They are separate but related concerns. Privacy is what you have (or don't have) right now. Control is what you can use to keep or throw it away in the future.
Apple gives you some privacy, better than most Android by default. But it gives you no control. If they decide you don't deserve privacy a year down the line, well, too bad.
FYI: NetGuard is an open source rootless firewall for vanilla Android which also allows per-app network access control, for those unable or unwilling to go with other OSs. Works by leveraging Android VPN to block instead of tunneling packets.
What's the story for maps and POI search on GrapheneOS? I'm assuming using Google Maps is a non-starter since that defeats the whole point of all these privacy protections in the first place.
Agree that "control" is a much better framing, since it doesn't suggest a need for secrecy and therefore embarrassing/unacceptable/untoward behavior that needs to stay behind drawn window blinds. I'm also fond of "agency" and "digital self-sovereignty" as alternatives.
But fine, I'll be the one to say it: Cloudflare isn't one of the good guys here and as an entity it shouldn't be trusted. It doesn't matter how pure their stated motives appear to be now, or how unmarred their track record is so far. It's a corporation that has control over an ever-increasing share of internet infrastructure, and is susceptible to the same risks as any other tech monopolist basket that we all decide to put our eggs in. Maybe more risky than the others, given how deep in the stack its influence is buried.
What happens when a government forces it to NXDOMAIN porn or put nuisance captchas in front of dissident blogs? Is there some reason people think this one is different?
Not even this. If you do what OP says on the firefox, and turn on ResistFingerprinting, you'd be seeing many Cloudflare captchas a day. In effect it directly punishes you having any privacy or control. I wonder if they have an internal whitelist for employees? /s
I added a disclaimer to the DNS section along with a list of other DNS providers folks can choose to use instead.
I made these choices before I was employed by Cloudflare and personally like how transparently they operate as a company. They have earned my trust but I don't expect others to feel the same way.
As much as I'd love to daily drive an OS like GrapheneOS, the risk of running into apps that use Google Integrity API thereby making it impossible to run those apps on Graphene is too much of an inconvenience.
I took a look at this curated list of bank apps[1] supported on Graphene OS and I'm glad that a large majority of them work on Graphene. However, just my luck that one of the banks I use on this list isn't supported.
In my country, the state is enforcing a lot of essential workflows to be digital-first (and in extreme cases digital-exclusive) and I dread to think needing these services at a critical moment and the choice of my OS making it impossible for me. This is more of a commentary on my government's choices but it's a reality for me.
In any case, I don't think it's practical to go cold turkey and switch to a privacy focused phone without testing waters first to see which of your of workflows break and then reason about the tradeoffs/workarounds.
I do admire folks who use GrapheneOS as a daily driver, I'd like to chat them up if I find them in the wild.
but who says you have to limit yourself to one device? it's mildly inconvenient to carry more than one, sure, but the added benefit of an air gap between "serious business" and "personal life" is very much worth it, imo.
I wonder if it would be feasible to build an automated phone-using robot, and access it remotely for any kind of apps enforcing that type of crap. There is really nothing they can do in terms of device attestation to prevent it.
We shouldn't install apps that use the Google Play Integrity or are closed-source in the first place. That's what I do.
The issues with GrapheneOS for me are:
1. They don't support rooting the OS. This is such a basic requirement for me. Why would I use an OS that doesn't let me do anything and everything with it?
2. They only support Google Pixel phones that don't have kill switches for the microphone, camera, radio and so on, as far as I know. GrapheneOS may be very secure, but nothing is 100% secure. Except cutting power to the mic. I'd be fine with physically removing the accelerometer and other sensors that can act as mics, even the mic itself. But newer phones are a bitch to open and close as they use glue instead of screws.
So right now I'm waiting for a Linux phone that's priced normally. I tried the PinePhone a couple of years ago, but it was an awful experience. Hopefully something comes soon. If not - I'll use my dumb phone.
I've used GrapheneOS for years now and it is the easiest-to-use, lowest friction privacy oriented software I've interacted with.
