Comments by "" (@MsHojat) on "Rob Braxman Tech" channel.

  1. Regarding looking at the amount of data they send, the thing is that the quantity of data doesn't even need to be much for it to be of extremely high value/quality/usefulness. Like a GPS coordinate every hour combined with sending all logins and passwords would be using less than 1 kb per day, and even sending all the text one ever types probably amounts to less than 10 kb per day. This is effectively undetectable if one only looks at high data transmissions.
    15
  2. You can disable google services, but that breaks a lot of functionality. It also doesn't completely de-Google a phone (namely SUPL but also maybe some other —probably more minor— stuff). It can still be viable for some people though.
    12
  3. I don't use 2FA on anything, but both Steam and Discord (along with Google) have demanded me to provide a mobile phone number anyway, which is quite aggravating.
    11
  4. It's important for you you to understand it in a non-conspiritorial way, explain it to them in a non-conspiratorial way, and make sure they're using the word properly. For instance, if a company is doing something in secret, that could be considered a conspiracy, even if there is proof of it occurring. Conspiracies can sometimes be happening and is the accurate word to use to describe the situation. Other times people just use the word to mean "unproven paranoia". In that case, they are either correct (there ARE a lot of paranoid irrational people out there that believe in problematic conspiracies such as no moon landing, govt.-planned WTC attack, recent pandemic cause), or —giving you the benefit of the doubt— are just ignorant of the facts. Telling them that this have evidence supporting it is fine, but it won't necessarily make them believe it, because paranoid delusional people say the same thing. But when you talk about how it is studied by experts, documented, and give details, combined with their own reasearch it may get clear to them. It is hard to change people's views, and often takes time. It also needs to matter. Fact is that most people aren't going to have some unlikely geofencing occur to them, or similar sort of false charges applied to them, nor suffer any direct losses for a company abusing their data. It's ethical to fight back, but the reality is that it is —and should be— a very low priority for most people, especially compared to what else may be going on in their life.
    6
  5. Also note that there's various things that the browser sometimes does before even pressing the enter key to visit a website or perform a search. Namely: as you're typing it may transmit the keystrokes in real time to a search engine to autocomplete from google/search-engine.
    6
  6. Youtube deletes a lot of comments seemingly randomly. Other times it also seems to do so in certain situations like Tor browser or anti-fingerprinting/anti-script extensions (presumably because the system thinks its suspicious). I had this happen regularly to me a lot. I don't know what I did to fix it, or if possibly the system just changed something or managed to register me as less suspicious. If ever you see your comment missing, never assume the video creator deleted it. At least in my case you can also check your message a minute or less after posting to see if it's still there (by either editing it, or clicking on the "x [time] ago" above the comment and beside your name. I don't know if messages ever take longer than those mere seconds/minutes to be auto-deleted, but in my personal situation that was never the case.
    5
  7. Good summary video. You've gone over this sort of stuff before, but I think it takes multiple times for most people to fully understand it all. The thing I hate most if how other people's contact lists can be obtained, and there's nothing we can do about it. Of course they still need to make guesses that the name on the contact list is the right one, and/or to link that name to a known name they have on their system (due to a purchase or something, assuming real names were used)
    5
  8. As far as I know the EMF measurement to read screen was only for CRTs, and even then I think it was so noisy it wouldn't really show much detail such as text.
    5
  9. Yes and no. It's true that some services might detect a VOIP number and deny it, but if you use your real number for 2FA and VOIP for everything else it will still work. This kind of makes sense to do anyway because all your normal conversations —voice and SMS— will be encrypted (assuming it gets routed through a VPN). Only 2FA won't be encrypted, but that will pretty much never be an issue. The only theoretical downside is that when doing it this way is that the 2FA will still be vulnerable to SIM swap attack (assuming that you can't just set protections with your provider to make such attacks not viable) if somehow someone got a hold of the 2FA number. however considering that the number is only used for 2FA, nobody should have that number as being linked to you (it will only get brute forced SMS spams but not know any info about the owner of the number). So it's rather irrelevant that I even brought this up.
