Things like Google SafetyNet have been equally obvious corporate power grabs, but barely got negative coverage from the tech press,

IMO, this might be b/c as tech spread into normal society, to everyday ppl, tech literacy has declined. On avg I mean, ofc there are still lots of smart, aware ppl. More than ever in raw numbers. But as a percentage, it’s less. Without a critical mass of people who understand the issues and care enough about them, big tech co abuses fly under the radar.

I kinda think that if MS tried Palladium today, they could succeed. Their power grab just came too early.

MS also tried to replace the open web with a MS proprietary technology. That also died b/c ppl pushed back. Today? They’d prob succeed if they said it was for everybody’s safety. “Oh… it’s for my safety. I guess that’s ok then.”

[email protected] -> When you figure it out, send me a copy

Ok… but I’m only sending it to YOU in the daylight. :P

(Never played it, before my time, but I get the ref)

For sure. It teaches bad habits.

Even aside from sec risks, I guess the extra friction of having to do it at all, would be part of driving ppl toward Google’s ecosystem. That’s the road that needs the least effort. Any other road is more dangerous and takes more effort.

Gotcha!

Anyway I gotta work on shrinking my spiel. I have friends who don’t get this stuff at all. And I think what I wrote would make their eyes glaze over. I need a good, but brief and catchy way to put it.

Well, sure. But think more ahead.

The same mechanic is already proposed by Google to lock things you DO care about. They are talking QR code walls presented to desktop browsers. Where you have to scan a QR code on a “trusted” device to pass the wall. Trusted by google of course, not by you. They want it anywhere teh web requires “trust”. Shopping, banking, access to gov services. Google has the muscle to drive it anywhere they want.

Ultimately that can put big parts of the web out of reach to your fav desktop browser. Ironfox? Waterfox? Boom, QR wall! Scan it on your google approved mobile device to proceeed! There would be fuck all your browser can do about it. Chain of trust required from a Google or Apple approved device. No chain of trust, no looky.

Would Goog/Appl ever go that far? IDK. I’m sure there would be anger. Maybe lawsuits. But think how tech illiterate ppl are now! Most ppl would not even realize anything was different! Their mass consumer devices still work. “Why are you using that weird browser on your nerd OS? It doesn’t even let you shop or bank lololol!”

That ignorance is what are are up against.

Indeed. These trusted computing measures would be ok IF and ONLY IF I get to control the trust root.

If Google controls it, Microsoft controls it, Apple controls it… Do. Not. Want.

It is scary b/c the forces trying to defend personal computing have to succeed every time. The forces trying to subjugate it only have to succeed once. Big segments already are lost. I’m afraid. In the end, it could all be lost. The very notion of computers controlled by us instead of by BigTechCo will have been a historical flash in the pan.

If computing was invented today, we would never have ANY open platforms. We only have it b/c they squeeked in before the door slammed shut.

Yup agreed!

Makes sense. Thank you again.

Yah going SIM-less sounds painful. Seems like that’d defeat a lot of the purpose of having a mobile, but not quite all.

I’m thinking about an intermediate tactic. Use a semi private carrier. And keep the phone in a faraday pouch. Take it out when I’m on the road and need it for sth. I don’t need a mobile at home anyway. Got a desktop with a gloriously huge screen.

Another prob is… phone numbers. If I ever wanted to call my friends from it. First thing they do is add a new number for me to their contacts. Then let every skeevy app scrape their contacts. That instantly nixes the idea of trying not to feed the data brokers that scrape everybodys social graph.

If anyone knows how to use one Mullvad device across all my profiles, please let me know.

If you’re using wireguard, or a wrapper that’s on top of wireguard, then you prob can. I’m not 100% sure about mobile, but I do that with desktop VMs. The limitation is, you can’t use more than one at the same time for a given PrivateKey. They let you have several PrivateKeys. I forgot the number, it’s like 5 or 6 or sth like that. You can share the PrivateKeys between devices or profiles as long as you won’t connect more than one at a time for each key.

issues from side loading

Totally not aiming this at you at all! But I hate this term side loading. It normalizes the idea that we should require permission from the co who made our device, to install and run s/w on it.

I’m all for having a process to check apps and try to safeguard against malicious ones. But that can happen without an iron fist.

Oh this is super helpful. Thank you for taking your time to say it. It confirms some stuff I thought was true, but I was not sure about.

About rotating IMSIs, what about the IMEI? That can’t be rotated, can it? B/c it’s how the carrier knows your device is allowed to connect?

IDC about authorities per se. I just REALLY want to avoid normal dragnet surveilence. The data broker kind. Seems like this kind of semi private carrier might have a part to play. I have more to learn before I take the leap.

The links are just to the wikipedia pages BTW.

Thanks for posting your minireview, OP! I’ve heard of other things like this. Freeli was it? Similar sounding thing.

Lots of it sounds good to me. What I have to think thru is how alleged privacy from that company, interacts with ALL the ways mobiles can be ID-ed.

