@peachbitcoin hi. i'm curious. on an iphone, which unique identifier are you using? on android i guess you are using the SSAID, right? but on iphones afaik the IDFV changes when every app from the same developer is uninstalled and then reinstalled. so this can't be the identifier you are using. and the identifier for advertisers (IDFA) is nullified on the affected device. thanks in advance for your response

Do you know this nice feature in the iPhone Photo app that allows you to create stickers from your photos? If you have a nude photo, try to make a sticker out of it.

For the first time I observed the network traffic of an iPhone today. The iPhone was set up in a most privacy oriented way (no iCloud, even not logged in with an Apple ID, no Analytics, no Siri etc.). The amount of server calls the iPhone was making while I was interacting with it was really brutal! For a company which claims that as much as possible is processed on-device this isn't something which I would have guessed. Even when it's idle It won't come to rest for a minute. I'm not sure one can legitimately call this "telemetry" anymore. Especially when you're interacting with the Photo App the network traffic increases sharply! The servers seem to be undocumented as it's typical and their names will often contain "img" (probably stands for image). I never opted into "Advanced Visual Search" or how Apple calls it and seeing this made me feel really uncomfortable. Even when you're interacting with banal things like the Settings or Files App something is constantly transmitted to Apple. In comparison to this my de-googled Android (CalyxOS) is a graveyard. The amount of servercalls it does is close to zero (if not zero, except for when you're interacting with your browser or apps which rely on internet connection of course). If you want to see it youself, open a Hotspot on your laptop, connect your iPhone with it and use a tool like OpenSnitch. #ios #android #privacy

Told you so 🤷‍♂️ View quoted note →

dann right. gn8.

If you are on CalyxOS like I am (will probably work on GrapheneOS and other custom ROMs with privacy in mind too), consider the following setting options (check-icon means "enable", x-icon means "disable") ❌ Nearby Bluetooth and Wifi -> your phone will stop scanning all Wi-Fi access points and Bluetooth Beacons and uploading them to location services like Google / Mozilla (on CalyxOS only Mozilla is allowed if you opt-in to) ✅ Wi-Fi nonpersistent MAC randomization -> your phone will change your MAC-Address each time it connects to a Wi-Fi, even it is the same Wi-Fi you reconnected to ❌ Connectivity Check -> your phone will stop pinging Google Servers (enable only if you need to detect captive portals like in hotels, airports etc. where they are commonly used) ❌ 2G -> your phone will be no longer prone to Stingray Attacks ✅ Scramble Layout and Enhanced PIN Privacy -> cameras and shoulder surfers will have a harder time sniffing your PIN ❌ Show Passwords -> no characters will be shown while you're typing a password, same effect as mentioned above ✅ Auto-Reboot -> once a day your phone should re-boot. Ideal for nights when you're sleeping anyway. Throws out even bastards like Pegasus ❌ OEM-Unlocking This should already be turned off on every phone. In other words, your bootloader should always be locked unless you're about to install a custom ROM for example. After it's done, lock it immediately. ❌ MicroG This is for the hardcore users. CalyxOS doesn't use Google PlayServices. Instead, if you opt in to, it uses an open-source compatibility layer called "MicroG" which replaces the proprietary parts of Google (libraries and so on) to make it possible to use Google Play Services. Even push notification services depend on it. As you might know governments use Google's and Apple's centralized push notification servers to collect metadata. So if you don't opt-in to MicroG push notifications will very likely be the first thing where you will run into issues: BUT: many apps like Signal have built-in fallbacks. When the app can't detect any no push notification service it will use its own push notification server as a fallback-method. Apps like #Amethyst and many other apps will give you the option to configure alternative push notification services (ntfy as an open source alternative for example). I never enabled MicroG and for me everything works perfectly. For you it might not, but give it a try at least. Last but not least, and this is a general advice: If you should ever get into a situation where you are being forced to hand your phone over, turn the fucking thing off. Just don't lock it, but turn it off. No magic needed. Your phone will then be in the so called BFU-mode, which means "Before first Unlock" which is the most secure status for a phone. If you have any further advice, let me know :)