is partly the reason. Although petty crime etc were my main risk, rather than cops
Yes, absolutely. I don't use biometrics on my devices at all and this is partly the reason. Although petty crime etc were my main risk, rather than cops
That is specific to the US (and I think only for criminal cases). In a number of other countries, you can be legally obligated to provide your password. I know this is the case in several European...
You have no obligation to provide a password to anyone.
That is specific to the US (and I think only for criminal cases). In a number of other countries, you can be legally obligated to provide your password. I know this is the case in several European countries.
You are probably right! I tend to speak from the US perspective when I can reasonably ascertain one way or another they're likely from the US, even if I'm not from the US myself. Even so, legally...
You are probably right! I tend to speak from the US perspective when I can reasonably ascertain one way or another they're likely from the US, even if I'm not from the US myself.
Even so, legally obliged to provide a password doesn't make it so they automagically receive one. A fingerprint will be taken, a password must be given. Law be damned.
That is true, with some caveats. From a legal perspective, in some places, for example, the UK, the risk is that you can simply be imprisoned until you provide the password, a particularly...
Even so, legally obliged to provide a password doesn't make it so they automagically receive one. A fingerprint will be taken, a password must be given. Law be damned.
That is true, with some caveats.
From a legal perspective, in some places, for example, the UK, the risk is that you can simply be imprisoned until you provide the password, a particularly unsettling law considering that you may legitimately forget passwords, or random data may be interpreted as encrypted data.
From a practical security perspective, I have become a bit concerned about the idea that, in the age of ubiquitous cameras, repeatedly typing passwords in many settings may leak information about the password. This could be the case both for someone secretly recording you (I have heard that there are known cases of this attack with mobile phone pins, by scammers), and from CCTV footage. It is worth noting, for example, that CCTV footage in the EU can often be subject to GDPR requests from individuals, and while the data protection officer is supposed to ensure that the privacy of others is preserved when providing that footage, they may not realize the extent to which typing, rather than faces, might be leaked, especially when combining poor or blurred footage of many entries and developing a probabilistic model of likely passwords.
It is particularly frustrating to me that parts of the Linux community still insist on what is now seems like the security theatre of not showing any visual feedback when entering passwords; an attacker secretly watching you type your password wouldn't be trying to get the minimal information on password length from your screen, they would be secretly recording video and audio of your fingers.
As a result, I have taken to using biometrics more often for 'routine' password entries (simple screen unlocks, sudo when already logged in, etc).
I would assume because biometrics is so easy to abuse. If you get e.g knocked out or detained the other party can just use your face or finger to unlock. I’m getting some Demolition Man flashbacks...
I would assume because biometrics is so easy to abuse. If you get e.g knocked out or detained the other party can just use your face or finger to unlock.
Cellebrite can apparently extract data from most Pixel phones, unless they’re running GrapheneOS.
Despite being a vast repository of personal information, smartphones used to have little by way of security. That has thankfully changed, but companies like Cellebrite offer law enforcement tools that can bypass security on some devices. The company keeps the specifics quiet, but an anonymous individual recently logged in to a Cellebrite briefing and came away with a list of which of Google’s Pixel phones are vulnerable to Cellebrite phone hacking.
I recently bought used Pixel 6a with number one thing in mind - GrapheneOS. And after checking the phone actually physically works I flashed the GrapheneOS on it right away. I'm also deep into...
I recently bought used Pixel 6a with number one thing in mind - GrapheneOS. And after checking the phone actually physically works I flashed the GrapheneOS on it right away.
I'm also deep into Google ecosystem, hence why I installed Google Play and through it some Google apps and many other that are available via Play. I also installed F-Droid and where applicable, I run apps from F-Droid.
The OS itself is just Android as you likely know it. You could try going without Google Play, but you may need your banking app, sync contacts, calendar and whatnot from Google, install that app you paid for etc.
Until I set up my own calDAV (or whatever) server for my contacts and calendar and until I find some reasonable (even paid) e-mail provider (I have my domain), I won't uninstall all the Google crap.
