this post was submitted on 12 Jul 2023
121 points (94.2% liked)

Privacy

31942 readers
839 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I mean, exactly how invasive are default operating systems? (Like Windows, Mac, Chrome OS, Android, iOS) Do they log your keystrokes, log passwords, capture screen, upload your photos, videos, or audio? (Assuming you aren't a target of government) Is it even possible for the average person who doesn't feel comfortable messing with installing operating systems to have any privacy?

top 49 comments
sorted by: hot top controversial new old
[–] mckensa@lemmy.ml 45 points 1 year ago* (last edited 1 year ago) (1 children)

Privacy is not binary. There are degrees of privacy that can be achieved. Where you would like to be is totally based on your personal situation. If you are a beginner, understand that privacy is a journey.

Regarding which OSes you could use for your computer if Linux is not an option:

Windows in my experience is the worst offender when it comes to telemetry. It is so ingrained in the OS that you'll never be certain there isn't any telemetry regardless of the measures you take. MacOS on the other hand can be configured in such of way that Apple will have very little if any telemetry on you. It also has good permission controls which would cover things like screen capture and logging of keystrokes which you mentioned above. You could do the following:

  • Purchase a Macbook
  • Opt out of using an Apple Account (as of today it's optional)
  • Opt out of using iCloud
  • Opt out of any telemetry
  • Turn on built-in firewall
  • Turn on disk encryption
  • Install Lulu or Little Snitch to block any Apple telemetry

This alone will probably put you in a better position than 99% of people (not an actual statistic).

[–] bionicjoey@lemmy.ca 24 points 1 year ago (3 children)

I'm not a Mac guy, but I get the sense that using a Mac without engaging in any of Apple's ecosystem would result in a very degraded experience

[–] Lysergid@lemmy.ml 12 points 1 year ago (1 children)

It might be degraded comparing to default experience but it’s not like you are missing something that you have on other OS. I mean, you can’t iMessage on Linux, right?

[–] Resolved3874@lemdro.id 5 points 1 year ago

No you can't but you can also have a Linux box for significantly less than apple. Guess that's the price of ease of access though.

[–] pruneaue@lemmy.blahaj.zone 4 points 1 year ago (1 children)

Honestly it doesnt make the experience much worse in my experience

[–] cyberwolfie@lemmy.ml 2 points 1 year ago

Agreed. I was using Apple products for more than a decade before switching to Linux and Android, and I opted out of several of their products long before I started considering the privacy aspects of things. For example, I found the experience of using something like iPhoto to be very lackluster. I reluctantly ended up using iCloud due to the superior pricing compared to Dropbox, which I used before. That was a particular nightmare when migrating away from the Apple "ecosystem".

I'm sure their products cater to many users preferences, but I'm not one of those, and had a better experience using other products. That should've made me jump ship way earlier than I did, but a combination of cost (by the time I would've changed, I had already purchased a new MacBook which I ended up using for about 6 years) and inertia.

[–] intothesky@lemmy.ml 2 points 1 year ago

I use my Macbook exactly like the points cited before, and i can assure that i've had a very good experience. Maybe it's even better to avoid using AppStore etc...

[–] BastingChemina@slrpnk.net 26 points 1 year ago (1 children)

You have some margin to work with. Of course it's not going to be as effective than switching OS but you can use privacy focused firewall. For example Portmaster on windows or tracker control on Android.

These firewall will try to block as much telemetry as possible.

You should also be cautious about what you install on your system, opensource app usually have a better track record regarding privacy.

Thank you, I never knew about TrackerControl. I noticed it's available in FDroid.

[–] LemmyNameMyself@lemmy.world 14 points 1 year ago* (last edited 1 year ago) (1 children)

Default OSs are very invasive. Windows, Mac and iOS are constantly spying on everything you do and stock Android is only as private as the apps it comes with which include things like Google Play Services - an app so baked into the system it can only be disabled through adb/root

If you want to read into this - Louis Rossmann made a video on this and this is the paper he mentioned.

possible for the average person who doesn't feel comfortable messing with installing operating systems to have any privacy?

