Google is somehow the only company that is able to completely ruin a calculator app. Even before installing, Google outs themselves with how much data they collect:

• App info and performance: Crash logs and Diagnostics
• Personal info: Email address
• Device or other IDs
• App activity: App interactions

And of course the encouraging message:

Data can’t be deleted

The developer doesn’t provide a way for you to request that your data be deleted

As soon as you try to install it, the app requests network access. I'm glad to be using GrapheneOS where this can be restricted.

The app doesn't crash on launch, which is a new concept for Google, since most of their apps won't even start without Google Play Services installed. Maybe that means the calculator app can calculate 1+1 without requiring installing the most invasive software known to man, right?

Of course it can't. It crashes the moment you press the plus sign. Thank you, Go

I am going to show what it would look like if a society had no privacy whatsoever, and then compare it to a society where privacy is a top priority. I am going to show that what little privacy we have in countries such as the United States is the thread holding those countries together, and without it society crumbles. I am going to show that privacy is essential for a free society to function properly, and also help you appreciate the privacy you may not know you have. Let's begin.

A Privacyless Society

"Our" Personal Life

Privacy, by definition, is the ability to control your data. That means controlling what data is shared, who it is shared with, how long it is shared for, when it is shared, and by what medium it is shared.

If you have no privacy, that means you lose the ability to obscure any of your data. All of your data is shared with everyone

Personal information: full name, birthday, address, occupation, social security number, etc.

Documents: birth

I need help installing Fedora CoreOS on a Raspberry Pi 5.

I've tried this method that uses Fedora Media Writer. The Raspberry Pi fails to boot from the flash drive.

I've tried this method that uses the Fedora Arm Installer. The Raspberry Pi fails to boot from the microSD card.

I've tried adapting this method but it seems to be exclusively for the Raspberry Pi 4, and no substitute tools exist. It didn't seem to even install anything on the microSD card.

I'm at a loss. I have no idea how to install it. Can anyone help? I'd be happy to give a step-by-step process of exactly what I did for each method, if needed.

I am making this post in good faith

In my last post I asked about securely hosting Jellyfin given my specific setup. A lot of people misunderstood my situation, which caused the whole thread to turn into a mess, and I didn't get the help I needed.

I am very new to selfhosting, which means I don't know everything. Instead of telling me that I don't know something, please help me learn and understand. I am here asking for help, even if I am not very good at it, which I apologize for.

With that said, let me reoutline my situation:

I use my ISP's default router, and the router is owned by Amazon. I am not the one managing the router, so I have no control over it. That alone means I have significant reason not to trust my own home network, and it means I employ the use of ProtonVPN to hide my traffic from my ISP and I require the use of encryption even over the LAN for privacy reasons. That is my threat model, so please respect tha

Please take this discussion to this post: https://lemmy.ml/post/28376589

::: spoiler Main content Selfhosting is always a dilemma in terms of security for a lot of reasons. Nevertheless, I have one simple goal: selfhost a Jellyfin instance in the most secure way possible. I don't plan to access it anywhere but home.

TL;DR

I want the highest degree of security possible, but my hard limits are:

• No custom DNS
• Always-on VPN
• No self-signed certificates (unless there is no risk of MITM)
• No external server

Full explanation

I want to be able to access it from multiple devices, so it can't be a local-only instance.

I have a Raspberry Pi 5 that I want to host it on. That means I will not be hosting it on an external server, and I will only be able to run something light like securecore rather than something heavy like Qubes OS. Eventually I would like to use GrapheneOS to host it, once [Android's virtual machi

I'm making this post to share some interesting less talked about things about privacy, security, and other related topics. This post has no direct goal, it's just an interesting thing to read. Anyways, here we go:

I made a post about secureblue, which is a Linux distro (I'll talk about the technicality later) designed to be as secure as possible without compromising too much usability. I really like the developers, they're one of the nicest, most responsible developers I've seen. I make a lot of bug reports on a wide variety of projects, so they deserve the recognition.

Anyways, secureblue is a lesser known distro with a growing community. It's a good contrast to the more well known alternative Qubes OS, which is not very user friendly at all.

Neither secureblue, nor Qubes OS are "distros" in the classical sense. secureblue modifies and hardens various [Fedora Atomic](https://fedo

This post is long and kind of a rant. I don't expect many to read the whole thing, but there's a conclusion at the bottom.

On the surface, recommended security practices are simple:

• Store all your credentials in a password manager
• Use two factor authentication on all accounts

However, it raises a few questions.

