Greetings! For the past few weeks, i have been using Apple Maps for navigation. Only to realise that it does not have some specific places i go to regularly. And offline maps are just broken. And since i'm here, what are the best FOSS Map apps that have offline navigation? (i did try osmand and maps.me, theyre both paid)

First, I understand that the best options are cash, gift cards, burner cards, XMR, etc. However, that isn't practical for my day to day use. My goal is minimizing how much information is collected/sold by advertisers.

I need a new physical credit card and figured I should look for one with a decent privacy policy. I'm curious if anybody has any suggestions.

The only one that I've found even decent so far is Apple's card, but I don't have an iPhone. I also know Apple is generally disliked on here.

Greetings fellow privacy enthusiasts!

I'm searching for a privacy-respecting media box that can run Android apps. The streaming device market features options like Shield TV, Chromecast and various Amlogic boxes. However, finding one that truly embraces FOSS principles while meeting essential needs has proven challenging.

Essential requirements:

• Android app compatibility - specifically need to run certain apps
• Strong privacy and security features
• Reliable, long-term software support (I've grown weary of devices becoming obsolete within 2-3 years)
• Budget-conscious: Aiming for under 150€, though I'm willing to invest appropriately for the right solution
• Willing to invest significant time in initial setup, but afterwards it should "just work" with minimal maintenance
• Timely and automatic security updates (ideally close to upstream releases)

My initial research suggests two potential approaches, though I'm not entirely certain about all implications:

1. Mainstream devices (like Nvidia Shield) that can be degoogled through ADB commands
2. Devices that are officially supported by LineageOS

While both paths seem promising, each raises certain concerns. For instance, degoogling might require ongoing maintenance, and running LineageOS could mean losing some device-specific functionality (as is the case with Shield).

The Raspberry Pi, with its open-source foundation and community-driven LineageOS development, seems interesting, though the lack of institutional backing raises some concerns about long-term reliability.

I'm still learning about the security implications of these choices. While I understand that phones running LineageOS don't match GrapheneOS's security standards, I'm uncertain how these considerations translate to a media box environment.

I'm open to exploring:

• Custom firmware solutions
• Alternative hardware platforms
• Creative, FOSS-friendly approaches that preserve privacy while maintaining Android compatibility

Has anyone in the community successfully navigated these choices? Your experiences and insights would be invaluable, particularly regarding long-term viability and security considerations.

Thank god we don't live in some ridiculous Eastern European mass surveilance red terror dystopia. Anything even remotely close will never happen under a democratic leadership

Is there anything like a SimpleX group chat to join for us to talk, or should one be started?

For many, this month is when gift-giving season officially begins in the United States (and several other places, I presume) thanks to Black Friday, which is quickly consuming most of November in many cases. As a result, even though online shopping is something most of us engage in year-round, now it’s particularly important to discuss how to safely shop online. Below is my now-annual updated online shopping tips, reflecting techniques and strategies I've picked up in the last year.

I made this post, outlining my verdict about whether or not Chromium is more secure than Firefox. At the very end of the post, I noted "GrapheneOS did not respond to my requests for a comment."

Well, after weeks with no reply, they finally responded. I don't plan to do any more research about this topic, but this information is still incredibly valuable. Keep in mind the questions I asked the GrapheneOS team were created before I had done much research about the topic. Here are the questions and GrapheneOS's replies:

Does Firefox have isolation between tabs?

incomplete

Is Firefox's implementation of tab isolation as secure as Chromium's?

no, it's incomplete and their sandbox is significantly weaker across all platforms, but it varies based on platform

Firefox uses Fission to isolate embedded content from the main website. Is Fission used for tab isolation as well?

it's incomplete

Is Fission the main cause of concern about Firefox's security?

there are many ways in which it's less secure than Chromium, but the weak sandbox particularly that's entirely not implemented on Android is one of the main issues

Are there other reasons why Chromium is more secure than Firefox, besides Fission?