Why I went Graphene then? Well, I'm a masochist, I try to do things the harder way... After inial setup (mainly the right permissions for all the Google crap) it runs just fine and I'm not flashing factor original image back into my Pixel 6a.
The longer you put off from moving the more and more ingrained you will be within their ecosystem. Start now if you want. First best time was ages ago, second best time is now, or something along...
The longer you put off from moving the more and more ingrained you will be within their ecosystem. Start now if you want. First best time was ages ago, second best time is now, or something along those lines.
I'm going tree planting this weekend with a local association - I wouldn't have the first clue what to do otherwise, but hopefully I can lend my unskilled labour to someone else's knowledge!
I'm going tree planting this weekend with a local association - I wouldn't have the first clue what to do otherwise, but hopefully I can lend my unskilled labour to someone else's knowledge!
Beauty is if it's a local tree species, you typically don't need more than putting the seeds around the tree in some dirt, and have a 10' radius from another large tree. Everything else is bonus....
Beauty is if it's a local tree species, you typically don't need more than putting the seeds around the tree in some dirt, and have a 10' radius from another large tree. Everything else is bonus.
I have a 10 gallon tote filled with a dozen baby red maple trees because I forgot about it under a maple tree for 9 months.
I took the first step already, even though I didn't know it at the time. I installed Immich on my server as I wanted to backup photos from my phone. And I was very surprised to find out that it is...
I took the first step already, even though I didn't know it at the time. I installed Immich on my server as I wanted to backup photos from my phone. And I was very surprised to find out that it is basically Google Photos but on your own hardware - it does automatic upload to the server which in turn runs machine learning to find people and objects on the photos so you can run search on them. It works great and runs on your own hardware.
There may be problems with syncing from outside of your LAN and you can't use search when you are not connected to the server, but these are just minor things for me as I run my.own OpenVPN server and can connect via that.
I'm moving away from Google Photos, that I know for sure. I also want to move from Gmail, that would be the hardest one as I used it for last 20 years and I have it integrated too much. The main problem is that I don't know where to move. I have my own domain and I want to utilize it, but I don't want to self-host this particular service.
I’m similar to you but have different problems — I know I want to have my own domain and set up emails away from google, and I know FastMail has all of these selling points and more. They’re an...
I’m similar to you but have different problems — I know I want to have my own domain and set up emails away from google, and I know FastMail has all of these selling points and more. They’re an Australian company, and while our government isn’t exactly privacy-focussed when it comes to the internet, we do have strong customer protections. So I know that if FastMail tries to pull a switcheroo and suddenly start monetising my data, they’ll likely have the ACCC knocking on their door pretty quickly demanding answers. And for now, their business model is “if you’re paying for the service, then we don’t need to sell your data to cover our costs” and yeah they’re not the cheapest deal out there, but if anything that means I trust their business model to hold up for longer than if they were super cost-competitive.
But I haven’t taken the leap yet because I don’t know how to buy an email domain, or if it’s different to buying a normal web domain, or who I should buy it from, or who I should use as my... “registrar”? Is that the company who looks after your domain for you? Do I need one company to look after “Throwdo owns the @Baggins.com.au domain” and a different company for running it as an email domain, or are they the same thing?
I'm not that much technically advanced in the "how to" as well, but if I understand ut right then: you register domain (and pay for it) you find some e-mail provider (it can even be free one if...
I'm not that much technically advanced in the "how to" as well, but if I understand ut right then:
you register domain (and pay for it)
you find some e-mail provider (it can even be free one if you they do this stuff and you are ok with their licence/conditions; to my limited knowledge it can be even Google), in this case say FastMail
you find and follow the provider's guide on how to "attach" your domain to their service
the above step will probably include going back to where you bought your domain and set up DNS MX record so that incoming e-mail knows that it should go to your e-mail provider
You can still run your own server in your garage and have it act as ie. webserver or VPN server (to access your home LAN) or whatever and the MX record will still point e-mail to your provider, not to your server.
I did this once over the phone with one of my not-that-technical friend and we made it work. From thix experience I believe everyone can do it, maybe with a little bit of help from somebody who knows or at least can do technical stuff to some extent.
