“Infamous” just refers to newbies who sometimes call if statements “if loops”. I’ve heard this quite a bit.

In theory, the law applies to everyone. In practice, it doesn’t apply to rich entities.

All true, except that it doesn’t really get better because after we manage to contain or survive the upcoming Nazi/extremism movement, nature will punish everyone on the planet for not having done anything about climate change. So first we have to deal with huge societal and political problems, and then with huge natural ones (which also cause huge societal and political problems as a result). We know the answers to both of these problems, but we aren’t changing anything.

It’s true that both are security risks, and that Tiktok is even worse in general, however other proprietary social networks are also BAD and the proprietary algorithms behind them can all be used for massive user manipulation (control what they see, when they see it, and what they don’t see, combined with tons of personal and psychological data about each user). That said, another factor that might be overlooked is that it also depends on how easy a target something is. An app by a foreign government that could be used to manipulate citizens is a much easier target for “banning”. There’s probably much less legal obstacles in the way in this case, and less resistance against it.

Using it since many years on many Pixels and loving it.

Main pros: zero bloat, efficient, highly secure and highly private (about as private and secure as it can get on any smartphone), and it’s an Android without any of Android’s typical weaknesses (privacy issues, bloat, etc.). You get to utilize the advantages of Google (its security) and completely avoid the disadvantages (its many privacy issues). You get to use all the advantages of an Android mobile OS while completely avoiding all of its disadvantages. It’s like getting your cake and eating it too. You’re much better off in terms of security and privacy than almost(?) all other smartphone users. According to leaked documents, Cellebrite for example can’t crack GrapheneOS on Pixels at all. They can crack almost any other smartphone if they have physical access to it. Most smartphones are really easy for them to crack. iPhones may pose some trouble depending on model/OS. And Graphene on Pixel is the literal brick wall. And even on top of that it has tons of great security features, like auto-reboot after X hours of inactivity, charge-only-mode for USB-C when locked, distress/duress PIN entry to immediately wipe the phone, many things like that. On the privacy side it’s looking great as well: Some folks have analyzed Graphene’s network traffic and there’s zero privacy issues from the OS or its built-in apps. And the few connections it does make (for updates and so on) are all documented and work exactly like they documented them, and they only transmit the exact least amount of necessary data without anything beyond that (guess what - that’s super rare). And on top of that there’s even more great privacy features, some of which are invisible but well thought-out, for example any SUPL request goes through a Graphene proxy server first (configurable) which strips all personally-identifiable data from the request and then redirects it to your provider’s SUPL server (which is most likely Google’s SUPL server in the end). I’m seriously impressed by the quality of the GrapheneOS project. Maybe you don’t realize how good and rare such things are nowadays. Also the documentation is very good and actually answers most of your questions and doesn’t contain any marketing blurb. The social media feeds and forums are a great source of info as well. On top of all that it’s even easy to install GrapheneOS.

Main cons: it’s only available on Google Pixel phones, so if you truly despise Google and don’t want to buy or use anything from them, it’s not the right device/OS for you (or maybe buy it used?). However, the reason GrapheneOS is on Pixel is purely a technical one: Pixels do offer very high hardware based security already (probably the most, although iPhones have good hardware-based security as well. As is known, Apple tends to be produce good quality hardware, not quite so good software) as well as a very high degree of “platform neutrality”, i.e. it’s supported by Google to flash a different OS on it or use more advanced tools like adb without any sort of tinkering or unnecessary danger involved. Also you don’t have to register to unlock your phone or anything, you only need to be online once to enable the OEM unlocking feature (I think this is because Google needs your IMEI to check whether the phone is carrier-locked (cannot ever be OEM unlocked) or can be unlocked, and they will immediately receive some device data including the IMEI as soon as you go online with the preinstalled Android OS once [of course they will receive some more device data than just the IMEI]), so it’s best to not insert your SIM yet (and not do anything with the preinstalled OS) before you’ve installed GrapheneOS on your new Pixel. Do the OEM unlocking step on WiFi only, best on a public WiFi so Google has much less of a chance to identify you based on your IP or related data. Then install Graphene, then insert your SIM and start using your new phone. Other cons exist but they’re rare or pretty much irrelevant in daily use. If you have to hear them, read an older post by me about some potential downsides: https://discuss.tchncs.de/post/19867254/12069767

