I don’t actually agree that your analogy applies, because it ignores my point.

Neither “side” (as if there were only a binary choice but that’s how they want you to think) wants you to have privacy. Be united with those who want to fight for those rights instead of divided on other policies which are political smokescreens.

Maybe a better analogy is that we are drowning in water that is not cold, maybe it’s tepid and maybe its boiling. But arguing over which is worse really doesn’t matter because we’ll be dead in a minute anyway.

Neither did he last administration and neither will the next. They want us polarized and fighting each other so we don’t fight them.

I use two domains.

One is my name for people that actually know me.

The other is something random (it has meaning to me but nobody else would think that). I use that for all my “private” emails, creating aliases that forward to me.

The most important thing is to pick something easy to understand so its easy to convey. My domain is actually quite long, which normally is a bad thing but its distinct words so people understand it when I give it to them verbally.

As many have said, it shouldn’t matter.

Personally, I have been known to look at email addresses because I assess everything the resume gives me. No, I don’t really care what provider you choose, but it’s a tiny bit of information.

So if your email name is “BigBootyQT” then I have a glimpse of your personality and how you may or may not fit in the role. That’s a real example BTW. It also might bear light in other ways, say if you’re applying for a job in cybersscurity but you’re using a yahoo email. Yeah, that’s a negative mark.

Will any of this be THE reason I ditch somebody? No. But it weighs with the rest of it. I would not disqualify somebody for a typo for instance, but it is a negative because that should not have occurred (especially of the role requires attention to detail).

Is that what it does? I thought it deleted any profile other than the primary one.

With that in mind, security and privacy are two completely different things.

For instance, I would say that WhatsApp is fairly secure. It just isn’t private at all. Meta can (and does) see and track your meta data.

Why is that important? I liked these 2 examples I read somewhere because they are simple but explain how powerful it is. Your phone calls are private. Your carrier isn’t allowed to listen in on your call to know what you talk about. But they can see that you called a suicide hotline while standing on a bridge. They can see that your doctor’s office called you and then you called an abortion clinic next. The following week your GPS location went to that clinic. Are these things Person A would willingly tell their phone provider? It’s none of their business so I assume not. But they essentially are when they don’t care about their privacy.

Another stance I take is that even if they don’t care about their privacy, can they at least respect mine? I don’t give their phone number out to anybody that asks. But non private apps look at all their contacts so they are doing exactly that to me. Think of the last spam call they got. If they knew it was because of you wouldn’t they be upset?

Change your password, and hopefully you don’t use the same password across multiple accounts. Since you’re asking, I assume you do. (Not shaming, just informing)

It would be best practice to use a different email and password for every account you create, and enable MFA. Email aliases work great for this, and use unique randomly generated passwords for everything. A password manager will help you create, remember, and fill these fields for you so its not cumbersome. There are many good ones, I personally recommend Bitwarden. You can get pretty far with their free version, but I recommend paying to get the authenticator built in, so you can auto fill MFA codes.

If you can’t afford this, or want to keep the codes separate (not all your eggs in one basket) then download the Aegis authenticator app. Its free and very good.

Pretty much. I’d add one other factor to the mix: The threat is amped up so much that people become overwhelmed and say screw it they can never keep up with the threats so they’ll just take their chances - they’ve been okay so far.

I would add to the conversation with the questions;

Should all information be known? Just because something doesn’t need to be hidden doesn’t imply that it should be known broadly. It’s not okay for somebody to know what color underwear I’m wearing right now.

Is all information equal in value? Presuming one kind of data point is okay to be public does not mean that all data points are okay to be public. My address is public record (unfortunately) but that doesn’t mean my social security number, ID number, and passport number should be public as well.

I agree that it helped with adoption. In a way I wish they still had it so I could get my text messaging family to use a messaging app instead.

The flip side was, if somebody tried signal and didn’t like it and uninstalled it, then any SMS message to them from signal went to their signal account that they no longer had installed so they didn’t get it. You had no way of knowing so it really sucked.

I got started with aliases on anonaddy (now just Addy). After using a while I jumped into using my own domain, this is the real game changer.

Aliases are great and do their thing, but owning your own domain let’s you move everything all at once if you need to.

For instance, when proton added aliases I tried it out. I just redirected my MX records and was done. I didn’t like how they handled the header data because it broke a majority of my filters, so I switched back. Again, a simple setting adjustment and done.

For the record, I’ll probably switch everything over to proton eventually, but at the time didn’t want to recreate my filters. It makes sense to have all email controls under your email provider.

