Oh nice, its from their repo not f-droid

This. Androids permission toggles combine multiple ones. GrapheneOS actually adds more of these toggles, as some things like Network and various sensor permissions are always on (wtf Android). But even those are combined toggles.

You can also display more permissions on the permission page, top right.

Nice, own Gitlab instance with locked registration (?) so I cannot report this bug:

Until its known by people that actually know stuff, avoid it

Social= contact with people you want to contact

Privacy= the stuff you share is not sent to random people but only who you want to

It uses the Matrix protocol which is kind of a red flag because of performance, but its encrypted.

Yes. It is only needed for /storage/emulated/0/Android/obb which is legacy afaik and GrapheneOS has a specific toggle just for this.

It is default

Nice! You should use an override.js to avoid missing out on updates.

Also have a look at my messy project arkenfox softening

Btw.

• on GrapheneOS you do not need the legacy “manage all files” permission. GrapheneOS has a specific “obb” permission for installing apps, thats it and even that is legacy
• use the session installer, nothing else.

Airplane mode, always!

Okay fair. They have shady sponsors.

Doesnt winget use the same store?

Or just using their official release APK over obtainium

Wtfff

Banking is a hit or miss, GrapheneOS should pass all security checks and more, but none of them is Google certified and apps start to request that, which sucks

Cool!

This was about screenshots, sorry. No idea, dont think you can change that without a different android OS

GrapheneOS Camera is very nice. May only work on Pixels, but on stock android (which is an insane tracking platform you should ditch) too.

Https://github.com/grapheneos/apps/releases/latest

Download their appstore, there you get the camera app.

Wow this is great!

if you are using your own index, I think you could use a more economical approach to fight the spam bullshit of the modern web.

• instead of using badness enumeration, crawling everything and filtering malware, use an opt-in principle
• have a community method of gathering new trusted websites
• use websites internal search functions to get more results
• use categories to split up the websites, reinventing what people should find: general, news, navigation, science, politics, IT, technology (not code), art, music, philosohy, …
• have an app or submission website where users can submit new websites, and some form of community control over it (kinda censorship but in a good way)

This could fix the web as it currently is, by rethinking what should be found, pushed etc. Rating websites by quality could also be helpful.

Also if you support payments in crypto or cash, there should be no problem to make it paid.

You need to contact them, if they connect to known to-be-blocked sites to get their IPs.

Googerteller does this:

Note: Find it ironic or not, but to query the list of all Google IPs/subnets, this needs to contact one Google domain, actually. (That request does not emit a sound, though.)

And I would ask DDG how their “tracker blocker” works and if it would also block such requests.0

Thanks, I think it is very relevant to understand how this DDG VPN “tracker blocking” works.

If it is about an app sending requests to lots of domains, this may have many reasons. For example it could check the IP addresses of all these tracking serverers to block apps from communicating with them via IP and not URLs.

This would be a reason that a trusted app connects to tracking servers to update their internal filterlist.

This “known to collect” seems to be unrelated to the actual connection, just “this service often collects data about x”.

If this is true, that is HIGHLY misleading and please update your post to explain that possibility.

You are using that Duckduckgo thing which is not a reliable source of information.

I would be interested in what a “tracking attempt” would look like.

Your VPN sees EVERYTHING you connect to, if you use HTTPS that is not a big deal but can help target stuff to your usage.

If it is tracking or just traffic passthrough is decided on their servers, which no weird Duckduckgo app can access.

Mull, but use the DivestOS repository. F-droid also builds it but too much delayed.

Yes thats what I meant. Very cool concept.

Ah so Nekogram connected to Google?

That DDG app is interesting, so it records inter process communication without root? How?

Very neat, thanks!

Really cool! How is the database stored, can it be encrypted using the masterpassword, or a different one? Can it be only loaded into RAM?

On traditional desktops like any app can read your browser data, which would be very problematic.

No it doesnt, it is a password and a secret stored on that device. A password might get stolen on the database, or entered on a fishing website, but with 2FA that would be useless.

It goes against ONE idea of 2FA, that phones are more secure (thanks Android) and your Browser might get hacked.

Thanks a lot! I selectively keep cookies for login sites, which is not a good solution.

The threat is websites escaping the browser sandbox and reading stuff. I dont know if this is really that realistic though.

This is suuuper cool! So you just need a second android device and can run the UnifiedPush on there?

No for sure thats criminal, but its possible. Rufus makes it easy with a single click to bypass it. But when not using that silly media creation tool Windows may not boot on Thinkpads etc.

Thinkpads with Windows are a joke, they are basically nonfunctional without all these lenovo drivers for anything.

No the offline account trick still works.

Thats an extension

Search for some addon using “desktop view” on addons.mozilla.org

Portal of nothingness

GrapheneOS discuss. Their Github repo looks like they actually have the sources for everything.

No its not. They download Google Binaries which run as system apps and have privileged access.

They practice badness enumeration in some form, while their permission model (only activating what is needed) is a better approach but incomplete.

Any app that relies on Play has those libraries implemented, so they could show ads etc. on their own. But with microG they have a component with privileged system access, in contrast to sandboxed play where no component is privileged.

Just check grapheneos.org

They have only a minimal appstore preinstalled, which they use for their own apps. It is the best there is with full background updates etc. Every store could do this if they used modern libraries.

You have Vanadium preinstalled, from which you can install “F-Droid Basic” (the modern client), or Aurorastore, or accrescent, obtainium etc.

Their own solution is sandboxed google play, installed as regular user apps with way more restricted permissions and an opt-in method (only dedicated calls are allowed) in contrast to the extremely privileged microG or even “GAPPS” which can do everything (and in the place of microG having selected things removed, badness enumeration while still using proprietary Google code).

GrapheneOS is basically Android done right, play services etc. work, you can install all Google apps from the playstore, not as system apps, if you wanted to. (wallet and others are exceptions as they require a Google certified OS).