As much as I'd love to daily drive an OS like GrapheneOS, the risk of running into apps that use Google Integrity API thereby making it impossible to run those apps on Graphene is too much of an inconvenience.

I took a look at this curated list of bank apps[1] supported on Graphene OS and I'm glad that a large majority of them work on Graphene. However, just my luck that one of the banks I use on this list isn't supported.

In my country, the state is enforcing a lot of essential workflows to be digital-first (and in extreme cases digital-exclusive) and I dread to think needing these services at a critical moment and the choice of my OS making it impossible for me. This is more of a commentary on my government's choices but it's a reality for me.

In any case, I don't think it's practical to go cold turkey and switch to a privacy focused phone without testing waters first to see which of your of workflows break and then reason about the tradeoffs/workarounds.

I do admire folks who use GrapheneOS as a daily driver, I'd like to chat them up if I find them in the wild.

https://privsec.dev/posts/android/banking-applications-compa...

Agree that "control" is a much better framing, since it doesn't suggest a need for secrecy and therefore embarrassing/unacceptable/untoward behavior that needs to stay behind drawn window blinds. I'm also fond of "agency" and "digital self-sovereignty" as alternatives.

But fine, I'll be the one to say it: Cloudflare isn't one of the good guys here and as an entity it shouldn't be trusted. It doesn't matter how pure their stated motives appear to be now, or how unmarred their track record is so far. It's a corporation that has control over an ever-increasing share of internet infrastructure, and is susceptible to the same risks as any other tech monopolist basket that we all decide to put our eggs in. Maybe more risky than the others, given how deep in the stack its influence is buried.

What happens when a government forces it to NXDOMAIN porn or put nuisance captchas in front of dissident blogs? Is there some reason people think this one is different?

The only thorn in the opine is Cloudflare. Everything looks reasonable but CF. I get that DNS is free, it is OP's employer and registry being offered sans margin but it doesn't make up for the fact that CF is on its way to become the biggest gatekeeper and strangle the freenet if it wishes to do so.

> Instead of "privacy" we really should be talking about "control".

Fantastic. This is what I have been shifting towards these past couple years. Hardly anyone likes to be controlled, right?

This reminds me of the old meme:

> Tech enthusiasts: My entire house is smart.

> Tech workers: The only piece of technology in my house is a printer and I keep a gun next to it so I can shoot it if it makes a noise I don't recognize.

My next low hanging fruit is certainly to make my LLM usage local, my queries contain much more sensitive information than what is mentioned by this post.

In the past I dropped off privacy when it was too inconvenient. For example I dropped protonmail because of bad search, left Linux desktop for Windows due to missing software, etc, I still haven't found the sweet spot for LLMs yet.

For the rest, I'm currently running the full macOS, iOS, safari, Apple passwords and I'm decently happy with this middle ground.

This topic came up at Christmas dinner with family. I had no luck coming up with a reason why they should care.

"Control" would not be a better argument with them. Everything is already controlled. What amazon, google, youtube, facebook, instagram, tiktok, netflix, spotify, recommend to you is all controlled. Various insurance (health, car, etc) is relatively controlled. Through an employeer you usually get health insurance. If you're self or un-employed they require, or did require, extensive health info before they would let you sign up.

And, I'm not entirely sure I disgree with that. Why should my premiums be higher because someone else wants to participate in risky behavior?

Like many here I go though lots of trouble to stay anon. VPNs, multiple unrelated browser profiles, multiple browsers, never use the same email address twice, differnt passwords, etc.... But I can't really think of a truely compelling reason to to give to my family why they should do anything similar.

I can mention things like the girl who's parents discovered she was pregnent when advertisers started sending her baby care ads. But, that's just not relevant to them.

> "I don't need to care about privacy because I have nothing to hide." is an argument that I have heard countless times. I found this argument difficult to counter in the past, yet deep-down I knew the reasoning was flawed.

This one is pretty easy to counter. Just ask the person to hand you their phone and go through their messages and photos. There's no one that wouldn't feel restless about it.