This concept is very understated. We need more options.

I’ll second the recommendation for GrapheneOS. One of the available options I use is to keep mic, camera, and location off at all times until I need them. That simple toggle ability changes your privacy stance greatly.

The description of the Matrix users is hysterically accurate.

First time I went there, I had an obscure problem with an app. A very friendly and helpful person jumped in and said they have that app but don’t use it often. Then proceeded to run multiple tests on their end to validate my experience. I was blown away. Super solid dude.

Every other time I’ve been mostly ignored. Which is fine if people can’t help. But as I check in all I see is forum fighting about what is right and best, as if there’s only 1 answer.

I’ve been trying to work this out since the beginning of the year. This is anecdotally what I’ve done, what works and what doesn’t.

Most of my solution comes from JMP.chat for my phone number along with the cheogram app for functionality.

Basically I got a number for friends and family. I got a second number to give to businesses that don’t care about VoIP (my dentist etc). ($5 ea). Cons here are that SMS groups are limited to 10 recipients. This doesn’t work for my large family chats (I can get them but can’t respond). Another thing I dislike is since its XMPP based, all contacts are listed as their phone number if in a group, so it’s hard to tell who’s in it. (Solo texts show as names just fine). They have a premium tier that routes differently to allow more than 10 in a group text, but I’ve tried that twice now and the actual phone calling gets screwed up. So I’m still trying to get it all sorted out (and I’m not optimistic) It’s also a service only in USA and CAN.

My original number that I’ve had for 20 years and all big tech have assigned to me, I ported to google voice ($20 fee)

Since my original phone number was a carrier number it is already assigned to all the stringent companies like banks. They continue to use it without knowing its now a VoIP number. I have all SMS messages forwarded to my email so I don’t have to log into google ever. It works perfectly for 2FA. Shortcoming of this is that any group texts the email just says you got a group text, but a single source text the actual text is forwarded. I don’t use it for groups so its not a problem but just mentioning it as a potential con. Then of course, its legacy so opening new accounts won’t work the same way since its a VoIP number now.

I bought a hotspot from calyx. By far the most expensive part of my solution. But it gives me WiFi access without a standard carrier (it does use T-Mobile but calyx doesn’t track you like they do). Check them out to see if it fits your threat model. It works out to about $50/mo but the biggest issue is that its an annual lump sum.

Another option I’ve been trying is 4freedommobile. They have decent plans and are focused on privacy. Everything runs through their app for encryption. But I’ve found the app lacking both in UI and functionality. You can’t do group SMS (which is apparently coming very soon) but my biggest issue is they require google play services for notifications. They state they don’t, but they do. Hands down it just doesn’t work without it. So that’s a deal killer for me.

Honorable mention is the premium service Elfani. I haven’t used it but have considered it. Its very expensive at $99 a month but is secure. However I don’t see much on privacy so I’m not sure how different they really end up being from their base AT&T provider.

Yeah, that’s why I mentioned having a secondary profile. Some stuff like bank apps you just can’t get away from so a profile with play services running is a workable solution. If you have a pixel phone already, you can give it a shot. One very nice feature of GOS is that it’s super easy to install - and uninstall if it’s not for you.

Like you said, banking apps. The logic behind that is they use google to security check their apps. A random non-bank example would be the slick deals app. Without play services it would just open then crash.

Many apps use play services for their notification system. So for instance, proton mail works fine but notifications do not.

NFC is not supported, so anything that uses that won’t work.

Not an app, but I was surprised that widgets don’t work unless you’re in the primary profile. Technically they work on any profile, but they randomly get deleted, and frequently. It’s a known bug that probably will never get fixed because the source of it comes from stock android.

I will mention that you can have a profile running play services, which gives you access to many apps that wouldnt normally work. And it’s sandboxed so it has less impact on your information (I don’t know all the specifics but it does limit in some way how much it can snoop into the rest of the OS). Then you can also set up granular controls on your apps to limit them from snooping.

Yeah, other than freezing credit, there’s not much you can do. It’s a toothpaste out of the tube scenario. It’s basically too late. The offerings always suck and are basically only there so they can say they’re doing something for you.

Other than that, harden your privacy in general. Yeah, it doesn’t help for breaches like this because you can’t hide from your doctors, but simple things like having an alternate email address makes it a tiny bit better.

Yeah, that’s the one that came up in my initial search. The recommended app Tuner is pretty damn good.

Thanks for the rec. I tried it last night and am very happy with it, better than what I expected.