Yes, depends on how far you are willing to take it.

Replace default apps with FOSS (F-droid)

Delete or disable defaut apps through developer options/adb

Limit the number of permissions you give to apps (your calculator shouldn't have access to internet or your camera)

Don't install apps that you don't trust/need

Block app's access to the internet with a firewall

Check out r/degoogle on Reddit for many useful resources

For Windows/iOS, etc.: change settings to be more private: give less permissions and turn off telemetry wherever possible.

If you think that's not enough, consider dual booting a Linux distro like Linux Mint Cinnamon (easy to set up and very beginer-friendly). If you do that you can learn Linux and keep your private data there instead of on Windows/iOS

[–] PipedLinkBot@feddit.rocks 11 points 1 year ago

Here is an alternative Piped link(s): https://piped.video/watch?v=CE0EB5bXj14

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source, check me out at GitHub.

[–] Anticorp@lemmy.ml 11 points 1 year ago (1 children)

Mac is less intrusive than Windows. Windows 10 is a whole lot less intrusive than Windows 11. You can lock Windows 10 down even more if you use Shut Up 10. It's an amazing piece of freeware. Just be aware that Windows will reset a lot of your options after major updates.

Duck Duck Go is more secure than any other search engine and browser. Firefox is next in the list if you're not on a Mac. Get uBlock Origin and NextDNS.io.

Don't give your real information to companies when possible. Don't browse the web logged into Google, Facebook, Reddit, TikTok, etc.

[–] raistlin@lemmy.sdf.org 4 points 1 year ago (1 children)

I would say there's an argument to be made against duckduckgo with how they're not open source, and the whole allowing Microsoft trackers deal, but it is definitely a better option than google or bing. I don't understand why you're mentioning their browser however, as there are definitely much better alternatives.

[–] Anticorp@lemmy.ml 2 points 1 year ago* (last edited 1 year ago) (1 children)

Their browser runs in permanent privacy mode and blocks all tracking scripts and cookies by default. You can configure Firefox to act the same way, and it's a better browser overall, but I figured that anyone who knows how to do that wouldn't be asking the question, so recommending DDG browser is an easy solution. Plus it has a cool window burn animation!

[–] raistlin@lemmy.sdf.org 1 points 1 year ago (1 children)

Fair enough, and the window burn animation is definitely nice.

[–] Anticorp@lemmy.ml 2 points 1 year ago (1 children)

There's a Burn My Windows plugin for Debian if you're on Linux that lets you apply that, and many other animations, to all of your windows. You can get it working on Arch too if you're into that sort of thing. It's probably my favorite part of my Linux computers, which is silly considering all of the other benefits, but I love it. LOL

[–] raistlin@lemmy.sdf.org 2 points 1 year ago

Yeah that sounds quite nice, I'll look into it.

[–] preasket@lemy.lol 10 points 1 year ago

You can buy computers and phones with those OSes preinstalled, so it's not necessarily "custom". Otherwise, no.

[–] CaptainHowdy@kbin.social 9 points 1 year ago

Linux is not like a custom ROM, it's just an OS like any other (but many distros do respect your privacy). But yeah, custom Roms are the only way to have privacy on phones other than just using dumb phones. Support open source projects and manufacturers that make devices that use open source software!

[–] MedicPigBabySaver@lemm.ee 7 points 1 year ago (1 children)
[–] ISOmorph@feddit.de 6 points 1 year ago (1 children)

I think you mean yes (you do just not have any privacy at all)

[–] MedicPigBabySaver@lemm.ee 2 points 1 year ago

Damn Engrish! 😉

[–] mojo@lemm.ee 6 points 1 year ago

You'll be a lot less private, but it's not black and white.

[–] cambionn@feddit.nl 6 points 1 year ago* (last edited 1 year ago)

Privacy is not a black & white thing. Every step you take matters. And being entirely private without digital footprint is impossible unless you isolate yourself from the internet entirely.

