Whenever some app or service claims to respect your #privacy, check for two things:

1. Is it open-source on both client and server (if applicable) ?
2. Is the service itself decentralized in some way (federated, allows self-hosting etc.) ?

Now evaluate everything you use - iPhones, WhatsApp, Telegram, Signal, Gmail etc. using this checklist.

Try to find and use software/services which satisfy both of the above conditions.

@njoseph is there any app or software which meets these two conditions? Is it possible to find an app or software for every need (email, browser, music player, etc.) which works well enough (can be compared to leading apps/softs) and is still being updated?

@barszczyk @njoseph Instead of "apps" or "services", let's think protocols.

If a protocol is open-source, chances are an open-source implementation is out there.

Let's see:

PGP (OpenKeychain, gpg, etc. no reason yet to self-host a keyserver)
IMAP (K9-mail for client, dovecot for server)
SMTP (Exim for server, there are others)

XMPP (think whatsapp):
Server-side: Prosody
Client: Conversations (free on F-droid)


I'd love to see more!


@barszczyk @njoseph Also, when it comes to Android, there are phones that can be flashed easily. This comes at a price, though.

I'm sporting a Nexus 5X running LineageOS without Google Apps. I know a Samsung phone would do the same things, but it would be less flash-friendly (I presume from my experience with S3mini, YMMV). It was more expensive, but I knew it's repairable and that the target demographic are DEVS, so long-term support.

@barszczyk @njoseph
3/? Hardware should be considered as well, not just services.

If you can, try to look up a teardown video of a device you want to buy. How difficult is it? How much glue is there? Does something break every time you open (glass back)?

Check the availability of spare parts for your phone. Even batteries, if a phone has a "non-removable battery", can be replaced with 20 minutes of time and a youtube video. You'll do future you a favour.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.