I'm not sure why one banking app not working would be a deal breaker (Can you not live without that specific banking app?) or why things being "digital-first" would be an issue (Are you talking about a government app not working?). The only people I think that it isn't practical for are those that need a specific dual factor authentication app for their job that doesn't work on it or someone that uses there phone for their business as a payment processor that requires an app that doesn't work on it. Otherwise it's kinda install it and forget about it, which is how I wish more privacy focused software worked.
I've been using GrapheneOS for years, I can't go back to another OS due to its ease of use, speed, and awesome features baked into my day to day use now.
There is one banking app that stopped working, and you know what? I dont use it now. I'm not about to let a bank dictate how I use my most personal device. I use a desktop if I need to access that info, and it forces me to be deliberate about it too.
The only thorn in the opine is Cloudflare. Everything looks reasonable but CF. I get that DNS is free, it is OP's employer and registry being offered sans margin but it doesn't make up for the fact that CF is on its way to become the biggest gatekeeper and strangle the freenet if it wishes to do so.
I added a disclaimer to the DNS section along with a list of other DNS providers folks can choose to use instead.
I made these choices before I was employed by Cloudflare and personally like how transparently they operate as a company. They have earned my trust but I don't expect others to feel the same way.
> Tech workers: The only piece of technology in my house is a printer and I keep a gun next to it so I can shoot it if it makes a noise I don't recognize.
> Domain: I switched to Cloudflare Registrar recently because they offered a lower price ... I don't think Cloudflare really cares to make money on domain registration.
Well, they don't today.
Speaking of "control", it is bad form to keep both the nameservers and registrar with the same company (think takedown requests / account lockout / etc).
> "I don't need to care about privacy because I have nothing to hide." is an argument that I have heard countless times. I found this argument difficult to counter in the past, yet deep-down I knew the reasoning was flawed.
This one is pretty easy to counter. Just ask the person to hand you their phone and go through their messages and photos. There's no one that wouldn't feel restless about it.
My next low hanging fruit is certainly to make my LLM usage local, my queries contain much more sensitive information than what is mentioned by this post.
In the past I dropped off privacy when it was too inconvenient. For example I dropped protonmail because of bad search, left Linux desktop for Windows due to missing software, etc, I still haven't found the sweet spot for LLMs yet.
For the rest, I'm currently running the full macOS, iOS, safari, Apple passwords and I'm decently happy with this middle ground.
The absence of solutions for LLM privacy on that list is telling. We’ve figured out how to have private communications with other humans via end to end encryption but arguably we’re leaking a lot more to chatbots about ourselves in a few sessions than we do to even our closest friends and family over Whatsapp
I agree and its unfortunate that there i. For a long time I went without WhatsApp but realized that connecting to family was more important to me. I don't have a good alternative for this one.
> I use Cloudflare's DNS because I trust them more than other companies; purely based on their business and how their incentives align
The author fails to mention that they are currently working at Cloudflare, I think that should be made clear otherwise I see it as misleading to the reader, like so many pointed it out, Cloudflare is just a corporation like any other corporation out there...
I had the disclaimer in the Domain section but also added it to the DNS section, along with a list of other DNS providers folks can choose to use instead.
the conversation about what a privacy enhanced way of relating to tech is hasn't really matured much.
on one hand its being relative to a list of specific threat actors you avoid. on the other, its maintaining a role with leverage vs your devices and services.
privacy doesnt catch on as product because you have to navigate an inferior relationship to those threat actors first, and nobody aspires to that unless they already have a kind of alt cyberpunk underdog mentality and attitude.
the non-punk or normal, leveraged position is like a business or first class lounge for tech. calm, negotiable, amenable, hidden and exclusive power, craft, affiliation and signalling.
most privacy tech and apps are still in the mall ninja cyberpunk mentality, with some slightly self important NGO/public sector affilation signalling with Signal. The aesthetics of privacy need to evolve to drive more meaningful tech imo.
> I use Cloudflare's DNS because I trust them more than other companies; purely based on their business and how their incentives align
It's a very naive way of thinking about some businesses. What did Cloudflare do to earn this trust? It's just another VC-backed company and 1.1.1.1 is a free service. So Cloudflare is going to lose money just to protect my privacy? I don't think so.
Never host your own email. It’s a nightmare if legacy systems, edge cases, layered on trust systems, malicious actors, and endless spam. It’s a good way to spend a bunch of time and effort making sure most of your mail never gets delivered.
