lol you are so wrong.

TL;DR: I think this video oversimplifies the analysis according to the cards and gives Graphene OS undue weight without going into sufficient detail as to why each scored under each category.

I actually don’t agree with this video; and firmly believe it is more than a little biased.

For example, the Pixel, AOSP and Android are given several undeserved points due to lack of proper information or understanding of how certain features work. I imagine this is the case too for the iPhone; if a bit less so.

The review apparently doesn’t deep dive into settings or attempt to maximize privacy by turning off unwanted ‘features’ when settings switches are available to the user; nor does it assume that you set up accounts in as private of a manner as reasonably possible or toggle off as many default-on consent switches as needed.

While I would support scoring and dinging each case or instance for “Privacy Settings that don’t actually work”…this video really doesn’t do a lot of legwork and leans on the anecdotal evidence of scary news stories too much.

Worse was the fact that the entire video felt like they were shilling for Graphene OS; which is known to have a slightly unfriendly maintainer and community surrounding him to say the least.

No mention of Lineage or other privacy oriented Android ROMs were analyzed. AOSP too, was unfairly lumped in and dinged for specific points of the Default Pixel configuration…and yes there are major differences between AOSP and Pixel Android; even though Google tries to be less in-your-face invasive than the other OEMs. Not enough credit is given for the “On-Device” smart features implemented properly on the Pixels.

Out of personal experience; I’d actually rate a proper Lineage OS install of 4 whole Android versions ago to be more private than stock. Not quite as private as Graphene; but not quite as invasive and much more enforcing of privacy. The debloating provided by a clean AOSP-like ROM, such as Lineage, as opposed to a “Stock Android” configuration from a major OEM is stark.

Most importantly I personally feel that the privacy model chosen for the video is far too thickly detailed for an average person. Most of the privacy concerns listed on each card contained concern points that might only tangentally apply or don’t apply at all to mobile phones. The way that each card was scored and applied felt low effort. None of the points on any of the card(s) were weighted with average users in mind.

I really hope someone goes into a much deeper dive; this video is basically clickbait that parrots the commonly parroted advice in the privacy community; which isn’t even good advice, it’s just ‘One-Size-Fits-All’ style advice which gives the user no room to make necessary ‘Privacy vs Convenience’ tradeoffs that they themselves could have made if they understood proper threat modelling.

If they care, they will migrate. Leave behind all the rest, they’re not worth your time.

No.

Both Android and iOS do enforce permissions against applications that have not been granted explicit access to listen constantly.

For example, the Google Assistant is a privileged app oftentimes; and it is allowed to listen. It does so by listening efficiently for one kind of sound, the hotword “Ok Google”.

Other applications not only have to obtain user permission; but oftentimes that permission is restricted to be only granted “While app is in use”, meaning it’s the app on the screen, notifying the user, in the foreground, or recently opened. This permission prevents most abuses of the microphone unless someone is using an app.

This is why I generally ensure my phone is configured ahead of time to block ads in most cases. I don’t need this garbage on my device.

As for how they could listen? It’s pretty easy.

By waiting until the phone is completely still and potentially on a charger, it can collect a lot of data. Phones typically live on the nightstand by your bed at night; and could be listening intently when charging.

Similarly it could start listening when it hears extended conversations; simply by listening to the microphone for human speech every x minutes for y minutes. Then it can record snippets; encode them quickly and upload them for processing. This would be thermally undetectable.

Finally it could simply start listening in certain situations; like when it detects other devices (via BT). Then it could simply capture as many small snippets of your conversation as it could.

At least it showed some creativity and effort…if only a little.

You should be safe if you are the only one with access to that computer.

If you are sharing the computer with another human being; please Unplug your Yubikey and take it with you when you are not using the computer and it is likely that another human being could be using the computer. Just to be safe; Do Not Leave Your Yubikey Plugged In If Another Person Is Using It…unless you’re authorizing them to access something.

Your Yubikey can’t tell who clicked it’s button as it is NOT a Fingerprint Reader.

I could prompt engineer around this in 10 seconds flat but at least they patched it.

We need some mad genius to crack Widevine and make a plugin that works for Linux.

It’s going to have to be restricted-source, but hey, honestly we need to break Google’s stranglehold anyways.

Will there even be another version? I’m not ruling out any kind of life shenanigans preventing the devs from doing their amazing thing…

I plan to Continue Refusing To Daily Drive Linux again this year in my standard drive to push Linux, Linux Developers, Managers and Contributors to be more friendly for end users. You have to be better than Windows, and we know you people can achieve it if more can and do contribute. Make Contributing Easy and they will Contribute.

