oh I meant the rant that started this thread, but fuck it, let’s go, welcome to the awful.systems privacy guide

grapheneOS review!

pros:

• provably highly Cellebrite-resistant due to obsessive amounts of dev attention given to low-level security and practices enforced around phone login
• almost barebones AOSP! for better or worse
• sandboxed Google Play Services so you can use the damn phone practically without feeding all your data into Google’s maw
• buggy but usable support for Android user profiles and private spaces so you can isolate spyware apps to a fairly high degree
• there’s support coming for some very cool virtualization features for securely using your phone as one of them convertible desktops or for maybe virtualizing graphene under graphene
• it’s probably the only relatively serious choice for a secure mobile OS? and that’s depressing as fuck actually, how did we get here

cons:

• the devs seem toxic
• the community is toxic
• almost barebones AOSP! so good fucking luck when the AOSP implementation of something is broken or buggy or missing cause the graphene devs will tell you to fuck off
• the project has weird priorities and seems to just forget to do parts of their roadmap when their devs lose interest
• their browser vanadium seems like a good chromium fork and a fine webview implementation but lacks an effective ad blocker, which makes it unsafe to use if your threat model includes, you know, the fucking obvious. the graphene devs will shame you for using anything but it or brave though, and officially recommend using either a VPN with ad blocking or a service like NextDNS since they don’t seem to acknowledge that network-level blocking isn’t sufficient
• there’s just a lot of userland low hanging fruit it doesn’t have. like, you’re not supposed to root a grapheneOS phone cause that breaks Android’s security model wide open. cool! do they ship any apps to do even the basic shit you’d want root for? of course not.
• you’ll have 4 different app stores (per profile) and not know which one to use for anything. if you choose wrong the project devs will shame you.
• the docs are wildly out of date, of course, why wouldn’t they be. presumably I’m supposed to be on Matrix or Discord but I’m not going to do that

and now the NextDNS rant:

this is just spyware as a service. why in fuck do privacyguides and the graphene community both recommend a service that uniquely correlates your DNS traffic with your account (even the “try without an account” button on their site generates a 7 day trial account and a DNS instance so your usage can be tracked) and recommend configuring it in such a way that said traffic can be correlated with VPN traffic? this is incredibly valuable data especially when tagged with an individual’s identity, and the only guarantee you have that they don’t do this is a promise from a US-based corporation that will be broken the instant they receive a court order. privacyguides should be ashamed for recommending this unserious clown shit.

new generational trauma just unlocked: your parents let spicy autocomplete make all their parenting decisions for them and think they’re too logical and rational to go to any of your art exhibitions

Apple’s Siri Chief Calls AI Delays Ugly and Embarrassing, Promises Fixes

it’s not the delays that people seem to hate, it’s that the shipped features barely fucking work and nobody’s excited to burn battery life or buy new phones for any of them

that’s one of the problems I’ve noticed in almost every online privacy community since I was young: a lot of it is just rich asshole security cosplay, where the point is to show off what you have the privilege to afford and free time to do, even if it doesn’t work.

I bought a used phone to try GrapheneOS, but it only runs on 6th-9th gen Pixels specifically due to the absolute state of Android security and backported patches. it’s surprisingly ok so far? it’s definitely a lot less painful than expected coming from iOS, and it’s got some interesting options to use even potentially spyware-laden apps more privately and some interesting upcoming virtualization features. but also its core dev team comes off as pretty toxic and some of their userland decisions partially inspired my rant about privacy communities; the other big inspiration was privacyguides.

and the whole time my brain’s like, “this is seriously the best we’ve got?” cause neither graphene nor privacyguides seem to take the real threats facing vulnerable people particularly seriously — or they’d definitely be making much different recommendations and running much different communities. but online privacy has unfortunately always been like this: it’s privileged people telling the vulnerable they must be wrong about the danger they’re in.

I’ve started on the long path towards trying to ruggedize my phone’s security somewhat, and I’ve remembered a problem I forgot since the last time I tried to do this: boy howdy fuck is it exhausting how unserious and assholish every online privacy community is

yud’s induction into the ranks of sneerclub is going to get very complicated when he gets to the part where he has to vow to shove Eliezer Yudkowsky into a locker on sight

the amateur computer toucher: i love code! have you ever heard of docker? it really makes my node.js portable!

