(1/3) Locking post as Lemmy allows only 5000 word posts, rest guide is in nested comment. Making separate post for this post for comment section.

Hello! I am back with the third version of the guide I started last year with the aim of getting nearly top grade levels of privacy in the hands (pun intended) of all smartphone users, focused on steps that normal, average people with basic tech knowledge can apply.

This version of the guide is fundamentally an incremental improvement, so some parts of the guide may seem copy pasted, but they are supposed to be that way for obvious reasons.

A kind request to share this guide to any privacy seeker.

#User and device requirement

  • ANY Android 9+ device (Android 10+ recommended for better security)
  • knowledge of how to copy-paste commands in Linux or Mac Terminal/MS-DOS Command Prompt (for ADB, it is very simple, trust me)
  • For intermediate tech users: typing some URLs and saving them in a text file

#What brings this third iteration? Was the previous guide not good enough?

No, it was not. There is always room for improvement, and it has been 6 months since the last edit I made in the 2.0 guide. The new changes warranted a new version of the guide, as lot of things changed. If I simply made the edit in previous one, people would have skimmed, glossed over or not noticed.

A basic summary of new additions to the 2.0 guide:

  • A better photo collage of and how to create a DIY camera cover for notched phones
  • introducing an app that locally shows history about lock screen, permissions, 3.5 jack plug and camera/mic access, thus replacing “Privacy Indicators” app
  • how to block trackers for any app in the future using an app/database called Exodus
  • how to get KDE Connect working for your phone to connect to computer, to avoid using SHAREit, AirDroid and such programs
  • how to debloat Work user profile in Android, which is separate from the main admin user profile we use
  • how to be able to use two VPNs or firewalls on a non root device for ultimate compartmentalisation
  • utilising Android/AOSP’s VPN Always-on Lockdown traffic feature on VPNs/firewalls to prevent any packet leakage
  • a quick note on how I set up and use WhatsApp to mitigate effects of its horrible privacy policy

#Why not Apple devices?

iPhone does not allow you to have privacy due to its blackbox nature, and is simply a false marketing assurance by Apple to you. Recently, an unpatchable hardware flaw was discovered in Apple’s T1 and T2 “security” chips, rendering Apple devices critically vulnerable.

17/9/2020: Apple gave the FBI access to the iCloud account of a protester accused of setting police cars on fire.

Also, they recently dropped plan for encrypting iCloud backups after FBI complained. They also collect and sell data quite a lot. Siri still records conversations 9 months after Apple promised not to do it. Apple Mail app is vulnerable, yet Apple stays in denial.

Also, Apple sells certificates to third-party developers that allow them to track users, The San Ferdandino shooter publicity stunt was completely fraudulent, and Louis Rossmann dismantled Apple’s PR stunt “repair program”.

Also, Android’s open source nature is starting to pay off in the long run. Apple 0-day exploits are far cheaper to do than Android.


#LET’S GO!!!

ALL users must follow these steps except the “FOR ADVANCED/INTERMEDIATE USERS” tagged points or sections.

Firstly, if your device is filled to the brim or used for long time, I recommend backing up your data and factory resetting for clean slate start.

NOTE: Samsung users will lose Samsung Pay, as Samsung has been caught and declares they sell this data: https://www.sammobile.com/news/samsung-pay-new-privacy-policy-your-data-sold/

  • Install F-Droid app store from here

  • Install NetGuard app firewall (see NOTE) from F-Droid and set it up with privacy based DNS like AdGuard/Uncensored/Tenta/Quad9 DNS.

NOTE: NetGuard with Energized Ultimate HOSTS file with any one of the above mentioned DNS providers is the ultimate solution.

(FOR ADVANCED USERS) If you know how to merge HOSTS rules in one text file, you can merge Xtreme addon pack from [Energized GitHub] (https://github.com/EnergizedProtection/block). You can also experiment with the Porn and Malicious IP domain lists.

NOTE: Set DNS provider address in Settings -> Advanced settings --> VPN IPv4, IPv6 and DNS

  • In F-Droid store, open Repositories via the 3 dot menu on top right and add the following links below:
  1. https://rfc2822.gitlab.io/fdroid-firefox/fdroid/repo?fingerprint=8F992BBBA0340EFE6299C7A410B36D9C8889114CA6C58013C3587CDA411B4AED

  2. https://apt.izzysoft.de/fdroid/repo?fingerprint=3BF0D6ABFEAE2F401707B6D966BE743BF0EEE49C2561B9BA39073711F628937A

  3. https://guardianproject.info/fdroid/repo?fingerprint=B7C2EEFD8DAC7806AF67DFCD92EB18126BC08312A7F2D6F3862E46013C7A6135

Go back to F-Droid store home screen, and hit the update button beside the 3 dot menu.