• Should you access your 2FA codes on the same device as the password manager?
• Should you store them in the password manager itself?

This is the beginning of where a threat model is needed. If your threat model does not include protections against unwanted access to your device, it is safe for you to store access your 2FA codes on the same device as your password manager, or even in the password manager itself.

So, to keep it simple, say you store your 2FA in your password manager. There's a few more questions:

• Where do you store the master password for the password manager?
• Where do you store 2FA recovery codes?

The master password for the password manager coul

cross-posted from: https://lemmy.ml/post/26453685

Not many people have heard about secureblue, and I want to spread the word about it. secureblue provides hardened images for Fedora Atomic and CoreOS. It's an operating system "for those whose first priority is using linux, and second priority is security."

secureblue provides exploit mitigations and fixes for multiple security holes. This includes the addition of GrapheneOS's hardened_malloc, their own hardened Chromium-based browser called Trivalent, USBGuard to protect against USB peripheral attacks, and plenty more.

secureblue has definitely matured a lot since I first started using it. Since then, it has become something that could reasonably be used

Not many people have heard about secureblue, and I want to spread the word about it. secureblue provides hardened images for Fedora Atomic and CoreOS. It's an operating system "for those whose first priority is using linux, and second priority is security."

secureblue provides exploit mitigations and fixes for multiple security holes. This includes the addition of GrapheneOS's hardened_malloc, their own hardened Chromium-based browser called Trivalent, USBGuard to protect against USB peripheral attacks, and plenty more.

secureblue has definitely matured a lot since I first started using it. Since then, it has become something that could reasonably be used as a daily driver. secureblue recognizes the need for usabili

I didn't like Kodi due to the unpleasant controls, especially on Android, so I decided to try out Jellyfin. It was really easy to get working, and I like it a lot more than Kodi, but I started to have problems after the first time restarting my computer.

I store my media on an external LUKS encrypted hard drive. Because of that, for some reason, Jellyfin's permission to access the drive go away after a reboot. That means something like chgrp -R jellyfin /media/username does work, but it stops working after I restart my computer and unlock the disk.

I tried modifying the /etc/fstab file without really knowing what I was doing, and almost bricked the system. Thank goodness I'm running an atomic distro (Fedora Silverblue), I was able to recover pretty quickly.

How do I give Jellyfin permanent access to my hard drive?

Solution:

1. Install GNOME Disks
2. Open GNOME Disks
3. On the left, click on the drive storing your media
4. Click "Unloc

A couple years ago when I was first interested in privacy I stumbled across a privacy website that I found very cool. I regret not saving it, but I'm certain it's not lost. I only remember this about the website:

• It had this song as its background music
• The website was for educating about privacy, and you would "unlock" new knowledge as you went
• Some of that knowledge was in a "cave" where some dark stories and articles surfaced
• One of the interactive segments was about "What do you think step counter data could reveal about you?" and the answer was things like religion (if your step count increased on certain days such as Sunday or Tuesday which correlates with some religions), rough location (based on which times you walked), etc.

That's all I remember. Thank you so much to anyone who can help me find it!

Yesterday I decided to start "officially" selfhosting. With almost no experience with Docker, I struggled for eight hours straight, but I finally have it working.

Currently, the two tools I am selfhosting with Docker Compose are LibreTranslate and spotDL. I'm only accessing them over the local network using a direct IP:PORT, so there's no domain name. I don't want to use a custom DNS, since it is fingerprintable online, so I want to keep it the same as my VPN.

With that said, I want to add encryption to the connections. I was able to generate my own self signed certificates with this command:

 cmd

    
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ./certs/key.key -out ./certs/cert.crt


  

spotDL was easy to setup with these self signed certs, since it has command flags for --enable-tls, --key-file, and --cert-file. LibreTranslate has an environment

This question has been answered. Please stop trying to repeat information that has already been said many times before. Everything in this thread is in good faith, I am here to learn, so I will make mistakes. Furthermore, if you want to contribute something new, please read the entire post to avoid misunderstanding the purpose of this post.

Selfhosting is useful when you either need a lot of storage or a lot of processing power. For example, Kiwix is useful to selfhost on a server because a lot of its content can take up terabytes of storage, which a phone may not have. LLMs are also useful to selfhost because they require a degree of processing power that, again, a phone may not have.

In both cases, there is also a need for perpetual access. If you simply hosted an LLM on your home computer, it wouldn't be very useful to access from your phone since your computer won't be running all the time. So, a separate always-on server is needed.

