I have degoogled my phone few years ago it really hit me how much the phones depend on Google services. Few examples from of my daily usage when I compromised:
- Communication
I’m in students group, people there have own group chat on facebook messenger. They share info regarding tests, deadlines etc. Basically standard uni messaging. Unless I had fake Facebook account to be there I would have to collect all info by myself. The alternative is a discord server, which in privacy terms is questionable choice too.
At least I have few friends who use Signal or Element, but it’s minority.
What do you usually use and offer when people ask you for contact?
- Banking app
Banking app I used has blocked me from app after few years of using it when they realized I have it from “unofficial” source - Aurora store. That motivated to switch the bank and app, which doesn’t really on Google Play services. The easiest way to do that was browsing Huawei app store and finding the most suitable app. Do you use baking apps?
- Taxi/Transport
Of course theres no way to use Bolt/Uber for transport on degoogled device. What’s your way of transport after having few beers in pub? Do you use taxi via calling it directly or use that weird Telegram taxi addon?
- Map directions
Is there a way to convert google map pins to open source solutions and vice versa? What’s your recommended software for directions? What do you use for driving?
- Fitness
Do you track fitness activities?
- Phone
Do you have good phone recommendations? I know that GrapheneOS+Pixel is one, but what about others?
I had very similar experiences around 2015. Before that, it was reasonably easy to use a fully FOSS system, but things have gotten worse over the years. Sure, there’s more FOSS for mobile hardware than ever before, but the world surrounding the phone has moved in the exact opposite direction. Being compatible with the world around you is the problem here.
Back then, I couldn’t find a satisfactory solution. One extreme is to go full on FOSS, and cut at least 50% of the entire world from your life, while the other is to sacrifice your privacy at altar of corporate greed. Between the two there are numerous dissatisfying compromises, and you need to do some soul searching to figure out where you want to draw the line.
- The fear of missing out was something that made me double think deleting my facebook. It turned out to be unfounded fear, as none of the hypothetical “missing out” scenarios have proven to be an actual problem.
If the study group is very important to you, and the study group is on Facebook, then just have a Facebook. Deadlines and test info are not critical information that you need to receive in your pocket as soon as it is shared. You can check your anonymous Facebook account once a week through a VPN in a desktop computer and you will likely be well informed enough. If you have a friend that is both in Signal and that Facebook group, you can tell them about this and ask as a favor that they forward any critical time-sensitive info.
As for my response, mostly I use XMPP. I turn on my WhatsApp phone on every few weeks. People can message me via XMPP, e-mail, or Signal.
-
I have a little scanner. I can use the phone’s browser and log-in, using the scanner for the 2FA. But it is very rare that I use banking through the phone, as I do most of my banking via a desktop computer.
-
Bike, public transport, walking, and planning ahead.
-
On the desktop I do use Google Maps as it is quite efficient. Usually I plan ahead if I am biking somewhere new. I will often draw a path, write some street names at turns/crossings to remember, and pick some landmarks. Usually I am moving near places I know, so this is not task that comes up often.
-
At different points in time I have kept multiple fitness and nutrition logs (on websites and notebooks), but I rarely looked back at them. Now days I track rest times, hear rate, and running parameters while exercising, so I have a garmin watch and look at the output logs at the end of the exercise on the watch itself. It is not connected to any apps.
-
I make use of three devices: I. A Pixel phone running GrapheneOS has no SIM card. I have my apps, music, etc in this phone, and I use it as a mini tablet. It needs WiFi to get internet.
II. A PinePhone. I bought a large stack of the cheapest pre-paid SIM cards a while ago, and put in a new one whenever a SIM card runs out. I wrote a hook that, when I power down the device, a random IMEI is generated and written to the LTE modem. So, if I turn it off, swap the SIM, and turn it back on, I have a phone with a completely new mobile identity. This phone I can use to make calls and to share data with the GrapheneOS, but it does not have a static phone number. Usually it is off.
III. A Raspberry Pi 5 with a 4G LTE hat. This hat takes in a SIM card that is stable. So, this device is associated with a phone number and a persistent identifier, but it does not move. This is my phone number. SMS messages get sent to me via XMPP. If I am called, my XMPP also lets me know. I don’t have VoIP, so I do need to call back if I choose to. However, it is so so rare that I make a phone call that I have not bothered to implement VoIP.
My compromise is to just to minimize big tech tracking.
I mean, 90% of data is because people use corporate social media with real names and real IPs. I don’t use “social media” like everyone else, and that is just cutting away 90% of mass surveillance. I only occasionally look at reddit over VPN (without loggining in and never posting anything), I use Lemmy over Tor. Use Fennec (aka: firefox, but from F-Droid) + uBlock Origin + VPN, for everything else (like watching youtube videos)
I usually only have Fennec and Tor (amongst a few other things) through VPN, everything else is going to clearnet. My though is, if I put the entire traffic over VPN, Google would see my VPN IP attached to my device serial number.
If there is some university thing, I’d just begrudgingly use it. Use browser if possible, but if app is required, probably put it in a “work profile” (the Shelter app from F-Droid can do that) to separate it from everything else, and prevent any such app from seeing my files. Also give as few permissions as possible. And never installing any “profiles” or “certificates” they give you for access to their wifi. They should have a “guest wifi” without such requirements so just use that instead. (Or get a second phone with the “Share Wifi Connection” ability and use that as your “router” and connect your main phone to it.) Or just use mobile data if you can afford it.
For banking, put the app in the “work profile” or use browser if whatever you need to do doen’t require the app.
For uber/lyft/taxi, probably use the browser, or if that doesn’t work, again, put the app in work profile, don’t give permissions until I’m ready to use it, and its getting deleted the moment my ride is done.
For maps, unfortunately I still have to use Google Maps, because I value being alive and not getting lost in some sketchy neighborhood over the privacy… 😓
I feel like Graphene OS is too much of a hassle for me, I’ll have to get a Pixel, which does not have a microSD slot, and that’s a dealbreaker for me.
Well, calyxos works on some motos and fairphones (the fairphone is expensive as shit tho and used motos are relatively nonexistant in the used market). Edit: some frp locked are currently on ebay (if you enjoy getting scammed).
I have trust issues with used phones tbh. It goes beyons the FRP.
Like… who knows if the previous owner is a drug dealer or something, then the authorities got the IMEI, then if I use that phone, the cops assume that I am that drug dealer.
Imagine they got an agency like the United State’s DEA involved, and you happened to be using that phone that used to belong to a drug dealer, the authorities just send a pegasus, upload all your stuff, activate cameras microphones. Then eventually raid your house.
I don’t like the thought of that.
Seems that everyone else has said the same as what I mostly already do, but I’ll just make a couple comments on the student communication topic:
My university already created a Microsoft 365 account for my university user, which included Teams. For my threat profile, I don’t consider Teams a terrible option if I’m only using it for study purposes, so I’ve communicated over that for assignments before (web UI only).
Otherwise like others have suggested, some students are open to something like Signal (a fellow student got me onto it years ago) if you kindly ask and mention upfront that it just requires a phone number. I did an assignment over Signal with two other students, so it’s very doable.
Sometimes for work trips I’ll user uber in a vanadium web browser. I think they also have a number you can call to order one. Primarily for old people but works well in this case.
Using uber is its own question but you got to find the most private set up that works for you. Anything is better than nothing.
