My only fear with this type of thing is reliability. If it keeps breaking down such that I have to bypass it so my kid can legitimately use it, it won't last long. And time is for sure a factor. I think you are a fair bit above me in this area too.Run your own VPS based VPN using wireguard/ipsec using algo. algo runs dnscrypt with your preferred blocklist you can find here
prevent the phone from accessing the internet via the isp. Force ipsec/wg. now u can control access.
Don't try to control the phone, it's a fool's errand. control the incoming data.
block raw internet access using afwall+, only allow access to wireguard ip subnet
heh, I have a friend just like you. He maintains a separate computer running Ubuntu (I think) that is not networked, be brings select things to it via a thumb drive. Then he has a separate computer with Internet access that he uses very carefully. He won't buy or use anything that will track him, so no Tesla and no smartphone. That being said, he is an assembly programmer who writes firmware for missile and satellite systems, so I can't really dismiss it either, he has seen some $hit.If you need control of the phone, that means you root it. you flash it with a custom ROM from XDA-Developers. You leave out all the google code. You cannot trust google. Google is infested with pedophiles. Just like Disney is. It never ends. You can never trust the ROM a phone comes with from the shop. First thing you do is zap the phone, and install your custom ROM without any google code.
Get tough. It's lots of work and reading, but it is possible. Don't trust any app or 'parental solution' It's all bullshit.
Not judging you harshly, I have thought about this. I was thinking of running my main desktop as a VM with a snapshot that gets deleted when you shut down the machine. So it is almost like a new and fresh machine every time you turn it on. Maintain just enough carefully selected favorites and info to do useful things with it. Use one of these permanent VPN solutions if you can find one that you can trust.
This I think would foil much of the cookies and tracking and all the other things the Internet Mega corps are using to data mine our lives. People don't really understand me when I tell them with Facebook you are the product, not the customer (and I barely use it once a year, delete the app from my phone because it was too annoying.)
But, I have to admit, I have not been disciplined enough to put all the things I know I *should* do into practice. Part of it is that I have been using the Internet sooo long (as I am sure others here have been) that I can usually spot the crap and avoid it in the first place, but it is getting harder. (actually I pre-date the Internet by quite a bit, I am ancient) Although if you *DO* do all the same things all the other lemmings are doing, then you could make an argument that you blend into the either and are unremarkable. But I agree big data is not to be underestimated.
Lately I was thinking of actually paying the $15/mo for YouTube premium just to remove all the %$^#% ads for my family.
I know, I know, one mustn't feed the beast, but it gnaws at my soul. I am also one of the people who Google is taking away my free Google Apps account, still haven't decided what I am going to do and may just pay for it.
Oh, I forgot to mention: (partially because they are probably too obvious for this crowd)
- I have all my family members and myself not logging in all the time as local admin, and I am the only one with the admin creds.
- We use LastPass with Yubikey MFA, taught them how to maintain all sites with unique random complex passwords
- Microsoft's built-in AV/AM is OK, I supplement Malwarebytes
- All our browsers have both AdBlock and uBlock Origin (yes, in addition to PiHole)
/paranoia
-JCL