A marketing team within media giant Cox Media Group (CMG) claims it has the capability to listen to ambient conversations of consumers through embedded microphones in smartphones, smart TVs, and other devices to gather data and use it to target ads, according to a review of CMG marketing materials by 404 Media and details from a...
Except the device is already in your home, and most people leave their account logged in. That’s basically like you inviting someone into your house, they hang out in your spare bedroom…and they’re still there. So no need to re-grant consent to a situation that hasn’t changed. Unless you mean it auto-logs out (or you log out) and have to re-grant consent then? Most do require consent on logging in, and the average consumer would hate having to log in every time and would probably use weak passwords because of this.
But, you can at least kick them out (revoke consent).
I just don’t see how a proper law/regulation would fix/restrict this, except to make certain personalization attempts (targeted ads) illegal.
I get that, but the person I replied to said “digital trespassing.” In my mind, that’s like physical trespassing in that they can’t enter your house (or collect data) without your consent. But if the EULA has the consent backed in it, the user agrees…then it’ll probably be legal.
Members of our community are excited to try out Beeper Mini, an “iMessage for Android” platform which actually works natively on your device, unlike Nothing’s ill-fated cloud iMessage offering.
You need to dream bigger. That should be the companies (Google, Apple, carriers, etc) working together and using a non-proprietary standard (an open RCS). Mini Beeper, to me, was just a proof of concept to show something akin to what Apple could do.
Depends on what you’re looking for…and what you mean by “Android.” As in solely AOSP? Or any of the derivatives to include OEM ones? If done right, Android can be more secure than desktop OS, so it actually might be the best distro, depending on what you’re looking for.
I don’t remember the full list as I’ve never used any or had any interest in them, but it was only OEM ones like Samsung’s. No user ones, which could be solved by Google opening up the API.
First GrapheneOS (and maybe e/OS? Not sure as I haven’t looked at them) is a fully featured OS and not a ROM. Second, it depends on the level of attestation, but GrapheneOS only passes MEETS_BASIC_INTEGRITY (again, not sure on e/OS).
And Google already “changed something drastically” as SafetyNet is deprecated (replaced by PlayIntegrity).
the difference between a ROM and a mobile OS, since I use both interchangeably (colloquially speaking).
Most people mistakenly do. GrapheneOS much prefers people to use the proper term of OS, so I try and do so.
I didn’t know about play integrity. Is this new with Android 14?
Nope. PlayIntegrity was announced anout 2.5 years ago. SafetyNet actually sunsets 31 Jan 24, unless the dev got an approved extension, and then it’s 31 Jan 25 for that specific app.
Well, it does spell out the difference of Ultra HDR. However, you asked “need?” There is absolutely no need (in my opinion) of better pictures, but I also rarely take or view them so I might not be the best judge.
The lead dev stepped down months ago, and the main thing with non-Pixel phones are the lack of security which is why only Pixels are currently supported.
To be clear, GrapheneOS did not “get rid” of Daniel. Daniel stepped down as lead dev and shifted some of his roles to other devs. He still contributes code to GOS.
People used to got to Custom ROMs because OEMs were really doing shit job, that’s not the case now given now.
Yep. I used to use custom (ROMs, kernels, etc) for the extra features and playing with my phone like a shiny new toy. Now I use GrapheneOS because OEMs and Google don’t do security and privacy anywhere near as good as GOS. And I can live with the minor inconvenience of apps that use Play Integrity API, though I do encourage the app devs to switch to hardware backed attestation because: “Android’s hardware attestation API provides a much stronger form of attestation than the Play Integrity API with the ability to whitelist the keys of alternate operating systems. It also avoids an unnecessary dependency on Google Play services and Google’s Play Integrity servers.” grapheneos.org/…/attestation-compatibility-guide
tl;dr: Cut out Cloudfare’s recursive resolver (or anyone else’s) and run your own via PiHole and Unbound.
You don’t cut the middle man, you create the middle man with Unbound.
Umm, Unbound is on your machine. So you’re saying you are your own middle man lol…which is the same as cutting out the middle man as you (rather, your server) are you.
And Unbound needs to ask other DNS servers on the internet to resolve DNS queries.
It asks the authoritative nameservers, which is who external DNS servers ask. By using Unbound, you are cutting out those external DNS servers, because you/Unbound is the DNS server. You are asking the authoritative name server directly instead of inserting someone else to ask on your behalf.