Somewhat related - I want control over devices in my home. Too many things these days need an internet connection to be useful. I run my own OpenWRT router and set up firewall policies for them so they only get the access they need to provide their function. But I'm getting tired of it.
I'm looking for a nice tool that would give me that "control" over my home network -- at the very least, proper observability. Like "little snitch / open snitch" but running on my home router... and I haven't found anything like that yet.
I really dislike that this is always the argument that's being attacked. It's not even what most people are thinking when they respond.
It's clear that the exchange is privacy for effort. If I want to self host, I need to pay time and money to get it all working, then continue to maintain it forever.
I agree. Keeping your data private is just not a big enough motivation. For me though the big issue is making sure one keeps access to their data forever. It’s so easy these days to use everything from one vendor and then get access shut off with no recourse. That is IMO the biggest fear everyone should have these days.
Yes, the only solution is self-hosting and yes it requires being your own sysadmin and it’s hard and not convenient. That’s why I’m building https://github.com/ibizaman/selfhostblocks. It’s a NixOS collection of modules that sets up services that fit well together and have declarative setup for LDAP and SSO. They have integrated backups, https and other features required for self-hosting. Also, the LDAP and SSO setup is tested with e2e NixOS VM tests that use playwright to make sure users can login if they have access.
I’m hoping to lower the bar to self-hosting significantly.
Hey, I remember seeing this like two years ago when researching Nixarr. Glad to see others focusing on NixOS for self-hosting stuff. I need to look into it again properly when I have time.
53 comments
[ 2.6 ms ] story [ 94.1 ms ] threadFantastic. This is what I have been shifting towards these past couple years. Hardly anyone likes to be controlled, right?
Apple gives you some privacy, better than most Android by default. But it gives you no control. If they decide you don't deserve privacy a year down the line, well, too bad.
side note, your link to Tuta is broken - think it's an internal link by accident
But fine, I'll be the one to say it: Cloudflare isn't one of the good guys here and as an entity it shouldn't be trusted. It doesn't matter how pure their stated motives appear to be now, or how unmarred their track record is so far. It's a corporation that has control over an ever-increasing share of internet infrastructure, and is susceptible to the same risks as any other tech monopolist basket that we all decide to put our eggs in. Maybe more risky than the others, given how deep in the stack its influence is buried.
What happens when a government forces it to NXDOMAIN porn or put nuisance captchas in front of dissident blogs? Is there some reason people think this one is different?
Not even this. If you do what OP says on the firefox, and turn on ResistFingerprinting, you'd be seeing many Cloudflare captchas a day. In effect it directly punishes you having any privacy or control. I wonder if they have an internal whitelist for employees? /s
I added a disclaimer to the DNS section along with a list of other DNS providers folks can choose to use instead.
I made these choices before I was employed by Cloudflare and personally like how transparently they operate as a company. They have earned my trust but I don't expect others to feel the same way.
I took a look at this curated list of bank apps[1] supported on Graphene OS and I'm glad that a large majority of them work on Graphene. However, just my luck that one of the banks I use on this list isn't supported.
In my country, the state is enforcing a lot of essential workflows to be digital-first (and in extreme cases digital-exclusive) and I dread to think needing these services at a critical moment and the choice of my OS making it impossible for me. This is more of a commentary on my government's choices but it's a reality for me.
In any case, I don't think it's practical to go cold turkey and switch to a privacy focused phone without testing waters first to see which of your of workflows break and then reason about the tradeoffs/workarounds.
I do admire folks who use GrapheneOS as a daily driver, I'd like to chat them up if I find them in the wild.
https://privsec.dev/posts/android/banking-applications-compa...
The issues with GrapheneOS for me are:
1. They don't support rooting the OS. This is such a basic requirement for me. Why would I use an OS that doesn't let me do anything and everything with it?
2. They only support Google Pixel phones that don't have kill switches for the microphone, camera, radio and so on, as far as I know. GrapheneOS may be very secure, but nothing is 100% secure. Except cutting power to the mic. I'd be fine with physically removing the accelerometer and other sensors that can act as mics, even the mic itself. But newer phones are a bitch to open and close as they use glue instead of screws.