Chromium uses full garbage collection for a lot of the C++ objects, has much more hardened memory allocators for native allocation, has the V8 sandbox as another layer of security missing in Firefox before the OS sandbox, has much more fuzzing, auditing, etc. and much more modern exploit mitigations implemented too

Firefox is far behind in nearly every way and laid off a lot of their security people

Isolation of embedded content is important to prevent Spectre and Meltdown exploits, but is this actually something that an everyday user will be majorly affected by? It seems that, unless you are logging in through embedded content, there is far less risk associated with this from an everyday standpoint. Again, more security is obviously better, but is this as big of an issue as it's made out to be?

yes it impacts users because browser vulnerabilities are widely exploited in the wild and the OS sandbox is one of the main defenses against it, as is the V8 sandbox feature entirely missing in Firefox

Google heavily monitors for browser exploits and catches a lot of it happening in the wild

Mozilla / Firefox has little visibility into it

therefore, it's much more widely reported for Chrome but does not mean it isn't happening with Firefox regularly

Is Firefox less secure on Linux (besides Qubes, Tails, etc.) than other desktop operating systems?

Tails is not a hardened OS at all, that's a misconception about it, and it has nearly all the problems of desktop Linux

Firefox on desktop Linux has weaker sandboxing than elsewhere

on Android they haven't even implemented a content sandbox, although the OS provides an app sandbox around it as a whole but that's not the same thing

In which ways are Fission less secure than Chromium's Site Isolation?

it's not even completed yet, the issue is still open since not everything is isolated yet and there are known ways out

Does Brave provide the same privacy against fingerprinting as the Tor Browser?

Tor Browser's anti-fingerprinting is greatly overestimated and does not really work with JavaScript enabled, which it is for most users

Brave's is not strictly better or worse

neither anti-fingerprinting approach works well

Could you provide good resources for my article about the state of Firefox security on Android?

no, but it is awful, they don't even implement any content sandbox let alone site isolation, and have almost no exploit mitigations or anything implemented

Would it be easy for a developer to create a fork of Firefox for Android that uses isolatedProcess?

no, but it's easy for them to do it relative to doing it elsewhere

Would using isolatedProcess in Firefox fix isolation issues? If not, what would still need done?

no, but it would allow them to provide a content sandbox on Android and partial site isolation to the extent they implement it overall

Is there tab isolation for Firefox on Android? Is this as secure as Chromium's?

there's an incomplete implementation, and no, it's not nearly as secure aside from being incomplete

watomatic.app

Example

🤖 Automated Reply

💬 I reply faster on example.org

⁉️ WhatsApp is anti-libre software. We do NOT control it. It withholds a libre software license text file, like GPL.

Explained

I reply faster on

Deleting the only way to reach someone online breaks your influence.

example.org

A link and only one link, so (1) they see it's an app, not some random word or typo, (2) they can download it without searching, and (3) they don't have multiple choice–they don't need to do any thinking or research. Remove everything stopping them.

anti-libre software.

Never say privacy, they've heard it all before (from you, no doubt). Say something different.

We do NOT control it.

Make it simple and direct. Think of the most removed person you know and break it down in a way they would understand. Think about every angle it could be misunderstood.

It withholds

Libre software is normal, default. Anti-libre software is cringe, weird, dangerous. Act like it. Also, humans care less about getting and more about losing stuff.

libre software license text file

Show them what to check for, for themselves, easily, obvious. Later, show them how to spread these ideas. Then, show them how to show others how to spread these ideas, make more of you.

GPL

A keyword for them to web search for more, with better results than more complex terms like AGPL or misleading terms like 'open source'.

Don't waste a word.

Lastly, make yourself someone everyone wants to talk to.

By "push server" I mean something like Ntfy.sh.

https://github.com/umutcamliyurt/Amnesichat

So I'm on the market for a 4G or 5G mobile hotspot with a build-in VPN client I can carry around in my backpack and connect my cellphone to. I've looked far and wide, and really the only manufacturer that seems to make what I want is GL.iNet.

