cross-posted from: https://lemmy.ml/post/37051112

I'm just sharing here this app I use always on my phone, and I don't see many people talking about it.

It's similar to DuckDuckGo app feature that block trackers across all the device, but this one is focused only on that, it also allows you to add your custom tracker URLs to block and monitor every request being made.

It's open source and available on F-Droid: https://f-droid.org/packages/dev.clombardo.dnsnet/
GitHub: https://github.com/t895/DNSNet

It enables a VPN to intercept requests, so it can block URLs of trackers across all your apps. The app provides a list of URLs as you open it for the first time, you can choose a few options between less or more aggressive.

Obs.: The app don't tell, but when you add a custom URL you need to disable and enable it again.

I actually really liked the thing, hence it sticking around these 11 years since I got it. One thing I especially liked about it was that it initially just did the one thing. I went to a website or sometimes used an app, either in my phone or computer and pressed a button and whatever still image or video I'd been looking at on that source device, showed up on the TV I plugged the Chromecast in to.

Technically it still works, but it's getting harder and harder to do this simple task. It's been whinging about me not being signed in if I use it with YouTube and for an outrageously long time displays some kind of media control overlay that takes up a massive portion of the screen. That's what the phone or computer screen is for and the Chromecast gen1, not having been designed for this, is way too slow to do it properly so it struggles. It's increasingly difficult to actually get the cast button to appear even on Chrome on desktop, and there's some confusing shit to do with "web apps" on just about every website with media involved that I see no reason to indulge when the media plays without them anyway, but I assume that refusal has something to do with the damn thing not working anymore. Basically google have all but killed this device.

I see those Roku things as an alternative but that seems to be a full media player solution intended to essentially function as a smart tv in a removable stick. I basically just want a wireless HDMI input receiver that will work with web browsers or any media streaming service/app just like the Chromecast USED TO! Do they exist?

I want to be able to, without hassle, decide on a whim to send whatever media I'm looking at on a device, to the tv screen wirelessly.

Earlier post for context: https://lemmy.ml/post/35496495

TL;DR: Don't buy Huawei or Honor phones if you need bootloader unlocking capabilities. Even on units without a carrier lock. I couldn't unlock my Honor 90 Lite.

While the following comes from my experience attempting to unlock the bootloader on an Honor 90 Lite, it likely also applies to recent Huawei smartphones. Honor shares a great deal of its codebase with Huawei as it was a subsidiary spun off several years ago.

Unfortunately, a visible OEM unlocking toggle under the developer options does not guarantee bootloader unlocking in practice. It is up to the bootloader itself to accept unlocking commands, which manufacturers can patch out or severely restrict.

Prior to 2020, users could fill in a form on the Huawei/Honor website that provided the 16-character code required to unlock the bootloader. Instead of

fastboot flashing unlock

Huawei/Honor bootloaders require

fastboot oem unlock [16-CHAR CODE]

However, the form has since been discontinued, leaving us with

• Exploits for certain models with Kirin and Qualcomm SOCs
• Various paid and proprietary unlocking services
• Brute-force tools for models without known exploits

Since my phone does not have a known exploit and I don't feel like handing over my money to unlocking services with characteristically shady-looking websites, I am left with the latter option.

Brute-force with Luhn algorithm

For some time, the unlock codes were 16-digit numerical strings which were related to the IMEI and satisfied the Luhn algorithm (the same algorithm used as a rudimentary checksum for credit card numbers). This greatly narrows down the number of codes to be tried, such that I exhausted the entire space of 16-digit codes satisfying the Luhn algorithm in 45 minutes using the following Python scripts.

https://github.com/vcka/huawei-honor-unlock-bootloader

The better-known of the two Python scripts, this works mostly as intended, but does not stop once the space of 16-digit codes are exhausted, instead continuing up into 17-digit codes and beyond. However, an unlock code longer than 16 digits has never been attested.

https://github.com/borisgrigorov/bootloader-brute-force

This script did not appear in my initial search and didn't work out of the box on account of expecting a specific error message and stopping execution otherwise. However, it proved a friendlier script than the former with a quick patch and stopped once all 16-digit codes valid under the Luhn algorithm were exhausted.

Huawei/Honor are also known to require 16-digit alphanumeric codes, paritcularly on later models. Adding just the uppercase alphabet would make for a 16-character base-36 code, effectively conveying the information in a 25-digit base-10 code. Searching through this space would take about 800 million times longer. By the time this finishes, I can only hope that humanity has moved on past locked bootloaders. So I ditched any effort of extending the scripts to include alphabetic characters.

