cross-posted from: https://lemmy.ml/post/26343625

Recently I had to go through a almost one year process of Degoogling and canceling a lot of my data from the Internet. Unfortunately, I noticed that a lot of specific information are not available in only one source and I had to do separate researches for each problem that I had. So, I decided to write this guide to share my experience hoping that it will make this process easier for who will read it. You are absolutely free to share this guide here, on other sites, with your friends and family. Feel free to comment and add a feedback.

I want to start with a very immediate list of FOSS applications that I’m using on my Degoogled Android phone. The most important thing here is to never login with Google on your phone and also never use it to login to internet services such as forums or news websites.

System administration *MicroG suite : This provides minimal libraries for applications that uses Google Play Services. *F-droid : Is an alternative store that can be used in place of Google Play. *Aurora Store : A Open Source front-end for Google Play. However, downloading applications from it does not guarantee that you will not be tracked. *App Manager – Android package manager : This gives you a lot of control on applications that are installed in your phone. It shows also the trackers and eventual vulnerabilities. *Shelter : This is one of the most useful apps on F-droid, it permits you to clone preparatory apps such as Instagram in a sandboxed environment on the work profile. *Logcat Reader *PCAPdroid : A network monitor *Irregular Expressions : A Keyboard to write with different styles *Simple Keyboard : This is very important, a keyboard on your phone should be as lightest as possible. *Termux : This is more than a terminal emulator. It comes with a almost complete GNU/Linux environment and lets you to install many CLI applications used on these machines.

Generic *Organic Maps : An alternative to Google Maps. It uses OpenStreetMaps and works quite well. It is also true that it relies a lot on user’s contributions. So if you will visit a place which is not on the map, remember to add it. *Fossify Calendar, gallery, voice recorder, contacts, messages, phone, ecc : This suite is a FOSS fork of the old “simple mobile tools” suite that was acquired by a Israeli company. *OpenCalc : A calculator app *VLC : A well known audio/video player which supports a lot of different formats. *Librera Reader : A pdf and document reader *Open Camera *ObscuraCam : Use it to blur faces *Scrambled Exif : Remove metadata from pictures. (use it before publishing a photo on social medias) *PixelKnot : Embed a secret message in a picture *QR Scanner (PFA) *Collabora Office : (Not directly present on F-Droid but they have their own repository, check on their website) *Nextcloud : A very good alternative to Google Drive. *Call Recorder *Firefox and Thunderbird : Be careful, even if Firefox browser is generally more privacy friendly than others, it cannot avoid fingerprinting. The only way to avoid it is to use the Tor Browser. *Tor Browser for Android : This is a modified version of Firefox that uses Tor to connect to the Internet in order to protect your anonymity. *Print *Signal

Security *Aegis : A 2FA app (two-factors authentication) *Bitarden: A password manager (Not directly present on F-Droid but they have their own repository, check on their website) *AFWall+ : A firewall for Android *Hypatia : An Antivirus *DroidFS : It permits you to crypt files in vaults that are not readable by other apps. *Orbot : A proxy to route app activities through Tor- *LocationPrivacy *Ripple : A panic button that will trigger apps with a panic responder. *I2P : An alternative to Tor *InviZible Pro : An app that permits you to enhance your privacy on the Internet by using DNSCrypt, Tor or I2P. Be careful, this is an all-in one application and should not be used if you are already connected to tor. *Léon – The URL Cleaner : Remove trackers from URLs *PersonalDNSfilter : Use it to block unwanted ads *PilferShush Jammer : Block the microphone usage by other apps.

Not on F-Droid *Prey : An Anti-thief app. The free version is GPL licensed

But this list is not enough in my opinion. It is important also to know how to protect our privacy with actions that are not directly involved in setting up applications and filters. If we are going to think that our privacy will be protected just by pushing a button, we are doing a mistake. Using DuckDuckGo and Searx as search engines its a good thing but not enough.

Important mistake to avoid : If you have your Google account as a login for some websites wait before closing it, you may lose access to them. Your Google account should be the last thing that you are going to delete. Make sure that you have deleted all relevant information from the Internet before closing it.

Today corporations and repressive governments are using a variety of methods to profile users and some of them are very subtile.

Fingerprinting This is a way to identify a user by looking at unique characteristics of his browser. When we connect to a website, our browser must exchange some basic information in order to load a page. Some of these information can be the type of device, screen size, browser settings, language settings, operating system, ecc. With all these information together it is possible to recognize a specific user in the middle of many others. This is unfortunately very difficult to avoid but Tor Browser can be a solution while a VPN cannot really help here.