The two battery-powered models they offer that interest me are the Mudi v2 and the Puli: they only do 4G and I wish they did 5G too, but I can live with that. Other than that, they really tick all the boxes for me.

From what I could read, the GL.iNet company also seems very open and very responsive. That's a plus too.

But I have one giant problem that prevents me from whipping out the credit card: GL.iNet is a Chinese company, and those products are sensitive applications. I know I can flash OpenWRT separately on those devices to ensure they're not doing stuff behind my back, but I don't really want to do that because I'd lose the GL.iNet plugins and custom UI. Not to mention, I have no free time for that. I'm looking for a ready-made solution if possible with this one.

Anybody knows if GL.iNet can be trusted?

Also, has anybody ordered from Europe using their EU store? They say they ship direct from Europe but they give no details.

And finally, what do you think of those two mobile VPN routers if you own one. Do they work well? I read somewhere that they can be buggy with certain VPN providers. Do they work in Europe? I assume they do since they sell EU plugs but maybe there are caveats.

Loops is a federated alternative to TikTok created by Pixelfed. Once it first came out, users were able to sign up for early access. Confirmation emails weren't sent right away, but today they announced that emails were being sent out, and registration is now closed.

I got a confirmation email today, attached in the image. I will be loosely documenting my experience, and may (no promises) make a writeup about it.

Wiz Khalifa would be proud

Happy Halloween! Tails released a small update, but it's nice to see that the software in Tails is getting updated more frequently!

Here are the major changes:

• Update Tor Browser to 14.0.1.
• Update the Tor client to 0.4.8.13.
• Update Thunderbird to 115.16.0.
• Fix automatic upgrades aborting with the error message "The upgrade could not be downloaded" even after a successful download. (#20593)

Alternative link: https://tails.net/news/version_6.9/

I used Mullvad's guide to change the DNS in Linux Mint and it worked. But I have a question about Firefox's DNS over HTTPS settings. Can I turn it to off now that the whole operating system uses the Mullvad DNS?

I was interested in hosting my own mail server that provides a similar level of privacy for users as Protonmail, ie the server admin cannot read any emails, even those which are not E2EE with PGP. Is there a self-hostable solution to this?

I'm aware the server admin can't read emails that were sent encrypted using the user's PGP key, but most emails I get are automated emails from companies/services/etc without the option to upload a public key to send the user encrypted email. If you're with a service like Protonmail, the server admin still cannot read even these emails.

actually awesome and fast search engine (depending on which instance you use) with no trashy AI and ADs results also great for privacy, if you don't know which instance to use go to https://searx.space/ and choose an instance closest to you

(I know many of you already know it but this incident I experienced made me so paranoid about using smartphones)

To start off, I'm not that deep into privacy rabbit hole but I do as much I can possibly to be private on my phone. But for the rest of phones in my family, I generally don't care because they are not tech savvy and pushing them towards privacy would make their lives hard.

So, the other day I pirated a movie for my family and since it was on Netflix, it was a direct rip with full HD. I was explaining to my family how this looks so good as this is an direct rip off from the Netflix platform, and not a recording of a screening in a cinema hall(camrip). It was a small 2min discussion in my native language with only English words used are record, piracy and Netflix.

Later I walk off and open YouTube, and I see a 2 recommendations pop-up on my homepage, "How to record Netflix shows" & "Why can't you screen record Netflix". THE WHAT NOW. I felt insanely insecure as I was sure never in my life I looked this shit up and it was purely based on those words I just spoke 5min back.

I am pretty secure on my device afaik and pretty sure all the listening happened on other devices in my family. Later that day, I went and saw which all apps had microphone access, moved most of them to Ask everytime and disabled Google app which literally has all the permissions enabled.

Overall a scary and saddening experience as this might be happening to almost everyone and made me feel it the journey I took to privacy-focused, all worth it.

To me, it’s gotta be the microphone