Trying both scripts with both IMEIs yielded no working unlock codes, so onto our next options.

Brute-force without Luhn algorithm

But what if it's still a 16-digit code, but it just doesn't add up according to the Luhn algorithm? How much longer would that take? The following C programs claim to be the fastest brute-force unlockers, neither of which use the Luhn algorithm.

https://github.com/Martazza/Huawei-Bootloader-Unlocker

The simpler and more well-known of the two, this simply increments up from 1000000000000000, testing each code along the way. At a rate of 200 guesses per second, my computer and phone would have burned through a good chunk of the world's remaining coal reserves by the time this finishes, even without accounting for alphabetical characters. So this is a no-go.

https://github.com/B83C/huawei_bootloader_unlocker

This optimizes upon the code of the former, incorporating portions of the fastboot source code to suppress unnecessary output. However, it appears to get stuck after guessing only 8 codes. I'll guess why in a bit.

Previously reported successes and time required to unlock

There are reports of the scripts utilizing the Luhn algorithm working on Huawei and Honor devices from around 2018 and 2019. Those attempts required continuous brute-forcing anywhere from several hours to several days. So why was my computer, featuring an i7-9700 also from 2019, able to iterate through all codes accoring to the Luhn algorithm in only 45 minutes? I am not certain, but my theory is that my phone had been silently discarding attempted codes without ever taking the time to evaluate them. The program from B83C is the only one to check the USB connection status and 8 attempts may have been the cutoff for my phone. I didn't bother with further testing. And unless someone manages to guess several million codes per second, at which point USB I/O would become a bottleneck, Martazza's code is of little practical use.

If it had taken longer to search through possible codes, my phone would have died during the process as it did not take in enough charge to sustain itself in fastboot. Fortunately, fastboot is kind enough to wait until the phone is ready again after disconnecting, charging, and reconnecting.

Other things that didn't work

• fastboot reboot fastboot: bootloader seems to double as fastboot for Huawei/Honor devices. fastboot with a white background and plain orange text doesn't seem to take any commands.
• Recovery menu accessed by holding volume up during boot: OTG upgrade does not allow choosing a file. USB upgrade allows the phone to show up under adb devices, but there is no dialog to grant permission.
• mtkclient: tried every button combination I could think of during power-up, but could not enter BROM mode
• Honor Suite: Just a dumbed-down syncing tool that requires admin privileges on Windows, no option anywhere related to bootloader unlocking. Worse yet, it doesn't even detect the phone in fastboot mode, even though the phone suggests opening Honor Suite when in fastboot.

Addendum: for thoroughness, shorting the internal test point to ground and plugging in USB brings the phone into "META MODE", after which the screen stays black. The phone is unresponsive to all commands I could think of and requires a power cycle, after which the RTC resets to the default date and time.

• and adb reboot edl and similar commands: simply does a normal reboot. fastboot edl seems to exist, but is prohibited from running.

Just to be clear: I could not unlock the bootloader of my Honor 90 Lite (CRT-NX1). Gotta love how we have to worry about things like Cellebrite cracking our precious data in a matter of hours while concerted efforts have done little against the accursed little bootloader.

Okay, so as the title says, I'm looking for a very cheap android phone that can support LineageOS. I know this is a stretch, but my current phone isn't compatible. I'd also prefer a flip phone, but I'll take what I can get. I'm trying to not break the bank with a phone as I'm trying to save for a car (I'm about 1/6th of the way there for a beater). Any help at all is appreciated!

Also, can anyone recommend a desktop YouTube client since they decided JS was necessary to combat whatever the fuck?

I have switched everything to privacy alternatives is it safe to delete my Google account or is it needed for some android features also if I delete my account does Google delete all my data if not, can I request the deletion of my data under the GDPR

Just to point out collabora office available on android, through the obtainium app in f-droid. It's an android fork of libreoffice

I thought I would post my own journey to de-googling with challenges and wins along the way. I realise that this is a de-google community however I will also be mentioning some other replacements too. Hope this helps anyone but let me know if I can help answer any questions or discuss anything.

Why I de-googled?

Google has strayed away from its own rule of "don't be evil" particularly in the past few years. To be fair, its not just Google, its all big US companies that dominates the market including Meta, Microsoft, Apple, Nvidia etc. This has happened for many reasons but one of them is because Trump has shown them that it is OK to break any laws/rules/ethical boundaries to dominate. All the "China is evil" talk had nothing major to do with security grounds, it was to eat the competition which ruined the market for consumers (and no I'm not Chinese or Asian). Anyways back to Google...