Firefox also permits to activate a resist fingerprint setting but this solution will break some websites and probably is not effective as Tor Browser. Instructions to activate it can be found here: https://support.mozilla.org/en-US/kb/resist-fingerprinting

Open Source Intelligence (OSINT) It has little to do with free software. This is a method of data collection that looks for information about something or someone through public available sources. The problem is that today these sources are much more difficult to control for an average user than 20 years ago.

A classic example: You are a very careful person about your social medias, you don’t post anything controversial and maybe you don’t even have a real name on Instagram. But You may have some relatives that likes to share a of lot pictures and for your birthday you have been tagged by them and they wrote your name in a post. If they have a very loose privacy settings (which is likely), this information will be publicly available on the Internet.

Another example : You are a exchange student in a foreign university and of course you want to meet new people. You may take a group photo during a party with some people that you don’t really know. This photo gets shared many times and maybe becomes also a post. After a lot of years one of the persons in the photo gets convicted for a serious crime. This photo will continue to be available on the internet and a insurance company that you asked for a service may increase the price or not provide it since you “are a person with criminal contacts”

Last example (and this is what really happened to me) : You are a 18-19 old teen writing dumb comments and posts on Facebook or Instagram. This gets cached by search engines and external websites. Many years after, you are just searching your name and surname on the internet and you find out that a search engine has cached a very dumb comment from many years ago that you have even deleted.

All these examples shows how its easy to lose control over our data. Many companies uses automated software to see websites on which you are registered just by putting the email on your CV in a box.

You must also be aware of data breaches. You can be registered on a website with your email set as private. If a data breach happens, your address is going to be disclosed and become publicly available. You can check this on: https://haveibeenpwned.com/ If you don’t use a site for years, delete your account.

Another tool that is frequently used to see where a user is registered is: https://epieos.com/ This website searches where your email address is set as public. It can also search for a phone number.

So the problem here is not only to DeGoogle but also to remove our personal information for all other places. Removing a content from Google is a little thing today.

Fortunately, there are some ways to remove our contents from the Internet but they must be planned well. The first thing to do is always to remove the content from the original site, in this way the content on search engines becomes outdated and easier to delete even if you don’t live in the EU.

Social medias First thing: Never publish photos of your children on the Internet, in the future they may hate you for that. We are going to live in times where nontransparent AI will scrap for all possible content.

Now, even if you have a private profile on Instagram, your likes and comments are going to be visible on public pages and reels. Delete them all. Why someone should be able to find what you liked 6-7 years ago? Does the discussion that you had on a Facebook page of your local newspaper still matter? You may need months to delete all these stuff but it is worth. Remember to do a regular follow up on the deletion page to see if some buggy content still reappears after some weeks.

Use different usernames for every social media and never put your real name.

Power move : If you have your real name on Instagram and you want to delete it from search engines : first modify your real name, then change your username. By doing this, you will modify the link of your profile and it will be cached by search engines without your name. Change also a photo in order to avoid the possibility of reverse photo lookup.

Other sites In some cases you will have to contact the webmaster of a specific site in order to cancel your data. It happened to me with a local news page.

Search engines Here we are, this is the magic moment. Remember that if you are going to just remove something from a search engine without actually deleting the original content, this will continue to be available and someone may find it even without Google.

So, I can speak for what I know : These solutions refers for content removal in the EU. If its not relevant to you, skip to “How to use email addresses”

Google This is the page for content removal in the European Union: https://support.google.com/websearch/answer/9673730?hl=en#zippy=%2Cwhich-removal-option-do-i-choose Note that if you are living in the EU and ask to remove results about you, it will usually remove these results only for all EU versions of Google. This means that if someone has a VPN he can actually see them by connecting to a United States server. The best strategy is to remove the original contents from sites also by contacting the owners. Then the results on Google will become outdated and most of them will disappear. In some cases like Facebook comments, they can remain in the search results even if they are already removed because they were cached by the search engine. In this case, this tool should be used once the content is removed: https://support.google.com/webmasters/answer/7041154?hl=en If you are from a EU country and you already removed it so it continues to exist in external Google versions, make this request with a VPN connected to a foreign server.

Bing

Bing (EU citizens):https://www.bing.com/webmaster/tools/eu-privacy-request Bing (Non-EU citizens):https://www.microsoft.com/en-us/concern/bing

For cached pages : https://www.bing.com/webmasters/help/bing-content-removal-tool-cb6c294d

Many search engines (also DuckDuckGo) are partnered with Bing and removing content from it will also remove content from them most of the time.