You shouldn’t have to sign into any account just to use your operating system. This is wrong regardless of OS. It’s wrong and bad on iOS and proprietary Androids, and it’s wrong and bad on Windows. Also, it wasn’t even a thing on Windows before Win8. Don’t just blindly accept such enshittification. It would be tolerable if it would be opt-in and purely optional, but MS is pretty much enforcing this crap upon their users, and that’s more than a red line being crossed. That’s simply hostility towards their users.

MS noticed that people do this willingly on iOS/proprietary Android and thought hey if we do this on Windows we can harvest even more data from the logged-in users and we have a confirmation of identity and also always get their current IP address and more device data.

To better sell this to the average user, they offer some minor benefits such as settings synchronization across devices, for which they also harvest your settings data, obviously (and even more they’re not telling you directly). Either way, the only real reason they want this is to know who uses their OS, to control access (they could disable your account) and to harvest even more data from the logged-in users. With local user accounts, as it should be, this would not be possible.

Online accounts make sense for online services, not for your OS which should work independently from online services.

Either use a Linux distro (desktop/notebook/server/mobile) or an open-source Android distro such as GrapheneOS, DivestOS, /e/OS, CalyxOS, LineageOS (mobile).

The main source of this recent trending fascism, anti-scientific thinking and so on is social media or the web in general. To resist or refute the mass of false information and find out what’s likely true and what’s not, requires education, literacy, media competency, things like that. I guess current generations are lacking this so they fall easy prey to “funny” fascist memes, fakes and rhetoric, then vote for rightwing extremists, destabilizing their own country as a result, not realizing that this leads to big disadvantages for everyone including themselves. We failed to protect these younger generations from misinformation, and now they are turning the world into what they are misled to believe is true.

We used to have relatively high living standards in the Western democracies. This will soon all crumble and we (most people who aren’t rich) will suffer from it, regardless of who you voted for. And on top of that, climate change will finish us all off, because battling that isn’t even on the radar for those fascists because they don’t even believe in it. So instead of doing too little, we’ll do literally zero and even accelerate the problem, meaning it’ll affect us all much sooner already and with higher intensity.

So enjoy your still existing relatively privileged life while it still lasts. It’s ging to get much, MUCH worse before it’s going to be better again. Buckle up and prepare yourselves.

It does again show that these people are like irrational, unscientific, religious cultists. We, as in humanity, should aim to progress away from such a dark past, not regress back into one. That way lies madness.

Just FYI I installed the apk from the github repo (not the google play version) via Obtainium a few days ago and it tried to make a connection to 2 cloudflare IPs during setup of my account. Without prior consent or any mention. So just be aware that there is still some form of telemetry or unwanted connections happening, even though they removed the telemetry flowing to Mozilla’s own telemetry endpoint. K-9 had zero of this, it just spoke with your mail servers and that was it. So be careful and block outgoing app connections by default. I did not analyze the data being sent, just that there were those 2 unwanted connectiins. happening.

It’s probably related to the phenomenon called “gish gallop”. It’s when someone outputs a ton of falsehoods and other junk very frequently, and other more rational individuals have to refute all those claims and pseudo arguments, look up sources, look up what’s true and what’s false, and so on. There’s an asymmetry in effort - it’s much easier and way faster for the trolls to spit out junk, falsehoods, misleading content, misleading memes, false claims, and so on, than it is to refute those and gather facts, and to do that, you also have to be very careful to make it accurate or else the listeners might go “boo that’s wrong as well, they both suck!”

And then there’s the phenomenon that even bad advertisement is advertisement. Someone whose name keeps coming up, such as Trump, because that name is constantly all over the news, each and every day, must be very important since the name is repeated so much. This automatically “elevates” that person in the minds of some voters, even though the reason for his constant mention is purely negative. So the more reports about Trump’s weird ramblings, the more he is automatically advertised.