• Google products makes 0 sense to me: You pay for a product for example Pixel 10 which costs over $1000 but then they collect EVERY SHRED OF data they can about you and sell that to third parties. So the main money they make from you is actually your data as well as taking the $1000 you paid. Where are the days of paying for a product which becomes yours and does exactly what you want it to do?
• Monopoly and anti-competition: Constantly trying to kill any competition it can rather than embracing and appreciating a diverse tech ecosystem.
• Many Google services are "walled gardens"
• Government Surveillance Concerns
• Location Tracking Controversies: Even with location history turned off, Google has been found to track user locations
• Running controversial projects (ex Project Maven)
• Little innovation: If i ignore all of the above, have you ever noticed that their products have barely changed in years (Google Drive, Keep, Mail, Maps)? This is because they are no longer about technical-innovation but rather chasing money only.

The list goes on and on.

What Products have I replaced?

I think sometimes companies forget that CUSTOMERS are the ones who drive their business, Disney certainly got reminded of that when people started cancelling their memberships after the Kimmel fiasco. Luckily, massive thanks to companies who noticed this early and started creating alternative products and many of them are even open-source (these developers are the true legends that I respect).

Here are some of the products that I have replaced in my life over the past 2 months:

Google Drive > Filen + Ente Photos

Luckily I chose not to tie myself into Google Photos because I didnt like the tie-in from the start, all photos were just in the Drive folder. I chose to go with both Ente Photos and Filen for images/documents etc.

Why Ente photos? In my opinion they are a little overpriced but they seem to have the most complete feature set for photos like great zero knowledge, AI detection, maps, facial recognition etc and best of all it all happens locally. My photos total less than 100GB currently but in the future I will have to be careful about going over my 200GB limit. IMO 1TB option is far too expensive (I would rather switch to Immich self hosted at that point).

Cons:

• Super annoying not to have 2-way sync in Ente. They try to force you to treat Ente as the source of truth for your photos. I got around this issue though by: Watching folders locally and always editing/deleting/adding new photos locally on PC. I never make edits on Ente. If i take a photo on phone, i upload them into a "Ente upload" folder, pull those down and then copy them manually into the relevant watched folder.

Why Filen? You can easily get around 50GB by referrals which is very likely enough for documents and other files. However all other Filen options are so well priced particularly for zero knowledge encryption. I also LOVE how they did the drive mounting for all operating system with a nice dropdown to select: 2way sync, 1 way backup etc.

I will likely create another post detailing all the providers I compared in this space. I downloaded and tinkered with all of them!

Google Docs + Keep > Notion

Notion wont be my final stop however this is where some of my docs already existed so i just moved more non-private files into it. Eventually I would like to explore Obsidian more and convert doc files into MD files in Filen (particularly the private ones).

Google Maps > Organic Maps + Magic Earth for driving

This is probably going to be my biggest pain future point. This is still early days but when Im making small trips nearby, I am trialling both apps.

Google Youtube> 🥲

This is also a pain point, I have tried PeerTube however it is quite lacking aside from good privacy video guides.

Gmail, Contacts & Google Calendar> Mailbox .org

I tried many different email providers including Proton Mail, Tuta, Posteo but settled on Mailbox. Mailbox has recently updated their UI and it looks fantastic. They are a green provider, allow for very generous aliases number (and custom alias unlike Posteo). Their calendar and contacts are also fantastic and worked VERY well with Thunderbird. I found their instructions excellent to set everything up too.

Why didnt I choose encryption here like Proton/Tuta? It came down to my personal needs. What I care about the most here is that Google is NOT selling my email data. Germany has strict privacy laws, they would have to jump through alot of court hoops to gain access to my data (useless) and this would only be if I was of interest to them. If encryption is important to you, this probably isnt an option.

Again, I can do a detailed comparison of email providers in another post.

Google Gemini > Mistral and Duck AI

To be fair, I never really used Gemini too much so this was an easy choice. I do still find myself still using ChatGPT sometimes too.

Browser and Search Engine > Firefox and DuckDuckGo/Brave Search

I have been a loyal Firefox user since version 3 so this was easy (however I also use Vivaldi and respect their CEO for nice down to earth comments and being anti-AI in certain products). I opted for a combination of DuckGo and Brave because sometimes one is better than the other for results. Using both doesnt bother me. I really havent missed Google search and their AI that they FORCE down my neck...

Google Authentication > 2FAS auth

I chose 2FAS because it has a browser plugin to get the codes.