To answer your question. Yes, they spy on you. To what degree depends on the OS and your settings. But they always cost you some privacy.

But it's never useless to take other steps just because you don't want to or can't switch OS. Because you'll still give them less data if you do. They might still have info on you. But the less, the better.

Taking easier steps like switching mail provider and other services you use to privacy-minded ones are a good and easy start anyone can do. Replacing apps/programs on your system with FOSS or privacy-minded ones is another good one.

Even the biggest noob can make a Proton account and use it instead of Gmail/Outlook. Use 1Password instead of your device/browser's password manager. Use LibreOffice instead of MS Office. Check F-droid for apps before Google Play (and perhaps even use Aurora when you do need it). Use FireFox instead of Edge or Chrome. Install a FOSS keyboard on your phone. Get rid of Social Media. Use Signal instead of WhatsApp. Those are just some example of easy my-grandpa-can-do-this level of difficulty options that already greatly improve your privacy (in fact, after I installed it for him, my grandpa does many of these!). Is it as private as an extremely hardened custom device by a security expert? Nah, but it's definitly much beter than a default device full of big-tech apps. Even if you just do 1 of them!

Since every step counts, I think we should apploud people for caring and starting to take steps instead of deminish them for not going in to the max. Changes like this are slow, especially with a big mass of people. The more people show they care, the more privacy-minded alternatives grow and show up and the more normal it becomes to care about privacy.

[–] Melody@lemmy.one 6 points 1 year ago* (last edited 1 year ago)

This is a highly loaded question.

You are making a number of very poor assumptions based on a number of ridiculous misconceptions.

The average, everyday, human adult is fully capable of understanding their own personal "threat landscape". How they deal with that will vary.

For most; if not all, average consumers; their concerns are still very limited. They're not so much concerned with the provenance, the history, of companies...they just want to duck for the oncoming threats in their landscape. These metaphorical tree branches are what they're ducking under. They have no logical need to fear the entire tree.

Personally, I choose not to live like Stallman, nor do I have fears of big state repercussions like Snowden does. Neither does your average consumer. Functionality is the top priority. Functionality on-par with the CSSC (Closed-Source Software, Corporate) competitor is critical. If the FLOSS (Free/Libre Open Source Software) version can do exactly what people typically want and expect it to do AND cost less monetarily AND can impact their privacy way less than using the CSSC competitor would, then it will be adopted by many and loved by all who use it.

This isn't to say that privacy does not matter.

It simply means that privacy is a spectrum; and everyone has varying privacy wants and needs. For some reason, a large potion of the "tech-savvy" people in the FLOSS community feel the need to measure their superiority in "How private their systems are." The average user does not give a damn about that dick measuring contest; and really would rather not be bothered. They just want the amount of privacy that is right for them, and their specific situation.

It is best to put your ego aside when discussing privacy, or helping someone else to discover and improve their own privacy.

[–] Z4rK@lemmy.world 5 points 1 year ago

I’m not as worried by data logged by the os as such, but don’t want it sold to third party ad networks.

I use both macOS and Windows daily for combined work/personal stuff so hard to avoid. I trust Apples use of my data a little more than I trust Microsoft.

All my devices are always behind a VPN and always behind a DNS filter that blocks most vendor tracking from Apple, Microsoft etc. You have to allow a fair bit through for some functionality to work though.

[–] gortbrown@lemmy.sdf.org 5 points 1 year ago

You can definitely harden operating systems like Windows and Android to be better for privacy and security. I've used some of Techlore's videos to make my Windows system a bit more secure and private, and he's made one for Android and other OSes too. Of course, this isn't perfect, but it's something if you don't want to install a different OS, it's better than nothing.