    3
  10. You mentioned the option for some people to use two phones, but what about dual boot? obviously it's a bit more complicated, and a bit more of a hassle in some ways, but in other ways it's less of a hassle (don't need to charge and carry around 2 devices all the time), and certainly saves money as well (especially if both devices were to have separate cell plans. And if they used the same plan, it'd be a hassle to SIM swap every time)
    3
  11. I bet Ukraine has very affordable mobile data? Here in Canada mobile data prices are crazy. Small amounts of data are like 100$ per GB, and then bulk data can be more like 10$ per GB if you get like 5+ GB.
    3
  12. I know that I had a Google account without a phone number for a long time, and I know that no number is directly mentioned on my account, but I can't remember if they eventually asked me for a phone "verification" once (anti-bot I think?). Certainly might have, and if-so I suppose it doesn't stay in account info as a registered number. (not to say that they don't still remember/keep that info)
    3
  13. Hasn't the "default to unpriviliged user" been a thing for some newer Windows OSes now? IDK, but I thought I had heard that. It's just easy for users tp disable Windows' protections like UAP and such. I think a lot of apps are designed to be run as admin too, which probably contributes to part of the problem.
    2
  14.  @terrydaktyllus1320  yes, but my point (along with Braxman's) is with an AOSP OS using MicroG you can still use G apps while still maintaining privacy. It's not an option on stock Android, so you have to break even more apps, more than most people would consider acceptable.
    2
  15. With regards to 2FA numbers, most major services in my experience DO NOT ACCEPT VOIP numbers, so it's not a viable option. With regards to Google or Google Voice specifically, I think I heard that they did allow it, but that was a while back and may have changed. My suggestion for 2FA numbers is to get a pay-per-use plan. Mine is something ridiculously expensive like 20 cents per SMS text to send ($.60 per MMS), 40 cents per minute to talk (even for receiving calls), but receiving texts are free, which means the overall cost is only the required 1/3-year top-up fee of 25$ (75$ per year, 6.25 per month), and that money goes toward talk/text/data. Granted the rates are high so you can burn through it quickly. surprisingly the data rate is only $0.15 per MB (which is cheap for pay-per-use in Canada, despite it still being stupid expensive overall), so with a firewall installed on my phone, and lean data use, I can use it for some basic data stuff too. VOIP service (even when including paid VOIP service fees) even works out to be much cheaper than the .40 per minute; more like $.10–.15 per minute As mentioned this is for Canada. It should be even cheaper in the USA, and super cheap in most of Europe and Asia. (mobile consumers are being exploited in Canada) What's nice about these sort of plans is that you can set up the account without having to give name/address/credit-card (or at least fake name works), and you can top-up the account with purchased cards at stores which can be paid with cash. This allows for complete anonymity (although really unnecessary, at least for only a 2FA plan).
    2
  16. Some of the info mentioned in the video was a bit misleading. Services like Microsoft e-mail (and others, but I know MS has been doing it for ages) will download the content onto THEIR servers first as a proxy, so it won't reveal your device info nor IP info. The only thing that it will possibly/likely do is confirm that the message was opened (albeit the senders should maybe realize that it was opened by the mail server and hence that the user may have not actually opened/read it) I think I heard that Apple mail service has recently started to do the same thing (which I was surprised at, because I think Microsoft has been doing it for like 10+ years or something) I'm also pretty sure that many/most e-mail services (such as Microsoft) hide the sender IP address when sending e-mail as well. Is that only true if webmail is used? I don't know for sure, but I thought that if using an e-mail client that it would still hide the IP address. Am I mistaken?
    2
  17. My current VOIP service that has numbers for many countries (incl. North America) costs 0.8 cents per SMS and 1 cent per minute for voice and 1 dollar per month.