Google Lens > Flora Incognita

I thought about what I am really using Google Lens for and it turned it it was mostly to identify plants/trees etc so I tried Flora Incognita instead and its really excellent! I have hardly used Google Lens since installing this app.

Google Translate > DeepL

This replacement has been working very well however I do admit that I miss instant translations without having to take the photo.

Google Pass > KeePass> Bitwarden

Bitwarden is solid.

Google Pay > Garmin Watch Pay

When you pay with Google Pay, Google collects transaction details like merchant, amount, time, and payment method, linking you to your account to provide services and refine its advertising profile.

Garmin Pay collects a minimal payment token and transaction details needed to process the purchase, without linking you to a broader advertising/data profile.

Google Play Store > Fdroid + Aurora store

I really love Fdroid - so much love and respect to the open source community! Aurora is also great and keeps downloads anonymous. You dont have to worry too much about moving to a new phone too because you can export.

Facebook, Instagram etc. > 🗑️

I have been using Facebook (more than Instagram) for so long because I found it easy to get my news, keep in touch with friends overseas, interests etc. However their algorithms recently have gone mental, they are pushing more hate/far right propaganda recently and dont get me started on selling data here...

I made a really hard decision to close both accounts. I have been facebook free for 2 weeks though and somehow Im still alive... Instead, Im using Lemmy (WHICH IM LOVING!) and doing a thing called: Going outdoors/travelling more - The graphics outside are amazing.

Windows > Linux Fedora KDE

Im not a complete newbie to Linux but I have been on Windows for over 20 years now. When I was on holiday, I forced myself to use Fedora on a Lenovo Slim 7i (trackpad use - no mouse). Fedora is the one that worked the best perfectly out of the box (Ubuntu was second choice, others like Debian had alot of issues like Audio drivers). KDE vs Gnome, honestly I enjoy both but I chose KDE because I love the customisation.

Main cons: (again needs a seperate post)

• Maps tracking in the browser just wouldnt work accurately which made planning trips from my current location quite tricky. I had to really mess around with alot of things to finally get it working (some of the time).
• The window focus drove me nuts - This is a Wayland security addition which prevents window stealing so when you click on a link in VSCode, it wont bring Firefox into focus. You might think this isnt a big deal but you would be suprised how ANNOYING this can be when you end up with 20 links in Firefox that you forgot you clicked on. I did get around this by writing a KDE script.

Android phone

I have recently installed LineageOS with MicroG on my old Samsung S10e which was a headache but it was worth the effort. It's actually FREEKING AWESOME!!! Im really jelous of it when I have a newer phone... Im going to be trying out more apps but so far its doing absolutely everything I need (including maps working flawlessly).

I would kill for a phone replacement to Google's ecosystem, there is fairphone 6 (/e/os) however its specs are just too low for the cost and this is because of the greener aspect of the phone. There is a great market space right here for more privacy phones.

VPN > Windscribe

I like Windscribes humour and they gave me a generous amount of data when I signed up in the early days.

Conclusion

Honestly, it is much easier to replace Google products than you think but THERE IS A ROAD to go down to compare products to see what works best for you. I would recommend doing it one at a time so its not overwhelming (with a checklist). The most important thing is that it has not only been an educational experience but also a very fun rewarding one! I am looking forward to doing more in self-hosting in the future too.

I've had my GMail account for what must be almost 20 years now, and it's pretty ingrained in my life. My mortgage info comes via GMail, my bank statements come via GMail, my health insurance comes via GMail, etc.

Thinking about migrating honestly seems like an insurmountable task. I have no idea where to begin. How the hell do I go about untangling GMail services from my life.

I've potentially been looking to move to Proton for email, but any other suggestions (preferably European based) would be welcome.

Say a friend of mine has one of those dumb mobile game sponsorships, and if he gets 10 people to download the game through the play store, he gets paid. But instead it opens my browser where I tell it to open with Aurora store and download from there. Would that still count as a download with that code or not? Does that make sense?

Or is that still tracking no matter which store it is and where you download is moot?

I recently de-googled my phone by installed Lineage for MicroG. I want to find a good FOSS firewall app to use. I don't want a firewall app that just uses a VPN as its method of running.

On a test device, I've been using AFWall+, however that hasn't been updated in 2 years (At least on F-Droid). It works great, but I'm not sure if there is something more up-to-date.

Yo yo!

I have very little technical knowledge so please excuse any senseless mistakes.