I will likely look a bit into FastMail a try it out. I'm not sure I will jump into it, as every such service is a step into unknown - Are they trustworthy? Are they gonna be around 10/years from now?/Can i download all my data from them if I want to stop using them? Are there gonna be problems with sending/receiving e-mails (ie. are they trustworthy for other e-mail providers so that e-mails from their servers won't end in spam)?
There are many questions to be asked and hopefully replied to (probably by yourself after your own research) before making decisions.
As I said, I will look into FastMail and probably try it out somehow. Probably with my own domain, if applicable. I can report back after that, but it will take time (dedication). Likely not this year, sorry.
I just wanted to come back to this comment and say thank you! Your experiences with how simple it was helped me take the jump into buying a domain! I’ve also signed up for Fastmail’s 30 day free...
I just wanted to come back to this comment and say thank you! Your experiences with how simple it was helped me take the jump into buying a domain! I’ve also signed up for Fastmail’s 30 day free trial, so I’ll see how it goes but I’ll probably be jumping into this too, and slowly migrating my accounts to the new email address.
Like you, I expect this will be a slow, maybe even years-long process to be fully migrated over, but I’m happy to have started, at least a little bit!
Edit: now to start figuring out how much I can do with subdomains...
My domain is pavoukovo.cz which translates to English as "Pavouk's". I used subdomains for thinks like blog.pavoukovo.cz (Pavouk's blog) or sklad.pavoukovo.cz (Pavouk's storage; for sharing files)...
My domain is pavoukovo.cz which translates to English as "Pavouk's". I used subdomains for thinks like blog.pavoukovo.cz (Pavouk's blog) or sklad.pavoukovo.cz (Pavouk's storage; for sharing files) etc.
I will likely try to use the e-mail in similar way - having addresses for eshops, forums, throwaways/non-important and such.
I still have to jump the ship. Christmas around the corner and a lit of stuff to do right now. But I'm determined to do it and I will. Probably by the end of winter. I still have to look into various service providers that got recommended.
Oh that’s a great idea, I didn’t even think about subdomains for whatever I’m hosting! That’s another thing to consider, thank you! I was entirely thinking about subdomains for emails (eg...
Oh that’s a great idea, I didn’t even think about subdomains for whatever I’m hosting! That’s another thing to consider, thank you!
I was entirely thinking about subdomains for emails (eg email@youtube.baggins.com, email@jobhunting.baggins.com) because I’m not sure if FastMail makes subdomains super easy. Based off nothing but vibes, I feel like they probably have that as default behaviour given they already let me do infinite email forwarding from my own domain.
(I don’t actually have baggins.com domain, that’s just an example)
Personally, I use Tuta for mail and calendar. It's pretty affordable and I really like it. I'm pretty sure you can bring your own domain, though I don't personally use that feature. It also...
Personally, I use Tuta for mail and calendar. It's pretty affordable and I really like it. I'm pretty sure you can bring your own domain, though I don't personally use that feature. It also supports email aliases (for obscuring your true address and keeping it separate from certain things). Happy to answer any questions if you have them!
It looks nice. The price is great, actually. And even with two people, the price is lower than Fastmail, that was mentioned already. I also like them being stationed in Germany, I believe in EU...
It looks nice. The price is great, actually. And even with two people, the price is lower than Fastmail, that was mentioned already. I also like them being stationed in Germany, I believe in EU laws more than US ones (Fastmail is Australian, I know, but servers are placed in US).
I do have question, actually. Can you sync contacts between your Tuta and your phone so they show up in your contacts app? Better yet, do they sync automatically? With images, birthdays, mail addresses (geographical, like street and town), multiple phnes and e-mails?
I ask because when I finally go for it, I want to sync up everything - e-mail, calendar and contacts.
Wish GrapheneOS was actually available on non Google devices. iodeOS and /e/OS apparently are decent ish choices that aren’t Grapehene but they’re both eclipsed by GrapheneOS as private custom roms.