Here’s an explanation by Cloudflare: A recursive resolver (also known as a DNS recursor) is the first stop in a DNS query. The recursive resolver acts as a middleman between a client and a DNS nameserver…Most Internet users use a recursive resolver provided by their ISP, but there are other options available; for example Cloudflare’s 1.1.1.1.
I copy/pasted the above quote from the article you linked. Again, Unbound (your machine) is asking the DNS nameserver. You’re saying you are your own middleman lol. I’m saying cut out Cloudfare’s recursive resolver and run your own via PiHole and Unbound. Did you read the article I linked?
Trust me, I fully get it. You are trying to be pedantic and “technically correct,” Um Actually style. I am speaking from the perspective of this sub (privacy and enhancing it). You are your network. You are not a middleman in the context of yourself or your network. You are not losing privacy in relation to yourself. That’s being ridiculous. It’s like saying “I didn’t cook this steak at my house, um actually, my stove and pan did. Well, they (and I and the butter/oil) were the middleman. Let’s not forget the fire. Etc.” Again, ridiculous.
Also, you’re right in that you have to ask a DNS server to resolve a name to an IP. But in this context, DNS servers ask the root name server. Those DNS servers are the middlemen, rootname is not. With Unbound and recursive, you are asking the authoritative root name server. They are not a middleman to themselves…they are the authority in DNS (it’s in the name). Also, Unbound as Recursive does answer the question of OP which was “what DNS to use?” When you configure a recursive resolver, you don’t (shouldn’t) change it away from the root nameservers and insert a middleman (someone/something you don’t control), and it doesn’t do it by default. OP was clearly asking about non-authoritative DNS servers to use aka “should I use Quad9, CloudFlare, etc?” And my answer was…none. Cut out those middlemen that don’t need to be there/asked (which takes away some privacy as you’re asking a person who doesn’t need asked), and ask the root nameservers yourself via Unbound recursively.
You seem to be stuck talking from the perspective of the client/PC. Next, are you gonna say “you’re not actually going to the site. You’re going to the switch, then the router, and a firewall, maybe traversing a DMZ, could be a proxy in there, then going through the core backbone routers of the internet, down into their network. Of course, if there’s a VPN in there, that changes things. Let’s not forget the middleman of your own NIC and CPU, not to mention the keyboard, motherboard, mouse, etc. Oh, of course fiber and cabling. Those are all middlemen.” Do you see how fundamentally ridiculous that is?
As I’ve said before: myself. Using unbound as a recursive resolver and cutting out the middlemen of CloudFlare, Quad9, Google, etc.
Edit: or do you want the authoritative name/root servers my recursive resolver asks? Ok. I didn’t give these as that’s who everybody asks, to include Google, Quad9, etc…hence me harping on saying cutting out those middlemen and asking the root servers directly. www.iana.org/domains/root/servers
it won’t take long for someone to build a Wamazon Linux distro with all the features and none of the crap.
I don’t know what “features” Amazon would include that aren’t somehow directly tied into their store and ease of shopping…aka “crap.” It’s not like they would build a better video/audio driver or something. It would all just be more…advertising and analytics, probably on a cheap platform as hardware has never been their largest source of income, to include Kindles (AWS is, last I checked). Strip those two out of their build and we have essentially an untouched kernel lol, at least that’s how I see it happening.
The worst part is it barely works. I’ll get more unable to deliver over RCS than I’ve ever seen on Signal, Telegram and WhatsApp.
Maybe for you. I’ve never had it not work, with the exception of Airplane mode, but that’s by design.
As soon I switch back to SMS it delivers straight away. The fact it doesn’t switch automatically further frustrates me because it’ll leave messages hanging, when you expect the text messaging app to send texts.
There’s a setting under Message’s RCS chat to auto resend as SMS if RCS can’t send. Have you tried enabling that? I personally haven’t because I also use RCS for E2EE for those who don’t use Signal. And I’d be irritated if my E2EE app sent it in plain-text/SMS without my explicit consent, which you’re implying you want (but can enable with that setting, which would be a blanket consent).
Which sadly hasn’t had a stable realase in over 2.5 years, isn’t available for modern phone CPUs, and doesn’t support RCS. The RCS and E2EE is the main reason I use Messages.