> I use Cloudflare's DNS because I trust them more than other companies; purely based on their business and how their incentives align

The author fails to mention that they are currently working at Cloudflare, I think that should be made clear otherwise I see it as misleading to the reader, like so many pointed it out, Cloudflare is just a corporation like any other corporation out there...

> Domain: I switched to Cloudflare Registrar recently because they offered a lower price ... I don't think Cloudflare really cares to make money on domain registration.

Well, they don't today.

Speaking of "control", it is bad form to keep both the nameservers and registrar with the same company (think takedown requests / account lockout / etc).

excellent article, you've inspired me to get off Gmail finally (Google's been sending me angry emails about hitting my storage limit for ages anyway).

side note, your link to Tuta is broken - think it's an internal link by accident

> I use Cloudflare's DNS because I trust them more than other companies; purely based on their business and how their incentives align

It's a very naive way of thinking about some businesses. What did Cloudflare do to earn this trust? It's just another VC-backed company and 1.1.1.1 is a free service. So Cloudflare is going to lose money just to protect my privacy? I don't think so.

I agree. Keeping your data private is just not a big enough motivation. For me though the big issue is making sure one keeps access to their data forever. It’s so easy these days to use everything from one vendor and then get access shut off with no recourse. That is IMO the biggest fear everyone should have these days.

Yes, the only solution is self-hosting and yes it requires being your own sysadmin and it’s hard and not convenient. That’s why I’m building https://github.com/ibizaman/selfhostblocks. It’s a NixOS collection of modules that sets up services that fit well together and have declarative setup for LDAP and SSO. They have integrated backups, https and other features required for self-hosting. Also, the LDAP and SSO setup is tested with e2e NixOS VM tests that use playwright to make sure users can login if they have access.

I’m hoping to lower the bar to self-hosting significantly.

> I have nothing to hide

I really dislike that this is always the argument that's being attacked. It's not even what most people are thinking when they respond.

It's clear that the exchange is privacy for effort. If I want to self host, I need to pay time and money to get it all working, then continue to maintain it forever.

Somewhat related - I want control over devices in my home. Too many things these days need an internet connection to be useful. I run my own OpenWRT router and set up firewall policies for them so they only get the access they need to provide their function. But I'm getting tired of it.

I'm looking for a nice tool that would give me that "control" over my home network -- at the very least, proper observability. Like "little snitch / open snitch" but running on my home router... and I haven't found anything like that yet.

What's the story for maps and POI search on GrapheneOS? I'm assuming using Google Maps is a non-starter since that defeats the whole point of all these privacy protections in the first place.

The ad blocker is uBlock Origin ... the blog misstates it as uOrigin.

The article starts off on the wrong foot and there the article ends.

Do you think that 'government' (and ie anyone that works for one) is any 'different' to anyone else? Or are we all people? Or maybe there are other descriptors?

Wanting privacy is not a crime or admission of guilt.

Note - the EU politicians exempt themselves from this surveillance under "professional secrecy" rules. They get privacy. You and your family do not.

the conversation about what a privacy enhanced way of relating to tech is hasn't really matured much.

on one hand its being relative to a list of specific threat actors you avoid. on the other, its maintaining a role with leverage vs your devices and services.

privacy doesnt catch on as product because you have to navigate an inferior relationship to those threat actors first, and nobody aspires to that unless they already have a kind of alt cyberpunk underdog mentality and attitude.

the non-punk or normal, leveraged position is like a business or first class lounge for tech. calm, negotiable, amenable, hidden and exclusive power, craft, affiliation and signalling.

most privacy tech and apps are still in the mall ninja cyberpunk mentality, with some slightly self important NGO/public sector affilation signalling with Signal. The aesthetics of privacy need to evolve to drive more meaningful tech imo.

"I don't need to care about privacy because I have nothing to hide."

One counter is "since I've done nothing wrong, you have not need to care about what I hide". Both make assumptions, the difference is about who is trusted. Why should it be the authorities.

FYI: NetGuard is an open source rootless firewall for vanilla Android which also allows per-app network access control, for those unable or unwilling to go with other OSs. Works by leveraging Android VPN to block instead of tunneling packets.

Finally. Someone in the wild that runs passwordstore.org

I thought there was only a couple of us.

Surprised to see Firefox.

