Daily tips to gain more privacy from Murena team

XjFred · February 5, 2022, 4:00pm

It is different. Privacy and Security are not the same subject and does not involve the same tools and techniques.
One is putting curtains on your windows, the other is installing an unbreakable door…
Not the same threat, not the same defense.

headwaters · February 5, 2022, 4:15pm

Privacy and security are closely connected. You will not long have privacy if you neglect s/e/curity. Curtains on your windows will not stay in place if your windows are easily opened or broken. If your neighborhood does not have effective public (police) or private security services and infrastructure, people who wish to violate your privacy will not be deterred.

anon88181694 · February 5, 2022, 5:31pm

This has nothing to do with being security hardened.
/e/OS is not even providing the absolute bare minimum of security and that is directly harmful to you, the users.

/e/OS is a successful project, I want to see it stick around, but I can’t stand to see you all accept this insecure trash you are fed.

Y’all need to get your head out of the sand, and start demanding /e/ team provide you some modicum of security, especially if you’ve bought a device from them.

Edmund · February 5, 2022, 5:34pm

Thanks for pointing to this interesting statement. Right, Google claims to keep all your data as secure as possible, as does Apple and others. But however one will define “security” and “privacy” as beeing somehow different from a technical (or legal) point of view - in the end they converge as to the effects for the user: My privacy will be destroyed against my will and interest.

udengoogle · February 5, 2022, 6:12pm

Have you try to help them to understand that and help them with your knowledge?

When you say this in this way it comes to my head why e/ is not listening?

tcecyk · February 6, 2022, 3:41pm

I like the emergence of alternative frontends to popular services (twitter, instagram, youtube). It’s the data that users created that is interesting, not how the service envisions it’s representation.

There is some risk: where it is not a platform offered frontend (as in old.reddit.com), these are essentially untrusted proxies that could give you any kind of payload.

The potential benefits are: faster rendering due to less javascript heavy sites, no cookie banners, no recaptchas, less login nags (as in the occasional instagram tap).

One extension that offers these redirects is https://github.com/SimonBrazell/privacy-redirect … I wrote up the steps necessary at Howto use any Addon in Firefox Nightly for Android

marcdw · February 10, 2022, 1:38pm

Awhile back I posted about deGoogling via the network. I wanted to set up a ROM with that in mind but due to work, laziness, and procrastination it took awhile. By the time I was running such a setup the thread had closed so couldn’t follow up.

For some months I’ve been running a ROM with UnifiedNlp for location services (microG with no Google stuff turned on would be equivalent) and IVPN with its Hardcore AntiTracker turned on (all Google and Facebook domains are blocked). As my daily driver. All good and haven’t felt like I’m missing anything. Have other devices in case I do.
Iceraven with Privacy Redirect addon, UntrackMe Lite for redirecting to other browsers, and doing what little social I do out on the Fediverse.

Only recently did I hit two snags.
Minor: Bandcamp uses Google for logins. Bandcamp has been my Amazon Music alternative for my weird tastes.
Since I’m not a full follower of the anti GAFAM/GAMAM/AAMAM “movement” I just might put Amazon Music on the ROM and see how it fares (it has no trackers at least).

Not so minor: I didn’t realize until last month that Iceraven had not synced bookmarks since November. A little testing and I found that Firefox Sync uses googleusercontent.com.
That’s a bummer as I wasn’t aware of that. Turning off the blocking allowed me to sync.
As an experiment I tried the xBrowserSync addon on Iceraven (as well as on Smart Cookie Web-Preview on another device) but it errors once credentials are entered.

Before anyone mentions it, I’m not in the position to self-host Firefox Sync. My computers are collecting dust at.the moment.

Taurus · February 10, 2022, 5:57pm

Amazon is the tracker!

I still use Amazon myself, though, for shopping from the desktop, and for Prime Video with the Roku app. Of course, I use Pi-hole or NoScript to negate as much needless tracking as possible.

I don’t use Amazon Music (limited catalog for discerning tastes maybe…?), and I’ve stopped using Amazon apps on Android since I installed /e/.

anon88181694 · February 10, 2022, 7:16pm

Regarding trackers, I’ve maintained my own blocklists along with a combined one from many permissive sources. Notably, using wildcard compression the list size is cut in half and can actually block more!
You can easily add it to your existing blocker such as uBlock Origin, Pi-Hole, Blokada/DNS66, etc.:
https://divested.dev/index.php?page=dnsbl

cedricoola · February 10, 2022, 7:17pm

Once again I’m sorry not to find Vivaldi browser mentioned (I know it is because Vivaldi is not 100% open-source but they speak openly about that). I trust them. Yes, it’s a question of trust. It’s good to question things but at some point it’s a question of trust.

Dave1 · February 12, 2022, 6:48am

They are different. If you want the best security then you want to use Google Android. You’ll get some of the best security out there.

Edmund · February 12, 2022, 1:46pm

Of course, you can have “security” without privacy (and some try to tell us only without privacy you can really be secure…).
But you will not long have much privacy without some decent security to protect you from illegal actions.
So, technically there are maybe different issues (there always are), but finally one has to take into account all of them…

anon88181694 · February 15, 2022, 1:25pm

Chromium 98.0.4758.101 was released yesterday.

/e/OS WebView and Browser, based on Chromium 96, now totals 129 known security issues.
CVE-2022-0609 and CVE-2021-4102 are both actively being abused in the wild.

Manoj · February 16, 2022, 4:04am

/e/ uses Bromite releases. An issue has been created to update to the latest Bromite release

Edmund · February 16, 2022, 7:26am

However, everybody could install the latest Bromite build by himself https://github.com/bromite/bromite/releases

anon88181694 · February 16, 2022, 10:59am

Thank you /e/ team for finally updating your browser. Seriously, thanks!
However that version 96.0.4664.183, is still a dead LTS branch and is still 11 security patches behind including CVE-2022-0609, upstream has replaced it with 98.0.4758.101.

Also note that Bromite has had patches for 97 and 98 created by a contributer, but rejected by its maintainer for seemingly no reason. The Bromite maintainer has also stated that they are not happy that /e/ depends on Bromite and yet has never contributed to Bromite.

mungo · February 16, 2022, 9:02pm

@Edmund: Would you mind to describe how one does it right with github?
Even without termux?

E-love · February 17, 2022, 3:40am

@Anonyme (going for the camille with pointers in this thread), did the dual booting not present shenanigans any time recently for you?
I had a windows 10 machine with Linux that was suddenly unable to locate the second partition after some “update” (I’d kept it offline for a long time but wanted the convenience of a WiFi connections and learned my lesson)

irrlicht · February 17, 2022, 6:03am

Download a file from there onto your device. For an FP the ARM64 would be the right one.
When the file is on the device open a file manager and navigate to the file.
The following depends on the file manager: Tap on the file to get a context menu, then select “Install”. If the context menu doesn’t open by tapping it’s somewhere else on a button or so.

camillebc · February 17, 2022, 6:14am

Wrong Camille I guess Sorry, hope you’ll find your answer!