Been seeing this used alot when people are talking about uploading and downloading and when i searched it up it's very confusing for me (not too into technology)

In this article, I am going to tell you basic Networking Basic Interview Questions. To know more and enhance your knowledge in the networking keep reading this article till the end, I have listed the most important and frequently asked basic networking interview questions.
Table of Contents of the pdf File
1) What is a Link?
2) What are the layers of the OSI reference model?
3) What is backbone network?
4) What is a LAN?
5) What is a node?
6) What are routers?
7) What is point to point link?
8) What is anonymous FTP?
9) What is subnet mask?
10) What is the maximum length allowed for a UTP cable?
11) What is data encapsulation?
12) Describe Network Topology
13) What is VPN?
14) Briefly describe NAT.
15) What is the job of the Network Layer under the OSI reference model?
16) How does a network topology affect your decision in setting up a network?
17) What is RIP?
18) What are different ways of securing a computer network?
19) What is NIC?
20) What is WAN?
Click Here: Computer Communication and Networks
21) What is the importance of the OSI Physical Layer?
22) How many layers are there under TCP/IP?
23) What are proxy servers and how do they protect computer networks?
24) What is the function of the OSI Session Layer?
25) What is the importance of implementing a Fault Tolerance System?
Are there limitations?
26) What does 10Base-T mean?
27) What is a private IP address?
28) What is NOS?
29) What is DoS?
30) What is OSI and what role does it play in computer networks?
31) What is the purpose of cables being shielded and having twisted pairs?
32) What is the advantage of address sharing?
33) What are MAC addresses?
34) What is the equivalent layer or layers of the TCP/IP Application layer in terms of OSI reference model?
35) How can you identify the IP class of a given IP address?
36) What is the main purpose of OSPF?
37) What are firewalls?
38) Describe star topology
39) What are gateways?
40) What is the disadvantage of a star topology?
41) What is SLIP?
42) Give some examples of private network addresses.
43) What is tracert?
44) What are the functions of a network administrator?
45) Describe at one disadvantage of a peer to peer network.
46) What is Hybrid Network?
47) What is DHCP?
48) What is the main job of the ARP?
49) What is TCP/IP?
50) How can you manage a network using a router?
51) What protocol can be applied when you want to transfer files between different platforms, such between UNIX systems and Windows servers?
52) What is the use of a default gateway?
53) One way of securing a network is through the use of passwords.
What can be considered as good passwords?
54) What is the proper termination rate for UTP cables?
55) What is netstat?
56) What is the number of network IDs in a Class C network?
57) What happens when you use cables longer than the prescribed length?
58) What common software problems can lead to network defects?
59) What is ICMP?
60) What is Ping?
61) What is peer to peer?
62) What is DNS?
63) What advantages does fiber optics have over other media?
64) What is the difference between a hub and a switch?
65) What are the different network protocols that are supported by Windows RRAS services?
66) What are the maximum networks and hosts in a class A, B and C network?
67) What is the standard color sequence of a straight-through cable?
68) What protocols fall under the Application layer of the TCP/IP stack?
69) You need to connect two computers for file sharing. Is it possible to do this without using a hub or router?
70) What is ipconfig?
71) What is the difference between a straight-through and crossover cable?
72) What is client/server?
73) Describe networking.
74) When you move the NIC cards from one PC to another PC, does the MAC address gets transferred as well?
75) Explain clustering support
76) In a network that contains two servers and twenty workstations, where is the best place to install an Anti-virus program?
77) Describe Ethernet.
78) What are some drawbacks of implementing a ring topology?
79) What is the difference between CSMA/CD and CSMA/CA?
80) What is SMTP?
81) What is multicast routing?
82) What is the importance of Encryption on a network?
83) How are IP addresses arranged and displayed?
84) Explain the importance of authentication.
85) What do mean by tunnel mode?
86) What are the different technologies involved in establishing WAN links?
87) What is one advantage of mesh topology?
88) When troubleshooting computer network problems, what common hardware-related problems can occur?
89) What can be done to fix signal attenuation problems?
90) How does dynamic host configuration protocol aid in network administration?
91) Explain profile in terms of networking concept?
92) What is sneakernet?
93) What is the role of IEEE in computer networking?
94) What protocols fall under the TCP/IP Internet Layer?
95) When it comes to networking, what are rights?
96) What is one basic requirement for establishing VLANs?
97) What is IPv6?
98) What is RSA algorithm?
99) What is mesh topology?
100) what is the maximum segment length of a 100Base-FX network?
Click here and get more info Basic Concept of Computer Network
Interview Question Answers with Example.
Download pdf to get all the Question with answer and examples from the below link.
Q #1) What is a Network?
Q #2) What is a Node?
Q #3) What is Network Topology?
Q #4) What are Routers?
Q #5) What is OSI reference model?
Q #6) What are the layers in OSI Reference Models? Describe each layer briefly.
Q #7) What is the difference between Hub, Switch, and Router?
Q #8) Explain TCP/IP Model
Q #9) What is HTTP and what port does it use?
Q #10) What is HTTPs and what port does it use?
Q #11) What are TCP and UDP?
Q #12) What is a Firewall?
Q #13) What is DNS?
Q #14) What is the difference between a Domain and a Workgroup?
Q #15) What is a Proxy Server and how do they protect the computer network?
Q #16) What are IP classes and how can you identify the IP class of given a IP address?
Q #17) What is meant by 127.0.0.1 and local host?
Q #18) What is NIC?
Q #19) What is Data Encapsulation?
Q #20) What is the difference between Internet, Intranet, and Extranet?
Q #21) what is a VPN?
Q #22) what are ipconfig and ifconfig?
Q #23) Explain DHCP briefly?
Q #24) What is SNMP?
Q #25) What are the different types of a network? Explain each briefly.
Q #26) Differentiate Communication and Transmission?
Q #27) Describe the layers of OSI model?
Q #28) Explain various types of networks based on their sizes?
Q #29) Define various types of internet connections?
Q #30) Few important terminology we come across networking concepts?
Q #31) Explain the characteristics of networking?
Q #32) How many types of modes are used in data transferring through networks?
Q #33) Name the different types of network topologies and brief its advantages?
Q #34) What is the full form of IDEA?
Q #35) Define Piggybacking?
Q #36) In how many ways the data is represented and what are they?
Q #37) What is the full form of ASCII?
Q #38) How a Switch is different from a Hub?
Q #39) Define Round Trip Time?
Q #40) Define Brouter?
Q #41) Define Static IP and Dynamic IP?
Q #42) How VPN is used in the corporate world?
Q #43) What is the difference between Firewall and Antivirus?
Q #44) Explain Beaconing?
Q #45) Why the standard of an OSI model is termed as 802.xx?
Q #46) Expand DHCP and describe how it works?
Q #47) How can a network be certified as an effective network? What are the factors affecting them?
Q #48) Explain DNS?
Q #49) Define IEEE in networking world?
Q #50) What is the use of encryption and decryption?
Q #51) Brief Ethernet?
Q #52) Explain Data Encapsulation?
Q #53) How are networks classified based on their connections?
Q #54) Define Pipelining?
Q #55) What is an Encoder?
Q #56) What is a Decoder?
Q #57) How can you recover the data from a system which is infected with Virus?
Q #58) Describe the key elements of protocols?
Q #59) Explain the difference between baseband and broadband transmission?
Q #60) Expand SLIP?

The max default is 60 seconds but you can get it higher, I put mine to 120 seconds. I know increasing your scraping time is only going to make you wait longer before watching a show or movie. However, I was having severe issues as a firestick user with Seren only scraping 5 sources in the 60 seconds timer. It wouldn't provide any cached sources at all for TV shows (movies were okay). So if you're like me and looking for a solution that doesn't require upgrading your device here's a guide.
 
Firstly, before anything I need to shoutout Nuklear92 & Buckeye_Monkey as their thread and comment led me to finding the perfect solution for myself. If you're going to do this, I recommend you do follow Nuklear92's thread on what scraping services to remove. Removing some of these sources will increase your results and decrease the chance you will max out your timer (especially if you choose to increase it) Stuff like turning off SHOWRRS (if you don't use premiumize), NYAA & MOVCR (if you don't watch anime), and RLSBB & SCRNLS (if you don't use hosters) was an easy way to improve my results. I ended up leaving LEET & KICKASS on as result of increasing my scraping timer and following Buckeye_Monkey's comment. His comment consisted of checking all the links the scrapers were using and removing the ones that were too slow or failed from the file altogether. This was definitely very time consuming and I'd only recommend it if you want to scrape all your sources at the fastest time possible. But, this is still useful if you don't want to disable any more than 2 sources. You can easily check and see which sources are just wasting your time.
 
Now before you do this you're going to want to install an app that can either send files to your PC or edit files to your firestick. This obviously isn't much of an issue if you have a raspberry pi or old windows PC.
 
IF YOU'RE ON WINDOWS NAVIGATE TO %APPDATA%>Kodi>addons>resources in there will be settings.xml. Just make a backup somewhere and you can begin editing your file. Continue onto the header "FOR EVERYONE". for RASPBERRY PI unfortunately I don't have the exact path but it should be similar to either windows or FireTV (Android)
 
FOR FIRESTICK
 
I used amaze file manager to connect to a FTP server. However, any other file explorer with FTP will work. I prefer Amaze over ES just because ES has been so riddled with ads. If you do go with Amaze, make sure to also install Mouse Toggle for FTV as it wasn't really designed for FTV and will be hard to navigate without it. Make sure you allow Amaze to show hidden files and folders in it's settings. Also when you do start the FTP share, make sure that you click the hamburger and already have it navigated to /storage/emulated/0/android/data/org.xbmc.kodi/files/.kodi. For whatever reason you won't be able to enter the .kodi file on your pc if it's not the shared path. I also had to turn off secured connection and anonymous logins in that same menu.
 
Now go to the FTP share on your file explorer and start sharing. On your PC open up windows explorer. Open the address bar (beside the search bar) and type in the url that your file explorer tells you. You will obviously need to be on the same network without anything hiding your device(s) from other devices on the network for this to work. Once its loaded up, head to addons>plugin.video.seren>resources once there copy the setting.xml file somewhere on your PC. Edit the file name to indicate its a backup, then copy it over again.
 
FOR EVERYONE
 
Now open the file with a text editor. I ended up using notepad as its the easiest. Nixgates made this super easy to look through. Scroll past the category general settings, advanced, hidden settings, fanart.tv, and artwork until you get to the scraping settings. Look for

setting id="general.timeout" type="slider" label="30120" option="int" range="10,60" default="60"

 
and change the number 60 in the range to whatever you want your max timeout to be. I changed mine to 120 (you could probably go to 90). From there save the file. If you're on PC you didn't even need to take out the setting.xml file so you should be fine. If you're on firestick and using FTP make sure to put back that settings file where it came from. You will have to overwrite the file that already exists if you didn't delete it from the folder.
 
Once that's all done make sure everythings closed and open up Kodi and navigate to the Seren settings. Go to scraper settings and change the timeout to your new max. Before you leave, make sure you have pre-emptive termination *OFF* to use it to it's full potential.
 
You should now be able to scrape for sources longer, so test it out. I did time it and made sure it actually worked. So make sure you do as well.
I hope this helped.

Greetings everyone, I am preparing OSCP for 2nd attempt. The 1st attempt i failed due to rabbit holes. Some times we are overthinking & can’t find actual way to get in. Spending hours n hours on one box, but the result is nothing.
Now i want to make a clear track to avoid rabbit holes. Once we found a known services, how much we should dig into?
For example, i have found open ftp, what kind of things i should look for? 1. Ftp version 2. Public exploit 3. Anonymous login (if data available download it & check it) 4. Try to Upload files. 5. Brute forcing
What else?
So i want to make a check-list for known services/programs. Such as 1. SSH 2. SMTP (important) 3. SNMP 4. SMB 5. DNS 6. Telnet 7. LDAP (important) 8. NFS 9. http/https
So these are common services which we found most of the time. I want your comments/suggestions on each service & how much we can dig into that.
If we found nothing, then we should move forward. Instead of running around there.
Thanks ;)

Hi guys.. I got 2 questions:

1. Whats the difference among FTP, FTPS and SFTP?
2. Which of these 3 protocols is best to stay as anonymous as possible for my ultra seedbox when dloading files from seedbox to my PC?

​

Original sources of this guide (might be more up to date in case you're viewing a mirror of it):
https://old.reddit.com/youtubedl/comments/jktx5b/how_to_anonymously_host_the_continued_development/
https://raddle.me/f/AntiCopyright/121477/how-to-anonymously-host-the-continued-development-of-youtube
In this guide I will go through how to anonymously host the continued development of youtube-dl offshore using companies that have a track record of being very resilient to DMCA takedowns. As a general disclaimer, youtube-dl is not illegal, no matter how much the RIAA wants it to be. Hosting it is not illegal, but the RIAA doesn't care about what's legal, so we'll have to act accordingly and not rely on companies that will bend over backwards for them. This post is basically my way of flipping the bird to the RIAA.
DMCA ignored hosting providers
RIAA report including DMCA ignored hosting providers
MPAA report including DMCA ignored hosting providers
United States Trade Representative report including DMCA ignored hosting providers
ESA report including DMCA ignored hosting providers
Europol report including DMCA ignored hosting providers
La Liga report including DMCA ignored hosting providers
Former bulletproof hosting reseller reviews offshore hosting providers
Former bulletproof hosting reseller on what the most warez friendly hosting providers are
(Novogara aka Ecatel recently got busted for tax evasion and are shady as hell in general, allowing anything to be hosted on their servers, so it's best to stay away from them.)
Take into account what data center the hosting provider uses. If they don't run their their own data center the company running the data center can shut down the server if the data center isn't DMCA ignored. That isn't to say that resellers can't be resilient, but it depends on how resilient the data center they use is.
This goes without saying, but keeping the hosting provider secret makes it a lot harder to take down.
Some countries like Ukraine, Kazakhstan, and Korea force hosting providers to use government SSL certificates, meaning that they can MITM the connection.
CDNs and proxies to hide the real hosting provider
DDoS-Guard - Highly recommended. Based in Russia. Doesn't care about DMCA at all. DDoS-Guard is mentioned in the MPAA's Notorious Markets report and currently provides protection for Nyaa (the world's largest public torrent tracker for anime and manga) and Sci-Hub (the world's largest piracy website for academic papers which is under constant legal pressure from big US publishers). Has a free plan and accepts Bitcoin for paid plans. DDoS-Guard might be inaccessible outside of Europe for a few hours/month, meaning that sites using it would be unreachable outside of Europe during that time. This is probably peering related, but I'm not sure. Just tell site visitors to use ProtonVPN's free plan and connect to one of their VPN servers in the Netherlands if that happens.
While I recommend DDoS-Guard, I'll list some other alternatives in case something happens:
CloudFlare - Might be a honeypot, especially since I'm not sure how they'd be able to get away with this otherwise, but CloudFlare works for now. Just don't expect privacy from them. They're a US based company so they'll probably be reigned in eventually, but for now they're having their Wild West days. CloudFlare has a free plan. If CloudFlare is not configured properly when set up the real hosting provider will be leaked. More info about that here: 1, 2, 3, 4, 5, 6, 7

It's a myth that Cloudflare does not forward DMCA complaints, they forward everything. However, Cloudflare does not store any "sensitive data", which means forwarding "useless" information is similar like ignoring the DMCA request. A general advice is that whenever you use Cloudflare you should use a bulletproof backend server as well to avoid DMCA takedown request in the first place, so less or nothing gets forwarded (less "leakage risk").