These companies piggy back on the big carriers, b/c ofc they can’t afford an entire ass cell network buildout like T-mobile or other huge co can do. So OK, they don’t collect customer info about me. That’s cool. But now I turn on my device at my home and the cell network triangulates me to the place I live. Even if I make sure to disable GPS and w/e on my phone.

This is where my understanding goes super fuzzy. I guess they rotate IMSI to help against this. But until the IMSi rotates, everything I do with that IMSI ties to my home, right? So like, I call my friends Alice and Bob. That call comes from an IMSI that the network can pinpoint to my exact location, or very close, doesn’t it?

So maybe if I use a faraday bag and never use the phone from home, that’d avoid it? Or maybe I just don’t understand.

Then there’s IMEIs. I need to read up on IMSI vs IMEI. I’m real fuzzy on the diff. For anybody else in my shoes, here is what I intend to read. IMEI. IMSI.

IDK. Maybe someone who understands this stuff better can add some clarity. Like assuming the co does what it promises, how far does that really get you?

What do they follow?

Guessing you might have meant IP address, not MAC address. Without a VPN or w/e, the IP for most ppl is assigned by the ISP and damn near pinpoints you. Not exactly, but it’s real close.

MAC address on the other hand, that you can change yourself (prob).

With a legit VPN, they don’t get your IP. They do get other fingerprinting signals tho! Maybe lots of them. If you ALSO mask those, that makes your abuse likelihood score even higher. IDK waht the threshold is, but it seems anymore that a VPN alone is “almost” a surefire ban. Maybe some ppl get it to work, but I think that’s b/c reddit can fingerprint them in enough other ways.

There’s a whole ass industry about this! It’s called identity resolution. Most of the big site use it now. It uses any and every signal to ID you. Even things that are near impossible to hide. They’re shitweasels.

They def do that. I think what happens is, you make the account in year X when their anti-bot rules are laxer. Act hangs around, works fine. Then more stricter rules roll out in year X+5 or w/e. You login again in year X+5, suddenly you’re violating the new checks. Boom, sudden ban.

The fuckers. I get that services have to fight abuse. And that’s getting harder b/c of AI bots. And political influence campaigns and shit. But the colateral damage is HUGE. Ppl like you are getting caught in the crossfire.

I’m supposing that they’ve shadowbanned me because I’m using a VPN

Almost for sure.

It used to be possible to sign up like that. Now, you can sign up, but if you try to post, boom, shadowban.

I once had an account I used to answer some help request posts like computer stuff, how do I do this or that. I eventually noticed nobody ever replied to my posts. No upvotes. No downvotes. Nothing! So I looked without being signed in. Sure enuf, nobody but me could see anything I posted. I didn’t know that was a thing reddit did. I was genuinely trying to help ppl. I got shit on for it. Felt bad, man.

they couldn’t fit all those people in prison.

Govs have lots of ways to make ppl’s life hell short of prison, ofc.

Looked into Ebikes at all? I’ve seen ppl, even some old ppl using ebikes in hilly areas. They really help with hills.

Not trying to say it can replace a car. For most ppl it can’t replace a car, so you still have to figure out the car issues. But it can sometimes be used instead for many trips. Cheaper to run, better for the environment, and lowers repair costs for the car over time. Also the car will last longer so you don’t have to worry as much about whatever new privacy hell exists years later.

Agree. I think there’s even yet a third type. People who are not ignorant, and also not morons. But they are soooo far into a sunk cost fallacy that they will find endless rationalizations. And if they’re smart ppl, which some of 'em are, they can be very clever at finding rationaliztaions.

That, or Privacy Zuckering. Every update, you turn all the options back to “spy on me”. And maybe change all the wording and locations for good measure.

Sure, you can turn them back to “do not spy on me you assholes”. But 3 months later, new update… bam! Everything reset! Or new ones intruduced you don’t know anything about and you got to pray you notice those.

That way, the co can continue to claim in court, “we give customers options to manage their own privacy”. The fuck you do…

Why would anybody want that?

Ayup that is the question. I’m tryin to figure that out with my friends.

Near as I figure… they just have an ENTIRELY different mindset. It’s like I might have about say a wrench. I buy the wrench. I use the wrench to wrench something. That’s all the thought I ever give to the wrench.

It’s like that for them with these surveilence products. It’s “cool”. Its “shiny”. It’s all Star Trek-y. They give exactly zero thought to their data. It’s a product from a big namebrand they know. They trust it based on that.

I try to get them to see a bigger picture. Iit’s an uphill battle. Endless rationalizations we all know, nothing to hide, I’m not important enough for anyone to care about, I’m not doing anything wrong.

This, but llama.cpp.

ollama is built on and uses llama.cpp as a backend, but for a long time it didn’t even acknoledge that, which was sleazy. It does now, so… ok.

But even now, it has layers that add obscuration. llama.cpp is the core tech, without the bloat and obscuration.