bernard

Do they require KYC?

What carriers do with our data is a black box and changes all the time. They must do whatever the government compels of them. No opensource baseband options are available. Therefore I would not trust any of them.

It is best if you can decouple the phone number you use from the provider of the SIM card.

1. Get a SIM card for data only with no KYC such as Mint Mobile or Ting for physical prepaid cards or jmp.chat or PGPP for pay as you go ESIM. Your voice and location give away your identity. So for maximum privacy, never make calls with the number associated with the SIM card nor activate cellular near your home.

2. Transfer your number to a VOIP provider such as voip.ms or jmp.chat. Of course use encrypted messaging and calling as preference whenever you can.

For years I have been paying less than $20 a month and have a few phone numbers. Governments and corporations have no idea where I am. Because my phone is anonymous, they would have a hard time deploying malware onto it if they wanted to target me. Most data goes through a VPN.

You can skip logon to just get notifications. Since Aurora store was rate limited, I started installing from GPS.

Grapheneos.org explains how the sandboxed GPS minimizes what it can collect. The highly promiscuous standard implementation of GPS has massive access to your device with limited and uncertain abilities to restrain what it can collect. All apps in Graphene are treated as hostile with fire grained firewall abilities. The sandboxed GPS from Graphene is implemented as any other app and only needs network access to deliver notification.

I created an anonymous Google account and only give it network access until the day some of the apps I need. Google only knows that someone from an IP address is getting notifications for those apps that use it. Once these apps switch to unified push or web sockets to deliver notifications, I will remove GPS.

Mixed in here are search engines and metasearch engines. Metasearch engines like DDG, Metager, and Searx are not actual search engines but rather sites that query other engines. I would rather see only actual search engines for comparison. I would like to see some non western (search engines based in non NATO aligned) countries included such as Yandex.

Data collection always happens. How does the engine know what to return if you did not send it a query(data)? Sometimes results are personalized/manipulated. Anonymity reduces impact of both.

Looks good for files, but if you want total replacement of icloud/google/ms services such as contacts, calendar, tasks, notes, and so much more, Nextcloud is best in class.

I deal with this by subscribing to very few mainstream media sources since they typically report the same thing in unison with slight variation. The slight variation makes deduplication technically difficult. I use Nextcloud News, and maybe their future LLM models could accomplish this.

Good alternatives you can self-host are Nextcloud Talk, Jitsi, BigBlueButton, Unhangout, and Matrix. Find a community instance of any of these if you don't have the chops to host your own.

I recently started sending trivia questions to my friends in group chats on the old horrible comms. To get the cash rewards for winning answers, they must respond to me on the specified decentralized comms (Nextcloud, Session, XMPP, Matrix, Simplex, fediverse..). It costs me some money, but we are having fun while they learn new things.

It is great but only missing a desktop client.

When Signal is compromised or compelled, you won't know it happened. It may have happened already.

Even if Signal might be better for those people's current threat model, people's habits are hard to change. Good luck getting them onto a better decentralized protocol later. Most people will not take the time to understand the importance of decentralization and think we are just making their lives difficult. I regret getting people onto Signal mainly for this reason.