stupid_asshole69 [none/use name]

I’m not suggesting you treat the word normie as a slur against some group, but that it betrays a type of thought process that will ultimately work against you. If you want to understand why, compare it to my generation’s equivalent: sheeple. The word is intended to express how people are concerned with what everyone else is doing, not on the consolidation of power after the fall of the Berlin Wall or the reliance of Nordic social democracies on the immiseration of the global south or the removal of tassels from flags or the reemergence of lemuria. The language creates an out group and invites the reader (or listener) to join the in group. It’s not useful for understanding what people outside your circle think about data or privacy because it assumes what they think broadly and its context provides the specifics of what they think.

That’s all just to clarify that it’s not a no-no word, but a word that asserts a premise that probably needs to be examined and rejected if you want to have success in your stated aim.

As far as shifting the message, I’d actually avoid talking about election conspiracy or any other conspiratorial use of data. Most people recognize the surveillance state. You can just talk directly about the way people’s information flows into the hands of data brokers and from there into the state surveillance system. People are already under the impression that they’re being tracked, just give them a way to impede it.

“You can stop yourself from being tracked, here’s how:” is gonna be a lot more effective than trying to convince people that they’re being tracked for the purposes of election manipulation.

You have a section about that but it’s way too far down and you need to lead with it. Of course that also means putting together straightforward steps for accomplishing that task that cover all current versions of android (yes including the bobo vendor specific versions), windows, macos and ios.

I feel the need to be clear that I wasn’t trying to be rude when describing the overall vibe as student. There’s nothing wrong with being a student and I don’t think it indicates immaturity at all. A few specific elements that contribute to me calling it that are the white on black text, anti corporate imagery with overtones of incitement and use of hot colors like red instead of cool colors like blue.

Those things make me think student because they’re the elements of a flyer or band tee instead of an informational pamphlet. The reason that comes across as student is that together they say “I’m freaked out/excited and you should be too!” Which is not something that helps your stated goal of helping everyday people become more aware of the importance of data privacy.

I chose the word student to describe it because i had hoped it would convey all that and some measure of how “crank” a lot of that messaging strategy comes across.

You don’t want to be ranting in the street, handing out flyers or selling newspapers if you’re worried about actually reaching people.

I’d avoid gamifying privacy. It’s kind of a masters tools situation.

My first recommendation would be don’t call people normies. Not using a pejorative to refer to your subject even in private goes a long way towards being able to think about them more clearly. I’m not scolding you, I don’t care how you think about people but if you really want to get people to care about privacy the same way you do then it’s important to avoid stigmatizing them straight out of the gate so you can understand what is important to them.

I’d abandon the adbusters model of “here’s how you can stick it to the man and all you’ve got to do is change your entire life!” It reads as performative and relies on the false assumption that disorganized, individual opposition can lead to change. Instead, revise your message to focus on first recognizing the hostility of the information space around us and taking an appropriate posture.

I would also abandon any mention of self hosting. If you’re trying to get people to clear their cache and turn on adp and lockdown mode throwing self hosting in the mix is absurd. Oh yeah, and as a long time user and contributor to open source software, treating it as a privacy and security panacea raises a lot of red flags.

From the perspective of an old man with a lot of experience, the website has high school/college student energy. That’s not bad per se, but it may be working against your stated goals.

I could see your point if we completely ignore the circumstances surrounding the technology. The best metaphor I can think of is star trek. It has to be envisioned as a post scarcity environment for the technology that’s portrayed to be positive and not some new kind of repression or extraction.

If we lived in a world where the labor saving technologies that comprise smarthomes weren’t used to justify getting worked to the bone even more than you already are or to make it acceptable for energy prices to do anything but rise or to continue to allow climate inappropriate bottom of the barrel housing to be built in places like phoenix then I’d have a different view.

I see smarthome technology as a relatively simple tool, but my understanding doesn’t stop at the recognition that “it’s a hammer”, it extends out to “who is swinging it?” and “why do my fingers hurt so much?”.

It’s just really easy to make that criticism of smarthomes because all their benefits are easily, cheaply and efficiently replicated:

Put your standby stuff on power strips and turn the little red switch off when you’re not using them. Alternately, don’t do this because they’re designed to be left on standby, the power drain is negligible (even if you completely dismiss my reply and block me, buy a kill-a-watt type meter so you can know for sure) and stuff like the ps4 can get fucked up if you turn it off without telling it you’re about to.

Make checking your doors part of your nightly routine. It doesn’t matter a bit if all the doors are locked if one of them is not quite shut or the electronic lock fails for some reason. Before you say you’ve never seen that happen, I have seen it happen hundreds of times in my workplace.

I’m willing to concede that minmaxing the hvac is something smarthome technology is good at, but it can be implemented by itself, apart from the smarthome ecosystem and can be replicated by opening and closing windows, putting on or taking off a coat or just - and I know I’ve ambiguously alluded to this already - not having a climate inappropriate home to start with.