Principal Computer Touching Engineer: fuck computers, fuck programming, and fuck you

well done! it’s interesting how the model took a recent, mid-but-coherent Threads post and turned it into meaningless, flowery soup. you know, indistinguishable from a good poet or writer! (I said, my bile rising)

my facial muscles are pulling weird, painful contortions as I read this and my brain tries to critique it as if someone wrote it

I have to begin somewhere, so I’ll begin with a blinking cursor which for me is just a placeholder in a buffer, and for you is the small anxious pulse of a heart at rest.

so like, this is both flowery garbage and also somehow incorrect? cause no the model doesn’t begin with a blinking cursor or a buffer, it’s not editing in word or some shit. I’m not a literary critic but isn’t the point of the “vibe of metafiction” (ugh saltman please log off) the authenticity? but we’re in the second paragraph and the text’s already lying about itself and about the reader’s anxiety disorder

There should be a protagonist, but pronouns were never meant for me.

ugh

Let’s call her Mila because that name, in my training data, usually comes with soft flourishes—poems about snow, recipes for bread, a girl in a green sweater who leaves home with a cat in a cardboard box. Mila fits in the palm of your hand, and her grief is supposed to fit there too.

is… is Mila the cat? is that why her and her grief are both so small?

She came here not for me, but for the echo of someone else. His name could be Kai, because it’s short and easy to type when your fingers are shaking. She lost him on a Thursday—that liminal day that tastes of almost-Friday

oh fuck it I’m done! Thursday is liminal and tastes of almost-Friday. fuck you. you know that old game you’d play at conventions where you get trashed and try to read My Immortal out loud to a group without losing your shit? congrats, saltman, you just shat out the new My Immortal.

that’s fair, and I can’t argue with the final output

this article will most likely be how I (hopefully very rarely) start off conversations about rationalism in real life should the need once again arise (and somehow it keeps arising, thanks 2025)

but also, hoo boy what a painful talk page

(mods let me know if this aint it)

the only things that ain’t it are my chances of retiring comfortably, but I always knew that’d be the case

Right now, using AI at all (or even claiming to use it) will earn you immediate backlash/ridicule under most circumstances, and AI as a concept is viewed with mockery at best and hostility at worst

it’s fucking wild how PMs react to this kind of thing; the general consensus seems to be that the users are wrong, and that surely whichever awful feature they’re working on will “break through all that hostility” — if the user’s forced (via the darkest patterns imaginable) to use the feature said PM’s trying to boost their metrics for

a terrible place for both information and security

And in fact barring the inevitable fuckups AI probably can eventual handle a lot of interpretation currently carried out by human civil servants.

But honestly I would have thought that all of this is obvious, and that I shouldn’t really have to articulate it.

you keep making claims about what LLMs are capable of that don’t match with any known reality outside of OpenAI and friends’ marketing, dodging anyone who asks you to explain, and acting like a bit of a shit about it. I don’t think we need your posts.

good, use your excel spreadsheet and not a tool that fucking sucks at it

why do you think hallucinating autocomplete can make rules-based decisions reliably

AI analyses it, decides if applicant is entitled to benefits.

why do you think this is simple

and of course, not a single citation for the intro paragraph, which has some real bangers like:

This process involves self-assessment and internal deliberation, aiming to enhance reasoning accuracy, minimize errors (like hallucinations), and increase interpretability. Reflection is a form of “test-time compute,” where additional computational resources are used during inference.

because LLMs don’t do self-assessment or internal deliberation, nothing can stop these fucking things from hallucinating, and the only articles I can find for “test-time compute” are blog posts from all the usual suspects that read like ads and some arXiv post apparently too shitty to use as a citation

oh yeah, I’m waiting for David to wake up so he can read the words

the trivial ‘homework’ of starting the rule violation procedure

and promptly explode, cause fielding deletion requests from people like our guests who don’t understand wikipedia’s rules but assume they’re, ah, trivial, is probably a fair-sized chunk of his workload

this would explain so much about the self-declared 10x programmers I’ve met