My apps
image
fedilink
107
My apps
fedilink

My setup on GrapheneOS with all the exploit protections on except some off for apps with compatibility issues. Thoughts?

Igilq
link
fedilink
612d

Some apps that you use are not safe. Aurora store doesnt send too much data to google but it doesnt verify app signatures which can lead to installing malicious apps, use normal play store instead which verifies app signatures (its also suggested to use by grapheneos devs). Whatsapp, collects data about you. Cromite, uses adblock plus which is really bad. Also here is another reason why cromite is bad:

“Cromite has very problematic changes included which substantially reduce privacy and security. It reduces security more than it improves it. For example, it includes the highly problematic Eyeo filtering engine from the company behind Acceptable Ads, Adblock Plus, etc. which took over the forked uBlock extension misleading people with the name pretending to be the uBlock Origin project among other extensions. Eyeo’s C++ code is low quality and has memory corruption issues… Cromite including the incredibly sketchy Eyeo content filtering engine and stuff like additional codecs goes against what we’re trying to achieve. We also don’t think the randomization-based anti-fingerprinting approach works, among other issues”.

@Kailn@lemmy.myserv.one
link
fedilink
1012d

"Casually reminds you that Ironfox exists & it’s a lot more “private” than most chromium-based browsers, & has ublock origin. (slow by default tho)

also while aurora store doesn’t verifies signatures, is has Exodus integrated which dynamically analyses & warns about spyware, tracks and telemetry so you more caucious about the littered “free” apps…

Igilq
link
fedilink
3
edit-2
12d

Yes, ironfox is good too (i forgot to mention it) but on grapheneos you will want to end up using their browser

Avoid Gecko-based browsers like Firefox as they’re currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesn’t have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox does not have internal sandboxing on Android. This is despite the fact that Chromium semantic sandbox layer on Android is implemented via the OS isolatedProcess feature, which is a very easy to use boolean property for app service processes to provide strong isolation with only the ability to communicate with the app running them via the standard service API. Even in the desktop version, Firefox’s sandbox is still substantially weaker (especially on Linux) and lacks full support for isolating sites from each other rather than only containing content as a whole. The sandbox has been gradually improving on the desktop but it isn’t happening for their Android browser yet.

Also, having exodus integration in app downloader is good but not worth it for exchange of no signature verification, so it’s better to just check it in browser instead or use their app to check trackers

@Kailn@lemmy.myserv.one
link
fedilink
212d

Cool, especially more so on PWA.
But I’d still recommend having ironfox for general browsing & not throwing privacy to the window.

(You won’t believe it but, I just wrote a blog-size reply and accidently deleted it for trying to put it on a pastebin service…)

@ZinQ@lemmy.ml
creator
link
fedilink
112d

deleted by creator

@ZinQ@lemmy.ml
creator
link
fedilink
112d

Ah fuck, I use Cromite because I find vanadium PWA for the stuff I use are buggy and slow. I used to use brave for this purpose, should I go back? Damn I guess I will need to link this phone to my throwaway gmail account (which still has private data) WhatsApp I can’t ditch due to family and Signalphobic friends

Igilq
link
fedilink
312d

On grapheneos you should be using vanadium since its most secure browser on phone. On other android devices, use brave instead. Also if family and friends dont want to use signal but want to use whatsapp then uninstall whatsapp, one way or another they would have to either end up using sms or other form of contact

@ZinQ@lemmy.ml
creator
link
fedilink
112d

Hmm I might do that actually, I’ve been wanting to get rid of WhatsApp for a while now, I think I’m still gonna use a second browser (Brave now) for my PWAs, my threat model allows it

@ZinQ@lemmy.ml
creator
link
fedilink
112d

On the contrary if in the end everyone moves to SMS and normal calls wouldn’t that actually be pretty bad? Since WhatsApp is E2EE (with the major flaw of default unencrypted backups which are shoved down your throat). But maybe it’s not that big a deal since I assume most if not all of the people I’m talking to likely have unencrypted backups

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 113 users / day
  • 519 users / week
  • 1.44K users / month
  • 4.49K users / 6 months
  • 1 subscriber
  • 4.28K Posts
  • 108K Comments
  • Modlog