DuckDuckGo For who lives in the EU, this is this page: https://duckduckgo.com/duckduckgo-help-pages/r-legal/privacy-rights/

Internet archive Be careful: some of your content was maybe cached by the Wayback Machine. Always check if this is the case. This is a very useful internet museum but sometimes it may be problematic since a lot of people does not even know about its existence while it takes data from a lot of sites. This is the removal page: https://help.archive.org/help/how-do-i-request-to-remove-something-from-archive-org/

How to use email addresses My advice is to have as many addresses as possible and split the websites login between them. You can write a .txt file with lists of services attached to every address. Like this :

Logins: Mail xxxxx1 Instagram, Facebook, Tinder

Mail xxxxxx2 Bank 1, bank 2

Mail xxxxxx3 Local news1, other site2, ecc

I would suggest you to have at least: One email with a fake name and surname One email with a completely invented username in a foreign language (Tutanota is great for this)

Personally, I would recommend Protonmail and Tutanota for communications with real people. Then, one email should be left only for banking and government accounts.

Use fake emails to register to websites that you will not use often but they are pushing you to create an account. Of course, this applies only to sites that are not related with shopping. An online transaction will reveal your identity.

A normal email provider such as Yahoo is ok for professional life, so no one will make too much questions. Eventually, your Linkedin account should be linked only to this address. Use it with Thunderbird so you can avoid proprietary JavaScript. I would also recommend to use a separate phone number for work.

Bonus: Other Alternatives to Google and AI If you are pushed to use Google Maps because the place that you are looking for is still not on OpenStreetMaps, remember to add it so other people will not have to use Google to find it. Remember that public transport information that you find on Google Maps is always available on local transports websites. Its just 2-3 minutes of research.

Remember that it is possible to use fair and open source AI models on your computer with: https://gpt4all.io/index.html?ref=top-ai-list Download a model that will not send your data to corporations, there are plenty of them.

This is more or less everything that I learned during this year, remember that human factor makes always the difference. Think about your personal situation. What do you want to show? To who ? And what do you what to hide? From who? And how? Think in a way to protect your privacy according to your personal situation.

I hope that this guide will be useful for average users that wants to regain control of their private life and that at the same time, it will be a impoverishment factor for evil corporations and their supporters.

• what is data harvesting? It's a process of storing personal data from the users who uses online softwares, android apps and other online services.
• why data harvesting terabytes of data? what is the incentive here? why fill up terabytes of storage with personal data of users? Big companies do this data collection to target you with personalized ads and also to sell your data to data brokers
• Most people says “well i don’t have anything to hide so i don’t care” - but a person could have a embarrassing mental sickness like schizophrenia or OCD etc, and private stuff that shouldn't be disclosed. Just because someone has things that they prefer to keep secret that doesn't mean we are doing something criminal.

feel free to tell me what I should change or add to this? Thanks in advance!

I did it. Finally. My meta account is in process for deletion! (Whatever that process actually involves we'll probably never know). But I did what I could and deleted all posts, pictures, aswell as changing name and email. Hoping that at least helps a bit. Feels good to finally get rid of what has felt like a burden for a long time.

Was able to move more people than I had imagined over to Signal, some easier to move than others ofc. But it truly helps that Signal is a breeze to use and setup for folks.

Anyway I just wanted to share what feels like a good achievement with you all. Hopefully you're also able to do the same during 2025, there are many good alternatives these days!

Have a good rest of your week!

Apparently FireFox is now going to focus on creating & improving PWA (Progressive WebApp) capability https://www.youtube.com/watch?v=zdknI_LBu9M

Today we are announcing a new privacy feature coming to Kagi Search. Privacy Pass is an authentication protocol first introduced by Davidson and recently standardized by the IETF as RFCs. At the same time, we are announcing the immediate availability of Kagi’s Tor onion service.

In general terms, Privacy Pass allows “Clients” (generally users) to authenticate to “Servers” (like Kagi) in such a way that while the Server can verify that the connecting Client has the right to access its services, it cannot determine which of its rightful Clients is actually connecting. This is particularly useful in the context of a privacy-respecting paid search engine, where the Server wants to ensure that the Client can access the services, and the Client seeks strong guarantees that, for example, the searches are not associated with them.

[etc...]

Two players who mostly worked independently are increasingly collaborative.

cross-posted from: https://lemmy.dbzer0.com/post/37583822

First I'm hearing of ObscuraVPN at least, but it does seem to be a very new player in the market. However from reading through their website and Github. This service does look very promising! Though it is slightly more expensive than Mullvad.