Source: CHEF-KOCH / Warez / Bulletproof Hosting.md
OVPN's public IPv4 proxy (the Switzerland proxy) - Swedish company that provided a proxy for The Pirate Bay for a while, went to court because of it, and won. The two advantages with their Switzerland proxy in particular is that it's hosted by Interxion - the same Netherlands based company that is hosting Feral Hosting's DMCA ignored seedboxes - and that Switzerland is a pretty good jurisdiction. OVPN also scores well on That One Privacy Site. Accepts Bitcoin.
Before we go into registering a domain, I think it's worth considering if it's really worth keeping the name youtube-dl or if it could be spun off into a more accurate and less trademark infringing name like media-dl, for example. It downloads video and audio from a lot more sites than just YouTube, after all.
Resilient TLDs (there are more options than just these)
.is - As of a few years ago ISNIC had only ever suspended one domain and it was connected to ISIS.

When we asked whether ISNIC would follow Greenland’s lead and move for a proactive suspension, we got a clear answer.
“The short answer is no. Such an action would require a formal order from an Icelandic court. ISNIC is not responsible for a registrant’s usage of their domains,” ISNIC’s Marius Olafsson told TorrentFreak.
“This policy applies equally to any .is domain,” Olafsson says, adding that it’s the domain owner’s responsibility to abide by the law, not theirs.

Source: https://torrentfreak.com/pirate-bay-finds-safe-haven-in-iceland-switches-to-is-domain-130425/

“Domains can hardly be considered illegal any more than a street address. A street address is not illegal even if there is illegal activity in one apartment at the address,” ISNIC says.

Source: https://torrentfreak.com/torrent-domain-suspensions-damage-credibility-registrar-says-140617/
.ru / .su - Good for anything that doesn't affect Russia or go against Russian interests.
.to - Used by a lot of torrent and other filesharing websites. I have never seen one get suspended. .to is managed by a US company though, so it being "bulletproof" could change.
.cr is a resilient TLD according to the International Intellectual Property Alliance's (IIAP) report:

thepiratebay.cr domain is still online despite actions against it from the Internet Corporation for Assigned Names and Numbers (ICANN) and the U.S. Embassy in Costa Rica. Other notorious infringing sites are following the trend of using .cr domains as a safe haven (e.g., kickasstorrents.cr). Costa Rica’s failure to deal effectively with its obligations regarding online infringement, more than eight years after they came into force under DR-CAFTA, is a serious concern.

In case you want cheaper options that are available on Njalla, .ws and .ch are said to be pretty good.
.ec is also looking pretty solid as Library Genesis (the world's largest book piracy website, which is under constant legal pressure from big US publishers) have been using it for some time without getting suspended.
Vulnerable TLDs
.com, .net, .cc, .tv, and .name are operated by VeriSign, a Washington DC based company that is controlled by the US government.
.org, .info, .asia, .aero, .ag, .bz, .gi, .hgn, .in, .lc, .me, .mobi, .mn, .sc and .vc are operated by Afilias, a company that blocked one of WikiLeaks' domains.
.site, .website, .tech, .online, .uno, .fun, .space, .store, and .press are operated by Radix, a company that has an anti-piracy partnership with the MPAA.
All TLDs operated by Donuts, a company that has an anti-piracy partnership with the MPAA.
Resilient domain registrars/resellers
Recommended:
Njalla - As anonymous as you can get when buying a domain. Njalla is a Nevis registered company that buys the more common domains from Canada based Tucows, which is pretty abuse friendly and some TLDs like .is they buy from the registry directly. They then lease it to you while legally speaking they own the domain. This means that you don't have to give them any personal information to register it and they take Monero. Njalla is mentioned in the RIAA and MPAA's Norotious Markets reports. Njalla has a Tor Hidden Service, PGP key, and has support for registration via XMPP with OTR. Njalla is run by one of the Pirate Bay founders and they kept the Pirate Bay sense of humor alive when dealing with DMCA.
Other:
NiceVPS - As anonymous as you can get when buying a domain. NiceVPS is a domain reseller based in the Dominican Republic that buys the domain from easyDNS and then leases it to you, meaning that you don't have to provide any personal information since they own the domain on paper. Accepts Monero. Has a Tor Hidden Service, PGP key, and warrant canary. I've seen NiceVPS recommended on some websites, but I'm not sure how solid it is. Doesn't seem to offer all of the TLDs that Njalla, Openprovider, and easyDNS offer, including a lot of the more resilient ones.
Openprovider aka Hosting Concepts B.V. - Netherlands based registrar that is one of the most abused registrars by rogue pharma sites. Doesn't suspend domains without a WIPO decision or court order. Has a full section dedicated to it in the United States Trade Representative's 2019 report and a brief mention in the 2020 report.
easyDNS - Canada based registrar that has a big focus on due process. The current registrar of The Pirate Bay's .org domain, which it defended against the RIAA. Wouldn't suspend a domain for a video downloader like youtube-dl unless ordered by ICANN, CIRA, or a court according to their takedown policy. Accepts Bitcoin.
There are a few resellers of bulletproof Russian and Chinese registrars that accept cryptocurrency, but because those are pretty much only used by cyber criminals they would not be a good look for this project. And there's also the risk that they'll just be gone one day without a word and no way to transfer domain and not much recourse. Because of those reasons I'm omitting them from this list. I think the above mentioned registrars and resellers will be good enough, the project is legal after all.
Worth considering:
In order to anonymously directly register a domain at any of the other mentioned services than Njalla and NiceVPS you'd have to fake the WHOIS information, which violates ICANN's rules and registrars usually suspend domains because of that. I could especially imagine easyDNS doing this. Not sure how the other registrars would react to that, but ICANN does have the power to withdraw their accreditation - meaning that the registrars would lose the ability to issue domains - if they don't follow ICANN's rules. In the cases of Njalla and NiceVPS they aren't a registrar, they just fill in their own details and buy the domain for you from a registry/registrar when you register a domain using them.
If you use Njalla or NiceVPS you're handing over control of the domain to somebody else and have to take their word for it that you'll always have access to the domain. It's easier to trust Njalla than NiceVPS in this case since it's known who owns Njalla and they have more of a track record than NiceVPS, which is fairly unknown.
TLS/SSL
Let's Encrypt - Free, uses open source software, backed by EFF, Mozilla, and others. Easy to set up and easy to maintain with an auto-renewal script.
If you're using CloudFlare, you'll have to use their phony SSL certificate.
Keeping your server secure and other technical advice

Check your server, and how reliable it is in terms of security and privacy, online services like https://centminmod.com can test your server and it's configuration to ensure nothing is "leaking".
Check if someone can see your hidden backend server IP via https://dnsdumpster.com. In general you should block every IP connection to your backend server, only allow your own connection, VPN's or reverse proxies. You quickly can check if someone has an "open" backend IP service via services like https://censys.io.

Source: CHEF-KOCH / Warez / Bulletproof Hosting.md
If you use CloudFlare, also check that your backend isn't leaking using CrimeFlare.
If you have set up email with your domain, use SMPT and a custom mail server so it doesn't leak your origin server IP. Email is the easiest way to leak origin server IP addresses.
Use SSH instead of VNC. With VNC the login information is sent unencrypted via plaintext, meaning that a rogue exit node in the Tor network and any server the login information is sent over on the clearnet could record your login information if they wanted to.
Use a password generator for all accounts and have it set to the max number of characters. Don't put the login information into a proprietary password manager or an online password manager. Make sure to back up the login information to multiple hard drives/SSDs/USBs/etc.
Try and make the site portable so that all software and all configurations can be saved to an ISO that can be spun up at any hosting provider at a moment's notice in case the site has to move at some point.
If you get a VPS, make sure it's KVM. KVM is much more secure than OpenVZ since OpenVZ doesn't have much separation between different customers on the same server. OpenVZ is also easy to oversell. Xen is also secure, but has worse performance than KVM.
Use nginx, it has a lot better performance than Apache.
Use MariaDB. It's a more up to date fork of MySQL developed by MySQL's original developer after he sold MySQL to Oracle. Contains bug fixes that sometimes have not gotten into MySQL yet. It is of course fully compatible with MySQL databases.
Basic security hardening (I'd probably use OSSEC + Shorewall instead of fail2ban and ufw, but I'm not an expert at this ¯\_(ツ)_/¯ )
nginx configuration for improved security (and performance): GitHub Gist | blog post (8.8.8.8 and 8.8.4.4 are both Google Public DNS resolvers, so if you enable OCSP stapling, use a more privacy friendly DNS resolver, like Njalla's public DNS, one of the DNS resolvers mentioned on PrivacyTools, one of the DNS resolvers in DNS66's settings, or an OpenNIC server that doesn't keep logs. Digitalcourage e.V. and Chaos Computer Club are pretty trustworthy organizations, so their DNS servers from DNS66's settings along with Njalla's DNS resolver are probably solid, at least. Few OpenNIC servers seem to last very long, judging by that most of them were added in 2019 and 2020. If you use CloudFlare for the site, just use CloudFlare's 1.1.1.1 DNS, they'll get site traffic data regardless, so just use them for that DNS resolver as well instead of sending out data to another party.
nginx tuning for best performance
nginx SSL/TLS hardening including HTTP Strict Transport Security
Top 25 Nginx Web Server Best Security Practices
Let's Encrypt auto-renewal script
If you need FTP server software, Pure-FTPd is the most secure option. Use SFTP instead of FTPS for better security and less of a headache.
Disable password access for administration, require login using a SSH key, and limit the number of login attempts.
Change default ports, like SSH. If anyone tries to access the default SSH port, have the firewall block them for a few hours.
Disable root login.
More security tips for SSH are available here. Don't implement port knocking though.
Disable nginx logging once everything is set up to protect user privacy and improve performance.
Keep the software up to date to decrease the risk of your serveVPS being hacked.
Don't use analytics. If you have to, self-host Matomo (formerly known as Piwik). It's open source.
Keep up to date backups of the site on multiple hard drives/SSDs/etc.
Anonymous payments
Bitcoin is fully traceable nowadays and tumbling/mixing your Bitcoin won't make any difference.

Tumblers are useless
Against my better judgement, I’m going with this click bait heading, but the premise is correct. Due to the software running real time analysis on the ledger, simply avoiding taint and breaking up coins is now entirely ineffective, as it matches the full bitcoin amount to be received over a period of time, as the software is built around a neural net of sorts (talking out of school here, I’m not a programmer) it appears to self-correct in real time as a more "likely" or "accurate" owner conclusion is reached.

Source: Blockchain Analysis and Anti-Money Laundering (X-post from /DarknetmarketsOz)
Meanwhile Monero was the only cryptocurrency that that the US government couldn't track when they took down one of one of the biggest darknet drug markets and seized the site operator's cryptocurrencies. This is because Monero is the only major cryptocurrency properly designed to be private.
Update:
There has apparently been some recent developments when it comes to tracing Monero. You can read more about it in my comment on Reddit or Raddle. I wouldn't worry too much about it at this stage though.
Use I2P or Tor when transacting with cryptocurrency. I2P has some privacy benefits in its design over Tor:

Unidirectional tunnels instead of bidirectional circuits, doubling the number of nodes a peer has to compromise to get the same information. Protection against detecting client activity, even when an attacker is participating in the tunnel, as tunnels are used for more than simply passing end to end messages (e.g. netDb, tunnel management, tunnel testing) Tunnels in I2P are short lived, decreasing the number of samples that an attacker can use to mount an active attack with, unlike circuits in Tor, which are typically long lived. I2P APIs are designed specifically for anonymity and security, while SOCKS is designed for functionality.

