Hi. I've been on the linux list awhile, but I haven't participated that much, I haven't gotten out to any of the meetings in awhile. I've played with linux, but still use windows a fair bit (and recently, chrome os, not developer mode or modded nor with google play store active, which gives some options for those who want them, but...) I'm not that technically savvy, I've played with linux, and try to learn some computer etc knowledge but I find generally just learning the bare minimum to get by is usually how much time commitment I'm willing to put in :sweatdrop: I like some of the features that people get 'enabled' by 'being spied on', but I don't like giving carte blanche to tptb for daring to use their services or ever agreeing to their long TOS without reading everyone of them constantly and re-reading the whole thing every time there might be a minor change - I do believe they are important, but I like the idea of just enforcing my rights, where their sort of concealed means of getting people to agree to giving up their freedoms without realizing they are doing so, doesn't seem unreasonable to me - if I block access to something they want, or I supposedly agreed to, they can ASK ME FOR PERMISSION, again, continually, and if they start using 'asking for permission' as a way to disable functionality or essentially punish people for asserting their rights, and turn it into a way of griefing users until they knuckle under, if I basically dissect their processes into bits, and individually allow them or not after analyzing them for hours and hours so I can use a service, and give only the rights I am willing to give, that they don't get to steal or abuse information or sell information on me to make as much money I consider a problem they would have to address with me with good faith and some honesty, if they want a different response. That said, I understand sometimes, some of the 'spying' are also 'secret security features' that 'help protect legitimate users' ie from when they are being hacked by others, who may want to steal their identities, falsify their credentials, and then do what they want with someone's system, private info including banking information, etc. So 'big brother' and government interests do some things I don't like, especially with respect me and others sharing sensitive information on topics related to abuses of power by government, various financial and power interests, etc, but I understand that there are other risks and threats as well, and often the 'government' and security sector ... offer the most reasonable level of security options for most people, to stay secure against 'other private interests' many of whom are somewhat individual, or 'lower level' crime. So for me, absolute privacy, all the time, may not be what I think is best for me or what I want, but I like the ability to have some knowledge of what is happening, and why, and to make some of my own choices about these things, like to sometimes turn some features off, or not. I get that turning off some features, when one wants, might be a thing a criminal, ie murderer, rapist, bank robber, etc, might want to do just before committing a crime, and I get that for automatic systems that are doing their best to predict threats and monitor some things and avoid 'false positives', including when there can be conflicts between internal elements that have different interests or priorities, ie shut down communications around abuses of power, criminal/ unethical (if people can make or change the laws...) activities of government including influencing elections and showing the grip of certain power influences on different elements of power that allow them to enforce and maintain their power etc... so to some extent I consider some of this invalid/ abusive, to another extent I accept that it may, from some perspective, literally be standard operating procedure, and operating any other way may leave elements of power that are necessary to maintain sovereignty of country, finances, infrastructure and important institutions, open to being preyed on by other interests that would be willing to disrupt them for their own gain, including foreign interests with political objectives, criminal interests with power and financial objectives, and more, and where different things may sometimes overlap, etc. So in general, where I know there could be... serious risks to ... community or others, where tptb in this case say my government or law enforcement that may be in part trying to protect me, and others I care about... to some extent, I am wiling to be ... frustrated in my absolute freedom, where I may not fully understand the technical and practical reasons this may be necessary, or where I may be putting myself at greater risk by being anonymous, to others hacking my identity and compromising my security, not being able to prove my credentials in a way others cannot falsify them (not even talking about AI or fake generated info here either, just hackers of different levels of ability and resources, not excluding those potentially connected to various governments, not just NATO ally type ones necessarily... or 'chinese water army' or whatever...) Ok so in summary I am ok with being pushed around a little bit by those in power, having some information passed around about me, sometimes even being shadow-banned a bit in social media, etc... where my access to various services isn't completely cut off, where legally or not legally (or national security/ supposed interests of priority where financial interests may get flagged as national security etc...) justified to do so... But I like the idea of being able to say a 'strong no' when I feel I have some clarity around what is happening, and why, and willingness to accept some consequences for ... doing things various interests might not like, let's say outing lying in the media by various interests who might be doing so in order to muddy the waters on whether climate