Anyone had the chance to test their service yet? Does it seem interesting to you? Let's discuss.

https://blog.mozilla.org/en/mozilla/advertisers-and-publishers-adopt-and-implement-do-not-track/ Mozilla introduced the Do Not Track feature in January 2011 and other major web browsers soon did the same. With the Do Not Track preference enabled, when a user attempts to connect to a website, a Do Not Track signal is sent as a part of the header which is sent during the connection attempt. A website which obeys Do Not Track requests is able to act on the user's choice before loading a webpage.

A website which obeys a Do Not Track signal value of "true" can use this setting positively in multiple ways.

a) https://lemmy.world/post/22974927 More than 15 analytics tools can be conveniently configured by a website operator to obey Do Not Track signals.

b) https://filippovicentini.com/notes/2019-04-22/ https://medium.com/@fixitblog/solved-how-to-make-google-analytics-respond-to-quot-do-not-track-quot-7f9785385371 Multiple websites explain how a website operator can obey Do Not Track signals, such as when an analytics tool does not have that option. These methods can be used to prevent connections to third party tracking services.

c) At least one "cookies consent" tool obeys a Do Not Track signal by silently disabling tracking cookies without the need for user interaction with potentially annoying cookie popups.

https://www.cookieyes.com/blog/respecting-browser-do-not-track-setting-cookieyes/ "If you install CookieYes banners on your website, it will respect the active DNT of the users’ browsers and avoid placing any tracking cookies"

d) Do Not Track signals have also been legally defended as a compatible mechanism of the General Data Privacy Regulation (GDPR) for a user to indicate a preference to not be tracked, in a court case in Germany. Do Not Track signals are expected to legally apply to other countries and other scenarios involving GDPR, but court cases would likely have to happen first.

https://wideangle.co/blog/do-not-track-gdpr-opt-out "A recent German court case against LinkedIn suggest that websites that track their users should recognise DNT signals or risk violating the General Data Protection Regulation (GDPR)."

"'The court stated the obvious and even quoted a bunch of legal commentaries on it,' Hense said. 'They all agreed with DNT being a valid signal.'"

In the German court case, Microsoft's LinkedIn could attempt to overturn this verdict on appeal if first Mozilla permanently removes the Do Not Track setting from Firefox's user interface and if Chromium then, in turn, removes the Do Not Track setting with partial reasoning being because Mozilla, the original champion of the setting, also removed it. Microsoft could then ask to have the verdict dismissed on appeal because a majority of web browsers might no longer have a Do Not Track setting in the user interfaces, and such an appeal result could be a terrible blow to privacy, as well as a blow to the possibility of conveniently obtaining private web browsing on potentially many more websites in the future.

There have been some arguments raised which call for the removal of the Do Not Track setting. Let's explore these arguments and see if they are strong enough to justify removing the Do Not Track setting.

These arguments include:

1 - Global Privacy Control (GPC) is legally supported in some jurisdictions and thus can replace Do Not Track.

2 - Global Privacy Control can replace Do Not Track in terms of functionality.

3 - Hardly anyone enables the Do Not Track setting and thus a user may stick out in terms of fingerprinting.

https://connect.mozilla.org/t5/ideas/keep-the-quot-do-not-track-quot-option/idi-p/81951 "even with our past education campaigns around DNT... users did not care to enable it."

4 - Hardly any of the websites which a user visits obey Do Not Track signals.

https://connect.mozilla.org/t5/ideas/keep-the-quot-do-not-track-quot-option/idi-p/81951 "it no longer made sense to offer a signal that is consistently ignored by the vast majority of site operators while also being a potential fingerprinting vector itself due to how unique it is because of its low adoption."

5 - It gives users a false sense of security.

Counter-arguments include:

1 - Global Privacy Control is legally enforceable in some states in a country. Do Not Track is legally enforceable in a country and is expected to be legally enforceable in most European countries if corresponding legal cases get presented.

https://wideangle.co/blog/do-not-track-gdpr-opt-out "For now, the judgment only applies to companies operating in Germany. However, the relevant parts of the GDPR are the same in every other country that has implemented the law."

It seems reasonable for both settings to exist in the user interface since each setting is supported by law.

2 - Global Privacy Control is akin to Do Not Track's weaker sibling and thus is not a valid replacement for Do Not Track. Suppose we discuss the scenario where a website obeys both Global Privacy Control signals and Do Not Track signals.

For Do Not Track, a website operator can either enable a setting in multiple analytics tools or can follow multiple websites which list a code snippet to check for Do Not Track signals. With most of these implementations, tracking data will not be sent to a third party analytics service.

