What is Nostr?
Subject Delta
npub1x9j…r7ny
2024-10-30 17:44:26

Subject Delta on Nostr: If you are on CalyxOS like I am (will probably work on GrapheneOS and other custom ...

If you are on CalyxOS like I am (will probably work on GrapheneOS and other custom ROMs with privacy in mind too), consider the following setting options (check-icon means "enable", x-icon means "disable")

❌ Nearby Bluetooth and Wifi
-> your phone will stop scanning all Wi-Fi access points and Bluetooth Beacons and uploading them to location services like Google / Mozilla (on CalyxOS only Mozilla is allowed if you opt-in to)

✅ Wi-Fi nonpersistent MAC randomization
-> your phone will change your MAC-Address each time it connects to a Wi-Fi, even it is the same Wi-Fi you reconnected to

❌ Connectivity Check
-> your phone will stop pinging Google Servers
(enable only if you need to detect captive portals like in hotels, airports etc. where they are commonly used)

❌ 2G
-> your phone will be no longer prone to Stingray Attacks

✅ Scramble Layout and Enhanced PIN Privacy
-> cameras and shoulder surfers will have a harder time sniffing your PIN

❌ Show Passwords
-> no characters will be shown while you're typing a password, same effect as mentioned above

✅ Auto-Reboot
-> once a day your phone should re-boot. Ideal for nights when you're sleeping anyway. Throws out even bastards like Pegasus

❌ OEM-Unlocking
This should already be turned off on every phone. In other words, your bootloader should always be locked unless you're about to install a custom ROM for example. After it's done, lock it immediately.

❌ MicroG
This is for the hardcore users. CalyxOS doesn't use Google PlayServices. Instead, if you opt in to, it uses an open-source compatibility layer called "MicroG" which replaces the proprietary parts of Google (libraries and so on) to make it possible to use Google Play Services. Even push notification services depend on it. As you might know governments use Google's and Apple's centralized push notification servers to collect metadata. So if you don't opt-in to MicroG push notifications will very likely be the first thing where you will run into issues: BUT: many apps like Signal have built-in fallbacks. When the app can't detect any no push notification service it will use its own push notification server as a fallback-method. Apps like #Amethyst and many other apps will give you the option to configure alternative push notification services (ntfy as an open source alternative for example). I never enabled MicroG and for me everything works perfectly. For you it might not, but give it a try at least.

Last but not least, and this is a general advice:

If you should ever get into a situation where you are being forced to hand your phone over, turn the fucking thing off. Just don't lock it, but turn it off. No magic needed. Your phone will then be in the so called BFU-mode, which means "Before first Unlock" which is the most secure status for a phone.

If you have any further advice, let me know :)
Author Public Key
npub1x9jmsqnjhxaut8tzjeqjy7nueztldsm85hapw2vzn646f204r5mscjr7ny