You can get the same effect of dimming lights by switching from bright overheads to dim lamps instead. It’s really cozy.

A few summers ago our local power company sent around mailers asking us to “beat the peak”. We put the washing machine on one of those old electromechanical timers and set to go off in a few hours and turned it on. The dryer was harder, because it requires a button press but we just put up a clothesline in the yard instead of messing with some simple way to automate it. You don’t wanna be running that thing while no one’s around anyway.

All simple, sub 5 minute tasks that give a better understanding and arguably a better routine to the household and require little to no computing or automation. Except for not putting stickbuilt houses in places that they don’t make sense. I can’t help you there.

To reiterate: the technology itself isn’t the problem, it’s the world it’s a component of that makes me dislike it. In a just and sustainable world smarthome shit would be good.

Nah, I don’t think smarthomes are a technology that is good in the slightest.

The only benefits I’m aware of are automated operation of appliances and more efficient climate control. Both are basically ways to negatively impact people’s lives by increasing the amount of suffering that’s acceptable in daily life and make modular, unsustainable, climate vulnerable housing economically viable respectively.

I’m open to learning if there’s more, it’s just a repulsive, regressive, screw-turning concept on the face of it.

Yeah it’s unimportant how many requests go out.

A secure browser ought to phone home on startup (and honestly with as little overhead as requests incur nowadays, on tab open) and make sure it’s updated to the latest version, do a dns sanity check, etc.

I don’t even mind Firefox having ads in the default homepage.

There shouldn’t be smarthomes. It’s a really bad idea.

Not much, what’s updawg with urnetwork?

I think that argument made in a vacuum, devoid of any analysis about the companies, software and their history could apply equally to any phone (including graphene and fdroid and calyx and postmarket and etc).

So it’s not useful to bring up when someone is asking about specifically ios, since it’s a hypothetical problem that applies equally to all phones and their software and the solution to it is putting the onus on the user to audit their software, operating systems, microcode, hardware and everything else or to determine whose audit of those systems to trust.

I think it’s especially not worth considering under a material analysis of the interests of the company that makes rich people phones and advertises their system as secure and private and generally has longer time to exploit for the different law enforcement processes and provides bare minimum compliance and isn’t primarily selling user data.

On some level we have to acknowledge the tremendous logical leap required to compare apple and pretty much any other major manufacturer and say “they could have backdoored it and they could be listening right now”. Yeah, I guess they could have done that. They have less incentive and more to lose than any other company and it would take a massive internal conspiracy, but I guess it’s possible.

I want to just take a line or two and make it clear that I’m basing all the above on the material circumstances of the company, not on any misplaced love for them or their products. I have android, ios, windows, linux and macos computers and use them equally.

I clicked the little rainbow star to see what people not federated with my instance are saying.

You’re getting a ton of bad input and inaccurate or irrelevant information.

Do not rely on community consensus to establish proper use guidelines.

As another person stated: signal chats don’t go to icloud. You have nothing in the slightest to worry about on that front.

People are bringing up prism and push notifications. It is mandatory for companies operating in the us to comply with us government prism spying requirements. Turn on ADP. Read past the slide presented as supposedly damning evidence against one or another company if you want to understand better law enforcements processes over a decade ago. Push notifications are plaintext and represent cause in some cases. This is not unique to apple. If you think you are one of those people, turn them off.

Turn on lockdown mode. Update your phone. Turn on automatic updates. The ways people physically and remotely compromise ios are often stopped by those three things.

If you don’t already, restart your phone daily. It puts the phone in a restricted state called before first unlock that requires that non resident programs have to reload and in almost all cases have to reestablish themselves to the host os.

If you’re worried about your signal chats getting recorded, turn on the disappearing feature. The other person is the weakest link, not the technology. Do contact verification. Assume your chats are infiltrated and talk to people about illegal stuff in person like the scions of American industry do. This is not unique to apple.

Be safe out there.

What’s your current note taking process? Like do you pull out your phone and type stuff into it or do dictation or what?

I went the other direction and have a composition book or two a year worth of notes. If I want to give one to someone I just tear out a page. If I want to send one in email or a message I just take a picture of it.

I keep a little pocket notebook in my pocket and a big composition book in my computer bag.

What got me to that point, and the reason I asked about your current note taking, is trying to find what you’re talking about and realizing that it’s a pain in the ass, I don’t really use it or want to use it, it’s too ungainly to draw or scribble in, I don’t like it and it’s never at hand when I need it.

A little pad of paper in my back pocket, a pen and a sharpie in some other pocket and taking a few minutes a day to copy (manually sync lol) what gets jotted down in the moment to the composition book is easier and more manageable for me than a complex system that requires a computer.

I was just in a major natural disaster last year and while there were lots of things I didn’t prepare for and couldn’t have imagined, paper notes kept me sane and worked phenomenally.