For Global Privacy Control, the approach is to still send the tracking data to the third party analytics service!

https://www.techpowerup.com/329753/firefox-ditches-do-not-track-feature-in-version-135-in-favor-of-global-privacy-control "one criticism of the new reliance on Global Privacy Control is that GPC doesn't block Google Analytics tracking requests"

When Do Not Track signals are obeyed, privacy policies appear to indicate that this feature applies to the general Internet population. At least one company with users around the world has decided to interpret Global Privacy Control as only needing to apply to users in some jurisdictions.

https://www.atlassian.com/legal/privacy-policy "our websites do respond to the Global Privacy Control (“GPC”) to opt-out of “sales” of personal information and targeted advertising in certain locales."

3 - The Do Not Track setting is used by a significant proportion of users, with more than 20% of users reported as using it. Now is not the time to abandon it. A visit to https://amiunique.org/fingerprint shows more than 22% of users in the last 7 days, 15 days, and 30 days have enabled a "Do Not Track" HTTP header attribute value. Similar figures were reported in 2019. https://archive.today/zzcwE "A Forrester research report found 25% of people using the Do Not Track setting, and a national survey we conducted found 23%."

If JavaScript is enabled, fingerprinting can be extremely accurate with just JavaScript alone, without examining HTTP header attribute values, meaning that Do Not Track might only be considered for fingerprinting for users who have a solution for selectively blocking JavaScript, such as a web browser addon.

https://backlinko.com/ad-blockers-users "Sep. 02, 2024" "31.5% of internet users worldwide report using an ad blocker."

https://explodingtopics.com/blog/ad-block-users "June 25, 2024" "DataReportal found that approximately 1 in 3 (32.5%) internet users use ad blockers."

It might be reasonable to say at least 75% of users who enabled "Do Not Track" are also users who know what an addon is and would install an addon such as uBlock Origin, Privacy Badger, NoScript, AdGuard, etc, which can be used to selectively block JavaScript. Given this assumption, 75% of the 22% of users using "Do Not Track" signals is 16.5% of all users. 16.5% represents more than half of the reported 32.5% of users using an addon to block JavaScript. Given this assumption, to blend in with the majority of the users who use an addon to block JavaScript, we should be enabling "Do Not Track" signals!

4 - Maybe we could consider intentionally searching for and visiting more websites which obey Do Not Track signals. Websites which obey Do Not Track signals indicate they are a part of the Good Guys. Having this way of differentiating websites is a good thing. We can use a web search or even an AI web search to search for "name-of-website Do Not Track privacy policy" to quickly find some of the Good Guys. A legal requirement has caused a large proportion of websites to indicate in a privacy policy whether they choose to obey or not obey Do Not Track signals.

https://www.freeprivacypolicy.com/blog/privacy-policy-do-not-track-dnt/ "As of January 1, 2014, changes to the California Online Privacy Protection Act (CalOPPA) required the owners of websites, web apps, mobile apps, and desktop apps to include a Do Not Track disclosure in their Privacy Policy agreements."

"In order to comply with CalOPPA's DNT requirements, website owners must make sure they: State how they respond to the DNT signals they receive from user's web browsers"

"Even if a website owner or operator isn't based in California, it still must include a DNT disclosure in the Privacy Policy. This is because the website or app may be attracting visitors who live in California."

This law was created after Do Not Track signals were introduced into major web browsers. The continued existence of the Do Not Track setting in the user interfaces of web browsers means the law will still have a reason to exist and privacy policies will continue to be required to display this information, allowing us to quickly identify some of the Good Guys and even more of the Bad Guys.

If we are stuck using a Bad Guy website, the very existence of the ability to easily configure obeying Do Not Track signals in more than 15 analytics products means it is possible to contact a website operator and ask the website operator to enable the setting. For anyone who says it won't work, I ask you, have you tried?

If there are a lot of bad apples in a market, should we make it even harder to find the good apples, or should we feel happy that a tool exists (Do Not Track) which makes it easier to distinguish some of the bad apples from some of the rare good apples (by using a search engine to look at a very specific section common to most privacy policies)? The same argument can be used for any market where it is difficult to find something you think is good, including shopping for good clothing or finding a suitable marriage partner.

Why is it okay to say we should remove the Do Not Track feature because many websites do not obey it and because it could be used for fingerprinting, but exactly the same statements can be made about Global Privacy Control, while it is supposedly okay to use the Global Privacy Control setting?

5 - In Mozilla Firefox, immediately next to the Do Not Track setting is a link that has an explanation which does not seem to give a false sense of security.

https://archive.today/evyo1 "Honoring this setting is voluntary — individual websites are not required to respect it."