However, t

After about 2 and a half years of battling for my privacy, I'm finally at a place where I can step back and be happy. Technically the seed of privacy was planted 5 years ago, but it hadn't become a goal yet.

I used to use Windows 7 (even 10 and 11, eventually), an iPhone 6, Gmail, Google Hangouts (anyone else remember when it was called that?) and Discord as my main messengers, Snapchat, Instagram, Spotify, Netflix, Reddit, ChatGPT, Chrome, Google, Avast and Avast VPN, YouTube, Authy, and so, so much more.

I am so fortunate to be able to be where I'm at now. I use Fedora (Silverblue. I tried secureblue but it was too strict for my taste), a Pixel 8 running GrapheneOS, Proton Mail + addy.io (although I try to use email as little as possible), Signal and [Simpl

All of us have made privacy mistakes at some point in our privacy journeys. In an effort to help those earlier on in that journey, please share some of the mistakes you've made, and how you could have prevented it.

I use an RSS reader to curate my Lemmy feed, which means I see every post, including deleted ones. Every so often, posts will crop up with pessimistic content such as "Why try anymore?" etc. Most of the time these are a result of privacy burnout, where the individual has a threat model that is too strict for their own tolerance.

We all wish we have perfect privacy. We all wish the world could be more pro-privacy than anti-privacy. One day, that may be the case. For now, we have to accept that nobody can be completely private. Privacy is a spectrum, and doing what you can to minimize data collection goes a long way. You can't become private overnight, so taking small steps like these means you can grow a strong foundation for future privacy. Privacy takes time, so take it as slow as you need to.

Even if a company already has your data or another means to track you, by minimizing you are making it harder for them to extract that data, and it increases the odds that your data beco

Hello Lemmy!

I'm excited to celebrate the 100th release of my project, Open Source Everything! Open Source Everything is my own curated list of open source (or at least source-available) software. It started out with a bit of a bumpy start, even being deleted at one point, but the project is still going strong!

Over the past 4 months, the project has seen releases, both big and small, but it has grown so much since its initial release. It started out with a small list of 128 software I'd kept on my phone for months, but since then it has over doubled, and now has almost 300 pieces of software listed! It's truly inspiring to see the community come together and help the list out, so thank you very much to everyone who suggested software and contributed to the list!

With that said, the list has a long way to go. There are many sections that need improvemen

Happy Christmas and Merry Hanuka!

If you're struggling to find something to buy your privacy enthusiast friend for the holidays, I have some gift ideas. As with any gift, not everyone will need these, but it can give you a good idea of what to look for. Feel free to submit your own suggestions, as well!

No affiliate links, no sponsors, no favorites. All prices are in USD. If a price is something like "$X.99" or "$X.49" or "$X39" I have rounded it up by one digit.

Subscriptions

Some privacy tools come at a cost, and not all open source software can be used for free!

Addy.io

Addy.io is an email aliasing service.

Pricing

Lite: $1 / month

Pro: $3 / month

Bitwarden

Bitwarden is a cloud-synced password manager.

Pricing

Personal Premium: $10 / year

Personal Families: $40 / year

Business Teams: $48 / user / year

Business Enterprise: $72 /

I've gotten to a point in my privacy journey where it's less about moving towards private options, and more about relaxing and having some fun with what I can do.

I put off messing around with RSS for a while. I simply didn't have a significant need for it. However, after finding no good options to monitor various Lemmy communities without logging in, I decided to try out an RSS reader.

I settled on Feeder as my RSS reader, despite a few missing features I would like. I added my first Lemmy community as a feed, to try it out. I was immediately surprised how well it worked.

I also added other feeds, such as Tails News, and I was happy with that. I could monitor all the communities I needed to.

Then, I noticed one day, there was an RSS button for my Lemmy inbox. This is where I was really pleased: I can view my notifications without the need to log in, all in the same place.

Lemmy and RSS are both i

Nobody on my post asking for controversial privacy topics asked this question, but I feel I should cover it anyways. People sometimes assume that software is safe simply because it is open source. That is a misconception, and I would like to cover that in this post.

What does "open source" mean?

When software is "open source," it means that the developers have made the source code for the software public and allows anyone to help contribute to the code, or create their own versions of the software based on the source code. By contrast, proprietary software is software that has not made the source code visible to the public. There are similar terms to open source, such as "source-available," "open-core," and "libre," which I won't cover in this post. For the sake of simplicity, any source-available software will be called "open source," since the specifics don't quite matter for the majority of this post.

What are the benefits open source softwa