I think it’s like a combination of such unfortunate phenomenons. The result is that real politicians have to be accurate, careful, constantly maintain a professional attitude, and carefully counter Trump’s weird claims, while Trump can just continue to spit out hostile nonsense all the time, which is so much easier.

I’m not sure what can be done against such strategies other than education and media literacy, which is probably becoming weaker over time in society. You don’t vote for proven anti-constitutional fascists, ever. If you do, you’ll always be much worse off than if you hadn’t. Even when the alternatives might also not look great overall… it should be your moral duty to always vote for the least-worst option, which means NOT Trump.

~1930ish Germany made such mistakes. Don’t repeat them. You’re now at ~100 years later and are supposed to learn from grave historic mistakes. So please show that you are actually wiser than the people ~100 years ago and don’t vote for proven fascists.

It’s an important milestone as it’s the only effective way to make PC gaming available on operating systems other than Windows (i.e., reduce one of the Windows monopolies). Still, Linux gamers shouldn’t take it too far. I’d advise everyone to still not support game studios which are openly hostile towards Linux gamers. This especially includes the ones who rely on client-side anticheat tools and then use those to block Linux gamers even though the game would run perfectly fine on Linux as well. Please do not support such games or studios (e.g.: Epic Games, EA, Bungie, Riot). Thanks to Proton, there is still a massive number of Windows games that can be played instead.

Winter is on its way out due to climate change. In around the year 2100, it’s estimated that there will only be 3 seasons left, no winter. And summer will be much longer and much hotter. So the 3 seasons will be spring, then a 2-season long summer basically, then fall. That’s it.

But you can already see the disappearance of winter today because there’s much less snow and it’s much warmer than like 30 years ago. (Speaking for Germany)

Well with food something unusual at first feels weird but once you try it it might actually be good. I’ve had this experience quite a lot. Probably shows how much you’re conditioned to liking certain foods just because you’re used to them and grew up with them. So I’m not gonna judge how this would taste. But the first impression was like “ugh”.

Technically, everyone has a Facebook account, or at least a shadow account at Meta. Since they are one of the biggest data gatherers in the world, they gather data from all sorts of sources about people, not just from your active usage of their apps, sites and services. It’s extremely likely that they have quite a bit of data on everyone. Many proprietary mobile apps, for example, initiate connections and transfer some data to Meta or Google. Even apps that have nothing at all to do with them otherwise. Many websites do. Many applications and games do. Integrated proprietary software in various devices, e.g. smart TVs, does. Also, WhatsApp is used by I think ~30% of the world’s population now(?) and they started syncing/sharing all that data (mostly metadata but metadata is also very revealing) with Meta several years ago. Since WhatsApp also shares your whole contact / address book with Meta, they also effectively have a (mostly) full social connections graph on about a third of the world’s population, based on WhatsApp usage data alone… so overall they’ll have even more.

Unless you’re efficiently blocking or otherwise interrupting all of those connections, on every device, or are able to really effectively use different IPs and never reveal all of the IP addresses associated with yourself, it’s likely they still have quite a bit about you. If you’re logged into a personally identifiable Google or Meta account on your phone, for example, and your phone is in your WiFi, then it’ll have the same public-facing IP address as your computers, meaning they’ll be able to enumerate all of your devices based on what they gathered on that IP address alone. It means that IP address can now always be linked to your person for Google/Meta/and so on.

