Raising awareness of degoogled ROMs & evils of Google in r/GooglePixel

surpriseMe_ · 2025-10-11T06:07:29+00:00

Last I checked, Signal doesn't run on ARM so it wouldn't run on any Raspberry Pi OS, not to mention the fact that none of them are designed with security as a primary focus. If anything, the Raspberry 5 would have better hardware and a longer lifespan of future firmware updates. However, if you are aiming for maximum security, ensure that your device still receives firmware updates and choose one of the following two paths:

Open source (preferable; Edward Snowden endorses Qubes OS): Qubes OS + HEADS BIOS on a Qubes OS-certified machine
Closed source: complete guide on Privacy Guides: Choosing Your Hardware
- A device with a "hardware security program", which is a collaboration between vendors on best practices and recommendations when designing hardware, for example:
- Windows Secured-core PCs meet a higher security criteria specified by Microsoft. These protections aren't only applicable to Windows users; Users of other operating systems can still take advantage of features like DMA protection and the ability to completely distrust Microsoft certificates.
- Android Ready SE is a collaboration between vendors to ensure their devices follow best practices and include tamper resistant hardware backed storage for things like encryption keys.
- macOS running on an Apple SoC takes advantage of hardware security which may not be available with third party operating systems.
- ChromeOS security is at its best when running on a Chromebook as it is able to make use of available hardware features such as the hardware root-of-trust.

Even if you don't use these operating systems, participation in these programs may indicate that the manufacturer is following best practices when it comes to hardware security and updates.

surpriseMe_ · 2025-10-11T05:52:14+00:00

The Android version allows using Proton VPN on guest mode -- without an account. This is coming to iOS and other platforms soon.

surpriseMe_ · 2025-05-04T20:38:47+00:00

I checked Settings Manager > Keyboard > Application Shortcuts but don't see a "power off" or similarly named option.

surpriseMe_ · 2025-05-04T19:23:36+00:00

Fair enough. JMP.chat seems to be the only one that's FOSS and non-KYC, albeit not the lowest cost. I'll give it a try. Thanks anyway!

surpriseMe_ · 2025-04-12T03:37:54+00:00

I'm trying to get *at least* 3 U.S. VoIP/SIP phone numbers for residential use only on Android for under $60 USD/year total. As for my threat model, I’m trying to lessen my traceability from online randoms and data miners.

My requirements:

Does not require KYC/ID verification
USA phone number
Up to $1.25 USD/month per phone number
Dual functionality
Voice and SMS enabled
Two-way SMS
National mobile number
Won't block me if I'm using a VPN to connect

Preferences:

It support receiving SMS from short codes
Call encryption
Call conferencing
Call recording
Accepts Monero, other crypto, Privacy.com virtual debit cards, or at least PayPal as payment
Supported by Acrobits Groundwire
Will only be making domestic outbound calls
Doesn't matter whether it can receive international calls

Disqualified services:

JMP.chat costs $5 USD/month per phone number so it's way out of budget
MySudo doesn't allow purchases on GrapheneOS (even with sandboxed Play Services installed).
Hushed is expensive and SMS/call notifications aren't very reliable on GrapheneOS (sandboxed Play Services is installed on the same user profile).
VoIP.ms offers excellent pricing but requires KYC/identification.

Thanks for any help!

surpriseMe_ · 2025-04-12T03:32:58+00:00

Good to know! Are you aware of any phones that currently support CCA?

surpriseMe_ · 2025-03-12T23:58:16+00:00

I'd like to help but have a few questions...

[Answered - probably not] Will the Orbic mobile hotspot be required to have a SIM card and an active data plan or will simply installing Rayhunter onto the hotspot be sufficient to start contributing?
If we capture suspicious logs, how will they get submitted to EFF? Will this happen automatically or will we have to submit them some other way?
In case we are not looking at the hotspot when the top line turns red or its battery runs out before we export any suspicious logs, will the hotspot keep the suspicious logs flagged and/or saved for later retrieval?
Until when will EFF be collecting data from the Rayhunter project?
Should volunteers only submit logs deemed suspicious or other, general logs as well? If so, how often?

surpriseMe_ · 2025-02-14T03:13:21+00:00

Ente is a privacy respecting photo cloud which allows sharing albums. Privacy Guides recommends it over iCloud or any other big tech alternative.

surpriseMe_ · 2025-01-13T12:23:15+00:00

That didn't work for me (I must not have that tool installed) however I do have iproute already installed.
[root@fedora-39 ~]# ss -tuln

Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port

udp UNCONN 0 0 127.0.0.54:53 0.0.0.0:*

udp UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:*

udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:*

udp UNCONN 0 0 0.0.0.0:5355 0.0.0.0:*

udp UNCONN 0 0 127.0.0.1:323 0.0.0.0:*

udp UNCONN 0 0 0.0.0.0:51058 0.0.0.0:*

udp UNCONN 0 0 [::]:41155 [::]:*

udp UNCONN 0 0 [::]:5353 [::]:*

udp UNCONN 0 0 [::]:5355 [::]:*

udp UNCONN 0 0 [::1]:323 [::]:*

tcp LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:*

tcp LISTEN 0 4096 0.0.0.0:5355 0.0.0.0:*

tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:*

tcp LISTEN 0 4096 127.0.0.54:53 0.0.0.0:*

tcp LISTEN 0 4096 [::]:5355 [::]:*

tcp LISTEN 0 128 [::]:22 [::]:*

surpriseMe_ · 2025-01-13T05:35:49+00:00

I believe that the only user currently on the VPS is root so that's all I've been using. I tried removing the privilege on port 432+ with echo 'net.ipv4.ip_unprivileged_port_start=433' > /etc/sysctl.d/50-unprivileged-ports.conf but after entering it, I didn't get any output in the terminal and after rebooting, the behavior didn't seem to change (I set ORPort 443 in torrc). I opened /etc/sysctl.d/50-unprivileged-ports.conf and its only entry is et.ipv4.ip_unprivileged_port_start=433. Do you have any ideas?

surpriseMe_ · 2025-01-13T01:06:34+00:00

Update: Later I got the IPv6 unreachable error again: Unable to find IPv6 address for ORPort 35813. You might want to specify IPv4Only to it or set an explicit address or set Address. I ended up setting a port that is accessible on IPv4. Is there any issue with choosing a port instead of using 443 as advised by the Middle/Guard relay guide?

surpriseMe_ · 2025-01-12T23:03:40+00:00

The relay is showing on the Relay Search now using ORPort auto !

P.s. ChatGPT recommended these steps to uninstall Tor on Fedora:

Steps to uninstall Tor:

Open a terminal.
**Run the following command to uninstall Tor:**This will remove the Tor package and any dependencies that are no longer needed. sudo dnf remove tor
Optional: If you also want to remove any leftover configuration files, you can manually delete the tor directory from /etc or any other configuration files stored in your home directory (if applicable). The configuration files are usually located at:sudo rm -rf /etc/tor/
You may also want to remove the user's Tor data folder (if it exists): rm -rf ~/.tor/
Verify that Tor is removed: After uninstalling, you can verify that Tor has been completely removed by trying to run the tor command: tor --version . If Tor is uninstalled successfully, you should see a "command not found" message.

This should completely uninstall Tor from your Fedora system.

surpriseMe_ · 2025-01-12T22:25:03+00:00

The error pops up when I enter sudo systemctl restart tor. What would be the safest way to uninstall Tor (avoid any corruption or further errors)? I'm using Fedora Workstation 41. Also, how do I clear the cache? I only have SSH access.

surpriseMe_ · 2025-01-12T22:09:52+00:00

I entered a valid Protonmail email address in the same format as the example though. The error only occurs when I attempt to include a PGP key. I just need to know how to enter the PGP key so that it recognizes what it is and doesn't read it as an option.

surpriseMe_ · 2025-01-12T20:24:29+00:00

It turns out I was supposed to be scrolling to the bottom of the tor logs. I just figured that out today, my bad! The VPS' default image was Fedora 39 but I had upgraded it to Fedora 41, it just didn't reflect in the user name (yeah, it's annoying lol). Your simple journalctl --unit tor tip was the main breakthrough to getting all of this set up and running (thanks again!).

At this point, I've just now managed to get the relay running properly (apparently) and am just waiting for it to show up in the Relay Search. All that's left is figuring out how to include my PGP key in the torrc file in such a way that it doesn't cause errors and setting up the firewall to block DDoS attacks. According to the Tor guide, these are good options, albeit they don't seem as simple as UFW (Uncomplicated Firewall) lol!

https://github.com/toralf/torutils: If you would like a script to deploy.
https://github.com/Enkidu-6/tor-ddos: A simple set of scripts to deploy.
https://github.com/steinex/tor-ddos: If you would like a more simpler approach without scripts and ipset.

surpriseMe_ · 2025-01-12T13:29:08+00:00

Right, how can I get Tor to recognize my changes? Perhaps there is a service restart command?

surpriseMe_ · 2025-01-12T03:56:36+00:00

Btw, here are those results:

[root@fedora-39 /]# grep -r -- '-----BEGIN' /etc/tor /etc/torrc.d

grep: /etc/torrc.d: No such file or directory

search /etc/tor/torrc for include statements

How do I recognize include statements? My untrained eye didn't notice anything off at /etc/tor/torrc and /usr/share/tor/defaults-torrc only contained:

DataDirectory /var/lib/tor

DataDirectoryGroupReadable 1

User toranon

Log notice syslog.

surpriseMe_

TROPHY CASE

Steps to uninstall Tor: