Reviewing Apps and Services with a security and privacy lens

Encryption is not enough. Relationship maps (identity derived from who you're associated with). Signal, Telegram, WhatsApp uses your phone number for this association. They also have access to your contact list. Protonmail and Tutanota use your email for this.

WhatsApp uses device fingerprint, so its the same to parent company FB if user is using WhatsApp, Messenger, or FB, or is using whatever login name. It's obvious to them because the device is the same. Also crowd-verified by family all in same location, and who tag people, intersecting locations. WhatsApp may be e2e encrypted.

Signal Has phone number and contact list, so not as much info as WhatsApp perhaps.

Telegram Like Signal.

Protonmail Lots of metadata available. Non-encrypted mail can be read, from insurance agents, schools, utilities, etc. Some people publicize their email address. Interdomain email. (Security people suggest using a protonmail account for only intra-domain [specific purpose] conversation, not for everything, although data-contamination happens from what your contacts are doing).

Tutanota Another email like Protonmail.


Suggestions by security people: Use something like Signal, but only with family (no concern over establishing a relationship map). Have a private email server and use in a limited way, for intradomain conversations. Use 'noIdentity.'

TTTThis

Graphene, Lineage OS, AOSP, deGoogled phones

2021: Braxman says older Pixels are now being unsupported by some US carriers (Pixel 1 and 2 are spotty for this)


Difference between Graphene and LineageOS, according to people online:

(Too many to list, but shorthand overview)

Graphene focussed on real security work, so for people who care about security, but is mostly just for Google Pixel phones of a few editions. Harder to mess up the security, for the regular nontechnical user. Supports verified boot. Can relock the bootloader after installing it. 'AOSP with more hardened privacy.' Now has sandboxed GooglePlay services if you want to use Play (still unstable). Community has been said to be a bit toxic (I have no first hand with this).

Lineage designed for powerUsers who want to tweak it and have bells and whistles, and is available for lots of phones. Targets support. Is effectively the same as flashing AOSP on an out-of-support ROM but less breakage. 'AOSP without Google.'

Calyx, a third OS people online recommend sometimes. Is fully deGoogled. 'AOSP with some additional privacy features.' Works only on Pixels (like Graphene).

If you want to use any of these, before you buy a phone make sure it has an unlocked OEM. Go to Phone and make yourself Developer, then go to settings and unlock OEM. If you can't unlock OEM, you can't install any of these.

Check if an app will work on a deGoogled device with https://plexus.techlore.tech/ On left is Graphene and on right is Calyx and Lineage. It is color coded for if it works.

CONSIDERATIONS:

These limit Google's ability to spy, and that ability for the companies who own any apps you might want to install. These still leave hardware vulnerabilities. You're still vulnerable to tracking by the carrier and government creeping. But you can remove or turn off physically the SIM modem.

Some have noted that tracking is so offensive to people because it's become so precise (6 feet). But if tracking is made less precise it offends people less, while allowing them to use geolocation for convenience (maps, finding locations near them). So if they can be located within a block or two, for example, it's less offensive than 6 feet.

Advantages of using a deGoogled phone over a LinuxPhone: Can use newer, faster phones. Can use all apps (compromising to various levels on your security/privacy).

The reason using a deGoogled phone is better even if you want some apps. Using the PlayStore means the apps use Google's code (connects to Google, even to get notifications for the apps I've heard, but also databases I've heard). A deGoogled phone, even if it connects to Google to use PlayStore, doesn't usually have an id (has a spoofed id), ie the owner doesn't sign in (it does get a device fingerprint and will know what apps the phone has installed from Play, but it won't have access to users financial records), and wifi scanning is disabled, limiting a main tracking means. Some deGoogled phone users uninstall PlayStore after then install their apps.

DeGoogled phones use apps from Fdroid, which are opensource. But for many commonly uses apps which are considered spyware but are used by everyone, people compromise and install them to varying degrees. They use Aurora Store to use apps from the Play store but logs in with a spoofed ID. Or users can download apps from other stores online and install them.

When not using GooglePlay services (which handle notifications for apps on the phones most people are familiar with), deGoogled phones use MicroG (a Google service emulator, simulates Google so apps think they're talking to Google, and it communicates with Google to get notifications but Google doesn't actually see the phone because MicroG is in the middle handling the interaction).

