Episode 101 - The Hated One DESTROYS Michael Bazzell [Gone Sexual]
Added 2023-03-21 17:12:15 +0000 UTCIn today's episode, I am dissing a renowned privacy expert, Michael Bazzell. You can find his episode on mobile devices [episode 290]: https://www.inteltechniques.com/podcast.html
Some points discussed:
- "do not use mobile device for rntertainment..." Why?
- "do not sign in to your google account on grapheneos"
- cell service vs data only
- "doesn't use user profiles" whaaaat???
Comments
Compartmentalizing Google Play by having separate accounts in each GrapheneOS profile is a completely different scenario than what protection VoIP phone number providers or disposable debit card providers offer. If you create pseudonymous accounts the way I recommend (over a VPN, different user profiles, etc.), then Google will not be able to deterministically link these different accounts and their profiles. With VoIP and disposable debit card providers, all your transactions and communications are traced by a single provider. It's just shifting trust to a different entity. There is benefit to not having reveal your true number to everyone, but it's hardly giving you privacy of your transactions and communication. You have to trust their privacy policies, employees not going rogue, lawful intercept and malicious threat actors. The most profound benefit of VoIP numbers and disposable debit cards is that if there is a major breach of retail data, adversaries wouldn't be able to correlate whose purchases belong to a person that used different credentials and phone numbers for each of their purchases. But if there is a breach at any of these VoIP and disposable card providers, then everyone is screwed. If Google was breached, nobody would be able to figure with a high enough degree of confidence that pseudonymous accounts belong to the same person if they were created carefully, because Google wouldn't have access to any deterministic identifier on GrapheneOS.
The Hated One
2023-03-23 17:46:11 +0000 UTCAnd running every single in its own VM.
The Hated One
2023-03-23 17:34:50 +0000 UTCYeah, doesn't make sense to not use your phone for entertainment. GOS is ideal for compartmentalizing different apps and services like Spotify, Youtube, etc..I suppose the only way you could come close to a similar setup is if you're using Linux with Safing.io Portmaster + SPN?
Urban Armed
2023-03-23 17:12:06 +0000 UTCI use voip and privacy card payments for the same reasons. I like that each number and payment can be linked to a pseudonymous account. Sure, it won’t help if you are being targeted by federal agencies, but at that point (and if that is the case) then there isn’t much you can do.
No Name
2023-03-23 01:11:41 +0000 UTCSome advice for US and CA: Sometimes you need to use OTA calls such as for appointments. Jmp.chat with Cheogram app is a cool VOIP + XMPP solution that costs $3/month and requires no ID. Use a disposable payment card for those numbers. I also use voip.ms for my known phone number and a few others which costs $1/month. I use Sipnetic and voip.ms app from fdroid. It is a little trickier to setup correctly, but it is cheaper. VOIP.ms knows who I am, but vendors can't keep track of the numbers I rotate.
Shirley Cirrius
2023-03-23 00:15:39 +0000 UTCThere is so much to unpack in this one. My only qualms with your video would be about phone numbers and private card payments. With phone numbers, I disagree that "one secure number" is better than "VoIP number for each use case." You say that you would rather have one number for Signal and depend on the other people having that. While I admire Signal as a good private messenger and call option, the fact remains that not everyone has Signal, nor am I important enough to them to install Signal just to make me happy. The use of VoIP numbers gives me the ability of providing anyone a number I control, but then "revoke it" by deleting the number. I do a similar thing with e-mail, where the name before @ is always the company name I'm registering for. If it was Youtube, I'd use youtube@example.com. This way, if the e-mail gets scraped, at worst, the attacker can't use it without tipping me off. At best, they use it and I know that site sold my data/got breached. It is important to note that by using a separate number for special uses, it's not in my real name, and it's not used to provide complete security. It's a privacy prism. Each company I have an account with has a slightly different image. If I get a call on my "food and deliveries" number and it's NOT one of those companies, they're going to call me by a specific name. At that point, I can safely burn the number, and nothing of value will be lost. If I only have one number, and THAT leaks, I'd have to change my number. For private card payments, my bank allows "disposable" cards for online payments. US uses privacy.com, which is basically a go-between between the bank and whatever place you are buying from. Here, it again depends on who you are hiding from. If I'm trying to hide from the government, I'm just not going to use a card. In the case of using the single-use virtual ones, it's different: I'm trying to buy from a place I don't trust to keep my data secret. If I buy with a single-use card, that card number can't send any money later, thus protecting me from financial loss. You discuss using different Google accounts for each profile, yet you dissuade people from using multiple phone numbers? Feels weird to me.
James Mason
2023-03-22 20:23:17 +0000 UTC