change is real or not, related to massive potential revenue losses, law suits for unimaginable amounts of ecological harm, etc. with the intent that society can make informed decisions rather than letting a powerful monied elite unethically manipulate situations that may harm billions or the potential survivability for humans on this planet to maintain the 'financial supremacy and profits' of certain interest, even where I know in some ways, those potentially abusing corporations, in some ways may be part of the foundation of some of what is keeping society thriving and functional presently, even if society could and would be better if much of that dependence were... phased out, weened off of, etc... Ok, so long email already. I like the idea of a stripped down FOSS OS shell, that has root access that I can access and others can't easily access, on a phone. I thought an option might be to have multiple 'profiles', where one profile on, say, an android like device, where the android system was running 'on top of' the stripped down rooted system, would be stripped down and secured, and could allow me to access some functions I consider fairly essential, but sometimes pretty simple, like say basic word processing functions, like say notes about my different accounts and passwords, could be accessible, but secure from most external influence, but just to go a little further, lets say also that the firmware and image files (as in operating system or restore and recovery type files) might be secured from tampering etc, and also log files showing attacks and encryption functions of the device, etc, security features in general that are not sort of belonging to or proprietary to software I may sometimes want to use but that may have legitimate reasons to keep me from over-riding its security and ability to protect the service and other users from me or malware on my device, etc etc. So the idea with profiles might be, have a 'standard one' that can act as being normal, and giving all the rights asked for by different services, EXCEPT maybe the ability to hide what access and rights they are taking, especially where some of these may be criminally or unethically breaching my own privacy and safety, etc, so ie may I log that crap, and then decide if I am ok with it or not once I research it more, but at least I can know what services and apps are doing, and if they may have a legitimate reasons for doing so, and concealing that they are doing so, and then on that basis decide my level of willingness to continue to use those services, software, or allow certain processes that might not be necessary but maybe 'make them more money' by 'compromising my privacy' to 'private interests wiling to pay more money to them' for that... etc. so, profile that is stripped down that is using the more or less normal android etc system, but that has been configured to be more secure, on top of a stripped down rooted shell that can enforce boundaries in the android os, or the hardware of the device, that might otherwise be able to compromised by other interests which don't give a valid basis for doing so... etc while also having a basically standard profile that behaves normally or mostly normally, and can 'look like' it is behaving normally to various system to not get 'flagged' as a problem, and can hopefully give me the information I need to know if 'extracurricular accesses' to my device and resources may be justified, or might be certain interests taking advantage of security that they have more privileges than they deserve on my device, etc. So the hope would be, be able to use a mostly vanilla system that doesn't rock the boat or lock out various interests from the functions they've come to know and love on my phone and device, when I am 'safe enough' to be willing to use their services, etc, but something that might be able to 'alert me' to anomalous behaviour, if suddenly a private interest for which I have an app on my phone, possibly a foreign interest, like the USA, takes issue with some of my choices preferences activities which are legal and my right, and would illegally/ unethically usurp/ disrupt these simply because they can and can tend to do so invisibly, without being seen to do potentially criminal unethical things, and therefore avoid consequences/ accountability while pushing their interests and undermining those of others... so an ability to get some alert at this, identify apps or system processes doing it, quickly check if there could be a legitimate reason to suddenly put different conditions of affects on my use of my device and services, ie did I take actions that legitimately flagged me as a serious risk, and is there a certain amount of permission that I can give to various things to allow them to assess and confirm the LACK of risk / threat in a legitimate way, where this is the case, that maintains my freedom rights sovereignty privacy as much as possible, the security of systems that want to assess threats etc and their means of doing so, ie I just know what I need to know, that doesn't compromise the safety or effectiveness of tools and services which are helping keep my community / country/ peers stay safe as well... and where some private or lets say 'autonomous private interest cells within the established power/ security infrastructure and systems' are taking liberty with my and others rights and freedoms for an advantage which is not justified, and be able to, if nothing else, opt out of services etc, either temporarily or permanently, if it is not possible to work out a reasonable agreement / healthy boundaries about what accesses I am allowed and other interests are allowed on my devices, etc, ie so log and backups are secured, so I can 'take software off my machine' and still use it as it was intended when sold and contractually agreed to, but I am not 'forcing' different services and software to continue to provide me service(s) when I am no longer willing to agree to the