I want a phone that I can use that is private and secure for the next couple of years. I understand that new android phones will be made differently so I can't side load (whatever that means, I just know it is important). I have an iPhone 12 rn but I'd rather leave the iOS ecosystem. Rn I'm typing this message on a pixel 3.

Is a pixel 3 old enough to still be a safe and secure phone that I can side load apps on in the future?

cross-posted from: https://lemmy.ca/post/51878816

If we want to argue that Degoogling isn't just about privacy, but about protecting your digital life from being shut down at the whim of a tech giant with no real appeal process, what are some examples showing why we shouldn’t ignore the risk of Google banning users, locking them out of countless accounts, and deleting photos, emails, and records that often lack backups?

Some examples that I personally know of:

• Being mass reported in YouTube comments for expressing a controversial opinion
• Filing a copyright claim, only for a creator to appeal it, and failing to provide ownership proof within 48 hours
• Having your Google account hacked and used for fake ads or Play purchases, then being told the charges are “legitimate,” and facing a ban if you dispute them
• Having your $1000 Google store purchase lost in transit, then being told that you're not getting a refund and if you try to chargeback, you'll be banned.
• Failing to provide a picture of a credit card for a Google store order flagged for fraud within 72 hours.

App: https://grayjay.app/ have any of you used this app? What do you think of it? Is it a good alternative to YouTube and such?

For example (just as rough proof of concept)

Research articles: Pretty much any academic library website for published stuff, arxiv.org for white papers in computer science and math, pubmed for biosciences

audio equipment: gearspace.com

Encyclopedia: Wikipedia

Thesaurus: Wordhippo.com

The idea is to avoid needing to visit a search engine. Might be a high idea.

If you’re looking for an alternative to Gmail, may I introduce Port87.

I’ve been working on this email service for four years, and I just opened it to the public today. The way it works is a might different than other email services.

You still get an address like yourname@port87.com, but you don’t usually use that form. Instead, you add a label like yourname-lemmy@port87.com. This is often called subaddressing or plus addressing. With Port87, these addresses go into labels. Everything between the dash and the at is a label. When you sign up somewhere, you can give them a label, even if it doesn’t exist yet. Then it becomes a pending label that you can approve to move it in with all your other labels. This really helps with organization too.

You can also give labels meant for real people, like yourname-friends@port87.com. On labels meant for real people, you can enable screening that responds to anyone new with a link to prove they’re human. When they click the link, their email is delivered.

Lastly, you can give out your “bare address” (yourname@port87.com) anywhere, because any email to it doesn’t get delivered to you. Instead, they get a response saying to email one of your other addresses, then a list of all of the addresses to your public labels. For example, I have a public label at hperrin-opensource@port87.com that’s meant for email about my open source projects. That gets included in the list in the auto reply when you email hperrin@port87.com.

Oh, also, you can bring your own domain! The main benefit of your own domain is it prevents vendor lock in. If Port87 ever stops meeting your needs, you can pack up your domain and take it to another provider. It also prevents losing your address if Port87 ever shuts down.

If you can’t tell, I’m very passionate about email, and the more competition there is to Gmail and Exchange, the more they’ll be forced to actually stop trying to Embrace Extend Extinguish email.

Hello everyone, I'm planning on getting a pixel 9 to put GrapheneOS on. When it comes to the right phone to buy, you need a pixel that is "unlocked," correct? Does unlocked refer to both root and carrier, or is there more than one meaning? Is there anything else I should keep in mind when buying a Pixel?

I was going to go with a refurbished one, would that be fine for security as well?

Thank you all

cross-posted from: https://programming.dev/post/37022178

As a result of this discussion in !degoogle@lemmy.ml, there is now an IRC channel about degoogling!

/join ##degoogle on irc.libera.chat:6697 (TLS). The channel name begins with a double hashtag (according to the namespace policy).

Come on down and join us through your local IRC client or the web client web.libera.chat!

Looking for places to have realtime chats.

After seeing the AI age verification bullshit that was the last straw for me after literally witnessing Google slowing down my videos because I use an adblock; I made an Odysee account and migrated over to it from YouTube.

(Surprisingly, a lot of channels that I follow upload there as well.)

And I think it is a pretty solid video streaming platform. I have had zero issues with it. Apparently there are no ads, it's decentralized, you can see the dislikes and actually discover a lot of interesting niche channels to watch. After a week of using it I realized I am not going to the YouTube anymore and Odysee is becoming more and more my "go to" place for watching a few videos and relaxing after a long day.

What do you think of it? I am not tech-savvy, so I might be missing something, but I just wanted to say that I am having a pretty good experience with Odysee.