Today i open a topic about my recent experience and i want to share maybe some questions.
Last day i switched successfully from classic samsung rom to /e/ os.
The same day i was invited to a party with my friends, the party was great, but in the end of the night while i was going home, 5 guys went to me and took me my phone in the transport.
Before with Samsung and Google eco-system i had set many protections for this kind of situation like online phone backups, distant data removal, encryption, last position before switch off, auto data wipe after x attemps, etc …
I was very sad to lose both my phone, money, and both all time spent to make a new start with the /e/ ecosystem. Last day i had not enought knowledge about open source equivalence to protect my phone, and i didn’t secured it enough.
For me the lesson is that changing ecosystem is a process that require some secure precautions (like not using the phone like usual or using an other maybe) but moreover i won’t forget that physicial protection is very very important too, in my case the phone was like “in a transition state” where all wasn’t prepared for daily use (a sort of “dev state” instead of “production” for daily life). But maybe if i had a physical protection like a cable or something to prevent stealing i don’t know … i still feel a little bit upset by what happened.
Now i bought a less expensive phone, a Xiaomi 8T (which is not available with /e/ for the moment sadly) and i want to quickly rebound and move on by starting again.
i would like to know more about how to protect a phone against robery when we don’t use the classic Google or Samsung protection.
I think that’s difficult to have a balanced workflow between protection and privacy, between nothing and frequent gps tracking, between easy to use data and dangerous encryption that might be not recoverable…
Sorry to hear that happened @babydriver. I’m glad it sounds like you didn’t come to any harm. The phone is replaceable luckily. I will also look into encrypting my /e/ right now because of this too
Yes you are right about encryption (the worst things in my story is that because i was making much manipulations, screen lock was temporaly disabled and i had a document on the phone where i listed every accounts and passwords because i was migrating every accounts to a new email and a new password manager called bitwarden … i did everything wrong i deserve a medal).
do you have some good open source apps/tools dealing with phone encryption properly ?
I don’t think that the robbers took a look to my data, they might have wiped everything to sell it (i hope they can’t really change IMEI, i read that was possible ?)
Thank you Aloha for your kind words, you are right some of my friends told me the same, it’s better to lose a phone than life.
But … for some people like me phone or computer is a like part of yourself, we spend much time to care of it and stealing is brutal, we lose suddenly something … it’s like this scene in the movie where Tom Hanks loose his ball “Wilson” ahah :
No need apps to encrypt a phone. You just have to go in Settings > Security > Encryption > Encrypt phone. (It might be different if you aren’t on /e/ Pie).
Have a look/test if your new phone is treble supported. If it’s coming with oreo or pie or q it will. Than you can use eOS pie GSI. The standard GSI will encrypt your phone at first boot.
I wanted to add something very important in what i learned : when someone still your phone double auth can become a nightmare.
I refused many times to set it on my accounts except for Gmail and maybe one or two others. Right now i can’t access GMAIL and these but i can’t imagine if i had trust this kind of protection on all my accounts.
And when i see that banks want to apply this process as main mean to protect accounts … better to never loose my phone
I don’t know how a robber think but if I was one, I would take the time (I guess they have it) to look at the phone to find bank apps or a way to make money. And the fact there wasn’t any password won’t help. So consider they have looked at everything.
It’s true if the 2FA method is a number phone on a stolen SIM card.
If possible, I use the code generator method.
My phone is the Xiaomi Redmi Note 8, i saw that someone on lineage community made an unofficial rom but i’m not sure to install it because i don’t know the difference between lineage and /e/ about how Google Play alternative work (i really enjoyed the /e/ default store that let find much apps from play store)
You’re right i must think like they did it, that’s why i’m taking every accounts one by one and changing every passwords … it’s very long because i listed every accounts i have on internet and i must change them all (141 credentials with different passwords)
For 2FA i’m agree with you. Do you have one good alternative to this of Google ? Where do you securely store the recovery keys ?
At least you have already listed them. I also have a complete list of my accounts and for each of them I can directly know which email address is used, if the account has my number phone, my name, my postal address. This way if I need to change one of these informations or the password, I can do it very quickly without forgetting a single account.
I don’t know what you are talking about but I use “Aegis”, an alternative to “Google Authenticator”.
I store my recovery keys (keys used to recover an account without the code from the 2FA method) in plain text on my external hard drive. But the hard drive is encrypted thanks to VeraCrypt.
Hi, you can get better protection if you use keepass2android using ykdroid and a yubikey hardwaretoken if your device supports nfc.
No easy way, but i use keepassxc on linux to fill my keepassfile and k2a to read it. you may handle it the other way round if your main device is your smartphone.
I use and recommend 2 Keys and a backup of the secret you generated and stored into the key. The YubiKey 5 NFC Works reliably with my Fairphone3 with /e/. I dont know if the cheaper Yubico Security Key NFC will work. The keys are robust and my 2nd is security against loosing my physical keyring.
Hi @babydriver sorry to hear about the loss!
I think that something should be baked into /e/, via nextcloud, as @blackpoint mentioned… the option to restore all datas through external server. Of course, optional… /e/ is about privacy anyway.
@babydriver I would totally recommend using @harvey186’s GSI on your Mi8! It is a difficult install process but very rewarding.
You could also use something like Lookout to be able to remotely lock and/or wipe your handset if lost or stolen. It’s £20 a year. It also has other benefits, including app scanning, web safe browsing, wifi advice & privacy scanner.