stipulations of those service(s), while therefore not putting the service where legitimately doing a public good/ service that is legal and ethical etc to not put this or its users etc at harm, while maintaining my ability to use other functions I've come to know and love and rely on, hey, how about 911 calls, staying in touch with family and emergency contacts, mapping features, accessing my finances securely when needed, especially if some illegal activity like false financial transactions being charged to me, etc... while I can continue to have access to many of these, but maybe I can't post risque jokes to fb, or hot pictures to dating /hookup sites through their apps, or remotely control servers that are sharing files with friends, like say music servers... or something... where some of these might be considered somewhat valid reasons to sort of ... create some restrictions, based on users sometimes choosing to make choices where their freedoms may sometimes push against the legitimate freedoms of others, and there needs to be some leeway in setting healthy boundaries, etc, on both ends. so in summary it was, rooted shell, multiple profiles on top, secured stripped down essential function admin profile, 'play' profile which doesn't secure much compared to regular phones, but for which serious tampering in a permanent and hidden way should be restricted by essentially being 'like' a 'virtual machine' on top of a secure OS underneath, etc. I've never done anything like this really before, even making a custom linux build is beyond what I have done right now, so I don't know if this is technically feasible, or generally a good idea, and I don't have the knowledge or experience to know... what some of the healthy boundaries around ... user rights versus service and external institution rights of government, security sector, etc... where the reasonable balance would be... because even knowing that some security exists opens the possibility of bypassing it, and therefore, by asserting my own freedom, I may be creating the possibility for those with very bad goals and ethics to be able to do so, in contravention of my own values, public good, and the rights of others, including some who may be vulnerable or less able to advocate/ enforce/ access resources to help maintain their own rights and needs, etc. So, in principle, I like the idea, in practice it is harder than even just a technical knowledge or capacity to use or configure software, so I feel a little intimidated in even trying, even though I have experienced a lot of things I don't like on an ongoing basis around these things, and that while the potential for great harm or even societal collapse may be possible if blocking certain institutions from taking certain liberties may exist, that NOT blocking them could have similar consequences due to THEIR FAULT/ ABUSE, and that I am likely to have difficulty being able to tell and make a wise decision from a microscale, to how such things will affect the macro scale of society, tech infrastructure, political and social concerns... so I guess the hope would be... is there some 'really small' solution(s) that can be found, that 'enforce' some rights that I am not willing to have 'taken away' without due process/ informed consent etc, vs flexibility and being... 'adaptable and resilient' to changing needs of things beyond my scope, and not needing to impinge or threaten others and other interests to maintain many/ most of my own needs... what can I reasonably let go of, so that I can avoid inadvertantly causing harm, 'harm less' if a conflict arises, without having to include my essential and fundamental rights in this... can I sort of acquiesce to certain 'pushiness' of different powers and interests where I know there can be legitimate need, that I may not be able to or may not choose to assess myself (possibly because of the amount of work that would be involved, which I might not be willing to do in the stead of what my own personal needs and priorities with my time and energy tend to be...) to sort of accept being jostled in the crowd a bit while moving around, without getting stuck in the mosh pit, knocked to the ground, and sorted of stomped and jumped on, without being able to get out again, etc... or having to do the same to anyone or anything else... etc. sorry for how long this is. Michael Goguen On Thu, Jan 28, 2021 at 3:00 PM Brett Delmage < brett [ dot ] delmage [ at ] twobikes [ dot ] ottawa [ dot ] on [ dot ] ca> wrote: > On Wed, 27 Jan 2021, FZ wrote: > > > Also, Ha ha, what a surprise... I might also be persuaded to set this up > for > > you as a service. > > Franz. > > Agreed with much of what you said, and that is a good book. > > Perhaps this could be one or more interesting meeting presentations > (alternate phone ROMS, and running your own services) ? > > For 10 years I've published an online news publication: a > revenue-generating business and leading in revenue for its class. I > specifically used Linux-based, open source tools for most of our editorial > creation and development, online publishing, subscriber and donor > communication and records. Also, I specifically only used Canadian > internet services/hosting. I'd be willing to talk about that. It's not a > full meeting worth of presentation but might fit nicely into part of a > theme of Linux-based privacy from different perspectives. > > Brett > > p.s. I have not commented on it yet, but this mailing list is > misconfigured and so unnecessarily breaks DKIM signatures. That would lead > to properly signed messages being more likely to be tagged as spam, as was > recently noted. If the OLS mail list operator wants to contact me I could > possibly provide some advice on this. > > To unsubscribe send a blank message to linux+unsubscribe [ at ] linux-ottawa [ dot ] org > To get help send a blank message to linux+help [ at ] linux-ottawa [ dot ] org > To visit the archives: https://lists.linux-ottawa.org > >