browsers are not protocols but applications. how do you make an open standard for an application? was that done before?

you shouldn’t allow a web browser and an operating system be in one company

yeah, i too have set up a redirect for port 53 to my DNS server on the main router, for a long time didn’t do that though. but then, even this doesn’t matter if they just hardcode a list of IPs

that was a good one :) fixed the typo

that may not be enough. while I don’t know how common it is, it is not unknown that they use DoH, DoT, direct connections to hardcoded IP without DNS to evade such blocking measures. chinese IP cams often do the latter

if pihole says its blocked, that does not mean your device does not also query another DNS server

and once they should really hardcode the DNS or similar stuff here, the connection will be disabled

but how’ll you notice that? that ads return? different subsystems of the tv might work differently

Once they try to reach IPs directly (ECOVACS once did so) you may block those on a firewall-basis

and how do you know what IPs to block? and then, a server on an IP could hold multiple services such that blocking it breaks multiple things.

I’m not here to tease you, but I really think that this might not be enough even today

well that’s what I’m saying to the parent commenter

with a pihole they can easily work around, or proper network isolation?

this sounds terrible

such things should be brought back to the store as defective

a quick reminder that the 5G standard defined a peer to pear peer operating mode for smart devices

does not worth anything nowadays. they’ll just retry with 8.8.8.8, a DoH service or something else. pretty sure they can also do without DNS, like chinese cameras use connections that cannot be blocked with a hosts file because they are going directly to a preprogrammed IP

what can it do if the TV uses DoH, DoT, or something else similar? I expect that it can do nothing. unless the TV is on a separate vlan with very strictly only access to internal services

and I’m a little more concerned about the fact that Let’s Encrypt has lost its funding recently

are you sure this mandates always using a new private key? I think I have read that they don’t. how would you verify that anyway?

Pretty lame them pretending to not have user names while doing it.

doesn’t this essentially make it an opt-in system to user names?

well thing is, they might be searching for a new home

sandboxed Google Play vs microG - no option AFAIK to disable it

you mean disabling microg?

if so you can refuse installation at profile setup. if you make a new profile, you can choose to install it there. then in microg settings there are some toggles for functionality

btw, which of your apps nead google services?

mac randomization is a defined thing in the BLE standard (afaik bluetooth classic does not have it, but maybe that changed in BT 5.1?). It’s not truly random, it involves cryptography so that paired devices can recognize each other in the end

I’ve read that it’s because fairphone has to pay a fee for each unlocked device, but it sounds a little weird so no idea if that’s real.

but, it can be worked around if you don’t want to get logged. the system just wants a 200 OK response from the server, I think through HTTP (not S), so you can set up an MITM proxy or custom DNS and web server to always give this response without using their website. that’s what I did too.

you can read more here: https://forum.fairphone.com/t/oem-unlock-input-verify-code/56231

edit: and also here: https://forum.fairphone.com/t/unlocking-bootloader-offline/95573

and the connection is actually HTTPS, but does not validate it against a globally trusted root certificate, so it can easily be served by a local server and a self signed cert