However, I2P doesn't have as much funding and reseach or as big of a developer community behind it. I2P's userbase is also a lot smaller than Tor's. A full comparison about that can be found here. Monero chose I2P over Tor.
More information about Monero + I2P/Tor is available here.
Either get cryptocurrency donations or use a peer-to-peer exchange that doesn't enforce KYC (Know Your Customer) to buy Monero or Bitcoin. Unlike centralized exchanges, private sellers on decentralized exchanges won't automatically submit all their data to the government. Even if you get all of the cryptocurrency via donations and it therefore has no connection to your real identity at all you should still anonymize it via Monero so that it can't be traced from the donation wallet to the hosting provider which you want to keep hidden.
Some private sellers on peer-to-peer exchanges won't require IDs, while some might require it. If nothing is mentioned, it's worth asking the seller before you send them any money. A few even accept cash meetups and cash by mail (watch out for being scammed or mugged though). If you do go to a crypto for cash meetup, make sure it's in a public place with lots of people in case something goes wrong. LocalCoinSwap, LocalCryptos, and LocalMonero even has sellers that accept gift cards (which you could buy with cash in a physical store). However, most gift cards are only redeemable in the country they were bought in, making this an option that won't work outside of the countries the sellers are based in. The one exception to this that I know of are Steam Wallet gift cards, which work internationally.
If your method of paying for cryptocurrency involves going somewhere to buy it/a gift card/a prepaid card/a burner phone, consider leaving your phone at home since it's essentially a tracking beacon. If it's a cryptocurrency for cash meetup you might want to have it with you in case something goes wrong though.
From what I've read there are some centralized exchanges that don't require KYC, but at least some of them freeze funds if they think it seems suspicious (which I would imagine a Tor IP would fall under) and they refuse to release the funds until they have been provided with an ID.
If you decide to buy cryptocurrency using a normal payment method, a wire transfer would be the option that involves the least amount of companies getting the transaction info, though I don't think you'd have much recourse with getting your money back if you got scammed and paid via wire transfer.
Bitcoin ATMs may require ID and usually have surveillance cameras around them, but this may vary depending on where you live.
If you bought Bitcoin, use XMR.to to exchange it to Monero. If the service provider only accepts Bitcoin and not Monero, exchange the Monero back to Bitcoin so that the Bitcoin has been anonymized. Don't pay in Bitcoin without exchanging it to Monero and back first.
Prepaid cards usually require SMS verification and are sometimes limited to purchases within the country they were sold in, so be sure to read up on whatever card you're considering using. Vanilla Visa gift cards used to be the go to for VPN buyers back in the day since they only required putting a zip code into a website, but things change, so read up about activation requirements and international purchases for the card in your country before buying anything and if you get information from an unofficial source, try and make sure that it's at least somewhat recent. If SMS activation is required there are two options. One option is buying a push-button burner phone and a prepaid SIM card at a physical store using cash, activate it at a major public place and then once the prepaid card is activated shut off the phone and take out the SIM card and the battery. Another option is buying access to a dedicated number in the same country that you bought the card in at an online SMS inbox site using cryptocurrency (the free SMS inboxes that have shared phone number might be used up already). The catch 22 there is that you wouldn't have any cryptocurrency yet at this stage, so it's not really an option unless you figure something out that I wasn't able to think of. If the prepaid card can't do international purchases you could withdraw the money into an anonymously created PayPal account (requires SMS verification). Expect the prepaid card and PayPal account to almost certainly get frozen if you try to pay with it over Tor. The risk is lower when paying via a VPN IP, but it's still a notable risk, especially if it's a VPN server with lots of users and you can never verify that the VPN provider isn't logging you. An anonymously paid for self-hosted VPN on a dedicated IP address in the same country that you bought the prepaid card would be less likely to cause the card to get frozen. A residential proxy/proxy would be the least likely to get the card frozen. Just don't connect to that residential or self-hosted VPN/proxy directly using your real IP address since your ISP would see that and since you would be the only user of that self-hosted VPN it would be directly identifying. You could use the prepaid card on public WiFi, but that will give out your general location and will give the WiFi network your IP address. It will also give the WiFi network your MAC address, so be sure to set the MAC address to be random (just search something like "[operating system] random mac address on wifi" on DuckDuckGo). Then there's the issue that most browsers other than Tor Browser, SecBrowser, and Bromite are bad combating browser fingerprinting. Sure you could also customize Firefox with arkenfox user.js (formerly known as ghacks-user.js) and a bunch of add-ons to combat all the different kinds of tracking, but you'll just make your browser more unique the more you modify it.
Anonymous Internet browsing
Use Tor when doing anything in connection with the site, including when using PuTTY and FileZilla. Verify the integrity of the Tor Browser installer using PGP before running it so that you know that it hasn't been tampered with. Use a bridge if you don't want your ISP/government to see that you're using Tor. Running Tor over a VPN may seem like a good idea, but even if the VPN provider really doesn't keep logs (which is impossible to verify) using Tor over VPN can make you easier to track since that makes the VPN service a permanent entry node [1][2][3][4] and there's also VPN fingerprinting. If Deep Packet Inspection (DPI) is a concern you can use Pluggable Transports [1][2] to disguise the Tor traffic. Keep Tor Browser up to date. Never run Tor Browser in full screen. That makes you more easily trackable as websites can detect the real resolution of your screen. Don't install any add-ons or plugins, that makes you a lot easier to track. If you have logged in and then logged out of a site it can link you to other accounts you have on the same site using session cookies if you login to those accounts without hitting the "New Identity" button to relaunch Tor Browser with a clean slate. Block JavaScript when the website doesn't require it, that's the closest thing you'll come to an ad blocker. Use the Hidden Service version of sites when available, that way your Internet traffic never goes onto the clearnet and it also adds three more proxies between you and the site's server for a total of six proxies.
Since you shouldn't use an ad blocker with Tor Browser it's important that you keep your operating system up to date to minimize the risk of getting infected in case you come across some malicious JavaScript via for example malvertising when you have JavaScript activated.
If you use Windows and don't want to switch to Linux (even though you can set up dual boot or just boot it from a USB without even having to install it on your computer), use a non-admin user account and have an admin account that you only use to authorize trusted software to run, that will mitigate 94% of critical Windows vulnerabilities. You can use a tool like W10Privacy to decrease the amount of tracking in Windows 10, just be sure that the tool you use is updated to match the latest version of Windows 10 or you might brick your OS.
Email
Use an end-to-end encrypted no logs email provider located outside of Five Eyes, Germany, Enemies of the Internet, and countries under surveillance - preferably ProtonMail - when signing up for all of those services. Use a different email address for anything not related to the administration of the website. ProtonMail has a Tor Hidden Service, but signing up for ProtonMail is only possible on the clearnet address, so you'd have to go into Tor Browser's privacy settings and change "Prioritize .onion sites when known" from "Always" to "Ask every time" when you register the ProtonMail account. Change it back to "always" once the registration is complete. And yes, it is possible to sign up for ProtonMail via Tor. It's not easy finding an exit node that hasn't gotten blocked yet, and you will most likely need a secondary anonymous email account on another email provider to send a verification code to, but it is possible. Don't try using a disposable email service, ProtonMail blocks pretty much all of them so you'll just waste time and will probably get your account frozen. Once you have made an account, go into Settings > Security and then wipe and disable the authentication logs. Once that's done - before you sign up for anything - log out and wait a while then log back in, just to see if their anti-fraud system decides to freeze your account or not.
If you go for a email provider other than ProtonMail, keep in mind that it has to be there for the long haul in order to be usable. If it suddenly shuts down without notice, you're pretty much shit out of luck. So try and go for one that has been around for a while and seems like it will continue to stick around.
Comparison of alternatives:
https://privacytools.io/providers/email/
https://www.safetydetectives.com/blog/email-comparison/#3
https://www.prxbx.com/email/
Other
Use a new username that you haven't used before.
Use end-to-end encryption for all private communications. ProtonMail has built-in end-to-end encryption between ProtonMail accounts. If you want to encrypt email with PGP when communicating with non-ProtonMail users follow this guide. That will allow you to import it into ProtonMail. Just remember that the subject line will not be encrypted by PGP. PGP/MIME gives out less metadata than PGP inline and is just better in general, so use PGP/MIME. For file transfers you can also use OnionShare if the receipient also uses Tor Browser or put the file(s) into a password protected .7z file using 7-Zip with the "Encrypt file names" option enabled + a password generator set to the max number of characters that you then upload to Disroot Upload. Be aware that the lufi software that Disroot Upload runs on keeps the filename visible after the file has been deleted. If you need an end-to-end encrypted pastebin, self-host PrivateBin or use Disroot's PrivateBin. Disroot uses a privacy respecting hosting provider and claim that they don't keep logs for services that don't require an account, such as Disroot Upload and Disroot's PrivateBin.
Use DuckDuckGo instead of Google. At least when doing work related to the site. It has a Tor Hidden Service that you can easily find by searching "duckduckgo onion" or "duckduckgo hidden service" on DuckDuckGo.
Rely on open source software and privacy respecting services when it comes to processing and storing data related to the site. PrivacyTools.io, awesome-privacy, AlternativeTo, and GitHub makes it easy to find privacy respecting alternatives.
Keep software on your devices up to date to decrease the risk of it being compromised by an exploit.
And yeah, I probably went pretty deep on some of the less relevant sections, but I thought it was best to include everything.

1) Are you OK with direct message offers from vendors?
NO
2) What are your main reasons for wanting a seedbox?
Currently using Bytesized but the price v storage amount isnt great
3) Are you okay with sharing hardware resources with other users [shared] or do you need the seedbox hardware dedicated to just you [dedicated]?
Speed, anonymity and storage space are the main things, no interest in plex or other streaming ability - so if a shared box will meet these requirements happy with shared.
4) Do you want someone else to be responsible for maintaining the seedbox software (operating system, applications) [managed] or do you want to do it all yourself [unmanaged]?
Happy with any, reasonably experienced using linux
5) Please describe your seedbox experience. (You may wish to list any seedbox providers you've been with before.)
Used both managed and unmanaged in the past
6) Please describe your experience with Linux. (Most seedboxes run Linux and some knowledge of it may be helpful.)
Decent
7) What is the high end of your budget? (Please give a specific amount and a currency. "Cheap" might mean something different to one person than it does to another.)
Top end would be about EUR50, though does depend on what is offered, can go higher if the offer is particularly good
8) Do you have preferences or requirements concerning payment? (Paypal, Bitcoin, etc.)
No
9) Do you plan to use public trackers?
No
10) What kind of connection speed do you need? (Common answers would be 100Mbps, 1Gbps, 2Gbps, 10Gbps.)
1Gbps min
11) How much combined upload and download traffic do you expect each month? Include download of files from the seedbox to your local computer. If you don't know, tell us what upload amount per month would realistically make you very happy with your seedbox.
Varies hugely, highest was about a TB in a month
12) What is the minimum disk space you need?
Main reason for moving, the higher the better
13) Do you require a specific type of mass storage? (HDD, SSD, NVMe SSD) If other than HDD, please explain why you think you need this.
HDD
14) Do you require a specific torrent client?
No
15) Do you require any other applications on the seedbox? (e.g. Plex, Subsonic, Radarr)
(S)FTP Client
16) Do you require SSH access to the command line?
Not require
17) Do you require access to a remote desktop?
Not really though has been useful in teh past
18) Do you require admin level (i.e. 'root') access? If yes, please explain why.
Not really
19) Do you have any other specific requirements?
Must be able to FTP
20) Is there any other information you think might help in getting a useful recommendation?
Not that I can think of.
Would just note some seedbox.io/leaseweb/walkerservers seem to meet the requirements but been waiting a while now for them to become available

LTL, FTP, yadda yadda. Strap in, ‘cause this one’s going to be a wild ride.
This is about the infamous Moomin Black Sun AU, the controversy surrounding it, and how its disastrous downfall caused conflict in a usually peaceful community. Now, if you’ll hang on for a moment, this’ll take a bit of context to set up. However, before we start, I would like to make a quick reminder to please not message/harass anyone involved in this mess. Now, let’s begin, shall we?
What are the Moomins?
The Moomins started out as a children’s book series by Finnish author Tove Jansson about the adventures of a creature named Moomintroll (often shortened to Moomin) and his friends. The series became very popular across the globe, especially in Finland, Sweden, and Japan. Words truly cannot express just how popular and influential the Moomins were in those countries, but for this, I’ll be focusing specifically on its English-speaking fanbase.
Of the various adaptations, the 90s Moomin anime series is widely regarded to be the most popular adaptation for English speakers, as many people grew up with the English dub of the series. Because of it, the Moomins grew a small, but fiercely dedicated fandom in the English-speaking countries. It was like that for a while until just a few years ago, when it started to gain more popularity thanks to a popular YouTube video and the recent ongoing CGI Moominvalley series. Thanks to these, the Moomins gained quite a large fanbase across the internet, including Tumblr, which brings us to the Black Sun AU.
What is an AU?
AU stands for alternate universe. It basically allows people in a fandom to explore what the characters of a certain media would be like in a different or altered setting. For example, what would the main characters in your favorite show be like if they were in college? Boom! College AU. What if they were in a zombie apocalypse? How would that change the characters and how they would interact with each other? Boom! Zombie Apocalypse AU. What if they were royalty? Boom! Royalty AU. You get the idea.
The Black Sun AU
Enter the Black Sun AU. This AU originated on Tumblr. The explanation for the specifics of it can be found here, but I’ll tell you the gist of it. Basically, it explores what would happen if one of the characters, Snufkin, slowly corrupted Moominvalley (the setting of the series) and its inhabitants to be amoral and evil. Cue death, murder, gore, angst, etc.
The main appeal of the AU was people being able to explore the normally happy, lighthearted series in a darker, edgier light that they wouldn’t otherwise be able to. The AU quickly blew up and became the most popular AU of the fandom. The creator of the AU, Shibe, drew plenty of incredibly stylistic and appealing art for it, which only further contributed to its popularity. People began drawing fanart for it, writing fanfiction, and even creating spinoff AUs of the main AU. Needless to say, the Black Sun AU gathered quite a bit of attention.
Things continued like that for a while, with people exploring the AU’s world, concepts, and themes. At least, that is until May 25, 2020, when a user named @blacksuncallout posted a callout for Shibe. In a google doc (NSFW) linked in the callout post, several things were brought to light.
Now, ever since the beginning of the AU, it was made clear that Shibe does not condone incest, sexual abuse, or pedophilia. The AU could explore dark themes, yes, but there was a limit when it came to what some may consider to be genuinely problematic.
However, the google doc revealed that on Twitter, Shibe followed many artists that produce artworks that involve bestiality, underaged people in sexual situations, and incest. Now, that on its own would be pretty controversial. However, the rabbit hole goes deeper. First, let me explain something that’ll help give a bit of context.
What is Joxkin and why is it so controversial?
Joxkin is the name for the romantic pairing between the characters Snufkin and the Joxter. The problem? The Joxter is Snufkin’s father. You can probably see why many people had issues with this. The Joxkin shippers are a small portion of the fan base, and they are pretty much universally disliked due to accusations of pedophilia and incest. That’s why they usually tend to keep to themselves.
Now, back to the drama.
The google doc then went on to reveal that there was a private Twitter account, @Poppy_seed, that posted artwork in a style that was remarkably similar to Shibe’s distinct style. (View the google doc for side-by-side comparisons and additional info. Warning: NSFW) The catch? This account posted quite of bit of underage porn, depictions of abuse of minors, and incest art, including Joxkin art. Both accounts followed similar people and had the same mutuals. However, in the past, Shibe had denied being Poppy_seed. The original google doc ended by stating that it was very likely that both accounts were run by the same person, invited people to come to their own conclusions, and generally wished to raise awareness about the fact that Shibe followed many creators of problematic content and likely participated in it.
As to be expected, chaos ensued. Shibe publicly responded to the callout post in a throwaway account to confirm the fact that she did, in fact, run the other account. In the post, she profusely apologizes for lying and running the account, calling it “reckless” and “idiotic”. She then goes on to explain that around the time of the beginning of the Black Sun AU’s creation, she was already being chastised for drawing NSFW art, so when she came into contact with Joxkin shippers who started talking to her because of the AU, they quickly became friends because Shibe sympathized with them. From there, Shibe claimed that she only really drew Joxkin art in an attempt to fit in and be accepted by the Joxkin community despite not actually being a fan of the Joxkin ship itself. She ended the post by again apologizing for everything.
The community was divided by this. One side sympathized with Shibe and forgave her, saying that she apologized and that a witch hunt wouldn’t help anything. A few people who personally knew Shibe spoke up and said that she was a genuinely nice person who deserved a chance to improve. The other side, however, couldn’t forgive Shibe, saying that Shibe only apologized because she was caught. They were also skeptical of Shibe’s claim that she only drew Joxkin art to make friends. They also criticized Shibe for not addressing the fact that she followed bestiality and child porn artists on twitter in her initial apology post. Shibe first responded to that by stating that she simply appreciated all art and didn’t judge people for the content. She initially deflected all accusations of being into that content, but later admitted that she had a problem and that she probably needed therapy.
The Aftermath
After this, Shibe made several apology posts in which she owned up to her faults. She then made a post about her joining her first SAA (Sex Addicts Anonymous) meeting for her addiction to the problematic content. After this, she made a goodbye post, announcing that she was officially ending the Black Sun AU and that she would be off the internet for a while while she recovers. A few months later, she posted on the main Black Sun AU blog and said that although she originally intended to continue the Black Sun AU after her recovery, she decided not to because it fills her with too much shame. This is when she officially ended the AU for good and asked people to not continue it.
So there you have it! A dark corner of the usually wholesome, happy fandom was brought to light. I hope you enjoyed this post! It was really interesting to write. I was a fan of the AU before this all happened. Although I didn’t participate in the drama, I watched it all go down, so it was interesting to revisit it in order to document it. Here’s the main Black Sun AU tumblr link if you’re interested.
I’m honestly glad that Shibe got therapy, and I sincerely hope that she’s doing better now mentally. Once again, I ask for people to please not harass her or anyone else involved. Thanks for reading!

