Yes, but you won’t have access to most of its features other than just typing. Since you’re using Graphene and Google Play/Google Play Services are sandboxed cutting network permissions from Gboard should be enough to completely disable its phone to home.

From literally the same thread: https://lemm.ee/comment/14867214

That’s… Interesting. I’ve been using Ventoy professionally for like… 2-3 years now and I’ve not once had an issue with daily use. Unironically like 2500-3000 uses without issue.

Generally Ventoy is better than both. Choose a dedicated flash storage, flash Ventoy to it, then click and drag as many ISO’s as can fit on your drive and you can boot from any one of them at any time.

Much better than Etcher or Rufus, IMO.

Only way to bypass this is by not using the app.

This doesn’t change the situation at all. Each mail server has their own whitelists and blacklists. Some mailservers have explicit whitelists and will throw into the spam folder anything not on the whitelist. You could have a perfectly configured mail server and be doing everything right, but because your TLD isn’t on the whitelist its throw into spam regardless. It entirely depends on the configuration of the mail server to whom you’re sending mail.

Mail is super hard.

Generally custom domains don’t pass spam filters very well. Your email server will have to be immaculate and even then, you could be sent to spam simply because you’re not on the TLD whitelist of a mail server…

Generally, I don’t recommend people roll their own mail server, and even less so when you don’t use typical TLD. You can always test it out, though, if you already have the domain: https://www.mailgenius.com/

It is not about police hijacking IMEI

That’s the entire point of the OPs post that I replied to. So… Yes it is.

The police cannot clone SIM cards or hijack IMEI without a court order, and if they have a court order to do that, then it’s trivial for it to include orders to compel you to unlock your phone/SIM anyways. This doesn’t really protect you.

Most Android versions have this now. Became popular as soon as SCOTUS ruled that police can compel you to unlock your device via biometrics. Enable it. If you think you may be arrested, simply restart your phone and now they need a court order to unlock your phone which means they have to convince a judge with probable cause.

Practically speaking, there’s a huge difference.

RCS/iMessage are great. They’re a huge upgrade over SMS, however, the E2E statements they make aren’t really verifiable to the degree necessary to call them secure. They also require hardware compatibility, software compatibility, environment compatibility (root breaks RCS) as well as network compatibility so the pool of devices that work both ways with RCS is still pretty small. It’s frankly a mess. Default settings for most RCS/iMessage applications will attempt to send via E2E protocols and if it fails, it defaults back to sending SMS. So now your super secret content was just sent basically over cleartext if the protocol send fails. lol

Realistically speaking, he’s right. There’s no difference. People don’t casually message information which is important enough to require perfect forward secrecy. So at the end of the day choose which works best for you and if you do dumb shit like sending credit card and social security numbers over clearnet, then prepare to have your anus widened.

I personally prefer running an MTProto proxy on top of Telegram. I control the proxy, so I can view where the network traffic is going in transit for the most part. Is MTProto perfect? No. But it’s vastly improved since previous independent audits and it’s “good enough.”

If critically sensitive information has to touch a device with internet access then you need a mature security protocol like PGP or some other shared key cryptography so you can verifiably ensure you’re talking to whom you’re supposed to be talking to. If that’s something you’re interested in, give Keybase a try. It’s a really great platform built around a really great technology (PGP). The mobile application comes with a chat option that uses your PGP key to symmetrically encrypt your chat messages using Scrypt (with PBKDF2) making it significantly more secure than any other option mentioned here.

I asked the man how come and he said “Well, dumb TVs are hard to get and they sell almost immediately. So they’re worth more than the smart ones.”

He’s wrong. They’re cheaper because the manufacturer makes money off selling advertisements.

Why do like, houses have doors man. You gotta eliminate all points of egress for security, maaaan. /s

There’s no particular reason to disable root, and with a hardened system, it’s not even a problem you need to worry about…

There’s no real advantage to disable the root user, and I really don’t recommend it. You can disable SSH root login, and as long as you ensure root has a secure password that’s different than your own account your system is just as safe with the added advantage of having the root account incase something happens.

https://www.passwordstore.org/

You can’t really disable the root user. You can make it so they can’t login remotely, which is highly suggested.

Correct. If space is such a big problem for you that it’s unconscionable to use a 4U mini rack (which again, like what the fuck), then mounting hardware on the wall is a completely valid option. It’ll take up zero floor space.

Light + TIF                     https://sky.rethinkdns.com/1:AAkACAQA
Normal + TIF                https://sky.rethinkdns.com/1:AAkACAgA
Pro + TIF                 https://sky.rethinkdns.com/1:AAoACBAA
Pro plus + TIF               https://sky.rethinkdns.com/1:AAoACAgA
Ultimate + TIF              https://sky.rethinkdns.com/1:gAgACABA

Light + TIF                 https://dns.dnswarden.com/00000000000000000000048  
Normal + TIF                 https://dns.dnswarden.com/00000000000000000000028  
Pro + TIF                 https://dns.dnswarden.com/00000000000000000000018  
Pro plus + TIF               https://dns.dnswarden.com/0000000000000000000000o  
Ultimate + TIF              https://dns.dnswarden.com/0000000000000000000000804  

Light                https://freedns.controld.com/x-hagezi-light
Normal                https://freedns.controld.com/x-hagezi-normal
Pro                https://freedns.controld.com/x-hagezi-pro  
Pro plus                https://freedns.controld.com/x-hagezi-proplus  
Ultimate                https://freedns.controld.com/x-hagezi-ultimate
TIF                https://freedns.controld.com/x-hagezi-tif

DNS based adblocking with Hegezi blocklist and TIF (threat intelligence feeds). Works with any device on your network in one way or another (QUIC, DoH/3, DoT, etc) and doesn’t require installing anything. Just changing dns settings.

This is a great list. Blocks about 95% of all advertisements. About 4% are unblockable due to one reason or another, and the remaining 1% get added very quickly. I highly recommend this solution. Sure, you can setup a PiHole and do it all yourself, but in the end that requires time and attention. It’s the same list, but if you roll PiHole yourself you don’t get access to TIF, which are amazing for protecting you from different kinds of threats.

Only full size racks. You don’t need to buy a full size rack. You can get very small racks these days that are smaller than a little chest cooler. And why are you under the impression that you have to mount it on the wall?

I’m coming to appreciate Hyper-V more and more to be honest. It’s a very mature virtualization environment. The only issue I have with it is the inability to do GPU-passthrough. Once they figure that one out, I probably won’t bother with anything else.