Mozilla has made multiple revisions to the wording of the Do Not Track feature and if someone feels there is a better way to formulate the text of the option, Mozilla allows anyone to make suggestions.

If we want to talk about a false sense of security, when we see Global Privacy Control's Firefox option's text of "Tell web sites not to sell or share my data" should we expect a website which obeys Global Privacy Control signals to share our data with a third party like Google? We might not expect as much, but our data will apparently be shared with that third party when that third party's analytics service is used by a website operator.

What can we do?

A] Enable Do Not Track signals in our web browsers and teach our family members how to do the same.

The following website obeys Do Not Track signals and gives instructions for many types of web browsers on how to enable Do Not Track signals.

https://www.surreycc.gov.uk/website/cookies/do-not-track "How to enable the 'Do Not Track' browser setting"

For Firefox users, the Do Not Track option can be toggled in about:config. In the top address bar, type in the text about:config and go to the about:config webpage. When asked to Proceed with Caution, choose to Accept the Risk and Continue. In the "Search preference name" text field we can enter a value of "donottrack" and then look at the value (true or false) of the privacy.donottrackheader.enable preference. If the value is false, we can use the toggle button to set the value to true. Our change will be applied immediately and we can close the about:config webpage tab at our convenience. This approach still works in Firefox 135 and also works in older Firefox versions.

B] Use one or more methods of selectively blocking Bad Guy JavaScript. Probabilistic tracking using a Do Not Track signal is likely to apply only to users who block JavaScript deterministic tracking. Do a good deed for the world and teach your family members how to use such an addon.

https://ublockorigin.com/ https://privacybadger.org/ https://noscript.net/ https://adguard.com/

C] If you have a Mozilla account or you do not mind creating one, you are invited to log in and "give kudos" at the following link.

https://connect.mozilla.org/t5/ideas/keep-the-quot-do-not-track-quot-option/idi-p/81951

D] Contact the website operators of websites which you use a lot and ask them to enable the Do Not Track feature in their analytics tools and send them the links in b) at the start of this posting. If you get a response, consider sharing that response with the community.

Whatsapp is privacy invasive, and we likely know that even when using E2EE, this is possible due to metadata tracking.

An easy way to avoid one creepy thing, contact scanning and the creation of "who knows whom" social nets, is to not grant apps permission to your contacts!

But this is not easy, as apps often enforce this, just as they do with

• embedded cameras instead of using the system camera
• embedded galleries instead of the 2 available portals (but Google will soon forbid that)
• asking for unneeded permissions

Only GrapheneOS also allows blocking these permissions

• sensors
• internet
• loading code from memory i.e. from the internet (why would they do that? Is there something they want to hide?)
• debugging their own code to spy on the system behavior

But this app can help everyone on any Android to at least fix this :)

cross-posted from: https://lemmy.dbzer0.com/post/36841328

Hello, everyone! I wanted to share my experience of successfully running LLaMA on an Android device. The model that performed the best for me was llama3.2:1b on a mid-range phone with around 8 GB of RAM. I was also able to get it up and running on a lower-end phone with 4 GB RAM. However, I also tested several other models that worked quite well, including qwen2.5:0.5b , qwen2.5:1.5b , qwen2.5:3b , smallthinker , tinyllama , deepseek-r1:1.5b , and gemma2:2b. I hope this helps anyone looking to experiment with these models on mobile devices!

---

Step 1: Install Termux

1. Download and install Termux from the Google Play Store or F-Droid

---

Step 2: Set Up proot-distro and Install Debian

1. Open Termux and update the package list:

   pkg update && pkg upgrade
   

2. Install proot-distro

   pkg install proot-distro
   

3. Install Debian using proot-distro:

   proot-distro install debian
   

4. Log in to the Debian environment:

   proot-distro login debian
   

   You will need to log-in every time you want to run Ollama. You will need to repeat this step and all the steps below every time you want to run a model (excluding step 3 and the first half of step 4).

---

Step 3: Install Dependencies

1. Update the package list in Debian:

   apt update && apt upgrade
   

2. Install curl:

   apt install curl
   

---

Step 4: Install Ollama

1. Run the following command to download and install Ollama:

   curl -fsSL https://ollama.com/install.sh | sh
   

2. Start the Ollama server:

   ollama serve &
   

   After you run this command, do ctrl + c and the server will continue to run in the background.