I am currently testing the machine aMaze (https://www.vulnhub.com/entry/amaze-1,573/). With Nmap, I found four open ports: 21 (FTP), 22 (SSH), 80 (Webserver), 8000 (Jenkins).

• With Port 21 I could login with anonymous but I couldn't find any files there.
• On Port 80 I found a login page (/login.php) and a logout page (/logout.php) and I tried some to run hydra with username admin on login page but couldn't find any login credentials. There is one thing which catched my eyes when looking into the source code of /login.php. I saw these two lines But at the moment I don't have any clues what to do to produce some useful error messages.
• The most promising way was on port 8000. With the credentials (username jenkins, password jenkins) I could login to that Jenkins application and could run a reverse shell to my kali linux machine. I ended up as root in a docker container. As far as I can tell this docker container does not run in privileged mode. But I found a directory under /root/.git which gave me some hint:

``` commit e7045388b6b30739fd29f577903ab778502c4895 Author: swapneil [email protected] Date: Tue Jan 28 15:43:53 2020 +0000
Finally deleted the sensitive data from my box
diff --git a/Git?Scope? b/Git?Scope? deleted file mode 100644 index eafd2fc..0000000 --- a/Git?Scope? +++ /dev/null @@ -1,2 +0,0 @@ -I need to delete this token, so no one can access it! -512fb73b2108f9c882fe3ff559ef4bc9496f4dc2 ```
I googled that token but couldn't find any hints to that.
From now on, what would be your next steps?
Edit I forgot to mention that I have already root rights in that docker container.
Edit 2 I added information I found about port 80.

I forgot to post it here, might be valuable as it debloats phones of Google and other corporation software in general. The guide is nearly fully FOSS supported, and the only non FOSS XDA app does not require internet to function.
NOTE (June) 15/06/2020: r_privacy moderator trai_dep revengefully deleted my highly gilded 1.0 guide post before.
UPDATED 16/8/2020: Major edit, replaced closed source App Ops and Shizuku with AppOpsX (Free Open source) on F-Droid. This guide is nearly FOSS supported now.
UPDATED 17/9/2020: MAJOR EDIT, replaced closed source Access Dots with Privacy Indicator (FOSS) on Izzy's F-Droid repo. This guide is completely FOSS.
Hello! I am the founder of /privatelife . Finally my smartphone non root guide is back, and there are some big upgrades. I was taking time to test everything myself on my daily driver, so apologies for keeping everyone in the wait, but stability and ease of use is the important goal to strive in my playbook. Privacy must be accessible to maximum amount of people without being annoying or tedious.
A kind request to share this guide to any privacy seeker.

User and device requirement

• ANY Android 9+ device
• knowledge of how to copy-paste commands in Linux or Mac Terminal/MS-DOS Command Prompt (for ADB, it is very simple, trust me)

Why not Apple devices?

iPhone does not allow you to have privacy due to its blackbox nature, and is simply a false marketing assurance by Apple to you. Recently, an unpatchable hardware flaw was discovered in Apple's T1 and T2 "security" chips, rendering Apple devices critically vulnerable.
17/9/2020: Apple gave the FBI access to the iCloud account of a protester accused of setting police cars on fire.
Also, they recently dropped plan for encrypting iCloud backups after FBI complained. They also collect and sell data quite a lot. Siri still records conversations 9 months after Apple promised not to do it. Apple Mail app is vulnerable, yet Apple stays in denial.
Also, Apple sells certificates to third-party developers that allow them to track users, The San Ferdandino shooter publicity stunt was completely fraudulent, and Louis Rossmann dismantled Apple's PR stunt "repair program".
Also, Android's open source nature is starting to pay off in the long run. Apple 0-day exploits are far cheaper to do than Android.

LET'S GO!!!

ALL users must follow these steps before "for nerdy users" section.
Firstly, if your device is filled to the brim or used for long time, I recommend backing up your data and factory resetting for clean slate start.

• Sign out all your Google and Huawei/Samsung/other phonemaker accounts from your device so that SettingsAccounts do not show any sign-ins except WhatsApp/Telegram
  
• Install ADB on your Linux, Windows or Mac OS machine, simple guide: https://www.xda-developers.com/install-adb-windows-macos-linux/
  
• Use "Universal Android Debloater" to easily debloat your bloated phone.
  

NOTE: Samsung users will lose Samsung Pay, as Samsung has been caught and declares they sell this data: https://www.sammobile.com/news/samsung-pay-new-privacy-policy-your-data-sold/

• Make DIY camera covers, for front camera notch use a tiny appropriate-sized thin opaque plastic cutout and use an invisible tape to stick it in place, replace every month (cost: tape roll and one minute of your time per month). My rear camera cover
  
• Install F-Droid app store from here
  
• Install NetGuard app firewall (see NOTE) from F-Droid and set it up with [privacy based DNS like Uncensored DNS or Tenta DNS or AdGuard DNS]
  

NOTE: NetGuard with Energized Ultimate HOSTS file with any one of the above mentioned DNS providers is the ultimate solution.
NOTE: Set DNS provider address in Settings -> Advanced settings VPN IPv4, IPv6 and DNS

• In F-Droid store, open Repositories via the 3 dot menu on top right and add the following links below:

1. https://rfc2822.gitlab.io/fdroid-firefox/fdroid/repo?fingerprint=8F992BBBA0340EFE6299C7A410B36D9C8889114CA6C58013C3587CDA411B4AED
   
2. https://apt.izzysoft.de/fdroid/repo?fingerprint=3BF0D6ABFEAE2F401707B6D966BE743BF0EEE49C2561B9BA39073711F628937A
   
3. https://guardianproject.info/fdroid/repo?fingerprint=B7C2EEFD8DAC7806AF67DFCD92EB18126BC08312A7F2D6F3862E46013C7A6135
   

Go back to F-Droid store home screen, and hit the update button beside the 3 dot menu.

LIST OF APPS TO GET

• Get Firefox Beta web browser from F-Droid (install uBlock Origin addon inside (if technically advanced, try doing this)). Also get Firefox Klar if you like a separate incognito browser.
  
• Get Aurora Store from F-Droid for apps from Play Store without actually using Play Store, use Anonymous option to sign in
  
• for 3rd party APKs source them only from APKMirror OR APKPure OR APKMonk, quite trusted, BUT TRY AND AVOID IT IF POSSIBLE
  
• Get Privacy Indicator from F-Droid for iOS 14 like camera/mic dot indicator feature
  
• Get OSMAnd+ from F-Droid or Qwant Maps inside web browser for maps and/or print physical maps if you live and travel in one or two states or districts.
  

NOTE: Qwant Maps has better search results than OSMAnd+

• Get PilferShush Jammer from F-Droid to block microphone (use this in malls, restaurants or such public places if you can to prevent beacon tracking)
  
• Get OpenBoard (user friendly) OR AnySoftKeyboard (nerd friendly) from F-Droid instead of Google GBoard, Microsoft SwiftKey et al, they are closed source keylogger USA spyware
  
• Get FTP Server (Free) from F-Droid and FileZilla on computer for computer-to-phone internet less file sharing
  

NOTE: for phone-computer sync or sharing, can TRY KDE Connect, available for Android, Windows, Linux

• Get TrebleShot instead of SHAREIt for phone to phone file sharing
  
• Get K-9 Mail or FairEmail as e-mail client
  
• Get NewPipe for YouTube watching, or YouTube in Firefox Preview/Klar
  
• Get QKSMS from F-Droid as SMS client app
  
• Get Shelter from F-Droid to sandbox potential apps that you must use (eg WhatsApp or Discord or Signal)
  
• Get SuperFreezZ from F-Droid to freeze any apps from running in background
  
• Get Librera Pro from F-Droid for PDF reader
  
• Get ImgurViewer from F-Droid for opening reddit/imguother image links without invasive tracking
  
• Get InstaGrabber from F-Droid for opening Instagram profiles or pictures without invasive tracking (seems like a revived fork is here, thanks u/sad_plan )
  
• Get GreenTooth from F-Droid to set Bluetooth to disable after you have used it
  
• Get Material Files or Simple File Manager from F-Droid for file manager app
  
• Get ImagePipe from F-Droid if you share lot of pictures, and want to clear EXIF metadata snooping (often photos contain phone model, location, time, date)
  
• Get Note Crypt Pro from F-Droid for encrypted note taking app
  
• Get Vinyl Music Player from F-Droid for music player
  
• Get VLC from F-Droid for video player
  

CRITICAL FOR CLIPBOARD, LOCATION AND OTHER APP FUNCTION BLOCKING

I would say this is one of the critical improvements in my guide, and will solve the problem of clipboard and coarse location snooping among other things.
AppOpsX is a free, open source app that allows to manage granular app permissions not visible normally, with the help of ADB authorisation without root. This app can finely control what granular information apps can access on your phone, which is not shown in app permissions regularly accessible to us.
Now that you would have set up your phone with installing apps, now is a good time to perform this procedure.
Step 1: Install AppOpsX from F-Droid. (https://f-droid.org/en/packages/com.zzzmode.appopsx/)
Step 2: Plug phone to computer, and enable USB debugging in Settings Developer Options (you probably already did this in the starting of the guide)
Step 3: Keep phone plugged into computer until the end of this procedure! Open AppOpsX app.
Step 4: On computer, type commands in order:
adb devices
adb tcpip 5555
adb shell sh /sdcard/Android/data/com.zzzmode.appopsx/opsx.sh &
Step 5: Now open "AppOpsX" app, and:

• disable "read clipboard" for apps except your messengers, notepad, office suite, virtual keyboard, clipboard monitor apps et al.

NOTE: Most apps that have text field to copy/paste text require this permission.

• disable "modify clipboard" for every app except for your virtual keyboard or office suite app or clipboard monitostack special apps.
  
• disable "GPS", "precise location", "approximate location" and "coarse location" for every app except your maps app (Firefox and OSMAnd+)
  
• disable "calendar" for every app except your calendar and email app
  
• disable "read contacts", "modify contacts" and "get contacts" for every app except your "Phone", "Phone Services", "Phone/Messaging Storage", contacts and messenger apps
  
• disable all "send/receive/view messages" permissions for every app except "Phone", "Phone Services", "Phone/Messaging Storage", QKSMS, contacts, dialler and messenger apps
  
• disable "body sensors" and "recognise physical activity" for every app except games needing gyroscope, or any compass dependent app like camera or bubble leveling app
  
• disable "camera" for every app except your camera and messenger apps
  
• disable "record audio" for every app except camera, recorder, dialler and messenger apps
  
• disable all "Phone" permissions for apps except your SMS app (like QKSMS) and Contacts, Dialler and call recorder apps
  
• disable "change WiFi state" for every app except file sharing apps (like TrebleShot)
  
• disable "display over other apps" for any third party app not from F-Droid
  
• disable "read storage" and "write storage" for apps except file manager, file sharing app and messenger apps
  
• enable all permissions for "Phone", "Phone Services" and "Phone/Messaging Storage" system apps, critical for cell radio calling and sending SMS
  

Step 6: Profit! Now you can plug off phone from computer.
NOTE: Remember to use AppOpsX everytime you install a new app outside of F-Droid store, which is done not too often by people.

FOR NERDY USERS

• Get App Manager from Izzy's F-Droid repo (here) to inspect app's manifest, trackers, activities, receivers, services and even signatures via Exodus Privacy built-in, all without root
  
• Get Warden from Izzy's F-Droid repo (here) for checking loggers (rest app is inferior to App Manager)
  

HOW TO USE NETGUARD

By default, all apps will be blacklisted from WiFi and mobile data access.
If not, go to Settings via 3 dot menu Defaults (white/blacklist) Toggle on "Block WiFi", "Block mobile" and "Block roaming"
Whitelist your web browsers, messengers (WhatsApp, Zoom et al), file sharing apps, download managers, "Aurora Store" app and any game if needs internet and give them WiFi and mobile data access.
Also, whitelist "Downloads" and "Download Manager" as these are system apps that allow web browsers and other apps without built-in downloader to download files. Whitelisting this will keep apps and system stable.

WHICH PHONE BRANDS ARE GOOD AND BAD? (FACTS)

Now we will need to evaluate what manufacturers are relatively safe, no appeasing, I will be blunt. I will make tier lists to help. I will give explanation for each, so read before jumping with pitchforks.
NOTE: If you have anti-Chinese political allergy, kindly read facts, or choose the other non-Chinese options listed.
Tier 1: Huawei/Honor, Asus, Nokia, Motorola, Sony, LG, FairPhone
Tier 2: Samsung, OnePlus, Oppo, Vivo, Xiaomi, Realme
Tier NOPE NOT AT ALL: Google
FairPhone: Clean software, ethical, recyclable components, good phone but bit extra price for midrange hardware. Status: good.
Huawei: (still no evidence by US government after one year of market protectionism ban, contrary to what Sinophobic US propaganda and condemned joke research papers (refer to this for why), may make you believe, all countries except US, Australia, Japan and UK are allowing them for 5G participation, there is absolutely ZERO EVIDENCE against specifically Huawei (does not count other Chinese companies), earlier ironically audited by UK GCHQ to be safe and on any of their global devices, to date there has been no telemetry found IFF you do NOT use Huawei ID account or Huawei AppGallery store (as instructed above). I have an OpenKirin rooted unlocked Honor 6X, and now a locked P30 Lite to confirm this.
If Huawei's CEO is a former PLA technician, so do plenty US companies. What does it prove?
NOTE: Real reason for this propaganda ban is USA could not monopolise 5G unlike it did 4G, and so they are playing their cards to put China out of commission. And Huawei did not steal 5G from USA, since USA does not even have a proper 5G vendor yet.
To add, for the rest of world outside China it is better to own a device from a country which has no jurisdiction over them, and you can use their phones without Huawei and Google accounts very safely. BONUS: baseband modem not associated with NSA. Also, good cameras, battery, display and performance in general. Status: good.
Asus, Sony, Motorola: their software is nearly stock, and as such quite beneficial and peace of mind assuring. Status: good.
LG: less stock-y software, still good. Good cameras. display too. Status: good.
Nokia: a bit of skepticism here with them helping spy with nexus with Russia's MTS and recently found Chinese telemetry as well, but nothing that NetGuard cannot stop by blocking domains via HOSTS from interacting with your device. Status: Potential issues, can be mitigated.
Samsung: Multiple issues with Qihoo 360 on phones with IMEI MAC sent over HTTP, Samsung Pay selling user data with no optout till now, Replicant devs discovering backdoors, Knox hardware blackbox with no idea what microcode it runs, certification from NSA even worrying, lockscreen and notification ads in OneUI, ads on Smart TVs, this all accounts to being quite shady company, but Blokada or NetGuard can mitigate it. Status: avoid for other brands if possible.
Xiaomi: They have quite a bit of telemetry in their MIUI skin, similar to Samsung. Now they have tracking in Incognito Mode in their Browser as well. Status: avoid unless you implement my guide properly.
OnePlus, Oppo, Vivo: They have considerably less telemetry and ads, better than Samsung and Xiaomi. But they will start doing the same thing as Realme which I will mention below soon. Status: potential but passable for now.
Realme: They are implementing ads into their UI, which will soon come to Oppo and Vivo phones too, a bit of an issue. This allows for telemetry and tracking concerns. Status: avoid if possible.
Google: In general an evil megacorp, Titan M security chip is self-claimed to be great on Pixels, but there is no way to verify if the microcode it contains is the same as that open sourced by Google. Having faith in Google's promise of their proprietary closed source chip being clean is like having faith in cyanide not killing a person. Moreover, they are known as:

• NSA partner and collecting data and spy on users in googolplex capacity
  
• AI used by US military for drone bombing in foreign countries based on metadata Google collects on smartphones
  
• use dark patterns in their software to make users accept their TOS to spy
  
• repeated lies about how their data collection works claiming anonymity
  
• forcing users to use their Play Services which is spyware and scareware
  
• monopolising the web and internet via AMP
  
• use of non standard web browser libraries and known attempts to cripple lone standing ethical competitors like Firefox and Gecko web engine (now with Microsoft making their default Edge Chromium-based too)
  

TL;DR there is no summary, privacy is an indepth topic and you must take a couple of hours to go through this simple guide, as long as it looks it should clear all your concerns with smartphone privacy.
This is the best you can do without rooting or modding a phone, and it is working for me since almost a year now, personally tested and verified on my locked P30 Lite.
I have a history of rooting and modding phones, one being an Honor 6X before Huawei disabled unlocking policy, one being a Xiaomi and one being a Lenovo before that. Also, one Samsung Galaxy S2 long time ago.
Credit to w1nst0n for the Universal Android Debloater (authorised me to use his tool). Hope this guide serves as a great tool for any privacy seeker.

After avoiding the windows machines for too long I've started working on what appears to be one of the easier OSCP windows lab machines. Getting user-shell was trivially easy via an asp payload delivered via unrestricted FTP service. w00t. I know at this point I can surely google or searchsploit for a payload that will probably get me root but I want to understand how security works in the NT family of windows more deeply before I go full script kiddie and blindly run whatever the internets tell me will work. Posting here to check in with people smarter than I am re: NT to see if I'm on the right track.
here is a node from my cherrytree notebook describing what I understand thus far as to the basics of how security tokens work for the NT family along with some notes about the target:

• ACCESS TOKEN * an access token is an object encapsulating the security identity of a process or thread. A token is used to make security decisions and to store tamper-proof information about some system entity.
* [types] * [primary tokens] * can only be associated to processes and they represent a process' security subject. the creation of primary tokens and their association to process are both privileged operations requiring two different privileges in the name of ‘privilege separation’ * [impersonation token] * impersonation is a security concept implemented in WindowsNT that allows a server application to temporarily ‘be’ the client in terms of access to secure objects. impersonation has four possible levels: * anonymous * identification * impersonation * delegation
• [tokens on TARGET] * SeAssignPrimaryTokenPrivilege * replace a process level token
* SeChangeNotifyPrivilege * bypass traverse checking. enabled by default for all users. ex-> you have access rights to a resource located in a sub directory that has a parent directory you don't have access to
* SeIncreaseQuotePrivilege * allows the bearer to adjust the memory quotas for a process
* SeShutdownPrivilege * allows the bearer to force shutdown from the system
* SeUndockPrivilege * allows bearer to remove computer from docking station

​
The target is an XP machine so some of the newer security stuff isn't there. As you can see from the access tokens I presently have - I can't do much besides poke around at present.
It seems as though things work a bit differently in NT-landia than they do in 'nix-ville re: what to look for to elevate my level of access to administrator level. does anyone have any particularly good resources on the 'why' how NT security works, what the common things to look for are, and why those work? For example, in the 'putting it all together' section of the OSCP manual, there's a demonstration of how to elevate priv on an NT-family machine using the 'wmic' command to get a service list and to look for services with unquoted service-paths. While I can look for that because the book told me to - I definitely would *not* have thought to look for that if the manual hadn't mentioned it. What other kinds of things that are NT specific are things to look for?
Also - I'm pretty sure UAC didn't get introduced until a version of windows post winXP so setting that aside - is there anything else in terms of broad NT security concepts that I should know about beyond these tokens?
ty!

NOTE (June) 15/06/2020: r_privacy moderator trai_dep revengefully deleted my highly gilded 1.0 guide post before.
UPDATED 16/8/2020: Major edit, replaced closed source App Ops and Shizuku with AppOpsX (Free Open source) on F-Droid. This guide is nearly FOSS supported now.
UPDATED 17/9/2020: MAJOR EDIT, replaced closed source Access Dots with Privacy Indicator (FOSS) on Izzy's F-Droid repo. This guide is completely FOSS.
Hello! I am the founder of /privatelife . Finally my smartphone non root guide is back, and there are some big upgrades. I was taking time to test everything myself on my daily driver, so apologies for keeping everyone in the wait, but stability and ease of use is the important goal to strive in my playbook. Privacy must be accessible to maximum amount of people without being annoying or tedious.
A kind request to share this guide to any privacy seeker.

User and device requirement

• ANY Android 9+ device
• knowledge of how to copy-paste commands in Linux or Mac Terminal/MS-DOS Command Prompt (for ADB, it is very simple, trust me)

Why not Apple devices?

iPhone does not allow you to have privacy due to its blackbox nature, and is simply a false marketing assurance by Apple to you. Recently, an unpatchable hardware flaw was discovered in Apple's T1 and T2 "security" chips, rendering Apple devices critically vulnerable.
17/9/2020: Apple gave the FBI access to the iCloud account of a protester accused of setting police cars on fire.
Also, they recently dropped plan for encrypting iCloud backups after FBI complained. They also collect and sell data quite a lot. Siri still records conversations 9 months after Apple promised not to do it. Apple Mail app is vulnerable, yet Apple stays in denial.
Also, Apple sells certificates to third-party developers that allow them to track users, The San Ferdandino shooter publicity stunt was completely fraudulent, and Louis Rossmann dismantled Apple's PR stunt "repair program".
Also, Android's open source nature is starting to pay off in the long run. Apple 0-day exploits are far cheaper to do than Android.

LET'S GO!!!

ALL users must follow these steps before "for nerdy users" section.
Firstly, if your device is filled to the brim or used for long time, I recommend backing up your data and factory resetting for clean slate start.

• Sign out all your Google and Huawei/Samsung/other phonemaker accounts from your device so that SettingsAccounts do not show any sign-ins except WhatsApp/Telegram
  
• Install ADB on your Linux, Windows or Mac OS machine, simple guide: https://www.xda-developers.com/install-adb-windows-macos-linux/
  
• Use "Universal Android Debloater" to easily debloat your bloated phone.
  

NOTE: Samsung users will lose Samsung Pay, as Samsung has been caught and declares they sell this data: https://www.sammobile.com/news/samsung-pay-new-privacy-policy-your-data-sold/

• Make DIY camera covers, for front camera notch use a tiny appropriate-sized thin opaque plastic cutout and use an invisible tape to stick it in place, replace every month (cost: tape roll and one minute of your time per month). My rear camera cover
  
• Install F-Droid app store from here
  
• Install NetGuard app firewall (see NOTE) from F-Droid and set it up with [privacy based DNS like Uncensored DNS or Tenta DNS or AdGuard DNS]
  

NOTE: NetGuard with Energized Ultimate HOSTS file with any one of the above mentioned DNS providers is the ultimate solution.
NOTE: Set DNS provider address in Settings -> Advanced settings VPN IPv4, IPv6 and DNS

• In F-Droid store, open Repositories via the 3 dot menu on top right and add the following links below:

1. https://rfc2822.gitlab.io/fdroid-firefox/fdroid/repo?fingerprint=8F992BBBA0340EFE6299C7A410B36D9C8889114CA6C58013C3587CDA411B4AED
   
2. https://apt.izzysoft.de/fdroid/repo?fingerprint=3BF0D6ABFEAE2F401707B6D966BE743BF0EEE49C2561B9BA39073711F628937A
   
3. https://guardianproject.info/fdroid/repo?fingerprint=B7C2EEFD8DAC7806AF67DFCD92EB18126BC08312A7F2D6F3862E46013C7A6135
   

Go back to F-Droid store home screen, and hit the update button beside the 3 dot menu.

LIST OF APPS TO GET

• Get Firefox Beta web browser from F-Droid (install uBlock Origin addon inside (if technically advanced, try doing this)). Also get Firefox Klar if you like a separate incognito browser.
  
• Get Aurora Store from F-Droid for apps from Play Store without actually using Play Store, use Anonymous option to sign in
  
• for 3rd party APKs source them only from APKMirror OR APKPure OR APKMonk, quite trusted, BUT TRY AND AVOID IT IF POSSIBLE
  
• Get Privacy Indicator from F-Droid for iOS 14 like camera/mic dot indicator feature
  
• Get OSMAnd+ from F-Droid or Qwant Maps inside web browser for maps and/or print physical maps if you live and travel in one or two states or districts.
  

NOTE: Qwant Maps has better search results than OSMAnd+

• Get PilferShush Jammer from F-Droid to block microphone (use this in malls, restaurants or such public places if you can to prevent beacon tracking)
  
• Get OpenBoard (user friendly) OR AnySoftKeyboard (nerd friendly) from F-Droid instead of Google GBoard, Microsoft SwiftKey et al, they are closed source keylogger USA spyware
  
• Get FTP Server (Free) from F-Droid and FileZilla on computer for computer-to-phone internet less file sharing
  

NOTE: for phone-computer sync or sharing, can TRY KDE Connect, available for Android, Windows, Linux

• Get TrebleShot instead of SHAREIt for phone to phone file sharing
  
• Get K-9 Mail or FairEmail as e-mail client
  
• Get NewPipe for YouTube watching, or YouTube in Firefox Preview/Klar
  
• Get QKSMS from F-Droid as SMS client app
  
• Get Shelter from F-Droid to sandbox potential apps that you must use (eg WhatsApp or Discord or Signal)
  
• Get SuperFreezZ from F-Droid to freeze any apps from running in background
  
• Get Librera Pro from F-Droid for PDF reader
  
• Get ImgurViewer from F-Droid for opening reddit/imguother image links without invasive tracking
  
• Get InstaGrabber from F-Droid for opening Instagram profiles or pictures without invasive tracking (seems like a revived fork is here, thanks u/sad_plan )
  
• Get GreenTooth from F-Droid to set Bluetooth to disable after you have used it
  
• Get Material Files or Simple File Manager from F-Droid for file manager app
  
• Get ImagePipe from F-Droid if you share lot of pictures, and want to clear EXIF metadata snooping (often photos contain phone model, location, time, date)
  
• Get Note Crypt Pro from F-Droid for encrypted note taking app
  
• Get Vinyl Music Player from F-Droid for music player
  
• Get VLC from F-Droid for video player
  

CRITICAL FOR CLIPBOARD, LOCATION AND OTHER APP FUNCTION BLOCKING

I would say this is one of the critical improvements in my guide, and will solve the problem of clipboard and coarse location snooping among other things.
AppOpsX is a free, open source app that allows to manage granular app permissions not visible normally, with the help of ADB authorisation without root. This app can finely control what granular information apps can access on your phone, which is not shown in app permissions regularly accessible to us.
Now that you would have set up your phone with installing apps, now is a good time to perform this procedure.
Step 1: Install AppOpsX from F-Droid. (https://f-droid.org/en/packages/com.zzzmode.appopsx/)
Step 2: Plug phone to computer, and enable USB debugging in Settings Developer Options (you probably already did this in the starting of the guide)
Step 3: Keep phone plugged into computer until the end of this procedure! Open AppOpsX app.
Step 4: On computer, type commands in order:
adb devices
adb tcpip 5555
adb shell sh /sdcard/Android/data/com.zzzmode.appopsx/opsx.sh &
Step 5: Now open "AppOpsX" app, and:

• disable "read clipboard" for apps except your messengers, notepad, office suite, virtual keyboard, clipboard monitor apps et al.

NOTE: Most apps that have text field to copy/paste text require this permission.

• disable "modify clipboard" for every app except for your virtual keyboard or office suite app or clipboard monitostack special apps.
  