They’re reputable. Don’t give anyone any data you aren’t comfortable being leaked. Eventually it all comes out.

The only complaint people have is that the devices are expensive and phone home which they should. You’re buying a piece of internet facing technology, you should want it to check in and make sure it’s up to date etc.

Seriously, make sure you turn on automatic updates and change default passwords.

Some third party headphones and stuff show up like this.

Go ahead and shut down the apps you have open, restart the phone and once it finishes restarting, turn on lockdown mode, install any updates asap and then do the privacy check up.

You want to restart to get before first unlock security back on, then turn on lockdown mode because a lot of device and inter process communication gets disabled and if the problem keeps coming back you’ll know to start looking somewhere else. You want to check for and install updates because updates contain security fixes. The privacy check up will tell you what stuff you’ve given access to various ins and outs of the phone and that may tell you something useful.

If you haven’t already bought something:

What do you have now?

I would generally recommend against chromebooks. They’re often aimed at the lowest end of the market and have esoteric processors and boot processes that will make you frustrated.

I would generally recommend against small laptop manufacturers like framework etc. because of parts availability. People will say that you can get parts from the manufacturer but for how long? People will say you can make the parts themselves because the design is open source but I have a board etching setup, hot air station and injection molding machine and I don’t do that.

Obviously if you just want to “vote with your dollars” the above doesn’t matter.

If you want to get a laptop that’s gonna run linux well and last a long time get a used business class machine. There will always be a huge market for parts and they have almost always had someone put the effort in to document getting their distro to work right on their work assigned computer.

The black sheep option is to get a mac. Parts are everywhere for cheap and every microsoldering and computer repair shop will work on them because so many people have them and want to get them fixed. Obviously do your research first, but asahi is coming along and you’ve always got a Unix system to fall back on if it isn’t working out.

You’re thinking about this wrong.

Instead of trying to pick the one that will handle a fail state best, you can more effectively assume a fail state and take steps to mitigate it. That is to say: implement key (in your case, password) rotation.

Just establish a trusted system, log in and change your passwords periodically.

You can even do rolling rotation where you only change a few each week.

If that doesn’t seem like the right choice to you, then consider this: you’re thinking about an unconfirmed or possibly even uninvestigated situation where your secrets have been compromised. The solution isn’t to find the secret handling software that deals with this situation in the best way possible, it’s to change secrets.

I don’t think you’re too paranoid, but it seems like this idea is kinda unexamined and needs to be bounced off someone else first:

Wrapping your phone up and putting it in a box won’t be nearly effective enough to prevent audio recording. If you want to try this yourself, start your voice recorder app, wrap up your phone and set it in the box, say some stuff at a normal volume then play it back. It’s been a while since I used that function on android, but a long time ago ios had variable gain automatically applied so in quiet situations (like being wrapped up in a box, or night time in the woods) recordings would contain the information you’re trying to capture.

If you do this (or have already done it), and feel like it’s good enough for your needs, export the audio to a program like audacity and run some of the voice filters there on it. Even in situations where your voice is, to human ears, completely covered up in background and room tone often these free, open source tools can automatically pull them up out of the noise floor.

Imagine what a professional using purpose built software is capable of.

But even if you had a perfect towel and box: your computer has a microphone and camera on it.

Now you might be able to comfortably disconnect both of those and only connect them when someone calls, but if you’re forwarding the data stream through the device you want to treat as compromised there is a good chance that your communication data will have to be decrypted on the device before retransmission.

But if somehow your preferred platform can maintain perfect forward secrecy while handing off between clients (it shouldn’t, because this is a feature used by surveillance organizations), going through voip is a security downgrade because the encryption used from your pots ata (the box that goes Ethernet to phone) to the pc running the pbx software is less strong than that used by your communication platform.

In addition, surfacing your communications to the whole network like this would do opens you up to attacks on your ata and the ones for soho that you’d use are incredibly insecure to the network they are on. They’re worse than those consumer routers you always see with internet facing management pages.

So the next logical step, assuming you have the aforementioned perfect towel and box, is to just use the native pc programs for the communications software you want to make and receive calls through.

Of course, theres nothing preventing your assigned agent from compromising your pc, and in some ways thats an easier job than with a phone.

So I want to ask this as a person who has been surveilled: what kind of eavesdropping are you trying to avoid?

If you scroll down to where this reply will end up:

Iphone is the right place to start. The parental controls are well thought out and have enough granularity for almost anyone and “find my” works great along with location sharing.

They have a bunch of built in privacy, mental health and use monitoring stuff so the person with the phone can use that themselves too.

It’s the most normal person phone there is so no chance they’ll be embarrassed or feel left out and because the platform is so common (assuming USA because “grades”) you’ll have an easy time coordinating with other parents and sharing how you’re dealing with stuff as they grow.

Good luck.