    2
  18. Nice summary. It's comprehensive while still staying simple and to the point. All your videos are comprehensive, but sometimes they can be a bit long and hence hard for people to listen to, but I wouldn't say that it was the case here. One thing that might have helped the video would have been to add screenshots of the GUI, or even just their logos or website or such. Really great to hear about the affordable price for the Brax 3 device.
    2
  19. Well GPS isn't inherently a problem. The problem is more with telemetry, where software on the phone transmits that GPS data to an organization. This can be mitigated with a rooted firewall. I find that no root firewalls don't block everything entirely. In fact even better is also to run an OS that won't do that telemetry, and be careful about the additional apps that you do run/install, and the permissions you give them.
    2
  20. such a hacker :P
    2
  21. You can install a firewall on the phone. That works quite well.
    2
  22. As far as I recall for a long time Microsoft mail (I presume just their e-mail service, not as likely e-mail clients) downloads remote content to their servers first, making beacons less useful since they just always get marked as read as soon as the e-mail is sent, regardless of whether the user ever opened the message.
    1
  23. Great video. I have heard of PTSN gateway VOIP providers providing some sort of encrypted support though, so maybe that wasn't really covered in the video? I suppose you could say that it doesn't matter though since it wouldn't be end-to-end (inherently impossible), so government could set up to collect the data at the service provider (at least in theory)
    1
  24. Wouldn't disabling cell data work the same as disabling an e-SIM even if there was no option to disable e-sim? Or at least on a custom OS? I guess you're arguing that the stuff would be running on the baseband modem so regardless of what is running on the main system, there would be no guarantee of control over it? Wouldn't that problem then exist even for non-eSIM devices without a SIM card (they can still connect to cell towers, ex. for 911 calls), or e-SIM-supporting devices that supposedly aren't using e-SIM? so it doesn't really seem like a valid argument.
    1
  25. That's only for the stock OS I assume though. Could still disable that by using it with another OS like CalyxOS or DivestOS.
    1
  26. Isn't 5G's location targetting not that big of a deal, since with older techs they could still use triangulation to get a good estimate of where you are? Sure 5G would still be more precise, but I have doubts as to how much such precision really matters. I guess that it could notice the specific buildings you enter.
    1
  27. My post keeps getting shadow-deleted/auto-modded. I don't know why. It was talking about how I had a similar problem, and that Discord is even worse in many many ways. I even edited out words like "Discord" and "YouTube" and "Google". I don't know why this one didn't get deleted but my other attempts did (assuming this one does stay up)
    1
  28. Valid numbers can be obtained by brute force— calling/texting all possible numbers. I would assume that is probably the reason you are getting calls rather than someone from another area code, but your hypothesis is still possible instead. However, if you register your number with the do not call list that should protect you from getting US-based spam. Only international spammers would then do it, because any in the US (or even closely linked with the US) will be breaking the law and can be tracked down by law enforcement. Or, considering that they are presumably a legit organization that respects people, you can just call them and tell them they have the wrong person and you don't want their messages.
    1
  29. I'd say no. For most privacy issues it would not help much or at all. However what I think WOULD work is dual-boot. A bit complicated to set up though.
    1
  30. Consider using Dual-boot on a single device.
    1
  31. I think it would be crazy and almost entirely pointless to have multiple 2FA numbers. You only need one, and you don't really get anything for having multiple.
    1
  32. For a long time now I don't know why national governments haven't been using OO/LibreOffice more. Being dependent on a for-profit company using propriety closed-source software (particularly for all countries that are not USA or even allied with USA) seems completely crazy for a national government to be doing. I wouldn't be surprised if Microsoft was giving free software licenses to such governments just to maintain dominance, however I don't think that they're even doing that!
    1
  33. I'm guessing you'd have put Meta Quest on the no-no list too if you had thought of it?
    1
  34. I think it would have been good to clarify that one could get an Android phone if it was from a manufacturer that allows bootloader unlocking, in order to install a custom ROM (and that the user plans to do so). It's not like you can buy them with an OS other than Android on them (in like 99% of cases at least)
    1
  35. There's already websites that do that. The reason there's a market for it is that people use the numbers to abuse verification services rather than 2FA. It's used for botting and ban circumvention and such, something I imagine Braxman would not want to support. In theory a privacy-minded person would do the same thing, however in that case they wouldn't need to use a disposable number because they shouldn't have any concern about getting banned.
