Well it’s now a reality: https://monogr.ph/66add1680f119badfa65686f/

I’ve been on Mullvad with lemmy.ml and never had problems.

I think your question is answered by the thread you linked. Is there something in particular you don’t understand?

GNU/the FSF says that GrapheneOS does not qualify as free software (which is true, it’s not completely FLOSS as per the FSF’s definition—the linked GNU article classifies plenty of popular Linux distros we consider to be FOSS as non-free, btw, they’re not singling out Graphene), and GrapheneOS is saying they don’t want to fit the FSF’s definition of free software because it would mean a lack of security (which is also true; they need proprietary firmware updates from Google). The FSF has a strict definition of free software which a lot of software does not meet, and usually an entire operating system would only meet the FSF’s definition out of a deliberate, conscious, ideological decision to exclude all non-free software. In their article they even list Debian as a distro which no longer meets their standards, despite Debian being known for their strict policy around only including FOSS in their repos.

This is an instance of two different entities (GNU and GrapheneOS) having fundamentally different goals (one values a strict definition of free software at all costs, one values security at all costs). You are more than welcome to do things GNU’s way if you don’t like GrapheneOS’s way, or vice versa.

I think, when you explain things to people (i.e. in instances where it’s not an absence of knowledge that’s the problem), the vast majority of people know we’re correct, but are held back by convenience. They’re embedded into the Google ecosystem or whatever, and it is a pain in the ass to migrate. There are many popular services for which there isn’t a 1:1 private alternative. I can openly and confidently say that I sacrifice some convenience for privacy, and to me it is worth it. But other people, while they agree that they don’t like being spied on, are used to being spied on and therefore have a “if it ain’t broke don’t fix it” attitude. They’re already using spyware and it’s not had an immediately obvious acute consequence for them, so there’s not really any turning point at which they would go “this is enough” and change.

I think so long as they’re aware, if they do value privacy, over time they should slowly replace the things they use. Also, some of my friends get Signal just to speak to me since I’m not really on anything else (unless they want to email me lol), so that kind of effect may push them in the right direction.

If your brother doesn’t care though, he just doesn’t care. Privacy is actually very straightforward: it’s creepy for someone to be spying on me and watching my every move, therefore I take precautions to make that difficult for people wanting to spy on me. You don’t need to convince people that being spied on is creepy. They know that, and are stopped by inertia, which they can only overcome on their own. I don’t think it’s worth nagging them about it when they already know what is to be known.

In all my years of not using WhatsApp this has never happened to me lol. At best I’ve gotten some people to message me individually on Signal but not entire groups

Notesnook is working on making their sync server self-hostable so you might just want to self-host once that’s available. Otherwise if it’s just down short-term just a text editor and markdown? You can import markdown files to Notesnook once it’s back up for you.

Notesnook has been working fine for me, not sure why some users are having issues and some not.

For context, my threat model doesn’t need to account for real people breaking in and accessing my computer, the damage would be very contained.

I mean if you don’t have open ssh ports on your computer or whatever I don’t think you need a strong password, given that you’re not concerned about physical access. I would say that at the very least have a reasonably secure root password (/user password if you’re a sudoer/anyone else who can get root permissions with your user account) because if you end up with some malware on your computer that can, say, enter passwords, you don’t want it to be ridiculously easy to bruteforce.

I just use Mullvad VPN’s default DNS servers (with ad blocking, tracker blocking, and malware blocking)

Do you mean not using anything AOSP-based either? I know some people who use Linux phones

The purpose of hiding the transaction would be to make it so that Mullvad couldn’t tie the transaction (or your identity) to your account even if they wanted to. I know they say they don’t log that data and I believe them, but they physically could if they wanted to, as opposed to paying in a private way, which Mullvad encourages anyway.

Of course, this then depends on what you’ll do with your VPN. If you’re using it to log into anything, unless that account is completely anonymised, the Mullvad servers could tie you to your account if they wanted to track you. Same goes for if you connect from your home network as opposed to eg public wifi. But there definitely exist threat models and use cases where what you’re doing on that VPN wouldn’t otherwise be tie-able to your real identity and therefore wanting to guarantee your VPN provider can’t know who you are may be something you’re interested in.

And some people just like anonymity for the sake of it 🤷‍♀️

Making up a guy to be mad at. Meanwhile the US is a bastion of privacy of course

Glad it at least seems easy to circumvent with a VPN

Is there any real privacy concern from using Mozilla’s sync server?

I don’t use them. Web banking works completely fine for me. Back when I did use them, though, I always used them on privacy ROMs/GOS specifically. Went through 4 different banks and all their apps worked fine for me on GrapheneOS. No Google Play services either.

Is there an option to expand the vertical tabs so that they say the page title?

Yes if you get a court order for data you don’t hold, you don’t have to provide data you don’t have access to. I wasn’t expecting that Mullvad would have any useful data to give, I just wanted to read their response/commentary is all

Thanks!

Thanks!

They’d get nothing helpful from Signal either and yet governments still do it. Governments often don’t know what they’re doing and are used to just being able to ask companies for user data

Ultimately there are always going to be people who don’t have smartphones or computers, so society (including things which are currently almost mandatory to participate in society, like being able to bank) should be accessible to these people. If it’s accessible for them, it’s also accessible to people with smartphones or computers who have just removed the spyware from them.

I don’t do mobile banking; I just bank from my desktop browser. Not sure if this is an option for you or not, but I would have thought that online banking in the web browser should be even more common than having a mobile app for it.

Not sure what you mean by “home brokers” blocking you but if you mean their wifi blocks you, I’ve experienced that too on GrapheneOS but have found that VPNs allow me to use pretty much any public wifi.

Does your government app have a web alternative? If not that seems incredibly discriminatory against people who don’t have smartphones. If it has a web alternative but doesn’t work with any particular privacy settings, do you have a local library with computers you can use?