Wish GrapheneOS was actually available on non Google devices.
iodeOS and /e/OS apparently are decent ish choices that aren’t Grapehene but they’re both eclipsed by GrapheneOS as private custom roms.
I switched from CalyxOS to iodeOS after Calyx sort of imploded over the summer. I like it a lot, and they continue to release improved privacy and security features on a regular basis
I switched from CalyxOS to iodeOS after Calyx sort of imploded over the summer. I like it a lot, and they continue to release improved privacy and security features on a regular basis
I don't know any details other than what was posted publicly, but two (three?) developers left suddenly over the summer, and the institute then released a statement that they wouldn't be able to...
I don't know any details other than what was posted publicly, but two (three?) developers left suddenly over the summer, and the institute then released a statement that they wouldn't be able to provide any updates for at least 3 months, but potentially longer. They also said they would have to rotate the signing keys, so when they did come back, the new update couldn't be OTA and would require a full reinstall. They were recommending that folks switch to an alternative in the meantime, and took the installer down from their website (I believe they have since put the installer link back up). One of the developers, upon leaving, made a post that included:
still, in my opinion, calyx has a lot of work to do to rebuild trust, both inside and outside the org. i have a few starter ideas: listen to your workers. act swiftly on bad behavior. and don't shield the men who engage in it from consequences. ...repeatedly.
Here's the insitute's own post about the situation (this was from before the most recent developer left):
Thanks for that. I did move to GrapheneOS from Calyx, because I really couldn't work with Micro G any more, and the sandboxed play services solved my problem. So many projects seem to have...
Thanks for that. I did move to GrapheneOS from Calyx, because I really couldn't work with Micro G any more, and the sandboxed play services solved my problem. So many projects seem to have problems like this, it's a shame.
I would’ve liked to go with iode on my cmf phone but aside from no official support(But the unofficial version is made by a trusted person apparently). There’s no new easy to follow how to install...
I would’ve liked to go with iode on my cmf phone but aside from no official support(But the unofficial version is made by a trusted person apparently).
There’s no new easy to follow how to install a custom rom guide, and when you look it up, you either follow a guide that stops at unlocking bootloader, leaving you alone not knowing what to do, or an old guide that you’re not sure if you should follow or not.
/e/OS having a simple install script was really helpful.
That stinks! They have both an automated installer and pretty straightforward manual install instructions for supported devices, which is anything Lineage supports. But yeah that doesn't seem to...
That stinks! They have both an automated installer and pretty straightforward manual install instructions for supported devices, which is anything Lineage supports. But yeah that doesn't seem to include Nothing phones! I don't really know anything about what the process looks like for installing on unsupported devices.
For anybody curious, on top of security features/under the hood changes, GrapheneOS gives you a lot of control over how the phone/apps operate, which might appeal to you even if the cellebrite...
For anybody curious, on top of security features/under the hood changes, GrapheneOS gives you a lot of control over how the phone/apps operate, which might appeal to you even if the cellebrite thing doesn't freak you out.
Apps can have permissions approved/revoked at any time. When you install an app, if it requests Network permissions you're given the ability to deny before it is installed, and afterward you can flip back and forth as needed. You can do the same with Sensors, which to my knowledge just about nothing lets you manage. The phone has a log of which apps used which permissions. You can deny all permissions and plenty apps still work just fine. If you use apps like RethinkDNS or Invizible Pro, you can firewall everything and see a log of connection attempts.
Storage can be encrypted, and apps can be given restricted access to storage in place of whatever storage permission they request. For instance, I have a game emulator that can only access the one folder where my games are. The app works like normal but it can only see the one location. It doesn't have access to anywhere else in the filesystem, and has the option to grant access to more if desired.
You can set timers on Bluetooth and WiFi, so that if no connection is established it will shut those features/components off. You can limit what type of cellular connection the phone uses. The phone can obscure its name from networks and randomize its MAC address with each connection. You can set a timer for automatic rebooting, so that the device can go back to BFU on its own/when you go to bed. You can set a Duress Password - a passcode that causes the phone to wipe itself, that can be utilized on the unlock screen or in any field where you can type.