    1
  36. I think this is a good move, but the video seemed a bit misleading as if there weren't already some affordable VOIP options out there. Some people might also assume it comes with mobile talk/text, but if I understand correctly it does not (requires an existing data plan on top) Also it might be nice to bundle VPN with the service; or at least offer a VPN discount, since pairing virtual numbers with VPNs is good for privacy (ex. encrypts SMS; well on your end at least, not the person being communicated with)
    1
  37. I disagree with a lot of these statements. They're too absolute (because it's missing some options) If you get a smartphone, install a non-android OS on it, you can then use wi-fi without anything identifiable being leaked (aside from like mac address, but that's not a big deal unless they somehow discover it, and even then it still shouldn't be that big of a deal unless you were like a #1 most wanted person in the world, and even then you could spoof the mac address). Once you have wi-fi you can do all sorts of stuff (VPN, VOIP, virtual number, etc.), making it completely impenetrable since using a VPN with [end-to-end] encrypted VOIP (or text/etc.) makes all sorts of spying/IDing impossible (short of trying to get malware or a bug on the device itself) Granted, I suppose the specific topic was only talking about burner phones, but it also seemed to imply that burner phones were the best option. I guess in theory one could buy cheap used smart phones and use them as burners still too for that matter. One doesn't need a powerful device to do these sorts of things.
    1
  38. Not that it matters much for Braxman himself, but you should be able to get super cheap 2FA-only plans, since you can get "pay per use" mobile plans which charge per minute and per text, and in most or all cases won't charge anything for receiving texts. In my case I only have to pay a monthly 911 fee which varies by state, but is still cheap. It varies between 0.20$ and 3.00$ per month, with the vast majority being between 0.50$ and 1.50$ per month. You might have to worry about inactivity deactivations or such, so just be mindful of that (a good provider should send a warning text about that, but most providers may not be good providers) and consider having to spend an extra 40 cents per year or something to make an outgoing call or text.
    1
  39. That is a good point to raise. The answer would be to use a VOIP number for all normal voice/SMS use and then get a new regular number for 2FA. (in case you're not aware, VOIP/MMS/etc. through the 2nd number will still go through your regular data plan (or wi-fi if available))
    1
  40. Using another device to use a device? I get that it could work, but if you could just make a device without the hardware problems in the first place then you wouldn't need 2 separate devices. What sort of methods are there to know whether current devices are using any sort of hardware monitoring/spying? I think the main way I've had faith in is people who analyze traffic that comes from the devices in question. Like a modern Pixel using a custom OS has hardware sub-processors that the software doesn't necessarily have control over, but I think that people have looked for if there is ever communication with Google and what that communication may be.
    1
  41.  @rmh5102 90% of cameras are limited to the independent business or government that owns it. In theory certain consumer cameras such as Ring may try to use facial recognition, except they would have to partner with some large source of facial IDs, which I'm not aware of occurring. And while they can build up their own face lists, they will tend to not be tied to IDs because they don't really have a way of linking them to users. Because Google and Facebook generally don't have cameras around pretty much anywhere nor access to most cameras, it seems like it really is not an issue at all yet.
    1
  42.  @nphamus09 Yes using a VPN with virtual numbers is a very good idea because SMS is not encrypted and IP PBX voice calls over data isn't always encrypted (depends if the server and SIP client are both set up for it or not). It won't really matter for 2FA though (outside of some really crazy circumstances) which is one reason why I'd say that using a cheap pre-paid pay-as-you-go number for 2FA works well, and then everything else can go over virtual number(s)
    1
  43. SIM swappers need to know your number in order to do the attack. If you Keep your 2FA numbers private from most groups they won't be able to target you. In addition I don't know for sure but I think that some pre-paid pay-as-you-go plans can't even be SIM-swapped because they don't transfer stuff.