• disable "GPS", "precise location", "approximate location" and "coarse location" for every app except your maps app (Firefox and OSMAnd+)
  
• disable "calendar" for every app except your calendar and email app
  
• disable "read contacts", "modify contacts" and "get contacts" for every app except your "Phone", "Phone Services", "Phone/Messaging Storage", contacts and messenger apps
  
• disable all "send/receive/view messages" permissions for every app except "Phone", "Phone Services", "Phone/Messaging Storage", QKSMS, contacts, dialler and messenger apps
  
• disable "body sensors" and "recognise physical activity" for every app except games needing gyroscope, or any compass dependent app like camera or bubble leveling app
  
• disable "camera" for every app except your camera and messenger apps
  
• disable "record audio" for every app except camera, recorder, dialler and messenger apps
  
• disable all "Phone" permissions for apps except your SMS app (like QKSMS) and Contacts, Dialler and call recorder apps
  
• disable "change WiFi state" for every app except file sharing apps (like TrebleShot)
  
• disable "display over other apps" for any third party app not from F-Droid
  
• disable "read storage" and "write storage" for apps except file manager, file sharing app and messenger apps
  
• enable all permissions for "Phone", "Phone Services" and "Phone/Messaging Storage" system apps, critical for cell radio calling and sending SMS
  

Step 6: Profit! Now you can plug off phone from computer.
NOTE: Remember to use AppOpsX everytime you install a new app outside of F-Droid store, which is done not too often by people.

FOR NERDY USERS

• Get App Manager from Izzy's F-Droid repo (here) to inspect app's manifest, trackers, activities, receivers, services and even signatures via Exodus Privacy built-in, all without root
  
• Get Warden from Izzy's F-Droid repo (here) for checking loggers (rest app is inferior to App Manager)
  

HOW TO USE NETGUARD

By default, all apps will be blacklisted from WiFi and mobile data access.
If not, go to Settings via 3 dot menu Defaults (white/blacklist) Toggle on "Block WiFi", "Block mobile" and "Block roaming"
Whitelist your web browsers, messengers (WhatsApp, Zoom et al), file sharing apps, download managers, "Aurora Store" app and any game if needs internet and give them WiFi and mobile data access.
Also, whitelist "Downloads" and "Download Manager" as these are system apps that allow web browsers and other apps without built-in downloader to download files. Whitelisting this will keep apps and system stable.

WHICH PHONE BRANDS ARE GOOD AND BAD? (FACTS)

Now we will need to evaluate what manufacturers are relatively safe, no appeasing, I will be blunt. I will make tier lists to help. I will give explanation for each, so read before jumping with pitchforks.
NOTE: If you have anti-Chinese political allergy, kindly read facts, or choose the other non-Chinese options listed.
Tier 1: Huawei/Honor, Asus, Nokia, Motorola, Sony, LG, FairPhone
Tier 2: Samsung, OnePlus, Oppo, Vivo, Xiaomi, Realme
Tier NOPE NOT AT ALL: Google
FairPhone: Clean software, ethical, recyclable components, good phone but bit extra price for midrange hardware. Status: good.
Huawei: (still no evidence by US government after one year of market protectionism ban, contrary to what Sinophobic US propaganda and condemned joke research papers (refer to this for why), may make you believe, all countries except US, Australia, Japan and UK are allowing them for 5G participation, there is absolutely ZERO EVIDENCE against specifically Huawei (does not count other Chinese companies), earlier ironically audited by UK GCHQ to be safe and on any of their global devices, to date there has been no telemetry found IFF you do NOT use Huawei ID account or Huawei AppGallery store (as instructed above). I have an OpenKirin rooted unlocked Honor 6X, and now a locked P30 Lite to confirm this.
If Huawei's CEO is a former PLA technician, so do plenty US companies. What does it prove?
NOTE: Real reason for this propaganda ban is USA could not monopolise 5G unlike it did 4G, and so they are playing their cards to put China out of commission. And Huawei did not steal 5G from USA, since USA does not even have a proper 5G vendor yet.
To add, for the rest of world outside China it is better to own a device from a country which has no jurisdiction over them, and you can use their phones without Huawei and Google accounts very safely. BONUS: baseband modem not associated with NSA. Also, good cameras, battery, display and performance in general. Status: good.
Asus, Sony, Motorola: their software is nearly stock, and as such quite beneficial and peace of mind assuring. Status: good.
LG: less stock-y software, still good. Good cameras. display too. Status: good.
Nokia: a bit of skepticism here with them helping spy with nexus with Russia's MTS and recently found Chinese telemetry as well, but nothing that NetGuard cannot stop by blocking domains via HOSTS from interacting with your device. Status: Potential issues, can be mitigated.
Samsung: Multiple issues with Qihoo 360 on phones with IMEI MAC sent over HTTP, Samsung Pay selling user data with no optout till now, Replicant devs discovering backdoors, Knox hardware blackbox with no idea what microcode it runs, certification from NSA even worrying, lockscreen and notification ads in OneUI, ads on Smart TVs, this all accounts to being quite shady company, but Blokada or NetGuard can mitigate it. Status: avoid for other brands if possible.
Xiaomi: They have quite a bit of telemetry in their MIUI skin, similar to Samsung. Now they have tracking in Incognito Mode in their Browser as well. Status: avoid unless you implement my guide properly.
OnePlus, Oppo, Vivo: They have considerably less telemetry and ads, better than Samsung and Xiaomi. But they will start doing the same thing as Realme which I will mention below soon. Status: potential but passable for now.
Realme: They are implementing ads into their UI, which will soon come to Oppo and Vivo phones too, a bit of an issue. This allows for telemetry and tracking concerns. Status: avoid if possible.
Google: In general an evil megacorp, Titan M security chip is self-claimed to be great on Pixels, but there is no way to verify if the microcode it contains is the same as that open sourced by Google. Having faith in Google's promise of their proprietary closed source chip being clean is like having faith in cyanide not killing a person. Moreover, they are known as:

• NSA partner and collecting data and spy on users in googolplex capacity
  
• AI used by US military for drone bombing in foreign countries based on metadata Google collects on smartphones
  
• use dark patterns in their software to make users accept their TOS to spy
  
• repeated lies about how their data collection works claiming anonymity
  
• forcing users to use their Play Services which is spyware and scareware
  
• monopolising the web and internet via AMP
  
• use of non standard web browser libraries and known attempts to cripple lone standing ethical competitors like Firefox and Gecko web engine (now with Microsoft making their default Edge Chromium-based too)
  

TL;DR there is no summary, privacy is an indepth topic and you must take a couple of hours to go through this simple guide, as long as it looks it should clear all your concerns with smartphone privacy.
This is the best you can do without rooting or modding a phone, and it is working for me since almost a year now, personally tested and verified on my locked P30 Lite.
I have a history of rooting and modding phones, one being an Honor 6X before Huawei disabled unlocking policy, one being a Xiaomi and one being a Lenovo before that. Also, one Samsung Galaxy S2 long time ago.
Credit to w1nst0n for the Universal Android Debloater (authorised me to use his tool). Hope this guide serves as a great tool for any privacy seeker.

NOTE (June) 15/06/2020: r_privacy moderator trai_dep revengefully deleted my highly gilded 1.0 guide post before.
UPDATED 16/8/2020: Major edit, replaced closed source App Ops and Shizuku with AppOpsX (Free Open source) on F-Droid. This guide is nearly FOSS supported now.
UPDATED 17/9/2020: MAJOR EDIT, replaced closed source Access Dots with Privacy Indicator (FOSS) on Izzy's F-Droid repo. This guide is completely FOSS.
Hello! Finally my smartphone non root guide is back, and there are some big upgrades. I was taking time to test everything myself on my daily driver, so apologies for keeping everyone in the wait, but stability and ease of use is the important goal to strive in my playbook. Privacy must be accessible to maximum amount of people without being annoying or tedious.
A kind request to share this guide to any privacy seeker.

User and device requirement

• ANY Android 9+ device
• knowledge of how to copy-paste commands in Linux or Mac Terminal/MS-DOS Command Prompt (for ADB, it is very simple, trust me)

Why not Apple devices?

iPhone does not allow you to have privacy due to its blackbox nature, and is simply a false marketing assurance by Apple to you. Recently, an unpatchable hardware flaw was discovered in Apple's T1 and T2 "security" chips, rendering Apple devices critically vulnerable.
17/9/2020: Apple gave the FBI access to the iCloud account of a protester accused of setting police cars on fire.
Also, they recently dropped plan for encrypting iCloud backups after FBI complained. They also collect and sell data quite a lot. Siri still records conversations 9 months after Apple promised not to do it. Apple Mail app is vulnerable, yet Apple stays in denial.
Also, Apple sells certificates to third-party developers that allow them to track users, The San Ferdandino shooter publicity stunt was completely fraudulent, and Louis Rossmann dismantled Apple's PR stunt "repair program".
Also, Android's open source nature is starting to pay off in the long run. Apple 0-day exploits are far cheaper to do than Android.

LET'S GO!!!

ALL users must follow these steps before "for nerdy users" section.
Firstly, if your device is filled to the brim or used for long time, I recommend backing up your data and factory resetting for clean slate start.

• Sign out all your Google and Huawei/Samsung/other phonemaker accounts from your device so that SettingsAccounts do not show any sign-ins except WhatsApp/Telegram
  
• Install ADB on your Linux, Windows or Mac OS machine, simple guide: https://www.xda-developers.com/install-adb-windows-macos-linux/
  
• Use "Universal Android Debloater" to easily debloat your bloated phone.
  

NOTE: Samsung users will lose Samsung Pay, as Samsung has been caught and declares they sell this data: https://www.sammobile.com/news/samsung-pay-new-privacy-policy-your-data-sold/

• Make DIY camera covers, for front camera notch use a tiny appropriate-sized thin opaque plastic cutout and use an invisible tape to stick it in place, replace every month (cost: tape roll and one minute of your time per month). My rear camera cover
  
• Install F-Droid app store from here
  
• Install NetGuard app firewall (see NOTE) from F-Droid and set it up with [privacy based DNS like Uncensored DNS or Tenta DNS or AdGuard DNS]
  

NOTE: NetGuard with Energized Ultimate HOSTS file with any one of the above mentioned DNS providers is the ultimate solution.
NOTE: Set DNS provider address in Settings -> Advanced settings VPN IPv4, IPv6 and DNS

• In F-Droid store, open Repositories via the 3 dot menu on top right and add the following links below:

1. https://rfc2822.gitlab.io/fdroid-firefox/fdroid/repo?fingerprint=8F992BBBA0340EFE6299C7A410B36D9C8889114CA6C58013C3587CDA411B4AED
   
2. https://apt.izzysoft.de/fdroid/repo?fingerprint=3BF0D6ABFEAE2F401707B6D966BE743BF0EEE49C2561B9BA39073711F628937A
   
3. https://guardianproject.info/fdroid/repo?fingerprint=B7C2EEFD8DAC7806AF67DFCD92EB18126BC08312A7F2D6F3862E46013C7A6135
   

Go back to F-Droid store home screen, and hit the update button beside the 3 dot menu.

LIST OF APPS TO GET

• Get Firefox Beta web browser from F-Droid (install uBlock Origin addon inside (if technically advanced, try doing this)). Also get Firefox Klar if you like a separate incognito browser.
  
• Get Aurora Store from F-Droid for apps from Play Store without actually using Play Store, use Anonymous option to sign in
  
• for 3rd party APKs source them only from APKMirror OR APKPure OR APKMonk, quite trusted, BUT TRY AND AVOID IT IF POSSIBLE
  
• Get Privacy Indicator from F-Droid for iOS 14 like camera/mic dot indicator feature
  
• Get OSMAnd+ from F-Droid or Qwant Maps inside web browser for maps and/or print physical maps if you live and travel in one or two states or districts.
  

NOTE: Qwant Maps has better search results than OSMAnd+

• Get PilferShush Jammer from F-Droid to block microphone (use this in malls, restaurants or such public places if you can to prevent beacon tracking)
  
• Get OpenBoard (user friendly) OR AnySoftKeyboard (nerd friendly) from F-Droid instead of Google GBoard, Microsoft SwiftKey et al, they are closed source keylogger USA spyware
  
• Get FTP Server (Free) from F-Droid and FileZilla on computer for computer-to-phone internet less file sharing
  

NOTE: for phone-computer sync or sharing, can TRY KDE Connect, available for Android, Windows, Linux

• Get TrebleShot instead of SHAREIt for phone to phone file sharing
  
• Get K-9 Mail or FairEmail as e-mail client
  
• Get NewPipe for YouTube watching, or YouTube in Firefox Preview/Klar
  
• Get QKSMS from F-Droid as SMS client app
  
• Get Shelter from F-Droid to sandbox potential apps that you must use (eg WhatsApp or Discord or Signal)
  
• Get SuperFreezZ from F-Droid to freeze any apps from running in background
  
• Get Librera Pro from F-Droid for PDF reader
  
• Get ImgurViewer from F-Droid for opening reddit/imguother image links without invasive tracking
  
• Get InstaGrabber from F-Droid for opening Instagram profiles or pictures without invasive tracking (seems like a revived fork is here, thanks u/sad_plan )
  
• Get GreenTooth from F-Droid to set Bluetooth to disable after you have used it
  
• Get Material Files or Simple File Manager from F-Droid for file manager app
  
• Get ImagePipe from F-Droid if you share lot of pictures, and want to clear EXIF metadata snooping (often photos contain phone model, location, time, date)
  
• Get Note Crypt Pro from F-Droid for encrypted note taking app
  
• Get Vinyl Music Player from F-Droid for music player
  
• Get VLC from F-Droid for video player
  

CRITICAL FOR CLIPBOARD, LOCATION AND OTHER APP FUNCTION BLOCKING

