You can judge your online privacy based on how inconvenient (or impossible) it is to log into banking mobile apps.
Discussion
Share more, please!
I literally can't use one banking app on GrapheneOS with a VPN. I just stopped using that bank. Other apps will require re-logging in and performing SMS 2FA every time, which is a pain but at least usable.
Banking apps are the biggest obstacle to most GrapheneOS users. Find a bank that has a webapp, and reduce your dependency on banks as much as you can.
Most platforms where you are the product stop working when you stop being the product, and it takes a whole ecosystem of developers to get around that.
"Privacy" is multidimensional and weird. On one hand you are providing less data than others. OTOH, by providing significantly less, you are standing out from the crowd like a sore thumb, effectively being "unique" and thus trackable
Yeah, you can get fingerprinted for having odd privacy setups. I try to strike the balance between that and using common tools with bigger anonymity sets.
The bank's problem is either that they never know if it's me or someone else when I log in, or they want to track me as much as they can even if they know it's me.
I think you are getting privacy mixed up with anonymous.
I'm not. Everything I said applies to privacy. You can be fully anonymous and still have poor privacy if everything you do is tracked and correlated.
The lady on the left /is/ standing out like a sore thumb. Obviously trackable, but who is she?
Identity or lack their of is measured by the size of the anonymity set. 1/99999
As your anonymity set shrinks you become less anonymous, and whatever data you reveal /can/ reduce your anonymity set.
I feel like both are tools to protect you, but one is asking for permission, and the other is not.
Anonymity is also a foot gun because like you said, once your anonymity set is small enough, you have to then ask for forgiveness.
But yeah, the multidimensional aspect is important to understand, e.g. x axis is anonymity set, and y axis is magnitude of data.
best is when you clearly maintain a KYCed front facing identity
and do all your shady stuff on separate infrastructure.
but who's got time for all that?
GraphineOS with different logged in profiles isn't too bad, and also orbot with some apps routing through it, with others on clearnet. Orbit has this feature, choose apps, that routes any app through TOR. You just need to enable it properly in VPN mode:
on my graphene nonSIM phone I use Invizible instead of Orbot, which always gave me trouble
and I have a regular KYCed phone with a sim that i use for business and normie interaction
but then all my internet traffic goes out a VPN,
some of it to *another VPN...
although i mostly use tor bridges I'm sure theres some visible toe activity...
etc
on the whole, if the NSA was profiling me they'd wonder wtf I am up to.
I can't login with a VPN on oddly enough, I assume this is just a me problem though.
True, it is so annoying, it makes me think of going full crypto app with a debit card, but not sure they won't follow the same path
If you have a clue how to deal with identities than there is no issues.