    1
  44. I think he has some videos on that. If you're not aware he's strongly against it as it is a problem for privacy since you can never "take it out" and are forced to use it, and gives a unique identifier.
    1
  45. Yes, although a 3rd party OS that has no tracking apps installed (or just haven't been given permission to see Wi-Fi hotspots or access the internet or what-not) and is in airplane mode should be totally untrackable. The downside being that it wouldn't be useful as a cellphone when it has no Wi-Fi access (because with Wi-Fi access a user can use SIP service to act as a phone over the internet). But by disabling Airplane Mode only when you expect to receive (or send) a call/message when there is no wi-fi then that greatly reduces any tracking, and only "tracks" (hardly tracks, more like "logs") vague general areas that the user was in for short periods of time, and only upon that user's explicit knowledge that they will potentially have their general location logged for that period of time.
    1
  46. You're talking about the device using cell data when no SIM card is inserted? Are you sure that this has anything to do with eSIM? It sounds like it could just be basic cell connection that can occur without any type of SIM at all (such as used for 911 calls).
    1
  47. ​ @cinsforgiven7  it's possible in theory, but if your previous device stop communication and another device appears in its place it doesn't mean that they should (nor would) assume that it was the same person. For example it could be someone cutting a relationship and starting a new one at the same time (maybe most likely with romantic relationships but certainly not exclusive to that). The scary part is how Apple or Google (or even another OEM like Samsung/HTC/ASUS) could read contact list information such as e-mail address, first name, last name, nickname, address, etc.. Combined with the scary AI that exists now (or at least scarier in the near future) and other contextual and/or historical information it could make some very intelligent guesses. An AI system would probably recognize "mom" as his mom, and instantly connect all that old data to you unless there's any indication that he's ever had 2 moms. But short of using AI to do this (which I think they might not actually be doing yet) I think it's unlikely that they could do much connections aside from specifically verbatim first name + last name connections. I'm sure they use AI for things related to this (such as tying names to numbers and numbers to accounts, deciphering/sorting duplicate names that have different numbers, and cross-referencing stuff and making relationship webs, but not deciphering what "mom" means when no name is provided), but I have doubts that they would be using it for specific user guessing and relationship guessing (like deciphering "mom", "PJ", or even just "kate")
    1
  48. Baseband modems are secretive and proprietary. You won't know detailed contents of the chip nor the code that runs on it. You can make an open source handheld computer, but the cell data part is not viable to do as far as I know. (I might be slightly out of date on this info though; I think people have been working on it, and it's possible that there might be limited functionality open cell modems now, but probably only old protocols that will have poor performance or no service at all anymore due to End-of-Life)
    1
  49.  @ipodman1910  What can be done is hide identity though. When they don't know anything about the owner then they aren't tracking the owner, they're just tracking some random device that they don't know "anything" about (aside from basic device ID stuff)
    1
  50. Yeah I think rob misunderstood the question. The number on the old SIM will not work when that SIM is not in the device. You could in theory port that number to the new SIM, but obviously you're not talking about that sort of situation (because it's a data-only SIM). For both SIMs/plans to work simultaneously you would need a device with more than one SIM slot. That or regularly swap SIMs (if that is even a viable option for you) Although there's two other options as well: 1. porting your cell number to the VOIP service that you are using. Some services do allow this, but it will almost certainly require a lot of verification, so hard to remain anonymous to the VOIP provider if that is important to you. 2. If your device supports eSIM then you could get an eSIM plan along with a regular SIM card plan. Braxman has voiced some distrust of eSIM which is understandable, but from what I can tell there are no direct/proven privacy harms in using it as long as everything else is done in a privacy-conscious manner (such as paying for the eSIM via Monero or a prepaid credit card, assuming that you even care about having that high of a degree of privacy in the first place (privacy from government investigation, which I think many people don't care about compared to Google/Apple/Meta/Microsoft, etc.))
    1