[–] teionshibuya@lemmy.fmhy.ml 5 points 1 year ago* (last edited 1 year ago)

For computers, you dont have to switch to linux, I'm currently using ReviOS (a custom version of windows) but I might try AME 10 later. But sure, it's still messing with installing operating system since it needs a clean windows install, alternatively you can use software like O&O Shutup10 but I noticed that some options doesn't exist in Windows 11 as compared to Windows 10, I've also tried winutil but it caused task manager to close really slowly for me

[–] Borg286@kbin.social 3 points 1 year ago

It depends on what you consider spying. The vast majority of devices want some form of push notification capability, which requires being connected to Microsoft/Google/Apple servers, and thus the company knows your IP address. But doing pretty much anything on the internet and you expose your IP address.

If what you mean by spying you think it is looking at what app/program you are doing, recording your keystrokes, recording what your camera sees, the vast majority of devices don't do any of this. Those are done on hacked laptops and school laptop admins that are either creepy and unchecked or overly intrusive.

Somewhere between these two extremes you would say it crosses the boundary into spying. You don't need a custom OS to stop it unless you your threshold is all the way to the push notification level.

[–] manitcor@lemmy.intai.tech 3 points 1 year ago* (last edited 1 year ago) (1 children)

true all the way down to the silicon really. Unless you are prepared to do you own lithography you are on an untrusted platform.

[–] lps@lemmy.ml 19 points 1 year ago (2 children)

Of course this is true, but moving to a privacy respecting OS, like linux or buying a phone w a custom ROM installed goes a long, long way to improving the situation.

[–] lps@lemmy.ml 6 points 1 year ago

One easy way to start is not by doing it all at once. Start by avoiding the Playstore and using fdroid instead. On your main OS replace proprietary software with foss alternatives. Once you get comfortable with that, THEN you can make the next steps. It doesn't have to happen overnight, but you'll be heading in the right direction:)

[–] manitcor@lemmy.intai.tech 3 points 1 year ago* (last edited 1 year ago) (1 children)

you are simply moving your trust base and saying that chip and board makers are more trustworthy. Unless you have the resources to validate the code you are running you are in the same boat in OSS, your trust is now in that FOSS community.

its necessity of course.

[–] jmp242@sopuli.xyz 2 points 1 year ago (1 children)

Sure, but I'll say that FLOSS distros and builds have a much better privacy trust record than the alternatives - though I also have to say that at least I haven't seen the news articles about Apple or Microsoft that you do about Google, Facebook et al. Some of this is literally around business models - Microsoft and Apple aren't ad-tech companies really. They have obvious revenue streams that do not need to invade your privacy, and may actually hurt their business if they do. Not that I trust big corps to actually make sound business decisions though, and any cloud stuff is right out the window WRT privacy from governments.

I'm also left personally in a really weird situation - I don't especially like or trust Google, but I use Android. There are several competing interests here - While Google may spy on me, Android (so far anyway) does allow FDroid and third party apps like AdGuard much easier than iPhone from what I understand. So at least for quite a while I was trading OS level telemetry vs every app and website telemetry. I think Apple might be better now, but I still think you have to jailbreak to install non App Store apps. In the third party apps are things like Syncthing, which lets me basically back up and sync my phone contents without touching any cloud at all.

The other benefit of Android is just the huge variety of vendors and phones available - I can get a brand new Android phone that's "good enough" for $300, and my current one has lasted over 4 years (but at the cost of security updates, so YMMV). I'd love to get a phone I had root on, but most of those cost a stupid amount (to me) and also seem like the fun I had with the Pyra - they're "in development" for 5 years with no real sign anything is actually going to come out, and then when one does it's 5 years old tech.

It's also not particularly useful to have Android without the play store. I tried that once a long time ago with a chinese tablet. You couldn't install apps really. Like, yes, I can get FDroid - but how do I get my online bank's app? - kind of needed to deposit checks, and they no longer have the scanner from a computer option. How do I get ParkMobile - now used instead of putting coins in the meter? Most shopping apps? Yes, you can make your smartphone de-googled, and about as useful as a feature phone from 2010, but then why bother - just get the cheapest flipphone I guess.