So right now I'm waiting for a Linux phone that's priced normally. I tried the PinePhone a couple of years ago, but it was an awful experience. Hopefully something comes soon. If not - I'll use my dumb phone.
I'm not sure why one banking app not working would be a deal breaker (Can you not live without that specific banking app?) or why things being "digital-first" would be an issue (Are you talking about a government app not working?). The only people I think that it isn't practical for are those that need a specific dual factor authentication app for their job that doesn't work on it or someone that uses there phone for their business as a payment processor that requires an app that doesn't work on it. Otherwise it's kinda install it and forget about it, which is how I wish more privacy focused software worked.
There is one banking app that stopped working, and you know what? I dont use it now. I'm not about to let a bank dictate how I use my most personal device. I use a desktop if I need to access that info, and it forces me to be deliberate about it too.
I added a disclaimer to the DNS section along with a list of other DNS providers folks can choose to use instead.
I made these choices before I was employed by Cloudflare and personally like how transparently they operate as a company. They have earned my trust but I don't expect others to feel the same way.
> Tech enthusiasts: My entire house is smart.
> Tech workers: The only piece of technology in my house is a printer and I keep a gun next to it so I can shoot it if it makes a noise I don't recognize.
Well, they don't today.
Speaking of "control", it is bad form to keep both the nameservers and registrar with the same company (think takedown requests / account lockout / etc).
I thought there was only a couple of us.
This one is pretty easy to counter. Just ask the person to hand you their phone and go through their messages and photos. There's no one that wouldn't feel restless about it.
In the past I dropped off privacy when it was too inconvenient. For example I dropped protonmail because of bad search, left Linux desktop for Windows due to missing software, etc, I still haven't found the sweet spot for LLMs yet.
For the rest, I'm currently running the full macOS, iOS, safari, Apple passwords and I'm decently happy with this middle ground.
- WhatsApp is an exception
For others
- Google is an exception
The author fails to mention that they are currently working at Cloudflare, I think that should be made clear otherwise I see it as misleading to the reader, like so many pointed it out, Cloudflare is just a corporation like any other corporation out there...
I had the disclaimer in the Domain section but also added it to the DNS section, along with a list of other DNS providers folks can choose to use instead.
on one hand its being relative to a list of specific threat actors you avoid. on the other, its maintaining a role with leverage vs your devices and services.
privacy doesnt catch on as product because you have to navigate an inferior relationship to those threat actors first, and nobody aspires to that unless they already have a kind of alt cyberpunk underdog mentality and attitude.
the non-punk or normal, leveraged position is like a business or first class lounge for tech. calm, negotiable, amenable, hidden and exclusive power, craft, affiliation and signalling.
most privacy tech and apps are still in the mall ninja cyberpunk mentality, with some slightly self important NGO/public sector affilation signalling with Signal. The aesthetics of privacy need to evolve to drive more meaningful tech imo.
It's a very naive way of thinking about some businesses. What did Cloudflare do to earn this trust? It's just another VC-backed company and 1.1.1.1 is a free service. So Cloudflare is going to lose money just to protect my privacy? I don't think so.
Never host your own email. It’s a nightmare if legacy systems, edge cases, layered on trust systems, malicious actors, and endless spam. It’s a good way to spend a bunch of time and effort making sure most of your mail never gets delivered.
I'm looking for a nice tool that would give me that "control" over my home network -- at the very least, proper observability. Like "little snitch / open snitch" but running on my home router... and I haven't found anything like that yet.
I really dislike that this is always the argument that's being attacked. It's not even what most people are thinking when they respond.
It's clear that the exchange is privacy for effort. If I want to self host, I need to pay time and money to get it all working, then continue to maintain it forever.
Yes, the only solution is self-hosting and yes it requires being your own sysadmin and it’s hard and not convenient. That’s why I’m building https://github.com/ibizaman/selfhostblocks. It’s a NixOS collection of modules that sets up services that fit well together and have declarative setup for LDAP and SSO. They have integrated backups, https and other features required for self-hosting. Also, the LDAP and SSO setup is tested with e2e NixOS VM tests that use playwright to make sure users can login if they have access.
I’m hoping to lower the bar to self-hosting significantly.