You can create separate profiles, with their own access to apps and phone functionality. You could, for example have a profile with google play services, that can't do calls/text and can't access anything other than those play service apps. You can change the behavior of the charging port, even disable it while the phone is on. The OS comes with an Auditor app which, set up properly can help you know if your software has changed without your knowledge.
You don't have to mess with any of it, but you can and that's what makes it good. There's a lot under the hood you don't need to care about to benefit from. If a phone is a cop in your pocket, thus far it seems like Graphene is the most sure way to fire that asshole and get your cool gadget back. I've been very satisfied since switching to it.
Just in case iphone users were mistakenly under the impression their devices are secure.
Fuck Cellebrite.
I figure if they can do it, other people can do it. Someone somewhere would get paid to do this if not them.
I know thats a terrible outlook on it but gestures broadly at everything
Yes, but my statement is much shorter than 'fuck security professionals that monetize hoarding security vulerabilities for their own gain.'
Thank you for posting this.
I've been considering whether or not I should be using a password manager instead of my old system even though intuitively it feels less safe to have my passwords on a digital device. I guess the intuition isn't entirely misplaced. I very much hate the idea that anyone, in any circumstance, could get their hands on all my passwords!
Overall, I'd say it's still better to use a password manager than not.
However, best practice would be to use a different vendor than your OS, use a good password for first unlock, and have it force a full password lock instead of biometrics after a few minutes.
That said, you should 100% have your email address and password manager password memorized and not in any password manager. A compromised email address is almost worse than literally every password.
Why? You either trust your OS vendor enough to use it or you don't and you shouldn't use that OS anyway. Putting trust in two parties just increases your attack surface.
An old idiom: Don't put all your eggs in one basket.
Single-party trust is fine, until that single party gets attacked (legally or otherwise), then you lose everything.
You should always be able to change providers if you lose trust in one.
I used to think like you when Gmail first came around. Now extracting myself from all Google is hard. Conversely, now if Bitwarden goes to shit the way Lastpass did, it becomes trivial to change just my password manager without uprooting my entire life.
I use paid Protonvpn. I don't use their password manager or docs. Different email providers and accounts for different things. My savings account is not tied to the same email as my checking.
Sure, more parties have potential to be compromised. But the impact of any one is much lower.
I don't have to be concerned about losing trust to a provider because I'm not using one for password management. How is that less secure than using them? I can't count on myself to stay in the loop regarding when some provider "goes to shit", or my ability to promptly research and switch to another.
If you are already using unique, complicated passwords that are at least 14 characters long for every single service you care about, you don't need a password manager.
I can only really memorize 4 of those. And I have a lot more than 4 important logins. Especially when you need to rotate passwords.
I have a system that makes it easy for me to "remember" my passwords (I don't even know what the accurate term would be because I don't actually have to memorise them) but is indecipherable to other people, let alone machines.
I don't use it for every mundane unimportant login. For those I use a separate email and short passwords I can easily remember because I don't care if someone gets into an account that I made with an online magazine for doing a daily wordle.
If my OS is compromised, a third-party password manager is likely just as compromised as the OS password manager. I personally use Apple devices, so only know this to be true for Apple, but their password manager also supports export so I can swap at any point to another platform. I see what you're saying about Gmail, but passwords being stuck on a platform is much less likely to be an issue.
Why is this?
Your biometrics are not protected like your password is. Law enforcement can fingerprint you within the law, ergo they can use your fingerprint for your phone. Conversely, your password is in your head only (hopefully) and will remain there unless you speak up. You have no obligation to provide a password to anyone.
Relevant XKCD
Very relevant, but odds are the local cop or judge demanding a phone unlock for data discovery isn't gonna kneecap you.
All bets are off for criminals and three-letters though.
Yes, absolutely. I don't use biometrics on my devices at all and this is partly the reason. Although petty crime etc were my main risk, rather than cops
That is specific to the US (and I think only for criminal cases). In a number of other countries, you can be legally obligated to provide your password. I know this is the case in several European countries.
You are probably right! I tend to speak from the US perspective when I can reasonably ascertain one way or another they're likely from the US, even if I'm not from the US myself.