Maybe I’ll spin up a Matrix Homeserver with Beeper bridges to self-host that…if that becomes a necessity. Getting to know how to use and administrate Linux efficiently is always a good thing to learn, even if it’s not easy still, and even if the bad old days were even worse.

The Linux for Windows subsystem is a nice to have that makes learning a little less troublesome.

Nice. Once upon a time Winamp had a functional preferences slider that controlled the “Shuffle Morph Rate” and I can imagine it likely used a similar algorithm to shuffle.

I only wish this existed in more software in general…and that music players would let you select what method the randomization is achieved with.

Just because someone skips a track doesn’t mean that track was wrong for that playlist. It just means the time was wrong for that track. The mood.

I don’t know if anyone else has noticed; but “Shuffle” used to be a good thing! Now; it frequently just isn’t good at it’s job. There’s no control over the “Randomness” of the shuffle anymore, and there’s no way to turn off any “Algorithm” that promises it can pick the next song better than random shuffling can.

Sometimes that experience of a truly random or an algorithmic shuffle is good; and sometimes it delivers bad options, and being able to say “Nah, I’m just not into this track today, NEXT!” is something I regard as a fundamental right, and something that you too, should do. Skips shouldn’t be precious actions. Your mental heath shouldn’t be impacted by an unlucky shuffle, nor should your mood.

Music is a deep, and almost primal form of expression; and it can express many things. Sooo…Being able to skip the emotional equivalent of a 💩 pile of poo 💩 is actually pretty important…even if it doesn’t 🌹 always (metaphorically) smell 🌸 like poo to you all the time.

More devs should be this understanding of piracy. So should companies in general.

Asking nicely is a lot better than hitting. More flies with honey than with vinegar.

Yeah; without more information about your threat landscape, aims and needs; you probably won’t get more specific information.

Obligatory disclaimer here; I strongly recommend you do not do what you are planning to do with only rotating proxies. Tor is much safer and more private about this sort of thing; you will be de-anonymized easily if you do not use Tor.

Now that the obligatory “privacy community” disclaimers are out of the way; I can say that I do understand what you’re trying to do. Frequently many websites ban the ever loving crap out of Tor Exit nodes and simply will refuse you any service if they even sniff a hint of The Onion Router on your packets. This is, unfortunately, an intentional design decision of Tor Project. You see; they understand the massive potential for abuse of Tor.

Unfortunately…this probably leaves you, the reader, in a situation. You end up being required to choose to either trust or do without. In today’s world; that’s just absolutely freaking impractical even in the best of cases.

Unfortunately the same websites who block Tor are also the same kind of websites with the kind of kinks in their panties that also motivate them to block Proxies as well! Seriously; if your packets come in smelling like they came fresh off a SOCKS5 tunnel; the remote website can often tell. Sometimes the website will be nice and wave this on through; but only if you include headers like X-Forwarded-For: in your request…which defeats the entire purpose of the damn proxy; as that header is for putting your original IP address in.

So in the end your traffic will still ‘stink’; either of Onions or of SOCKS. Sure, you could buy a VPN; but now you’re coming from an obvious VPN proxy and websites that already hate Onions or Socks also hate VPNs; because they can’t see who might be abusing their service.

Now you can try all three ideas and see which one the site will accept. Your mileage may vary and some websites indeed will block all three; Cloudflare, which is a CDN that also services many other websites and protects their edges from DDoS attacks is notorious for doing this.

Best of luck. All I can recommend is a paid VPN plan, pay more than $0 and ideally less than you would spend on a week of coffee; and make sure that the provider not only does not log; but make sure that the provider also is verified by third parties who aren’t shady…to actually be a no-log VPN service. This will take lots of research but it’s worth knowing who in the VPN space are shysters and who arent.

No, I won’t recommend a particular service; I’d rather you did your own homework and risk analysis anyways

If a Paid VPN is out of the question; using Tor may be your only option. If you have multiple proxies you’re probably paying for them anyways and could afford a VPN.

Uninstall and Delete with extreme prejudice. Find an APK that has this removed or cracked; or make sure your system locale or language do not imply you might be Chinese speaking.

Or the relative of the “Worse” option:

“Oh, you’re paying a little extra to limit advertising interruptions? Oh sorry! That only works on pre-roll and post-roll ads. Enjoy your fucking Mid(t)roll ad that you can’t fucking skip!”

Worse:

“I’m aware that you’re paying nearly $30 a month for our Ad-Free tier; but this content creator still demands we put Ads on this shit. Here’s an Ad!” Crashes and refuses to begin playback again when your browser that’s configured to block those ads blocks it.