I don't have answers - most companies don't want to make privacy respecting tech, so unless you can realistically live your life mostly outside of current society - you're sort of screwed.

[–] manitcor@lemmy.intai.tech 1 points 1 year ago

100% you make your own choices and the tools available offer various levels of true privacy. I do tend to agree that if you carefully select your hardware then roll a project you trust onto your system you are likely 1000x better than any off-the-shelf big-brother setup.

There is no easy answer to 100% verifiable and trustable secure systems at this state in the industry. Though I expect that to change over time, even lithography is starting to become a workshed hobby.

[–] uglytruck@kbin.social 2 points 1 year ago

There are user friendly options if you're willing to use them. There's /e/ foundation's Murena phone that you can buy. It's based on LineageOS for microG with a custom launcher much like iOS. It works out of the box, no tinkering. There's also GrapheneOS that has a web interface for installation. It is only for Google Pixel phones and takes a different approach to privacy than LineageOS for microG. They both work in protecting your privacy. As far as computer OSes, there are many "easy to use" options for the novice - PopOS & Linux Mint are the best two that come to mind.

[–] ByroTriz@lemmy.ml 1 points 1 year ago

for mobile a low effort approach is to simply buy a dumbphone and a faraday bag and you're good to go.

[–] MigratingtoLemmy@lemmy.world -2 points 1 year ago (1 children)

We don't know if they do, but they certainly can. Especially if you are on x86. I'm sure Android (which comes from OEMs) and iOS devices spy on you.

No, you have no respite unless you switch to custom. The good part is that this process is much easier than before (especially on the desktop), and will keep getting easier. Graphene already has their Web installer when you plug your mobile into your computer and let it do its job. Installing Linux is the easiest it has ever been, and I would argue that this trend has creeped into even the more advanced distributions like Gentoo/Funtoo (their guide is extremely well written and easy to follow + forums).

The only thing you are losing is time. If you don't have the time, then no, you should stick with the easier ROMs/Distributions. I would never espouse using Windows/MacOS/OEM Android/iOS unless forced to by circumstance.

[–] RandoCalrandian@kbin.social 3 points 1 year ago (1 children)

Of course we know they do

A good portion of it is laid out in their telemetry docs

And it’s why removing telemetry is so damn difficult

[–] MigratingtoLemmy@lemmy.world 1 points 1 year ago (1 children)

When I said that, I was trying to include both mobile and desktop OSes. Has Intel mentioned that ME will track users and processes using telemetry?

[–] RandoCalrandian@kbin.social 1 points 1 year ago (1 children)

Why are we talking about Intel?

It's microsoft that keeps releasing telemetry infested OS versions, and then forcing users onto their new shiny plague ships.

this and this this are both widely available tools to try and shut that shit off, and they only sort of work.

Now i know you wouldn't recommend windows, but that's the exact type of spying OP is asking about

(That said, i don't doubt intel either already has or wants to implement telemetry as well)

[–] MigratingtoLemmy@lemmy.world 1 points 1 year ago (1 children)

I mentioned Intel because ME is cancer embedded in hardware. Even if someone was good enough to rewrite windows code to remove all telemetry (in theory), there is nothing one can do about hardware.

AMD's OPENSIL might change that, but we'll have to wait and see. The fact is that ME can hijack one's system resources and push telemetry to Intel, including public IP. That's the worst offender in my opinion

[–] RandoCalrandian@kbin.social 1 points 1 year ago (1 children)

ah, i didn't even know about intel's telemetry in ME

I thought ME was cancer for the other reasons, damn. AMD FTW (until TLA's force them to do the same thing)

[–] MigratingtoLemmy@lemmy.world 1 points 1 year ago

AMD does the same thing with their PSP. But AMD is supposed to release OpenSIL in 2027 which should theoretically give the community the keys to stop PSP from booting and work Coreboot/Libreboot for other motherboards

load more comments
view more: next ›