Even so, legally obliged to provide a password doesn't make it so they automagically receive one. A fingerprint will be taken, a password must be given. Law be damned.
That is true, with some caveats.
From a legal perspective, in some places, for example, the UK, the risk is that you can simply be imprisoned until you provide the password, a particularly unsettling law considering that you may legitimately forget passwords, or random data may be interpreted as encrypted data.
From a practical security perspective, I have become a bit concerned about the idea that, in the age of ubiquitous cameras, repeatedly typing passwords in many settings may leak information about the password. This could be the case both for someone secretly recording you (I have heard that there are known cases of this attack with mobile phone pins, by scammers), and from CCTV footage. It is worth noting, for example, that CCTV footage in the EU can often be subject to GDPR requests from individuals, and while the data protection officer is supposed to ensure that the privacy of others is preserved when providing that footage, they may not realize the extent to which typing, rather than faces, might be leaked, especially when combining poor or blurred footage of many entries and developing a probabilistic model of likely passwords.
It is particularly frustrating to me that parts of the Linux community still insist on what is now seems like the security theatre of not showing any visual feedback when entering passwords; an attacker secretly watching you type your password wouldn't be trying to get the minimal information on password length from your screen, they would be secretly recording video and audio of your fingers.
As a result, I have taken to using biometrics more often for 'routine' password entries (simple screen unlocks, sudo when already logged in, etc).
I would assume because biometrics is so easy to abuse. If you get e.g knocked out or detained the other party can just use your face or finger to unlock.
I’m getting some Demolition Man flashbacks here..
Ya I've been toying for awhile with moving to grapheneOS. I'm just pretty ingrained with the Google ecosystem... It would be a lot of work to move oi.
I recently bought used Pixel 6a with number one thing in mind - GrapheneOS. And after checking the phone actually physically works I flashed the GrapheneOS on it right away.
I'm also deep into Google ecosystem, hence why I installed Google Play and through it some Google apps and many other that are available via Play. I also installed F-Droid and where applicable, I run apps from F-Droid.
The OS itself is just Android as you likely know it. You could try going without Google Play, but you may need your banking app, sync contacts, calendar and whatnot from Google, install that app you paid for etc.
Until I set up my own calDAV (or whatever) server for my contacts and calendar and until I find some reasonable (even paid) e-mail provider (I have my domain), I won't uninstall all the Google crap.
Why I went Graphene then? Well, I'm a masochist, I try to do things the harder way... After inial setup (mainly the right permissions for all the Google crap) it runs just fine and I'm not flashing factor original image back into my Pixel 6a.
Fastmail has been good to me.
The longer you put off from moving the more and more ingrained you will be within their ecosystem. Start now if you want. First best time was ages ago, second best time is now, or something along those lines.
Everyone, go plant a tree right now. Take a fallen seed and put it an inch into soil. If thousands do it, odds are at least one will mature.
I'm going tree planting this weekend with a local association - I wouldn't have the first clue what to do otherwise, but hopefully I can lend my unskilled labour to someone else's knowledge!
Beauty is if it's a local tree species, you typically don't need more than putting the seeds around the tree in some dirt, and have a 10' radius from another large tree. Everything else is bonus.
I have a 10 gallon tote filled with a dozen baby red maple trees because I forgot about it under a maple tree for 9 months.
Have fun!
I took the first step already, even though I didn't know it at the time. I installed Immich on my server as I wanted to backup photos from my phone. And I was very surprised to find out that it is basically Google Photos but on your own hardware - it does automatic upload to the server which in turn runs machine learning to find people and objects on the photos so you can run search on them. It works great and runs on your own hardware.
There may be problems with syncing from outside of your LAN and you can't use search when you are not connected to the server, but these are just minor things for me as I run my.own OpenVPN server and can connect via that.
I'm moving away from Google Photos, that I know for sure. I also want to move from Gmail, that would be the hardest one as I used it for last 20 years and I have it integrated too much. The main problem is that I don't know where to move. I have my own domain and I want to utilize it, but I don't want to self-host this particular service.