###LIST OF APPS TO GET

  • Get Firefox Beta web browser from F-Droid (install uBlock Origin addon inside (if technically advanced, try doing this)). Also get Firefox Klar if you like a separate incognito browser.

  • Get Aurora Store from F-Droid for apps from Play Store without actually using Play Store, use Anonymous option to sign in

  • for third party APKs source them only from APKMirror OR APKPure OR APKMonk, quite trusted, BUT TRY AND AVOID IF POSSIBLE

  • Get Vigilante from F-Droid for iOS 14 like camera/mic dot indicator feature and local history logging of screen locking, permissions, camera/mic usage and so on

  • Get OSMAnd+ from F-Droid or Qwant Maps inside web browser for maps and/or print physical maps if you live and travel in one or two states or districts.

NOTE: Qwant Maps has better search results than OSMAnd+

  • Get PilferShush Jammer from F-Droid to block microphone (use this in malls, restaurants or such public places if you can to prevent beacon tracking)

  • Get OpenBoard (user friendly) OR AnySoftKeyboard (nerd friendly) from F-Droid instead of Google GBoard, Microsoft SwiftKey and so on, they are closed source keylogger USA spyware

  • Get KDE Connect for computer-from/to-phone internet less file sharing, on a personal/local WiFi hotspot, available for Linux/Windows/MacOS/Android

  • Get TrebleShot instead of SHAREIt for phone to phone file sharing

  • Get K-9 Mail or FairEmail as e-mail client

  • Get NewPipe for YouTube watching, or YouTube in Firefox Beta/Klar

  • Get QKSMS from F-Droid as SMS client app

  • Get Shelter from F-Droid to sandbox potential apps that you must use (eg WhatsApp or Discord or Signal)

  • Get SuperFreezZ from F-Droid to freeze any apps from running in background

  • Get Librera Pro from F-Droid for PDF reader

  • Get ImgurViewer from F-Droid for opening reddit/imgur/other image links without invasive tracking

  • Get BarInsta from F-Droid for opening Instagram profiles or pictures without invasive tracking (thanks u/sad_plan)

  • Get GreenTooth from F-Droid to set Bluetooth to disable after you have used it

  • Get Material Files or Simple File Manager from F-Droid for file manager app

  • Get ImagePipe from F-Droid if you share lot of pictures, and want to clear EXIF metadata snooping (often photos contain phone model, location, time, date)

  • Get Note Crypt Pro from F-Droid for encrypted note taking app

  • Get Vinyl Music Player from F-Droid for music player

  • Get VLC from F-Droid for video player

  • Get AppOpsX from F-Droid for managing permissions for all apps

  • (FOR ADVANCED USERS) Get App Manager from Izzy’s F-Droid repo (here) to inspect app’s manifest, trackers, activities, receivers, services and even signatures via Exodus Privacy built-in, all without root

  • (FOR ADVANCED USERS) Get Warden from Izzy’s F-Droid repo (here) for checking loggers (rest app is inferior to App Manager)


@TheAnonymouseJoker
mod
creator
1edit-212d

deleted by creator

@TheAnonymouseJoker
mod
creator
1edit-212d

deleted by creator

privatelife - privacy, security, freedom advocacy
!privatelife

    This community is meant to advocate privacy, security and freedom in an concise manner, free of prejudice bias, free of politics, free of cultist thoughts.

    Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say. - Edward Snowden

    Telegram: t.me/r_privatelife

    Reddit: reddit.com/r/privatelife

    READ THE RULES

    1. Opinions are welcome, facts more so. Attack arguments, not people. Hating, baiting, trolling, flaming will be dealt with strictly.

    2. Discuss closed source software with caution. Advocating for it strongly (cult brigading) can be treated as violation of this rule.

    3. Editing titles of article links is strictly prohibited, unless and until the summarisation remains accurate to the context of the article or paper. Such link post will be removed without questioning.

    4. Targeting of any country, person or nation is strictly prohibited without valid reasoning. Evidence if not presented against the specific company/corporation/individual will be treated as personal attack and/or hate speech. This will result in a warning, then ban system.

    5. NO PERMA BANS! Ban system will work as follows:

    1 day --> 3 day --> 1 week --> 2 weeks --> 3 weeks --> 1 month --> 3 months --> 6 months

    Severity of the ban system will be dealt with based on degree of violation and circumstances.

    1. NO FACT-LESS EVIDENCES, NO FALSE RHETORIC Evidence has to be credible. The onus of this lies on the claimant. The same applies on the user who questions proven evidence. Violation of this rule will be dealt with strictly.

    2. Copycat posts serve to litter the community, increasing quantity and decreasing quality of posts. As such, posts will be removed. Repeated attempts will receive warning.

    • 0 users online
    • 2 users / day
    • 2 users / week
    • 5 users / month
    • 52 users / 6 months
    • 187 subscribers
    • 131 Posts
    • 256 Comments
    • Discussion
    • Modlog