I would say this is one of the critical improvements in my guide, and will solve the problem of clipboard and coarse location snooping among other things.
AppOpsX is a free, open source app that allows to manage granular app permissions not visible normally, with the help of ADB authorisation without root. This app can finely control what granular information apps can access on your phone, which is not shown in app permissions regularly accessible to us.
Now that you would have set up your phone with installing apps, now is a good time to perform this procedure.
Step 1: Install AppOpsX from F-Droid. (https://f-droid.org/en/packages/com.zzzmode.appopsx/)
Step 2: Plug phone to computer, and enable USB debugging in Settings Developer Options (you probably already did this in the starting of the guide)
Step 3: Keep phone plugged into computer until the end of this procedure! Open AppOpsX app.
Step 4: On computer, type commands in order:
adb devices
adb tcpip 5555
adb shell sh /sdcard/Android/data/com.zzzmode.appopsx/opsx.sh &
Step 5: Now open "AppOpsX" app, and:

• disable "read clipboard" for apps except your messengers, notepad, office suite, virtual keyboard, clipboard monitor apps et al.

NOTE: Most apps that have text field to copy/paste text require this permission.

• disable "modify clipboard" for every app except for your virtual keyboard or office suite app or clipboard monitostack special apps.
  
• disable "GPS", "precise location", "approximate location" and "coarse location" for every app except your maps app (Firefox and OSMAnd+)
  
• disable "calendar" for every app except your calendar and email app
  
• disable "read contacts", "modify contacts" and "get contacts" for every app except your "Phone", "Phone Services", "Phone/Messaging Storage", contacts and messenger apps
  
• disable all "send/receive/view messages" permissions for every app except "Phone", "Phone Services", "Phone/Messaging Storage", QKSMS, contacts, dialler and messenger apps
  
• disable "body sensors" and "recognise physical activity" for every app except games needing gyroscope, or any compass dependent app like camera or bubble leveling app
  
• disable "camera" for every app except your camera and messenger apps
  
• disable "record audio" for every app except camera, recorder, dialler and messenger apps
  
• disable all "Phone" permissions for apps except your SMS app (like QKSMS) and Contacts, Dialler and call recorder apps
  
• disable "change WiFi state" for every app except file sharing apps (like TrebleShot)
  
• disable "display over other apps" for any third party app not from F-Droid
  
• disable "read storage" and "write storage" for apps except file manager, file sharing app and messenger apps
  
• enable all permissions for "Phone", "Phone Services" and "Phone/Messaging Storage" system apps, critical for cell radio calling and sending SMS
  

Step 6: Profit! Now you can plug off phone from computer.
NOTE: Remember to use AppOpsX everytime you install a new app outside of F-Droid store, which is done not too often by people.

FOR NERDY USERS

• Get App Manager from Izzy's F-Droid repo (here) to inspect app's manifest, trackers, activities, receivers, services and even signatures via Exodus Privacy built-in, all without root
  
• Get Warden from Izzy's F-Droid repo (here) for checking loggers (rest app is inferior to App Manager)
  

HOW TO USE NETGUARD

By default, all apps will be blacklisted from WiFi and mobile data access.
If not, go to Settings via 3 dot menu Defaults (white/blacklist) Toggle on "Block WiFi", "Block mobile" and "Block roaming"
Whitelist your web browsers, messengers (WhatsApp, Zoom et al), file sharing apps, download managers, "Aurora Store" app and any game if needs internet and give them WiFi and mobile data access.
Also, whitelist "Downloads" and "Download Manager" as these are system apps that allow web browsers and other apps without built-in downloader to download files. Whitelisting this will keep apps and system stable.

WHICH PHONE BRANDS ARE GOOD AND BAD? (FACTS)

Now we will need to evaluate what manufacturers are relatively safe, no appeasing, I will be blunt. I will make tier lists to help. I will give explanation for each, so read before jumping with pitchforks.
NOTE: If you have anti-Chinese political allergy, kindly read facts, or choose the other non-Chinese options listed.
Tier 1: Huawei/Honor, Asus, Nokia, Motorola, Sony, LG, FairPhone
Tier 2: Samsung, OnePlus, Oppo, Vivo, Xiaomi, Realme
Tier NOPE NOT AT ALL: Google
FairPhone: Clean software, ethical, recyclable components, good phone but bit extra price for midrange hardware. Status: good.
Huawei: (still no evidence by US government after one year of market protectionism ban, contrary to what Sinophobic US propaganda and condemned joke research papers (refer to this for why), may make you believe, all countries except US, Australia, Japan and UK are allowing them for 5G participation, there is absolutely ZERO EVIDENCE against specifically Huawei (does not count other Chinese companies), earlier ironically audited by UK GCHQ to be safe and on any of their global devices, to date there has been no telemetry found IFF you do NOT use Huawei ID account or Huawei AppGallery store (as instructed above). I have an OpenKirin rooted unlocked Honor 6X, and now a locked P30 Lite to confirm this.
If Huawei's CEO is a former PLA technician, so do plenty US companies. What does it prove?
NOTE: Real reason for this propaganda ban is USA could not monopolise 5G unlike it did 4G, and so they are playing their cards to put China out of commission. And Huawei did not steal 5G from USA, since USA does not even have a proper 5G vendor yet.
To add, for the rest of world outside China it is better to own a device from a country which has no jurisdiction over them, and you can use their phones without Huawei and Google accounts very safely. BONUS: baseband modem not associated with NSA. Also, good cameras, battery, display and performance in general. Status: good.
Asus, Sony, Motorola: their software is nearly stock, and as such quite beneficial and peace of mind assuring. Status: good.
LG: less stock-y software, still good. Good cameras. display too. Status: good.
Nokia: a bit of skepticism here with them helping spy with nexus with Russia's MTS and recently found Chinese telemetry as well, but nothing that NetGuard cannot stop by blocking domains via HOSTS from interacting with your device. Status: Potential issues, can be mitigated.
Samsung: Multiple issues with Qihoo 360 on phones with IMEI MAC sent over HTTP, Samsung Pay selling user data with no optout till now, Replicant devs discovering backdoors, Knox hardware blackbox with no idea what microcode it runs, certification from NSA even worrying, lockscreen and notification ads in OneUI, ads on Smart TVs, this all accounts to being quite shady company, but Blokada or NetGuard can mitigate it. Status: avoid for other brands if possible.
Xiaomi: They have quite a bit of telemetry in their MIUI skin, similar to Samsung. Now they have tracking in Incognito Mode in their Browser as well. Status: avoid unless you implement my guide properly.
OnePlus, Oppo, Vivo: They have considerably less telemetry and ads, better than Samsung and Xiaomi. But they will start doing the same thing as Realme which I will mention below soon. Status: potential but passable for now.
Realme: They are implementing ads into their UI, which will soon come to Oppo and Vivo phones too, a bit of an issue. This allows for telemetry and tracking concerns. Status: avoid if possible.
Google: In general an evil megacorp, Titan M security chip is self-claimed to be great on Pixels, but there is no way to verify if the microcode it contains is the same as that open sourced by Google. Having faith in Google's promise of their proprietary closed source chip being clean is like having faith in cyanide not killing a person. Moreover, they are known as:

• NSA partner and collecting data and spy on users in googolplex capacity
  
• AI used by US military for drone bombing in foreign countries based on metadata Google collects on smartphones
  
• use dark patterns in their software to make users accept their TOS to spy
  
• repeated lies about how their data collection works claiming anonymity
  
• forcing users to use their Play Services which is spyware and scareware
  
• monopolising the web and internet via AMP
  
• use of non standard web browser libraries and known attempts to cripple lone standing ethical competitors like Firefox and Gecko web engine (now with Microsoft making their default Edge Chromium-based too)
  

TL;DR there is no summary, privacy is an indepth topic and you must take a couple of hours to go through this simple guide, as long as it looks it should clear all your concerns with smartphone privacy.
This is the best you can do without rooting or modding a phone, and it is working for me since almost a year now, personally tested and verified on my locked P30 Lite.
I have a history of rooting and modding phones, one being an Honor 6X before Huawei disabled unlocking policy, one being a Xiaomi and one being a Lenovo before that. Also, one Samsung Galaxy S2 long time ago.
Credit to w1nst0n for the Universal Android Debloater (authorised me to use his tool). Hope this guide serves as a great tool for any privacy seeker.

NOTE (June) 15/06/2020: r_privacy moderator trai_dep revengefully deleted my highly gilded 1.0 guide post before.
UPDATED 16/8/2020: Major edit, replaced closed source App Ops and Shizuku with AppOpsX (Free Open source) on F-Droid. This guide is nearly FOSS supported now.
UPDATED 17/9/2020: MAJOR EDIT, replaced closed source Access Dots with Privacy Indicator (FOSS) on Izzy's F-Droid repo. This guide is completely FOSS.
Hello! I am the founder of /privatelife . Finally my smartphone non root guide is back, and there are some big upgrades. I was taking time to test everything myself on my daily driver, so apologies for keeping everyone in the wait, but stability and ease of use is the important goal to strive in my playbook. Privacy must be accessible to maximum amount of people without being annoying or tedious.
A kind request to share this guide to any privacy seeker.

User and device requirement

• ANY Android 9+ device
• knowledge of how to copy-paste commands in Linux or Mac Terminal/MS-DOS Command Prompt (for ADB, it is very simple, trust me)

Why not Apple devices?

iPhone does not allow you to have privacy due to its blackbox nature, and is simply a false marketing assurance by Apple to you. Recently, an unpatchable hardware flaw was discovered in Apple's T1 and T2 "security" chips, rendering Apple devices critically vulnerable.
17/9/2020: Apple gave the FBI access to the iCloud account of a protester accused of setting police cars on fire.
Also, they recently dropped plan for encrypting iCloud backups after FBI complained. They also collect and sell data quite a lot. Siri still records conversations 9 months after Apple promised not to do it. Apple Mail app is vulnerable, yet Apple stays in denial.
Also, Apple sells certificates to third-party developers that allow them to track users, The San Ferdandino shooter publicity stunt was completely fraudulent, and Louis Rossmann dismantled Apple's PR stunt "repair program".
Also, Android's open source nature is starting to pay off in the long run. Apple 0-day exploits are far cheaper to do than Android.

LET'S GO!!!

ALL users must follow these steps before "for nerdy users" section.
Firstly, if your device is filled to the brim or used for long time, I recommend backing up your data and factory resetting for clean slate start.

• Sign out all your Google and Huawei/Samsung/other phonemaker accounts from your device so that SettingsAccounts do not show any sign-ins except WhatsApp/Telegram
  
• Install ADB on your Linux, Windows or Mac OS machine, simple guide: https://www.xda-developers.com/install-adb-windows-macos-linux/
  
• Use "Universal Android Debloater" to easily debloat your bloated phone.
  

NOTE: Samsung users will lose Samsung Pay, as Samsung has been caught and declares they sell this data: https://www.sammobile.com/news/samsung-pay-new-privacy-policy-your-data-sold/

• Make DIY camera covers, for front camera notch use a tiny appropriate-sized thin opaque plastic cutout and use an invisible tape to stick it in place, replace every month (cost: tape roll and one minute of your time per month). My rear camera cover
  
• Install F-Droid app store from here
  
• Install NetGuard app firewall (see NOTE) from F-Droid and set it up with [privacy based DNS like Uncensored DNS or Tenta DNS or AdGuard DNS]
  

NOTE: NetGuard with Energized Ultimate HOSTS file with any one of the above mentioned DNS providers is the ultimate solution.
NOTE: Set DNS provider address in Settings -> Advanced settings VPN IPv4, IPv6 and DNS

• In F-Droid store, open Repositories via the 3 dot menu on top right and add the following links below:

1. https://rfc2822.gitlab.io/fdroid-firefox/fdroid/repo?fingerprint=8F992BBBA0340EFE6299C7A410B36D9C8889114CA6C58013C3587CDA411B4AED
   
2. https://apt.izzysoft.de/fdroid/repo?fingerprint=3BF0D6ABFEAE2F401707B6D966BE743BF0EEE49C2561B9BA39073711F628937A
   
3. https://guardianproject.info/fdroid/repo?fingerprint=B7C2EEFD8DAC7806AF67DFCD92EB18126BC08312A7F2D6F3862E46013C7A6135
   

Go back to F-Droid store home screen, and hit the update button beside the 3 dot menu.

LIST OF APPS TO GET

• Get Firefox Beta web browser from F-Droid (install uBlock Origin addon inside (if technically advanced, try doing this)). Also get Firefox Klar if you like a separate incognito browser.
  
• Get Aurora Store from F-Droid for apps from Play Store without actually using Play Store, use Anonymous option to sign in
  
• for 3rd party APKs source them only from APKMirror OR APKPure OR APKMonk, quite trusted, BUT TRY AND AVOID IT IF POSSIBLE
  
• Get Privacy Indicator from F-Droid for iOS 14 like camera/mic dot indicator feature
  
• Get OSMAnd+ from F-Droid or Qwant Maps inside web browser for maps and/or print physical maps if you live and travel in one or two states or districts.
  

NOTE: Qwant Maps has better search results than OSMAnd+

• Get PilferShush Jammer from F-Droid to block microphone (use this in malls, restaurants or such public places if you can to prevent beacon tracking)
  
• Get OpenBoard (user friendly) OR AnySoftKeyboard (nerd friendly) from F-Droid instead of Google GBoard, Microsoft SwiftKey et al, they are closed source keylogger USA spyware
  
• Get FTP Server (Free) from F-Droid and FileZilla on computer for computer-to-phone internet less file sharing
  

NOTE: for phone-computer sync or sharing, can TRY KDE Connect, available for Android, Windows, Linux

