evujumenuk

I think installing spyware on someone’s device is two or three steps more drastic a measure than a simple search, which is about the extent of what a court order can authorize police to do right now. It feels conceptually close to tampering with evidence present at a (possible) crime scene. To add to this, spyware is not the same thing as installing a physical listening device in someone’s home. It requires far-reaching permissions on a system, and can influence lots of other software on the same system. You’d have to have an extreme level of confidence that this won’t lead to accidental or intentional planting of incriminating material. And, in my opinion that sort of load-bearing trust is not really something law enforcement has earned in the general case.

Where in Settings would this be? Cellular?

If you only ever use this mail domain to send messages to or receive messages from people who don’t know your name and address, why not. Any old infoleak would otherwise indelibly associate that domain with that personal info.

It kind of has to be, if you’re trying to be persistent about the whole thing. It’s easy to feel overwhelmed and burn out over all of the different threats we’re trying to defend against. I don’t see how you can keep at it for months or years if you feel no joy over it. But maybe being deathly, relentlessly afraid of the dangers around us is enough after all.

If you don’t even like doing this stuff, wouldn’t it be better to focus on measures that require little upkeep? This is what my example suggestion was getting at, something that’s as close to set-and-forget as possible, while getting you 90% of the way there. (Depending on your threat model, sure. If yours says that the sky is falling if Tim Apple gets your iCloud data, it certainly doesn’t apply.)

I’d sure hope so! Many of the things that privacy nuts like us do are not efficient uses of one’s time.

They might require constant vigilance. They might need recurring work for continued effectiveness. They might necessitate exposure to intrusive negative emotions (“what is Google doing this week?!”).

If you’re not having fun, focus on measures that you implement once and then never have to think about again.

For example, I wouldn’t recommend GrapheneOS to a journalist in an authoritarian regime. It might be “more secure”, but they have a job to do and can’t keep dicking around with obscure pointer authentication settings or whatnot. They should just get a current iPhone, enable Lockdown Mode if its tradeoffs are acceptable to them, and continue doing their best job, which isn’t “phone administration”.

LARPing as Jason Bourne, or prepping for the Rokobasiliskocalypse, is a hobby. It’s okay, I do it too. However, it’s not approachable or understandable to people who don’t share that hobby, or are not as alarmed at the general state of things as we are.

I used to run unbound on my laptop just so I could configure stuff like forwarding zones with more precision than what a stub resolver normally gives you.

It can also be your validating DNSSEC resolver, which also satisfied that sort of morbid curiosity in me.

In the age of DoT and DoH, with endpoints hardcoded in browser binaries, that sort of thing has a lot less punch than it used to. Even back then Go binaries would start ignoring your nsswitch.conf…

As long as everyone is having fun, I see no problem.

If you’re not having fun switching mail providers, researching Gecko forks, or being a part-time sysadmin for your Fairphone, you should probably stop doing those things.

There’s no easy answer to your questions. It depends on what threats you’re trying to defend against. If your primary concern is adversarial law enforcement with Cellebrite et al., a current iPhone, especially with Lockdown Mode enabled, is certainly the next best thing to Graphene that we have.

Personally, I have access to Private Relay, but never use it. That’s not because I don’t trust it, but because I only ever use VPNs to spoof my GeoIP. And you can’t do that with Private Relay.

Just “encrypted”? Probably iMessage.

Anti-abuse measures such as this are generally designed to not provide that kind of feedback. The website developer is modeled to be an adversary, and you don’t volunteer valuable information on what has worked against your countermeasures, and what hasn’t, to your designated enemy.