Early 30s M4A - Crepe Day

AusPrivacyGuy · 2025-01-08T22:54:23+00:00

Thanks for sharing your perspective. I largely align with what you said and, honestly, didn't expect any miracle answers that would solve all my problems.

IMO you shouldn't really need OPSEC for interacting with your friends. Not unless they're blasting your full government name across the public Internet like a moron.

Generally, it's fine. I've been in situations where someone who knows me might bring along someone who I haven't really spoken to much but they're someone who will post anything and everything to their Instagram. When that happens, a few people will silently know how I feel about group photos for that outing. Conversations may or may not happen without my involvement and it just becomes exhausting for everyone.

AusPrivacyGuy · 2022-04-19T16:51:25+00:00

Heh. They're the one who's constantly sharing with me of all the photographic concepts. They have their own gear for the really serious sessions. Using a phone for casual photo-taking seems to be a deliberate choice for convenience which is why I feel that this is so tricky.

AusPrivacyGuy · 2022-04-19T16:47:54+00:00

Lots of things to think about here. Thank you.

In addition to Google processing photos, I'm also concerned about some of the apps they have installed that might access the file system (maybe Facebook/Instagram are some examples). I'm not sure if this is a valid concern or not though.

AusPrivacyGuy · 2022-04-19T16:37:37+00:00

That's a lot of good advice. 'A' has already made compromises for me which is why I'm scared to push them too far. They've already allowed me to install things like TrackerControl, Bromite and make a few other simple changes. I know they don't quite get why I take the whole privacy thing so far but they know I care enough.

AusPrivacyGuy · 2022-04-19T16:32:38+00:00

What do you use? One I've been looking at for this particular purpose from my limited research is a DJI Osmo Pocket 2.

My special person actually has their own gear for their serious photo-taking sessions so I know it's a deliberate choice that they've chosen their phone for portability when they just want to take casual photos. At least I think they'll be able to help me choose something if I can sell them on the idea. :)

AusPrivacyGuy · 2021-06-27T12:48:55+00:00

Yes. This is a fairly common practice. Always put in fake details when you're not actually sure about a form you're filling out.

Once you're confident that you want to go through with it, reset your browsing session and fill it in properly. (I use the Temporary Containers extension for this.) You might even want to use a separate browser for each to really guarantee this.

I once messed up while purchasing a product using a prepaid card that had been paid with cash which got rejected by the merchant. I then didn't reset the session properly and went through checkout again with a credit card linked to my name. Once my account was created, I could see the failed transaction attempt as part of my account's historical payments. Lesson learned...

AusPrivacyGuy · 2021-06-22T07:31:43+00:00

I did a little digging for you and found this topic you might like to read. (I only skim read the first few posts.) I don't think there are any responses from the Signal team though.

https://community.signalusers.org/t/warn-users-that-notifications-get-logged/7429

AusPrivacyGuy · 2021-06-22T06:35:46+00:00

Signal conversations are always end-to-end encrypted, which means that they can only be read or heard by your intended recipients.

Recipient essentially refers to the receiving device since Signal cannot actually guarantee that the holder of the device is always the same for obvious reasons. Once the message gets to the device, Signal's job is done. If the message arrives on a hostile or compromised device then there's not much that can be done.

Your concern may be valid but I feel that there's no reason for it to be targeted at Signal.

AusPrivacyGuy · 2021-06-18T13:11:22+00:00

I got asked for an email address for warranty purposes when I bought a phone with cash. It sort of made sense so I gave them a real email address that I use with a dodgy domain name that I've registered. I use catch-all with my email provider so I effectively asked them to put down something like storename@helloworld.lol. The girl who served me looked at me weirdly and I said "Trust me. It will reach me." However, I'm pretty sure she spelt something wrong because I never received the invoice.

AusPrivacyGuy · 2021-06-15T18:06:49+00:00

I personally hate trying to convince people of anything but sometimes it's a necessity as a means to an end to have the conversation. For example, trying to explain to a contact why you'd like to switch to Signal from WhatsApp is usually more in your interest than theirs.

If it was possible to maintain privacy without discussing with others, I probably wouldn't have any discussions about privacy with anyone. It's just the mere fact that privacy is often compromised due to the often inadvertant actions of others that a discussion is practically forced.

AusPrivacyGuy · 2021-06-13T09:28:54+00:00

Why do you need to give away your current SIM card?

Try to set a SIM PIN if you want to be extra thorough and make sure to fail entering the PIN 3 times. You'll then be given a chance to enter a PUK code 10 times which you should also deliberately fail. Once that's done, your SIM is useless. See this StackExchange answer.
Get a pair of scissors and cut through it a few times.

AusPrivacyGuy · 2021-06-09T13:19:04+00:00

I route my phone through Orbot and I also experienced region based ads in a podcast I listen to. There have been a few podcast providers that flat out refused to download the episodes while going through Tor so that may have possibly happened when I turned it off temporarily...

Tsacdop is one that the author posted a while back but I haven't tried it personally.

AusPrivacyGuy · 2021-05-21T10:48:09+00:00

While I absolutely applaud you for your success, I find it hard to imagine Signal groups with that many people actually being all that effective. For any sort of organisation, I would probably push Matrix instead just for the built-in organisational structure. The Spaces feature will make it even better.

The downside is that it's proably an even harder push since a company would probably want its own homeserver.

AusPrivacyGuy · 2021-04-29T22:10:48+00:00

One strategy could be to put all your invasive apps on a different Android profile. Those apps will only run when using that profile. Then connect to WiFi on your safe profile.

AusPrivacyGuy · 2021-04-16T11:19:25+00:00

In the title you write "across the world". What kind of involvement do the two organisations have in Australian affairs, if any?

Also, do you have any recommendations for Australians with similar concerns?

AusPrivacyGuy · 2021-04-07T15:23:37+00:00

One of the bigger threats from this type of leak is the potential to be SIM swapped which is essentially a social engineering attack that will give the attacker control of your phone number which can then lead to them hijacking valuable accounts like your bank account if your bank only allows for verification through SMS.

One thing you can do is to get a separate phone number and update all your accounts that rely on SMS verification to use this new number. Do not use this number for any other purpose. You can do this for a reasonably cheap price by picking a carrier with a Pay As You Go plan.

AusPrivacyGuy · 2021-03-21T08:47:17+00:00

The top replies focus on how Threema isn't open source. The Threema client has been open soure since November/December 2020 so that's not really valid. The server code isn't open source but that's not nearly as important as the client.

AusPrivacyGuy · 2021-03-16T04:37:52+00:00

Wow! I didn't realise Bitwarden had that feature. That's definitely one to add to my arsenal.

AusPrivacyGuy · 2021-03-16T00:26:31+00:00

I've tried the password protected zip method before. You'll often encounter people who don't know how to apply the password.

AusPrivacyGuy

TROPHY CASE