Paid apps don't work on deGoogled phones people say, because you need the PlayStore for that.

People say in the future security people will possibly just switch from phones to computers.

TTTThis

PineTime Watch

Suggestions:

  • Dictionary, which works with text imput (somehow) or with voice. Does not require internet connection to work
  • Translator, same

These are two things a watch would be better suited for than a phone or other device. You have a watch handy while you're reading books, when you're on the street (some streets you might not want to take your phone out if there are thieves there), during lectures

TTTThis

PinePhones

Suggestions for improvement, hardware:

  • Two microSD card slots. Since users often run their OS with one, how are they to move documents to their PinePhone. Currently, they would have to take their OS microSD out, plug it into a computer, and put the files on, or transfer over internet. Better solution is a second microSD, so they can add to their mp3s, pdfs, etc.

Suggestions for improvement, software:

  • shortcut for screen resolution. Currently, if you want to switch to 100% from the 200% resolution best for apps designed for the phone screen, you have to go through Settings etc. But this is a task you want to just click a button. A toggle could be added to the top of screen menu. Ideally, you should be able to make shortcuts in the top slidedown screen for anything you want (more or less)
  • Processing indicator animation icon. On PinePhone, sometime things seem to be taking a long time, and you don't know if the machine or process is frozen. Even on Terminal. It would be better to have some kind of indicator to show things were still happening and it's not frozen.
  • Image viewer should hold the 'left' and 'right' icons for longer. It currently displays them for like 2 seconds before they disappear, and you have to click twice to scroll to next image. It should hold for 15 or 30 seconds, and/or should be an option users can set. Also currently to swipe to next image, you have to place your finger basically off the screen and swipe. You should be able to place your finder on the left 5 or 10% of the screen and swipe.
TTTThis

Studies in Comparative Law

Books (from https://www.nyulawglobal.org/globalex/Comparative_Law1.html )

  • The main classic European theoretical works on comparative law are: David, R., Jauffret-Spinosi, C., and Gore, M., Les grands systèmes de droit contemporains, 12e éd. Paris, Dalloz, 2016. The book has been translated into numerous languages. An English version of the 6th edition of 1974 was published by Sweet and Maxwell as Major legal systems in the world today, 3rd edition in 1985 (out of print).
  • Zweigert, K. and Kötz, H., Einführung in die Rechtsvergleichung, 3e Aufl. Tübingen, Mohr, 1996. English translation: Introduction to comparative law, translated from the German by Tony Weir. Oxford, Oxford University Press, 1998.
  • Breda, V., ed. Legal transplants in East Asia and Oceania,Cambridge University Press, 2019.
  • De Cruz, P. Comparative law in a changing world, 3rd. Routledge-Cavendish, 2007.
  • Glendon, M., et al, Comparative legal traditions: text, materials, and cases on western law, 4th ed. West Academic, 2015.
  • Glenn, H P. Legal traditions of the world: sustainable diversity in law, 5th ed. Oxford University Press, 2014 (1st edition gained the Canada Prize, International Academy of Comparative Law, 1998).
  • Harding, A. and Örücü, E. (eds.) Comparative law in the 21st Century. Kluwer Law International, 2002.
  • Legrand, P. and Munday, R. (eds.) Comparative legal studies: traditions and transitions. Cambridge University Press, 2003.
  • (Want to read) Menski, W., Comparative law in a global context: the legal systems of Asia and Africa, 2nd ed. Cambridge University Press, 2006.
  • Merryman, J.H. and Pérez-Perdomo, R. The civil law tradition: an introduction to the legal systems of Europe and Latin America, 4th ed. Stanford University Press, 2018.
  • Palmer, V., ed., Mixed jurisdictions worldwide: the third legal family. 2nd ed., Cambridge University Press, 2012.
  • Riles, A. Rethinking the masters of comparative law. Hart Publishing, 2001.
  • Varga, C. European legal cultures.Dartmouth Publishing, 1997.
  • Zimmermann, R. Mixed legal systems in comparative perspective: property and obligations in Scotland and South Africa. Oxford University Press, 2003.
  • Zimmermann, R. and Reimann, M. The Oxford handbook of comparative law, 2nd ed.,Oxford University Press, 2019.
TTTThis