And then there’s always the possibility of the apps or websites not making your device directly connect to Meta/Google/… so it looks like only the 1st party gets your data (which always seems OK), but afterwards or in the backend it can still transmit or share the gathered data without your knowledge to those companies. This can also happen without the 1st party noticing it, because Meta and Google are often integrated in a lot of things, for example in SDKs or popular libraries. For example if you develop a mobile app using Meta’s SDK, then by default (opt-out) the resulting app will transmit various kinds of telemetry data to Meta. Unless the developer disables this consciously, which many do not know or care about, it will simply be on and active. Sometimes they also have special data sharing deals with certain companies. Google has even more ways of being included in all sorts of things, they are almost omnipresent. For example Google is doing checks whether your Android-based mobile phone is carrier-locked or not, on behalf of your carrier, not your carrier. Google also receives your (personally-identifiable) IMEI and telephone number alongside every single location request your phone is doing, even from an app that’s completely unrelated to Google. [unless your Android has configured a non-standard SUPL server, which isn’t even an option in most Androids, or you use GrapheneOS which uses a proxy SUPL server to strip that bit of personally identifiable data before redirecting it to the real SUPL server (which most likely is your provider’s, which in turn is most likely just a redirect to Google’s SUPL server in the end)]. These are just examples off the top of my head, there’s even more weird stuff happening of course.

So it doesn’t really matter if you have active accounts at those companies, or not. They still know a lot about you and your devices, and sell that data to governments and whoever else bids the most for it. And even if they don’t know you yet (if no link to your person is currently possible for a particular data set), which is highly unlikely but may be a possibility if you’re truly careful and use different IPs all the time, they still gather all these records, and it only takes one single mistake on your end and they’ll be able to link all records they gathered from that particular IP address to your person as well. Not only that, but they could even statistically calculate that based on what you visited or what you wrote somewhere online, or even how your typing style is, that you’re likely this particular person, even if the data is still “anonymous”.

It’s really hard and really inconvenient to escape all the data gathering, in practice the only thing you can do is minimize it. Most users don’t care at all or don’t want to deal with the extra effort and simply let everything flow out. It’s a much easier online life, but it’s also an almost fully surveilled online life.

If you use Google’s Play Services and/or other Google proprietary apps and services (they are standard on all commercial Android phones), then your battery will be drained slightly more due to it having spyware (euphemism: “telemetry”) integrated. The Google Play services app, for example, does transmit at the minimum this data roughly every 20 minutes to Google:

Phone #
SIM Card #
IMEI (world-wide unique device ID)
S/N of your device
WIFI MAC address
Android ID
Mail Address of your  logged in Google account
IP address

And that is just if you have disabled ALL telemetry in ALL of the options, even the most hidden ones. So this is the minimum amount they are always gathering from every Android user, no matter what you selected. To make matters worse, the Google Play services is typically installed as a “system critical app” which means you as the owner of the phone can’t even uninstall it or reduce some of its permissions.

(If you have an iPhone instead, and think you’re safe from this, no you aren’t. Apple also collects a minimum amount of telemetry data which you cannot ever completely disable, it just does it slightly less frequently (IIRC, it was like every hour or so, compared to Google’s every 20min at the minimum).

And then there’s also the advertisement ID, a world-wide unique identifier set in all commercial Androids as well as iOS, for apps to track you. You can only reset it to a new random ID but never disable it fully.

To stop all of this bullsh!t, and also to stop the additional battery/resource drain caused by this, I recommend getting a Pixel phone and replacing the proprietary stock Android OS with GrapheneOS and then not installing any Google apps/services on top of it. You can get apps via F-Droid, Obtainium, Aurora store (those are the convenient methods). You can use ntfy as an alternative to the Google firebase messaging (notification) service that you won’t have access to when not having Google Play services running.

Answer is correct, I just want to clarify a bit more:

“Password protected” in your case probably just means that you have a bootloader password or a user account password. Both would not matter in this case. If you put your drive or partition anywhere else, and it’s not an encrypted partition, it can be read. Independently of user access rights. Any other OS accessing the same drive/partition can literally read everything if it’s not encrypted. Provided, of course, that there’s a file system driver available for the OS.

Windows by default doesn’t have any Linux filesystem driver installed. I’m not sure if that’s still the case when you install WSL. And there are 3rd party Linux filesystem drivers available as well.

