First, not looking for advice myself, I am planning to make a talk in a “interest group” here locally where I live. I plan to give a short talk about FOSS in general though I want to have some focus on privacy. Most member of the group are university student expat from Indonesia (I don’t leave in Indonesia but I am Indonesian).
While their financial situation varied, a considerable number of them are on lower middle class. So, most of them are using Xiaomi Redmi or Samsung A/M series phone. Google pay, gmail, Google drive and WhatsApp are pretty much the defacto standard here. And good luck convincing them to ditch Windows. At best, they probably will move to a Mac.
With that out of the way, I had some ideas on advises that may improve privacy.
Replace default keyboard app with a better alternative. I personally use heliboard but I plan to use the app list from DivestOS recommended apps.
Use alternative DNS resolver.
Various FOSS alternative for different apps such as Camera, Gallery, task list, Bible, etc.
Use Chris Titus Windows script to disable windows telemetry. I am not sure how effective his script nowadays but I was using it for Windows 10 in the past (I am on Fedora now).
I guess I would like to know what other advice that you think I can add.
I’m not sure if you have considered it yet; but i would strongly recommend mentioning password managers. A password manager is probably one of the biggest privacy/security steps an individual can take by simply installing a new software.
The biggest benefits from using a password manager (in my opinion) is that it provides a new organizational tool to help establish a baseline for digital account health; and provides tools necessary to create and maintain said accounts in a secure manner.
Google or the OEM already has privileged access to their devices, what’s the point in not using the Google/Samsung keyboard and adding attack surface by using a different keyboard?
Replacing the camera app will completely ruin the quality and the feature set of the camera, it also doesn’t provide any privacy or security benefit apart from adding more attack surface.
There is also no point in replacing the gallery app if you haven’t enabled any features that upload your pictures to the internet.
Oh, right. I forgot. I guess I can recommend bitwarden? I use it but with the recent news from them moving to closed source model made me a bit hesitant to recommend. Certainly better than whatever google provide.
Edit: Just read more about the issue. I think I misunderstand the situation before.
It seems to me you are focusing on trying to change some marginal details rather than looking at the bigger picture.
Switching to some foss tools is nice but if you still use many of the google services like gmail, chrome, search, drive and so on, that quite fails to improve privacy.
Even if you are a Windows/Samsung user your privacy depends a lot more on those services than say the keyboard or dns (at least for basic threat models). I would encourage you to lean more towards free privacy respecting services like the Proton ecosystem and similar alternatives rather foss tools that have a more marginal impact on personal privacy.
But than if your speech is specifically about foss software you’re quite limited.
Instead of just alternative dns, tell them to use alternative dns that also block ads. Ads are the most common source for viruses, malware, badware and generally unwanted stuff these days. And obviously how they’re literally homing beacon trackers. The annoying factor of them is an added bonus to block them.
Good list. With that target audience less is more. 80 - 20 rule.
The only thing i would add is 2FA for important accounts. This is low effort and makes a huge difference!
You can actually uninstall system apps without root or even a computer with Canta. It requires setting up Shizuku, which needs any Wi-Fi connection to start (a local hotspot from another phone is already enough, no internet needed). After that you just select the bloatware you want to delete in Canta and do it in one tap.
Android 15’s Private space kind of existed in older Androids as a Work profile. And to utilize it you need to use Shelter or Insular. While they’re not guaranteed to work properly on all ROMs, it’s better than nothing.
Ditch Chrome. Cromite is just better nearly in every aspect while still looking exactly like Chrome.
But they could unknowingly enable it, either the smartphone OEM’s solution (like what Xiaomi does) or by Google Photos. Honestly I’d either install a custom ROM (if I could) or ditch both gallery apps mentioned.
“By a show of hands, how many of you have an old pc collecting dust in your closet? What if I told you that you can easily bring it back to life for free, by installing a fast user friendly operating system named Linux Mint? You don’t need to spend money to get a new system.”
You’ll find a trove of info on the internet and probably have enough content for several meetings of your interest group. Here’s a writeup a author/researcher put together in 2019.
I do find it particularly odd you say they’re lower middle class people on average yet they won’t give up Windows, and if they did, it would be for MacOS. Last time I checked Macs were the MOST expensive computers out there. At least when we’re talking stock hardware. Linux is free. Nevertheless, if they won’t give up Windows there use to be a way where you could block most of the telemetry just using the firewall. This is outdated now, and I have no idea if it is still as effective. Other smaller things they could do is use DDG as the default search engine, avoid using Edge or Chrome browsers, and encrypt their DNS with with either DNScrypt-proxy (free) or use a VPN (not free). Also make sure their user account control settings are set where you need to put in the admin (root) password whenever programs try to make changes to the system. I believe someone else here also asked a similar question about this. No program should be installing itself or making changes without permission first.
If these people are not already looking to improve their privacy and security it’s is going to be difficult convincing them to start paying for services (which Google might be offering for free) or doing anything too intimidating like getting apps from Obtainium.
Stick with stuff that is straightforward and explain the benefits. For example (for Android):
switch to Brave (Chromium)
install a free but reliable VPN, such as Proton VPN
get an encrypted email inbox from Proton or Tuta for important mail
My family didn’t care about privacy or trustworthy software until some of them got scamed and lost a lot of money because of a fake YouTube ad.
Im assuming you want talk about FOSS because some proyects are more trustworthy or private or whatever.
Don’t waste your time, most people won’t change their default apps for an amorphous distant treath like “Google”, “Freedom” or “Big Brother”, instead make the treath obvious, tell them stories of how people have lost their life savings because of malware and scam ads, tell them how common it is and that in many places like México it is more lucrative than drug trading.
Once you have their attention show them how they can protect themselves and their families, using FOSS tools like ad blocking products (Brave, uBlock and DNS) and how to protect their accounts with a trusted password manager or any other tool.
What I’m trying to say is that you need to make them care, if people don’t think your FOSS tools solve a problem that they actually encounter they won’t use them.
Never heard of heilboard. Is it better than AnySoftKeyboard? I have a decent experience with the latter, but I’m open to change is the UI & UX are better.