I’m similar to you but have different problems — I know I want to have my own domain and set up emails away from google, and I know FastMail has all of these selling points and more. They’re an Australian company, and while our government isn’t exactly privacy-focussed when it comes to the internet, we do have strong customer protections. So I know that if FastMail tries to pull a switcheroo and suddenly start monetising my data, they’ll likely have the ACCC knocking on their door pretty quickly demanding answers. And for now, their business model is “if you’re paying for the service, then we don’t need to sell your data to cover our costs” and yeah they’re not the cheapest deal out there, but if anything that means I trust their business model to hold up for longer than if they were super cost-competitive.
But I haven’t taken the leap yet because I don’t know how to buy an email domain, or if it’s different to buying a normal web domain, or who I should buy it from, or who I should use as my... “registrar”? Is that the company who looks after your domain for you? Do I need one company to look after “Throwdo owns the @Baggins.com.au domain” and a different company for running it as an email domain, or are they the same thing?
I'm not that much technically advanced in the "how to" as well, but if I understand ut right then:
You can still run your own server in your garage and have it act as ie. webserver or VPN server (to access your home LAN) or whatever and the MX record will still point e-mail to your provider, not to your server.
I did this once over the phone with one of my not-that-technical friend and we made it work. From thix experience I believe everyone can do it, maybe with a little bit of help from somebody who knows or at least can do technical stuff to some extent.
I will likely look a bit into FastMail a try it out. I'm not sure I will jump into it, as every such service is a step into unknown - Are they trustworthy? Are they gonna be around 10/years from now?/Can i download all my data from them if I want to stop using them? Are there gonna be problems with sending/receiving e-mails (ie. are they trustworthy for other e-mail providers so that e-mails from their servers won't end in spam)?
There are many questions to be asked and hopefully replied to (probably by yourself after your own research) before making decisions.
As I said, I will look into FastMail and probably try it out somehow. Probably with my own domain, if applicable. I can report back after that, but it will take time (dedication). Likely not this year, sorry.
I just wanted to come back to this comment and say thank you! Your experiences with how simple it was helped me take the jump into buying a domain! I’ve also signed up for Fastmail’s 30 day free trial, so I’ll see how it goes but I’ll probably be jumping into this too, and slowly migrating my accounts to the new email address.
Like you, I expect this will be a slow, maybe even years-long process to be fully migrated over, but I’m happy to have started, at least a little bit!
Edit: now to start figuring out how much I can do with subdomains...
My domain is pavoukovo.cz which translates to English as "Pavouk's". I used subdomains for thinks like blog.pavoukovo.cz (Pavouk's blog) or sklad.pavoukovo.cz (Pavouk's storage; for sharing files) etc.
I will likely try to use the e-mail in similar way - having addresses for eshops, forums, throwaways/non-important and such.
I still have to jump the ship. Christmas around the corner and a lit of stuff to do right now. But I'm determined to do it and I will. Probably by the end of winter. I still have to look into various service providers that got recommended.
Thabks for coming back and letting me know!
Oh that’s a great idea, I didn’t even think about subdomains for whatever I’m hosting! That’s another thing to consider, thank you!
I was entirely thinking about subdomains for emails (eg email@youtube.baggins.com, email@jobhunting.baggins.com) because I’m not sure if FastMail makes subdomains super easy. Based off nothing but vibes, I feel like they probably have that as default behaviour given they already let me do infinite email forwarding from my own domain.
(I don’t actually have baggins.com domain, that’s just an example)
Personally, I use Tuta for mail and calendar. It's pretty affordable and I really like it. I'm pretty sure you can bring your own domain, though I don't personally use that feature. It also supports email aliases (for obscuring your true address and keeping it separate from certain things). Happy to answer any questions if you have them!
It looks nice. The price is great, actually. And even with two people, the price is lower than Fastmail, that was mentioned already. I also like them being stationed in Germany, I believe in EU laws more than US ones (Fastmail is Australian, I know, but servers are placed in US).
