Anna

That’s a bad advice you don’t know how they are updating it. If it is added in the repo then package manager will check the signing key but if it is an in app update then that may not be verifying the new package and if someone is doing MITM they can switch it up

You should always verify signature and hash for any software you are installing but also keep in mind that if someone was really trying to send you a malicious download then there’s good chance that they will also deliver you a malicious signing key and hash. And there is really no good solution. If it is critical you can try to get signings keys from different places and with different IPs and maybe even different devices but pick and choose how long do you want to go down this rabbit hole.

Do not use any such services online. That will just generate another data point. Instead do it yourself manually. And in future create new email for every service. And use something like fake name generator to get name and email ID.

It is not about police hijacking IMEI, my bank only provides 2FA with phone number, and the password can be reset using the OTP they send to my phone. I know the bank is terrible but where I live all banks do same thing. So if my phone ever gets stolen they can just remove the sim and put it in another phone and get access to the Bank account. Also did I mention you can also get username from OTP to your phone so, yeah I should probably not use any bank and go live in mountains. But SIM lock helps.

I think it was renamed to CAT wiki

a post from last year from my personal X account suddenly became a topic of discussion here on Reddit.

You mean last month right.

OK let me add fuel to the fire. here in Andy’s response he says the tweet was from last year which is technically true but it was from December 2024.

Also how can he think that Trump stands for little guys when he has elon musk as his pet monkey

I would have never guessed that…😂😂😂

Hyderabad also a fun fact Indian supreme Court has ruled that WA messages are not admissible in court.

https://internetfreedom.in/iff-assisted-in-sending-a-legal-notice-to-the-hyderabad-police-commissioner-regarding-search-of-mobile-phones-for-keywords-such-as-ganja/

Apps were banned only in Jammu and Kashmir

https://tuta.com/blog/apps-banned-india

It’s true Indian government has banned Element and other Apps and forced Signal, WhatsApp and other such apps to have a local representative so that they can arrest someone and force their will. But there is one silver lining, it is that these politicians don’t fully understand how open source software works. So just banning Element app doesn’t do much I can switch to schildiChat or just download element source code and change the name and logo and boom I’m back in.

And also most of their app bans are just requests sent to Google play store and Apple App store, You can always download from FDroid or from other sources

and there is no real way they can enforce these stupid laws.

They started going through chats on traffic stops, but there are ways to avoid that also

If you are interested and want to support then you can donate to https://internetfreedom.in/ or if not possible just share the word.

No VPN over Tor means you first connect to Tor and then to VPN. This is highly discouraged because if someone can tie the VPN to you then they can bypass Tor entirely and get what websites you were visiting.

What you are suggesting is Tor over VPN, here you’ll first connect to VPN and then to Tor, this is less risky but still not recommended as using Tor is not illegal in most countries (remember US Navy built it initially and they and many other spy agencies still use it) also there are other better ways to achieve hiding from ISP. bridges were designed specifically for that.

If you don’t use VPN all your traffic will flow through ISP. That doesn’t mean ISP can see your passwords or anything. They can only see which website you’re connecting to given that you are using unencrypted DNS if you are using encrypted DNS with TLS Hello they can only see IP. The claims that VPN protects you from hackers in public WiFi is dead since all websites switched to HTTPS and HSTS.

By using VPN all of these details now won’t be visible to your ISP but they will be visible to VPN provider.

If you live in a place where LEA can’t kick down your door and arrest you for visiting website it deems illegal then using VPN doesn’t give you anything.

Of course even a lot of first world country have strict laws against piracy in that case VPN is good but if you aren’t pirating and live in a free country I’d suggest don’t bother with VPN unless you have other reasons.Another reason could be to access geo restricted content on Netflix and stuff

Another thing to keep in mind, if you are committing/suspected of any crime then LEA will definitely go through your search history, they can get this through your device if you’ve cleaned that up but use google account then they can ask google, or go to ISP and ask this, obviously if you’re in this category then there are better solutions like Tor I2P

There are other extreme examples where a cheap ad friendly VPN with no registration comes in handy. If you want to create a zero knowledge email. Most email provider will block you if you are trying to create account with ProtonVPN or from Tor, but if your route your traffic through Tor and then to an ad friendly VPN they mostly allow it cuz they think you’re a dumb dumb. Note - it is generally not recommended to use VPN over Tor.

K-9 was it’s own thing, Mozilla came along gave them a lots of money and just forked there project and just renamed it and added their logo

Yes and no

I’m not switching to Thunderbird I’m sticking with K-9

https://github.com/dulvui/pocket-broomball/

https://github.com/agateau/burgerparty

*two mins

I also have my phone setup to gesture navigation. If I swipe up and click on app icon I see option to pin it.

If you are on android you can use screen pinning. That way phone won’t get locked and bother the police but they can’t switch to any other app without your password.

But I don’t know how much I’ll trust an app by government. Maybe in Europe that app is Open source.

*two weeks