Traccar was they best solution I’ve going so far. Have you found others?

Funny enough I just changed my daily driver to Linux as well. Long time Linux power user, stuck with a Windows main. Finally made the transition, couldn’t be happier.

Congrats

There is so so so much, and they do get caught, and when they do we keep a peek into how invasive they are. As someone who has had to worry about being targeted by intelligence agencies and nation-states, I was completely blindsided by corporate/capitalist surveillance.

for example, look at this action by Meta, where they broke out of security sandboxes and exploited protocols in order to tie your browsing history (even private browsing) back to your identify saved in their databases back in meta land

https://www.theregister.com/2025/06/03/meta_pauses_android_tracking_tech/

the amount of data that is being harvested and sold, and resold, is absurd, and the greater threat is not just that they are exploiting you, its that they dont care who the data gets sold to. Bad actors (criminals, etc) can and will purchase information they can use against you.

So, consider the unintentional ramifications of all that info being harvested and available in addition to the intentional ramifications of hyper greed, and couple that with the amount of available compute and you will see that you do not need to be a person of interest, everyone is a data point that can be and will be exploited.

I would encourage everyone to take their privacy seriously.

This is like chaff, and I think it would work. But you would have to deal with the fact that whatever patterns it was showing you were doing “you would be doing”.

I think there are other ways that AI can be used for privacy.

For example, did you know that you can be identified by how you type/speak online? what if you filtered everything you said through an LLM first, normalizing it. Takes away a fingerprinting option. Could use a pretty small local LLM model that could run on a modest local desktop…

I have been thinking about this a lot recently. I live a life where OPSEC is relevant. Its something that I have had to consider always, and has been for 2 decades. Even so, I wasn’t as concerned this whole time as I am these days. The fact is that technology is making it such that its no longer “im not a person of interest they wont spend resources on me” because data crunching is happening to such an extreme, on such a grand scale, that person of interest doesn’t even matter. Do you exist, yes. Do you have a digital foot print, yes you do. Even if you dont do a lot online. Your metrics are being captured and being inferenced, and systems are using predictive analysis to determine what you “may” do in a given situation. Depending on who controls those systems they may decide not to give you a chance to make that choice.

Ill I can say is that there are a large number of groups that want your data, for a lot of different reasons, and none of them are for your benefit. So, are you going to let them have it, or are you going to take steps to reign in the amount of info you leave about?

totally arbitrary, lol. Im used to DNSSEC, saw DoT and DoH about the same time, think I saw a write up that used DoT and just went for it. Havent even compared DoT vs DoH, but DoH reminds me of Homer Simpson cuz im old XD

“Dnsbl is only a small component of effective network security. Arguably the firewall is most important and so I have a default deny all for any device on my LAN trying to reach the Internet.” 100%, I decided to break up my posts into sub components of the total stack, but to your point currently im enforcing a deny all inbound and outbound at the host level, as the network is shared with the fam and they are not ready for that level of learning (pain, lol)

I just learned about unbound, didnt realize it had a blocklist capability so thats great to know. Gotta dig into it.

I like that last bit, blocking DoT except for the one approved path. Much like TLS 1.3 it offers insider threat protection against inspection. So with that in mind when you said you are using unbound instead of using DoT forwarding, you mean instead of allowing clients to DoT forward, right? Thats what I am doing now as well, though I am not actively blocking it yet. Just currently enabling and testing feasibility on a single host to see the performance and operational impacts of privacy/security implementations.

Curious to your IDS solution, I gotta dig into opnsense. I know about it, its been around a long time, but havent touched it in so long I cant remember its capabilities.

I think if you are using any meta app on your phone yes. I would assume yes, if they put in the time to figure out the security bypasses then I cant see why they would limit it to one app. I removed all meta apps from my phone.

same for me, codeberg works quite well. no issues at all in comparison to github. slowly moving my code over.

nice. Im looking to make the transition to graphene OS. would go to linux daily driver if I can get away from MS Office. I do too much writing collaboration with others and it gets wonky going back and forth with office users. Though Denmark is saying they are ditching office so that might incentivize alternatives and such. exciting times.

Im currently working on a whole stack, so docker pi-hole with unbound using dns over tls, squid proxy with maximum privacy, FF fork with ublock, privacy badger, noscript. mullvad and/or tor depending on where and when im using it.

yeah, and extensions additionally work against you in fingerprinting. Though I’m totally interested in what extensions you are using.

Ive only started looking into these. GrapheneOS looks cool, but being stuck with only the Pixel is kinda annoying and google is being shitty about supporting it. Removing drivers and squashing git commits, making it harder to support.

I need to look at the others to see how they fair.

I should mention that DuckDuckGo recently released an android browser and it is privacy focused. I cant tell you how well it does its job BUT the important thing is that it has an experimental feature that creates a virtual network interface that routes coms and blocks phone home attempts and tells you what app is doing what.

I have had it running for a few months and its crazy to see how much traffic is going on without your knowledge.

exactly, we cant be going by vibes here. lets talk about specific metrics and then say ok, well these metrics are important, and this one has the ones I want.

I would stay away from chromium forks in general. Google is doing some underhanded stuff using web manifest v3, not to mention all the bastard stuff they are doing in general.

I am very curious not only to hear the answer to your question regarding FF forks, but also why they get rated that way.