I do have question, actually. Can you sync contacts between your Tuta and your phone so they show up in your contacts app? Better yet, do they sync automatically? With images, birthdays, mail addresses (geographical, like street and town), multiple phnes and e-mails?
I ask because when I finally go for it, I want to sync up everything - e-mail, calendar and contacts.
Edit: Just saw your new thread, moving this over there :)
Wish GrapheneOS was actually available on non Google devices.
iodeOS and /e/OS apparently are decent ish choices that aren’t Grapehene but they’re both eclipsed by GrapheneOS as private custom roms.
I switched from CalyxOS to iodeOS after Calyx sort of imploded over the summer. I like it a lot, and they continue to release improved privacy and security features on a regular basis
I used to use Calyx, what happened to them? Drama? Any links?
I don't know any details other than what was posted publicly, but two (three?) developers left suddenly over the summer, and the institute then released a statement that they wouldn't be able to provide any updates for at least 3 months, but potentially longer. They also said they would have to rotate the signing keys, so when they did come back, the new update couldn't be OTA and would require a full reinstall. They were recommending that folks switch to an alternative in the meantime, and took the installer down from their website (I believe they have since put the installer link back up). One of the developers, upon leaving, made a post that included:
Here's the insitute's own post about the situation (this was from before the most recent developer left):
https://calyxos.org/news/2025/08/01/a-letter-to-our-community/
Thanks for that. I did move to GrapheneOS from Calyx, because I really couldn't work with Micro G any more, and the sandboxed play services solved my problem. So many projects seem to have problems like this, it's a shame.
Ah, yeah. I like MicroG so far, but I've only been using it for about 6 months and it definitely has its limitations
I would’ve liked to go with iode on my cmf phone but aside from no official support(But the unofficial version is made by a trusted person apparently).
There’s no new easy to follow how to install a custom rom guide, and when you look it up, you either follow a guide that stops at unlocking bootloader, leaving you alone not knowing what to do, or an old guide that you’re not sure if you should follow or not.
/e/OS having a simple install script was really helpful.
That stinks! They have both an automated installer and pretty straightforward manual install instructions for supported devices, which is anything Lineage supports. But yeah that doesn't seem to include Nothing phones! I don't really know anything about what the process looks like for installing on unsupported devices.
For anybody curious, on top of security features/under the hood changes, GrapheneOS gives you a lot of control over how the phone/apps operate, which might appeal to you even if the cellebrite thing doesn't freak you out.
Apps can have permissions approved/revoked at any time. When you install an app, if it requests Network permissions you're given the ability to deny before it is installed, and afterward you can flip back and forth as needed. You can do the same with Sensors, which to my knowledge just about nothing lets you manage. The phone has a log of which apps used which permissions. You can deny all permissions and plenty apps still work just fine. If you use apps like RethinkDNS or Invizible Pro, you can firewall everything and see a log of connection attempts.
Storage can be encrypted, and apps can be given restricted access to storage in place of whatever storage permission they request. For instance, I have a game emulator that can only access the one folder where my games are. The app works like normal but it can only see the one location. It doesn't have access to anywhere else in the filesystem, and has the option to grant access to more if desired.
You can set timers on Bluetooth and WiFi, so that if no connection is established it will shut those features/components off. You can limit what type of cellular connection the phone uses. The phone can obscure its name from networks and randomize its MAC address with each connection. You can set a timer for automatic rebooting, so that the device can go back to BFU on its own/when you go to bed. You can set a Duress Password - a passcode that causes the phone to wipe itself, that can be utilized on the unlock screen or in any field where you can type.
You can create separate profiles, with their own access to apps and phone functionality. You could, for example have a profile with google play services, that can't do calls/text and can't access anything other than those play service apps. You can change the behavior of the charging port, even disable it while the phone is on. The OS comes with an Auditor app which, set up properly can help you know if your software has changed without your knowledge.
You don't have to mess with any of it, but you can and that's what makes it good. There's a lot under the hood you don't need to care about to benefit from. If a phone is a cop in your pocket, thus far it seems like Graphene is the most sure way to fire that asshole and get your cool gadget back. I've been very satisfied since switching to it.