---

Step 5: Download and run the Llama3.2:1B Model

1. Use the following command to download the Llama3.2:1B model:

   ollama run llama3.2:1b
   

   This step fetches and runs the lightweight 1-billion-parameter version of the Llama 3.2 model .

---

Running LLaMA and other similar models on Android devices is definitely achievable, even with mid-range hardware. The performance varies depending on the model size and your device's specifications, but with some experimentation, you can find a setup that works well for your needs. I’ll make sure to keep this post updated if there are any new developments or additional tips that could help improve the experience. If you have any questions or suggestions, feel free to share them below!

– llama

cross-posted from: https://lemmy.dbzer0.com/post/36880616

Help Combat Internet Censorship by Running a Snowflake Proxy (Browser or Android)

Internet censorship remains a critical threat to free expression and access to information worldwide. In regions like Iran, Russia, and Belarus, journalists, activists, and ordinary citizens face severe restrictions when trying to communicate or access uncensored news. You can support their efforts by operating a Snowflake proxy—a simple, low-impact way to contribute to a freer internet. No technical expertise is required. Here’s how it works:

---

What Is Snowflake?

Snowflake is a privacy tool integrated with the Tor network. By running a Snowflake proxy, you temporarily route internet traffic for users in censored regions, allowing them to bypass government or institutional blocks. Unlike traditional Tor relays, Snowflake requires minimal bandwidth, no configuration, and no ongoing maintenance. Your device acts as a temporary bridge, not a permanent node, ensuring both safety and ease of use.

---

Is This Safe for Me?

Short answer: Yes.

Long answer: probably. Here is why:

• Your IP address is not exposed to the websites they access. So, you don't have to worry about what they are doing either. You are not an exit node.
• No activity logs. Snowflake cannot monitor or record what users do through your connection. The only stored information is how many people have connected to your bridge. Check docs for further info on this.
• Low resource usage. The data consumed is comparable to background app activity—far less than streaming video or music. There have been, however, a few cases of people reporting high network usage.
• No direct access to your system
• No storage of sensitive data. Snowflake proxies do not store any sensitive data, such as IP addresses or browsing history, on your system.
• Encrypted communication. All communication between the Snowflake proxy and the Tor network is encrypted, making it difficult for attackers to intercept or manipulate data.

You are not hosting a VPN or a full Tor relay. Your role is limited to facilitating encrypted connections, similar to relaying a sealed envelope.

Your IP address is exposed to the user (in a P2P-like connection). Be mindful that your ISP could also potentially see the WebRTC traffic and the connections being made to it (but not the contents), so be mindful of your threat model.

For most users, it is generally safe to run Snowflake proxies. Theoretically, your ISP will be able to know that there are connections being made there, but to them it will look like you're calling someone on, say, Zoom.

Historically, as far as we know, there haven't been any cases of people getting in legal trouble for running entry relays, middle relays, or bridges. There have a been a few cases of people running exit nodes and getting in trouble with law enforcement agencies, but none of them have been arrested or prosecuted as far as I know it. If you are aware of any cases, let me know so I can update this post.

Do not hesitate to check Snowflake's official documentation for further reference and to make informed decisions.

---

How to Set Up a Snowflake Proxy

Option 1: Browser Extension (Brave, Firefox, or Chrome)

1. Install the Snowflake extension.
2. Click the Snowflake icon in your browser toolbar and toggle "Enable Snowflake."
3. Keep the browser open. That’s all.

Note: Brave users can enable Snowflake directly in settings. Navigate to brave://settings/privacy and activate the option under "Privacy and security."

---

Option 2: Android Devices via Orbot

1. Download Orbot (Tor’s official Android app).
2. Open the app’s menu, select "Snowflake Proxy," and toggle it on.
3. For continuous operation, keep your device charged and connected to Wi-Fi.

Your device will now contribute as a proxy whenever the app is active.

---

Addressing Common Concerns

• Battery drain: Negligible. Snowflake consumes fewer resources than typical social media or messaging apps.
• Data usage: Most users report under 1 GB per month. Adjust data limits in Orbot’s settings or restrict operation to Wi-Fi if necessary.

---

Why Your Participation Matters

Censorship mechanisms grow more sophisticated every year, but tools like Snowflake empower ordinary users to counteract them. Each proxy strengthens the Tor network’s resilience, making it harder for authoritarian regimes to isolate their populations. By donating a small amount of bandwidth, you provide someone with a critical connection to uncensored information, education, and global dialogue.

Recent surges in demand—particularly in Russia—highlight the urgent need for more proxies. Your contribution, however small, has an impact.