Gave it up a while ago, for:

Librefox on the linux device.

Waterfox on the android device.

Orion on the APP£ device.

Are these artistic spelling choices or are they genuine typos? I feel like I am missing some context here.

After doing this for 25 years, I have come to the conclusion that one should stick to lightweight tools as much as possible. Complex ones are far more vulnerable to supply chain attacks--be they illegal ones from hackers, or legal ones from business. I have had so many great tools (open source and proprietary) rug-pulled from beneath me. Dev sells out, then the product is either retired or enshittified. What if someone tried to enshittify awk? Good luck with that. There are dozens to choose from. Even with LLMs, they can't enshittify them all.

The future is suckless philosophy.

Original HN title: "Privacy and control. My tech setup"

> Venmo is disabled.

I wished the author elaborated more on why.

my privacy setup is good -- JS whitelisting and blocking of most ads but my fingerprint sticks out like a sore thumb. (firefox or bust baby)

> I would also recommend Bitwarden for those who want a better UI experience.

The newest release of bitwarden absolutely sucks. The images that they're using look AI-generated (specifically, there's some weird stuff around line thickness, colour and shading that, as the spawn of two artists, I do not believe a competent artist/designer would make), but also the images are just pixellated and grainy on my 1080p screen. The design has gone from "clean and usable" to "utterly dogshit", and the response time has gone down the pan.

For domain registration I recommend netim, as they neatly reduced the price that I pay from £30 down to £5, which made a huge difference personally.

The average person won’t go through even 2% of the trouble. Your self inflicted lockdown is a niche within a niche. I respect it though!

"The problem is that the word "privacy" is dialuted[sic] and mean different things to different people. Instead of "privacy" we really should be talking about "control"."

It's arguable that without control there can be no "privacy and security", including relief from data collection, surveillance and ads. The so-called "tech" companies that profit from data collection, surveillance and ad services are going to protect their own interests first, and if the the ad target (computer user) delegates "control" to these people, then he will also sacrifice some "privacy and security" as a result. When there is a conflict between the company's interest in profiting from data collection, surveillance and ad services and his interest in "privacy", his interests will be subjugated to theirs. He has sacrificed control

Personally I'm not really interested in "convenience" at the cost of control. For example, delegating control to a third party. I want control

Like "privacy", "control" could mean different things to different people

To me, it means control over a computer (via software)

For example, let's say a student at Harvard in the 1970's later becomes a hacker at MIT's AI lab in the 80's and dislikes not having the ability to study and modify the software he is forced to use

He writes a compiler and attempts to create an operating system

Arguably one could say he wanted "control"

Or let's say a student at University of Helsinki in the early 90s is using an operating system installed on the university's computers and wants to run the same type of system (UNIX) on his i386 PC at home

He writes an operating system kernel

Arguably, one could say he too wanted "control"

Let's say a www user in 2025 dislikes using software that automatically downloads, installs and runs code on his computer without his input or consent and automatically sends DNS, HTTP and other requests to allow so-called "tech" companies to perform data collection, surveillance and ad services^1

Arguably, one could say he also wants "control"

He compiles his own operating system from source and writes some simple programs to prevent the remote access installs and intercept the attempted automatic remote requests

1. Thanks to the work of the folks in the first two examples and others like them, source code for UNIX-like OS is readily available including a free compiler to produce software for it

Perhaps "control" in this context must involve some element of "DIY". The folks in the first two examples did not wait for or plead with third parties, e.g., so-called "tech" companies, to give them "control"

If one accepts that there can be no "privacy and security" without "control", then it stands to reason that delegating control to so-called "tech" companies is not going to produce "privacy and security"; it will always be compromised by the companies' own interests which include profiting from data collection, surveillance and ads services at the expense of "privacy and security"

reminder - there's tech out there capable of reading your mind remotely and non-invasively

For you

- WhatsApp is an exception

For others

- Google is an exception

[dead]

> can’t be bothered to host my own email

Never host your own email. It’s a nightmare if legacy systems, edge cases, layered on trust systems, malicious actors, and endless spam. It’s a good way to spend a bunch of time and effort making sure most of your mail never gets delivered.