• Get TrebleShot instead of SHAREIt for phone to phone file sharing
  
• Get K-9 Mail or FairEmail as e-mail client
  
• Get NewPipe for YouTube watching, or YouTube in Firefox Preview/Klar
  
• Get QKSMS from F-Droid as SMS client app
  
• Get Shelter from F-Droid to sandbox potential apps that you must use (eg WhatsApp or Discord or Signal)
  
• Get SuperFreezZ from F-Droid to freeze any apps from running in background
  
• Get Librera Pro from F-Droid for PDF reader
  
• Get ImgurViewer from F-Droid for opening reddit/imguother image links without invasive tracking
  
• Get InstaGrabber from F-Droid for opening Instagram profiles or pictures without invasive tracking (seems like a revived fork is here, thanks u/sad_plan )
  
• Get GreenTooth from F-Droid to set Bluetooth to disable after you have used it
  
• Get Material Files or Simple File Manager from F-Droid for file manager app
  
• Get ImagePipe from F-Droid if you share lot of pictures, and want to clear EXIF metadata snooping (often photos contain phone model, location, time, date)
  
• Get Note Crypt Pro from F-Droid for encrypted note taking app
  
• Get Vinyl Music Player from F-Droid for music player
  
• Get VLC from F-Droid for video player
  

CRITICAL FOR CLIPBOARD, LOCATION AND OTHER APP FUNCTION BLOCKING

I would say this is one of the critical improvements in my guide, and will solve the problem of clipboard and coarse location snooping among other things.
AppOpsX is a free, open source app that allows to manage granular app permissions not visible normally, with the help of ADB authorisation without root. This app can finely control what granular information apps can access on your phone, which is not shown in app permissions regularly accessible to us.
Now that you would have set up your phone with installing apps, now is a good time to perform this procedure.
Step 1: Install AppOpsX from F-Droid. (https://f-droid.org/en/packages/com.zzzmode.appopsx/)
Step 2: Plug phone to computer, and enable USB debugging in Settings Developer Options (you probably already did this in the starting of the guide)
Step 3: Keep phone plugged into computer until the end of this procedure! Open AppOpsX app.
Step 4: On computer, type commands in order:
adb devices
adb tcpip 5555
adb shell sh /sdcard/Android/data/com.zzzmode.appopsx/opsx.sh &
Step 5: Now open "AppOpsX" app, and:

• disable "read clipboard" for apps except your messengers, notepad, office suite, virtual keyboard, clipboard monitor apps et al.

NOTE: Most apps that have text field to copy/paste text require this permission.

• disable "modify clipboard" for every app except for your virtual keyboard or office suite app or clipboard monitostack special apps.
  
• disable "GPS", "precise location", "approximate location" and "coarse location" for every app except your maps app (Firefox and OSMAnd+)
  
• disable "calendar" for every app except your calendar and email app
  
• disable "read contacts", "modify contacts" and "get contacts" for every app except your "Phone", "Phone Services", "Phone/Messaging Storage", contacts and messenger apps
  
• disable all "send/receive/view messages" permissions for every app except "Phone", "Phone Services", "Phone/Messaging Storage", QKSMS, contacts, dialler and messenger apps
  
• disable "body sensors" and "recognise physical activity" for every app except games needing gyroscope, or any compass dependent app like camera or bubble leveling app
  
• disable "camera" for every app except your camera and messenger apps
  
• disable "record audio" for every app except camera, recorder, dialler and messenger apps
  
• disable all "Phone" permissions for apps except your SMS app (like QKSMS) and Contacts, Dialler and call recorder apps
  
• disable "change WiFi state" for every app except file sharing apps (like TrebleShot)
  
• disable "display over other apps" for any third party app not from F-Droid
  
• disable "read storage" and "write storage" for apps except file manager, file sharing app and messenger apps
  
• enable all permissions for "Phone", "Phone Services" and "Phone/Messaging Storage" system apps, critical for cell radio calling and sending SMS
  

Step 6: Profit! Now you can plug off phone from computer.
NOTE: Remember to use AppOpsX everytime you install a new app outside of F-Droid store, which is done not too often by people.

FOR NERDY USERS

• Get App Manager from Izzy's F-Droid repo (here) to inspect app's manifest, trackers, activities, receivers, services and even signatures via Exodus Privacy built-in, all without root
  
• Get Warden from Izzy's F-Droid repo (here) for checking loggers (rest app is inferior to App Manager)
  

HOW TO USE NETGUARD

By default, all apps will be blacklisted from WiFi and mobile data access.
If not, go to Settings via 3 dot menu Defaults (white/blacklist) Toggle on "Block WiFi", "Block mobile" and "Block roaming"
Whitelist your web browsers, messengers (WhatsApp, Zoom et al), file sharing apps, download managers, "Aurora Store" app and any game if needs internet and give them WiFi and mobile data access.
Also, whitelist "Downloads" and "Download Manager" as these are system apps that allow web browsers and other apps without built-in downloader to download files. Whitelisting this will keep apps and system stable.

WHICH PHONE BRANDS ARE GOOD AND BAD? (FACTS)

Now we will need to evaluate what manufacturers are relatively safe, no appeasing, I will be blunt. I will make tier lists to help. I will give explanation for each, so read before jumping with pitchforks.
NOTE: If you have anti-Chinese political allergy, kindly read facts, or choose the other non-Chinese options listed.
Tier 1: Huawei/Honor, Asus, Nokia, Motorola, Sony, LG, FairPhone
Tier 2: Samsung, OnePlus, Oppo, Vivo, Xiaomi, Realme
Tier NOPE NOT AT ALL: Google
FairPhone: Clean software, ethical, recyclable components, good phone but bit extra price for midrange hardware. Status: good.
Huawei: (still no evidence by US government after one year of market protectionism ban, contrary to what Sinophobic US propaganda and condemned joke research papers (refer to this for why), may make you believe, all countries except US, Australia, Japan and UK are allowing them for 5G participation, there is absolutely ZERO EVIDENCE against specifically Huawei (does not count other Chinese companies), earlier ironically audited by UK GCHQ to be safe and on any of their global devices, to date there has been no telemetry found IFF you do NOT use Huawei ID account or Huawei AppGallery store (as instructed above). I have an OpenKirin rooted unlocked Honor 6X, and now a locked P30 Lite to confirm this.
If Huawei's CEO is a former PLA technician, so do plenty US companies. What does it prove?
NOTE: Real reason for this propaganda ban is USA could not monopolise 5G unlike it did 4G, and so they are playing their cards to put China out of commission. And Huawei did not steal 5G from USA, since USA does not even have a proper 5G vendor yet.
To add, for the rest of world outside China it is better to own a device from a country which has no jurisdiction over them, and you can use their phones without Huawei and Google accounts very safely. BONUS: baseband modem not associated with NSA. Also, good cameras, battery, display and performance in general. Status: good.
Asus, Sony, Motorola: their software is nearly stock, and as such quite beneficial and peace of mind assuring. Status: good.
LG: less stock-y software, still good. Good cameras. display too. Status: good.
Nokia: a bit of skepticism here with them helping spy with nexus with Russia's MTS and recently found Chinese telemetry as well, but nothing that NetGuard cannot stop by blocking domains via HOSTS from interacting with your device. Status: Potential issues, can be mitigated.
Samsung: Multiple issues with Qihoo 360 on phones with IMEI MAC sent over HTTP, Samsung Pay selling user data with no optout till now, Replicant devs discovering backdoors, Knox hardware blackbox with no idea what microcode it runs, certification from NSA even worrying, lockscreen and notification ads in OneUI, ads on Smart TVs, this all accounts to being quite shady company, but Blokada or NetGuard can mitigate it. Status: avoid for other brands if possible.
Xiaomi: They have quite a bit of telemetry in their MIUI skin, similar to Samsung. Now they have tracking in Incognito Mode in their Browser as well. Status: avoid unless you implement my guide properly.
OnePlus, Oppo, Vivo: They have considerably less telemetry and ads, better than Samsung and Xiaomi. But they will start doing the same thing as Realme which I will mention below soon. Status: potential but passable for now.
Realme: They are implementing ads into their UI, which will soon come to Oppo and Vivo phones too, a bit of an issue. This allows for telemetry and tracking concerns. Status: avoid if possible.
Google: In general an evil megacorp, Titan M security chip is self-claimed to be great on Pixels, but there is no way to verify if the microcode it contains is the same as that open sourced by Google. Having faith in Google's promise of their proprietary closed source chip being clean is like having faith in cyanide not killing a person. Moreover, they are known as:

• NSA partner and collecting data and spy on users in googolplex capacity
  
• AI used by US military for drone bombing in foreign countries based on metadata Google collects on smartphones
  
• use dark patterns in their software to make users accept their TOS to spy
  
• repeated lies about how their data collection works claiming anonymity
  
• forcing users to use their Play Services which is spyware and scareware
  
• monopolising the web and internet via AMP
  
• use of non standard web browser libraries and known attempts to cripple lone standing ethical competitors like Firefox and Gecko web engine (now with Microsoft making their default Edge Chromium-based too)
  

TL;DR there is no summary, privacy is an indepth topic and you must take a couple of hours to go through this simple guide, as long as it looks it should clear all your concerns with smartphone privacy.
This is the best you can do without rooting or modding a phone, and it is working for me since almost a year now, personally tested and verified on my locked P30 Lite.
I have a history of rooting and modding phones, one being an Honor 6X before Huawei disabled unlocking policy, one being a Xiaomi and one being a Lenovo before that. Also, one Samsung Galaxy S2 long time ago.
Credit to w1nst0n for the Universal Android Debloater (authorised me to use his tool). Hope this guide serves as a great tool for any privacy seeker.

I am running into a decent amount of FTP servers that allow Anonymous permissions. What is your normal checklist for enumerating and exploring these servers?

App Name:
FTP Server v0.13.2 (Paid)
Requires: 5.0+
Description:
A powerful application allows you to run FTP Server on your Android device and help your friend or you to access/share files over the Internet. It is also called WiFi file transfer or wireless file management.
APPLICATION FEATURES √ Use any network interfaces in your device including: Wi-Fi Ethernet Tethering... √ Multiple FTP users (anonymous user included) • Allow each user to show hidden files or not √ Multiple access paths for each user: Any folders in your internal storage or external sdcard • Can set read-only or full write access on each path √ Passive and active modes: Support simultaneous file transfer √ Automatically open port on your router: Access files from everywhere on Earth For the list of tested routers please check the Help section in application √ Automatically start FTP Server when certain WiFi is connected √ Automatically start FTP Server on boot √ Has public intents to support scripting/tasker For Tasker integration: Add new Task Action (choose System -> Send Intent) with the following information: • Package: net.xnano.android.ftpserver.tv • Class: net.xnano.android.ftpserver.receivers.CustomBroadcastReceiver • Actions: either one of following actions: - net.xnano.android.ftpserver.START_SERVER - net.xnano.android.ftpserver.STOP_SERVER
APPLICATION SCREENS √ Home: Control the server configurations such as • Start/stop server • Monitor the connected clients • Enable the feature to open ports in router automatically • Change port • Change passive port • Set idle timeout • Enable automatically start on specific WiFi detected • Enable automatically start on boot • ... √ User management • Manage users and access paths for each user • Enable or disable user • Delete user by swiping left/right on that user. √ About • Information about FTP Server
What FTP Clients are supported? √ You can use any FTP clients on Windows Mac OS Linux or even browser to access this FTP Server. Tested clients: • FileZilla • Windows Explorer: If user is not anonymous please enter the address in format ftp://username@ip:port/ into Windows Explorer (username you created in User Management screen) • Finder (MAC OS) • File manager on Linux OS • Total Commander (Android) • ES File Explorer (Android) • Astro File Manager (Android) • Web browsers such as Chrome Filefox Edge... can be used in read-only mode
PASSIVE PORTS The range of passive port is from the initial port (default 50000) to the next 128 ports if UPnP enabled or next 256 ports if UPnP disabled. In general: - 50000 - 50128 if UPnP enabled - 50000 - 50256 if UPnP disabled
NOTICES - Doze mode: Application may not work as expected if doze mode is activated. Please go to Settings -> Search for Doze mode and add this application to the white list.
PERMISSIONS NEEDED √ WRITE_EXTERNAL_STORAGE: Mandatory permission for FTP Server to access files in your device. √ INTERNET ACCESS_NETWORK_STATE ACCESS_WIFI_STATE: Mandatory permissions to allow user to connect to FTP Server. √ Location (Coarse location): Only required for user who wants to automatically start server on Wi-Fi detect on Android P and above. Please read Android P restriction about getting Wifi's connection info here: https://developer.android.com/about/versions/pie/android-9.0-changes-all#restricted_access_to_wi-fi_location_and_connection_information
SUPPORT If you're facing any problems want new features or have feedback to improve this application don't hesitate to send it to us via the support email: [email protected]. NEGATIVE COMMENTS can't help the developer to solve the problems!
Privacy Policy https://xnano.net/privacy/ftpserver_privacy_policy.html
What's New:
• Bug fix: Automation screen on Android TV is not displayed fully
Mod Info:
Paid version unlocked
Nocna Furia
This app has no ads
Google Play: Link
VirusTotal: Link
Download: Link