But to protect yourself against robbery or a Windows which might in the future include a Linux filesystem driver, you should always encrypt all of your partitions. And when encrypting, use Bitlocker only for your Windows system partition, not for any data partitions, and certainly not for Linux partitions. For Linux partitons, use the integrated LUKS2. Bitlocker on Windows isn’t private encryption by the way, since a recovery key is being uploaded to MS’ servers automatically. That means MS has theoretical access, the US government has, and law enforcement has. As well as any hackers who manage to exfiltrate that key from somewhere. That’s why I’d use Bitlocker only for the C: partition, a 3rd party encryption tool like VeraCrypt for any other Windows partition, and LUKS2 for any Linux partiton.

Of course they do. It’s to be expected that big tech companies use all data they can gather for training AIs, tracking users, creating psychological profiles of the users and selling data to the highest bidders.

Microsoft is also known for creating tools and products which track employees and workers and provide nice looking dashboards and statistics for the employers. And they partner up with Palantir and other companies to create even more effective surveillance solutions for companies and law enforcement to use eventually. MS is a data company since a couple of years, just like Google or Meta is. Data is very valuable.

In the case of Microsoft Office and Teams, there’s also the issue of corporate espionage. Companies from all over the world are freely giving away sensitive data about their documents, employees and projects to a US-based megacorp. There was a time in history when this would be called corporate espionage which is supposed to be bad and illegal and so on. But, since they’re all doing it voluntarily, and there’s no definite proof of MS doing anything because it’s a black box and no one except MS can inspect what they’re doing, it’s apparently “fine”. It’s like we have collectively become dangerously naive.

So yeah, it’s all “fine”. Until it isn’t. Until it is revealed one day. Then we can all be shocked and say “how could they do this, how could they violate our trust like that, their marketing slides looked so nice and the consultant was so charming and said we needn’t to worry about anything they would keep our data safe”. Well, if you trusted them in the first place, that’s your mistake. You cannot trust a company like MS, Meta, Google, TikTok, and so on with a huge track record of privacy violations. Ever. Cloud = someone else’s computer. Host your own stuff. Prefer not to use software with proven track records of privacy violations. Don’t use products or services from companies with such track records. Prefer open source over proprietary because when the code is openly auditable that’s a plus for trustworthiness, and proprietary applications usually have a bad track record of privacy violations and other anti-user features, while open source software rarely includes such things.

And it’s only going to get worse. With upcoming things like Recall, that’s almost like having a permanent camera behind you recording your screen at all times. I feel bad for all Windows users, but on the other hand, I don’t actually have to care. Keep trusting them blindly, but please don’t be surprised when it will come crashing down on you one day.

Yes.

If you still want to play such “modern” games loaded with what is akin to spyware, I recommend a dedicated only-for-gaming PC (running Linux of course*) using a different IP address than your main system (probably a notebook), for example by using a VPN on one but not the other. I’d recommend using the VPN for the gaming machine, it’s less of a risk there, it allows for easy circumvention of geo-blocking, etc. If you need to access some services (e.g. chat) from both machines, create a separate account for it. Don’t share account credentials between machines. In fact, act as if the gaming machine is permanently infected with random stuff “required” for modern games, and isolate it accordingly. This is just an idea how to mitigate those problems and don’t let them creep into to your real machine where non-game-related data could leak out as a result. But you’re still going to support the developer doing this which is not recommended.

*) Why still no Windows, in this isolated case, you ask? Well, because it’s important to fight MS’ monopoly on gaming machines, so don’t support it by running it and contributing to its marketshare. Instead, run Linux and enjoy watching Windows’ sinking market share. In fact, if you can, don’t support such games either by not playing them, that would be the ideal solution. But this is written under the presumption that you or your friends still want to play it and you kind of feel left out otherwise.

Yeah, you should use Linux regardless. ;-)

While this does seem overly restrictive and out of place there, the result of this isn’t bad, because everyone should be at the most recent vesion at all times, period. If you aren’t, you’re exposed to more security holes and bugs. So it’s weird that that program forces you to do that, but it’s still not bad that you’re forced to do it. If you get what I mean. For some less-caring users who’d otherwise never install updates, forced updates are actually a net positive.