By participating, you become part of a global effort to defend digital rights and counter censorship. Please, also be mindful of your threat mode and understand the potential risks (though very little for most people). Check Snowflake's official documentation for further reference and don't make any decisions based on this post before taking your time to read through it.

Please share this post to raise awareness. The more proxies, the stronger the network.

– llama

People are noticing that their phones are getting an app called "Android System Safetycore" auto-installed without notice or consent. Check your phone for the same, it is likely it's a slow rollout instead of every device getting it installed all at the same time.

Google has all the same old reasons that they drone on about, but the actual reason is likely to harvest your messages data for training AI models.

Uninstalling seems to remove the application, and there aren't any malicious activity reported so far as I can see, but naturally that can change anytime.

Has anyone noticed this in their applications lists? Did straight up uninstalling them work? I've had some trouble removing systems apps in the past, but uninstalling this one seems to have worked straightaway - I don't see them in the list anymore.

URLs below for Reddit posts about the same: From 2 months ago: https://old.reddit.com/r/antivirus/comments/1gpdhwz/guys_help_some_app_called_android_system/

From 2 days ago: https://old.reddit.com/r/privacy/comments/1idjbdi/googles_new_app_will_help_warn_you_about_nude/

EU official should not get top privacy job, says think tank

The letter – signed by a list of privacy professors – stresses that if the role is awarded to long-time EU official Bruno Gencarelli, the EDPS' legitimacy is at stake and poses a risk of conflict. Early last year, the EDPS ruled for example that the Commission’s use of Microsoft 365 was not legitimate.

https://www.euronews.com/next/2025/01/31/eu-official-should-not-get-top-privacy-job-says-think-tank

@privacy

Explaining in good detail why people should care about how modern cars have become a privacy nightmare. From Regular Car Reviews.

I've been working on my privacy setup and breaking away from Proton. There are a bunch of email providers I looked at, same with email aliases, password managers, etc.

But I don't understand the state of calendars. It feels like they're always shoved into email services, and they're all so crappy looking.

I was able to find one or two Android apps that are open source, and they look like they're 20 years old.

Proton Calendar, for all its faults, looks really good.

Why, in 2025, is there no simple calendar as a service with nothing else included? And why do the UIs all look like complete trash?

I don't get it. Can't one of us hire an intern to take a week to learn a CSS framework and create a decent calendar UI? Am I missing something?

Hi there!

Context: After the recent debacle with Proton I was finally pushed to look for other alternatives. I had already wanted to change services for a while so it was nice to get the final push. It's still a good service, open-source and all. I personally just wanted to look for something else. However, I had not realised how deeply I was integrated into the email+alias feature they had, and how much work it is to change out of this, I have a fair amount of accounts.

I have now found a new email provider and bought a new domain. However I've got a few questions for those to who rock custom domains:

1. Do you use random strings before the @ sign? Or do you use it like lemmy@example.com?
2. Because I'm considering using this as a catch-all address, doesn't this mean that anyone who wants (and knows the domain) and send spam on any random string before the @? Are you worried about this, and are there any counters to this?
3. As far as I've understood the main benefit of using my own domain for email, is that it will make it a lot easier to change providers in the future, as I can just change the nameservers so traffic is directed elsewhere - correct?

Thanks for any input, experiences or thoughts about this.

Ps. My threatmodel isn't that complex, I mainly want to stop spam from any potential services selling my email.

!privacy@lemmy.dbzer0.com

Hello everyone,

After a discussion on !fedigrow@lemm.ee ( https://feddit.org/post/6950586 ), a few people interested in privacy decided to reopen !privacy@lemmy.dbzer0.com as an alternative to !privacy@lemmy.ml .

It's also nice to have a privacy community on an instance that can be accessed via VPNs.

Feel free to join us there!

#IronFox's icon is a love child between GitLab and Grindr's.

If I become a contributor it'll only be to make this lore canon @privacy

thought you guys would find this blog post from Brian Leiter today funny. he's a pretty good guy and a respected scholar so no shade on him, clearly just misinformed. i wonder if this is in some way downstream of the recent political drama around proton.

Unnecessary and deeply concerning bow to the new "king"

Import into your F-Droid client directly by tapping this link: fdroidrepos://fdroid.ironfoxoss.org/fdroid/repo?fingerprint=C5E291B5A571F9C8CD9A9799C2C94E02EC9703948893F2CA756D67B94204F904

https://gitlab.com/ironfox-oss/IronFox

IronFox is a fork of Divested Computing Group's Mull Browser, based on Mozilla Firefox. Our goal is to continue the legacy of Mull by providing a free and open source, privacy and security-oriented web browser for daily use.