This may look like a weird question btw.
I see constantly people here worried about digital security, I see people using Tor, deleting social networks, and just sharing the different levels of security that they use.
So I was wondering, how safe is Lemmy? Sure it doesnt collect info like Twitter and Meta does, but that doesnt mean its 100% safe. So what are the main problems we can have here? Is there anything the 3 letter agencies could exploit? Is there any preventive measures users could take?
What are the best alternatives to Android?
For a phone or tablet? Unless there’s a Linux distribution that supports your phone, AFAICT, the only real option would be a variant of Android with minimal proprietary software (usually just drivers and other low-level code, unless you need Google Play services) like GrapheneOS or CalyxOS (or, for wider device support, LineageOS). It depends on the phone model.
Otherwise, a Linux distribution or one of the BSDs.
If you really want to do it right you need to create a new identity on the “net”. Don’t ever reuse that username , don’t ever use your original email address to create a new identity. Use tor without any javascript, or just use I2P. Get rid of your smartphone and get an old android or blackberry phone and root it. Don’t use google play or any other corporate “mobile stores”.
On your PC only use Linux or Free/openBSD. Run your router through tor proxy for every connection. Only use virtual machines for your OS’s. Use proxmox or XenServer, or just KVM (kernel virtual machine) As your host machine and use ZFS encryption or Luks. Hide the private key for your host system in an encrypted container then then transfer to encrypted USB and put into “cold store”. Again shut up about who you are online. Use trash email addresses to signup for stuff… again never use the same email address. You can use tormail to contact the “outside” sometimes called “clear net”. Use good opsec. - 2cents Systems secure engineer.
Thanks! I even saved this comment
Use diceware for root keys. https://diceware.dmuth.org/ is a nice demonstration but you should use physical dice.
If you are on a mobile machine then isn’t it inconvenient to have to use a specially configured router? What do you do?
I guess I don’t understand the context. Let me ask , are you asking what do you if you’re using a mobile device and don’t have access to a router?
I’m saying let’s say your device is already configured to run Tor. But then you go out somewhere and want to connect to wifi of a business or relative who’s router you don’t own.
Ok , so there is a really cool product called , tailsscale https://tailscale.com/ This is amazing , basically you can install this on any computer or server and mobile device. It is a p2p VPN , real quick … example… I install this on my home server right , then I install another client on a mobile device like a phone. I can now connect to my server IP’s address on my server. I have this setup also.
It wants your email and stuff to sign up tho…
yeah that’s fine, the reason why you need an email is because that is what your using for your domain. so for instance only users with @welcome.to will be allowed to access my VPN.
is it hard to learn to install these? I know a bit of c++
For Android variants? If there’s a build for your device, no, it’s usually easy. You need to install some Android tools (usually just
adbandfastboot) to your PC and follow some instructions. What phone/tablet would you be using?Galaxy M10
Hm. Unfortunately, I can’t find anything for the M10; it’s likely one of Samsung’s less popular models.
Do you have a laptop/desktop? If so, you could install a Linux/BSD distribution, or run TAILS from a USB drive. If the M10 is your only option, the best recommendation I can make would be to use the Android version of Tor Browser and only use Lemmy through that, or to install Orbot to route your Lemmy client through Tor.
Yeah Im currently using Linux! And thanks Ill try Orbot
deleted by creator
Thats great! thanks
You don’t even need to learn how to program by having good opsec. It doesn’t hurt though to know programming in general. The most reason people get caught is because they can’t keep their mouth shut.
main problem afaik is getting the unlock/root key to your phone these days. most manufacturers will not give it out anymore