Motivation

So this is probably a strange request but I really want to do this. For some reason, when I restored the WhatsApp chats most of the photos there got to the private directory where it doesn't show on my android gallery. I don't know what happened but there is no official solution to get the photos back. So I thought why not do it myself.

What I already did

I rooted m phone (temporarily) to get access to the msgstore.db file so that I can change the paths of the media. I can do that easily with a sqlite query.

What I couldn't do

When I try to modify the actual database, it says that I cannot do it since the file got corrupted. I think there might be a checksum or something somewhere but I can't seem to find any information about it. Does anyone know how I can do this without tripping the integrity checker?

Clients like Thunderbird are great because you have everything stored locally so you can easily search offline. They also support encrypting and decrypting emails in PGP. However, they seem to have the same limitation as protonmail where you can't search through encrypted emails.

I know that protonmail can't just store your key at their server since that would defeat the purpose, so the emails are all ciphertext to them right? But in Thunderbird, you already have the key and decrypt everything all the time. So why can't you skip the middleman in your local machine and store everything locally in plaintext? It's not less secure since if your local machine is compromised, your private key is also compromised.

Or at the very least give us the option and have a slightly less secure but much more convenient option.

I know that GrapheneOS has a lot of security features that make it basically impossible to compromise your phone. And that it has a lot of control over permissions and has some privacy features. But it also has a Google Services compatibility that would allow you to use Google services, which would allow Google to harvest a lot of data from you; much less data, but still some. Now OSes like CalyxOS or Lineage have microG which in addition to giving you the APIs, it uses less battery and has the ability to use Mozilla network location to stop google from getting that data. CalyxOS and Lineage don't have the crazy hardening modifications that GrapheneOS has, but Android is already crazy secure compared to something like Windows or Linux without a properly configured SELinux or AppArmor. Why have Graphene over Calyx?

I'm kind of tired of Google sending me to the same 3 sites whenever I search for something. If not the same 3 sites it's 7 others that are so generic and boring I just feel they're useless. It's always makeuseof, androidauthority, or whatever other sites that have useful information but I rarely feel like they are saying anything new.

I want to see the results from those small blogs that are sometimes linked here. I can't come up with one since... you know that's why I'm asking how to find them, but you know them; they talk about nerdy stuff and are not afraid to get technical in whatever topic they discuss.

Also duckduckgo and qwant do the same thing. If there is a way to curate the results to better fit my needs then that'd be great too!

Does anyone else feel as if it's over when it comes to really owning your own things?

As of now:

• You don't have the option of having a phone with decent specs and replaceable parts
• You have to have really good knowledge in tech to have private services that are on par with what the big companies offer
• You have to put up with annoying compatibility issues if you install a custom ROM on your android phone
• You cannot escape apps preventing you from using them if you root your device
• Cars are becoming SaaS bullcrap
• Everything is going for a subscription model in general

And now Google is attempting to implement DRM on websites. If that goes through, Firefox is going to be relegated to privacy conscious websites (there aren't many of those). At this point, why even bother? Why do I go to great lengths at protecting my privacy if it means that I can't use most services I want?

It sucks because the obvious solution is for people to move away from these bullshit companies and show that they actually care about their privacy. Even more important is to actually PAY for services they like instead of relying on free stuff. I'm not optimistic not just because the non privacy conscious side is lazy, but because my side is greedy. I mean one of the most popular communities on lemmy is "piracy" which makes it all the more reasonable for companies not to listen to privacy conscious people.

I wouldn't say that this is the endgame but in this trajectory, privacy is gone before 2030.

I love the idea of having privacy in independence from all the tech giants' services. I have a server at home that hosts my storage, media, synchronization, and backups, along with some other random services. Since all these services are basically my life, I sometimes read about better security practices to replace whatever I do. Although sometimes, I feel like I can't figure out what practices are actually bad and really put me in a bad spot, and if they are good enough for me.

For example, I use a Keepass database to store my passwords. I want to sync them across all of my devices immediately. So I saved it in my VPS, and made the android client fetch it every time I sync. I also made a script that uploads the local database every time it is changed. However, I don't want it to override remote changes that I may have not saved on my local machine. To solve that, I made the script download the remote database and compare it to the local one before uploading. To compare, I made the script read from a PGP encrypted file that has the password to my database, and input that to keepass-diff. However, I read that using PGP is bad from this article. I can't say I completely understand what the author is saying, but I trust that they know their stuff. However, I feel like this is a bit nitpicky. Would using GPG make me exposed to massive risk as opposed to using any other service? I guess it's not that hard to move over to something like ccrypt or whatever, but why bother? Besides, I can tell GPG to keep my key in the session for a long time so that I don't have to input it every time. I don't know if ccrypt can do that.

Another example is using F-Droid. I came across this article and this one went way over my head since I'm not really well versed on android. But the gist I got is that F-Droid is not only insecure but is also bad for getting timely updates. I checked and some apps are something like 7 patches behind which is unacceptable for me.

One last example and this one is kinda petty no lie. The fact that RSA is trash. I read here and there that RSA is an old and deprecated encryption algorithm that no one should use this is another article that (surprise surprise) also went over my head. But what I could understand is that it is too easy to make mistakes using RSA and it should be in the history books. But I already made many SSH keys without choosing the encryption algorithm, so it's gonna be a bit inconvenient to change all of those.

So my question to yall is that, how do I find the line between using an acceptable albeit non optimal practice, and using an unacceptable practice for security?

Of course, I also have to put in mind the convenience, so I can't just change up my practices every 8 seconds when I find out that whatever program I'm using is a ticking time bomb.