No one offered to? Not even the business who runs the site nor the departments within said business who do the testing? From the link:
What we test - Canonical’s QA team performs an extensive set of over 500 OS compatibility focused hardware tests to ensure the best Ubuntu experience. Every aspect of the system is checked and verified.
Regular testing for up to 10 years - Roughly every 3 weeks, Ubuntu releases Stable Release Updates, ensuring a secure and reliable experience. These updates are carefully tested by the Hardware Certification team to make sure that systems work well with Ubuntu.
Our laboratories - Canonical conducts tests in dedicated laboratories, located around the world. The “Ubuntu Certified” label is applied to systems that have been verified and are continuously tested by Canonical throughout the Ubuntu release life cycle.
Sounds like it should be someone’s job at Canonical to update the list/site.
If you wanna boil it that down that much, sure. It’s also run by a non-profit with publicly available source code. And it’s not just “encryption,” but end-to-end encryption (E2EE), meaning the server and company don’t know what you’re messaging.
Is there a way to lock the bootloader and keep a ROM different from the one the device shipped with?
That might depend on the device. I used to tinker and switch a lot, but haven’t in years. I do however have GrapheneOS (which is not a ROM, but “a privacy and security focused mobile OS with Android app compatibility developed as a non-profit open source project”) on my Pixel and it gets regular updates. Most times weekly/every-other-week, but at worst monthly with the monthly security patches, often before Google releases them…all with the bootloader locked, per GrapheneOS’ recommendation.
I say all that to say…not 100% sure outside of my personal and recent experience with GrapheneOS on Pixels, and I haven’t had enough coffee yet to do research into phones I don’t have.
I just know that unlocking a pixel voids the warranty
And how do you “just know” that? Any sources? Everything I’ve read and even done with my Pixel says otherwise, though I do return to stock and relock before returning.
Avoid using mirrored consolidated lists, if possible; it deprives the original list maintainer of visits (meaning they may be less inclined to keep it up to date!) firebog.net
Being able to command a device to send you info or perform tasks is different than the device sending info of its own accord.
In this context, where it’s implied to send without the owner’s knowledge (ignoring the fact it’s documented), not really. The article screams “gotcha!” when in reality it didn’t, so they’re trying to backtrack and downplay their initial response. But I do appreciate their update, it’s just got a PR spin to it.
Edit: if the article was initially written as more of a “did you know” and/or expanding on existing documentation, wouldn’t be an issue. It’s the “it’s secretly stealing” that implies malice which is part of the definition of malware… that’shares a category with backdoor. So splitting hairs in the name of PR.
Hi, this is the last week before I will return my Pixel 7 Pro for a refund, after owning it for a year. My replacement is the 15 Pro Max, and I thought I’d post here in case anyone has any questions regarding these two devices....
Sounds like you had a faulty unit. Surprised they didn’t offer you a one-for-one replacement with another 7P as that sounds like a hardware issue at this point.
I ended up getting a few alerts, and each time I tested negative…but I do wonder how accurate the exposure determination was, since for me it was always false positives.
How are you determining you got a false positive? The app alerts you if you were exposed to someone with COVID while out and about in your day. Just because you didn’t catch COVID from your exposure does not mean the app gave you a false positive. Just that you weren’t close to them long enough and/or your immune system, hygiene, or luck fought it off.
Only way you could really say you got a “false positive” was if you got an alert, for a certain day but knew that you had 0 interaction with people (you never left the house and no one came over during your alert).
GrapheneOS…though it’s a a fully featured and production ready Operating System (OS), not a “ROM.”
“GrapheneOS is a privacy and security focused mobile OS with Android app compatibility developed as a non-profit open source project. It’s focused on the research and development of privacy and security technology including substantial improvements to sandboxing, exploit mitigations and the permission model.” grapheneos.org
I’m upgrading because my phone is losing (lost?) support. I use a OnePlus 7 Pro and love it and wouldn’t bother upgrading otherwise. I’d appreciate some recommendations of android phones you like, please....
(Pixel 4a Sunfish) I think the release page also doesn’t show any compatible builds since 20121003.
Well, if you read the release page (which you pointed out) it does say:
Pixel 4, Pixel 4 XL and Pixel 4a are end-of-life and shouldn’t be used anymore due to lack of most security patches for firmware and drivers. We’re considering porting them to Android 14…
Like I said, Android 14 is out, it’s just not out (and might not ever be out) for an EoL device. The 4a lost Google support 2ish months ago, and GOS even says you shouldn’t use it. Sounds like the perfect time to upgrade to the 8, which has MTE support (which eliminates 70% of CVEs) and has 7 years support. endoflife.date/pixel
Maybe I’m not lucky, but you’re unlucky (luck, good or bad, implies rare). I just deleted 200 screenshots and regained around 200mb (not gb) of space. I also deleted 20 pictures and got 50mb (again, not gb) of space back. How many pictures do you have to be measured in that many gigs?! And do you really need gigs of pictures that you routinely look through on your phone on order to need keeping them on your phone (and not backed up)?
I routinely/weekly/monthly go through my phone and delete old pictures and screenshots that I don’t need or care about. And those I do care about? I usually upload them to ProtonDrive and still delete them from my device, unless I actively need them while mobile.
Music, I usually have a couple of playlists and audiobooks and podcasts to listen while running or traveling with airplane mode. And done with the book or cast, I’ll delete it as I rarely listen to it twice. Music can stay. But that’s still maybe 20gbs and takes up the most space by a lot. I can also stream stuff with my unlimited data.
9to5Google: iMessage for Android doesn't matter, just use good apps (9to5google.com)
Marketing Company Claims That It Actually Is Listening to Your Phone and Smart Speakers to Target Ads (www.404media.co)
A marketing team within media giant Cox Media Group (CMG) claims it has the capability to listen to ambient conversations of consumers through embedded microphones in smartphones, smart TVs, and other devices to gather data and use it to target ads, according to a review of CMG marketing materials by 404 Media and details from a...
This Week in Privacy (#1) (blog.privacyguides.org)
Apple responds to the Beeper iMessage saga: ‘We took steps to protect our users’ (www.theverge.com)
What is the best and the worst Linux distro in your opinion? Why?
New Amazon Alexa app is here and looks like Google Home (9to5google.com)
7 new features to express yourself on Google Messages (blog.google)
Google Messages quietly added support for Ultra HDR images in RCS Chats (thespandroid.blogspot.com)
LineageOS is currently installed on 1.5 million Android devices (9to5google.com)
deleted_by_author
Amazon Building its Own Linux-Based OS to Replace Android (www.omgubuntu.co.uk)
Google Messages readying 'Profiles' to set your name and photo (9to5google.com)
Why aren't linux hardware shops on Ubuntu's certified hardware list? (ubuntu.com)
Where are Purism, System76, Tuxedo Computers, Starlabs, SlimbookES, and others? Instead there’s Dell, HP, ASUS, and Fujitsu…
Signal tests usernames that keep your phone number private (www.bleepingcomputer.com)
Xiaomi won't give Android updates if you unlock your bootloader (9to5google.com)
cross-posted from: lemdro.id/post/3017869 (!xiaomi)
Users of PiHole/AdGuard/Blocky, what blocklists are you using?
EDIT: Thanks so much guys! This was really helpful, and I didn’t imagine so many would help out!...
What is xtrapath3.izatcloud.net, why does my phone connect to it?
Last weekend with Pixel 7 Pro and iPhone 15 Pro Max, any questions?
Hi, this is the last week before I will return my Pixel 7 Pro for a refund, after owning it for a year. My replacement is the 15 Pro Max, and I thought I’d post here in case anyone has any questions regarding these two devices....
Android is removing COVID-19 exposure notification settings (9to5google.com)
Trying to understand "Stalled" Status
So a file I was needing is showing as 9 seeds, 5 peers, but its stalled....
How to stay safe on Strava (cyclingmagazine.ca)
Some good tips to preserve a bit of privacy for those who use the Strava platform....
I'm ditching htop for btop, look how cool it is (lemmy.ml)
FOSS launcher options?
I really like the simple, stock - ish layout on my home screen, which rules out a few popular suggestions like Niagara....
what custom rom do you use?
c
Gen Z is turned off by onscreen sex, wants no-mance over romance, a new study finds (www.latimes.com)
What android phones do you recommend and why?
I’m upgrading because my phone is losing (lost?) support. I use a OnePlus 7 Pro and love it and wouldn’t bother upgrading otherwise. I’d appreciate some recommendations of android phones you like, please....
A potential alternative to "app installs"
Many of us have numerous apps installed on our smartphones, and a significant portion of them go unused....
Addressing Changes to pfSense Plus Home+Lab (www.netgate.com)