chirospasm
Deliverer of ideas for a living. Believer in internet autonomy, dignity. I upkeep instances of FOSS platforms like this for the masses. Previously on Twitter under the same handle. I do software things, but also I don’t.
- 0 Posts
- 12 Comments
GrapheneOS affords you the ability to have completely isolated and distinct phone profiles, where you can install all your required work apps. They are installed separate from your main profile, kind of like second or third phone. No need for a completely different device.
GrapheneOS instantiates an improved version of this feature that Android already offers. It’s a great way to keep things separate. I do the same. Who wants to stuff their pockets or bags with more phones?
- Pixel, and immediately install GrapheneOS.
- A Linux based phone, like the PinePhone or Purism 5, and run your Android apps (if desired) inside Waydroid.
If you are looking for a hardened phone, I would consider trying GrapheneOS for a bit, see if it does what you are looking for. Uses SELinux and a seccomp-bpf policy for app sandboxing, as well as runs a hardened kernel with a hardened memory alloc. Great isolation approach, too, so that you can run apps on a ‘completely different phone,’ so to speak – think of the isolation like a small version of the OS that can keep apps entirely separate. Finally, if desired (and needed for certain apps), you can sandbox all Google services so that they don’t have direct access. It’s is a different approach to, say, microG.
GrapheneOS is all about hardening. Security is solid.
VPN wise, Mullvad wireguard servers are also solid. You can do multihops, which help you obsfucate traffic to degree. They have also been playing around with packet shaping (if you use their app directly).
Sim cards can be swapped out if use a VoIP service like jmp.chat.
Thank you for posting this! I assumed some FF-based browsers, while claiming to remove telemetry, in fact still phoned home to a degree. This is good know!
Also, I was surprised by a few others on the list, like Mullvad, Kagi, and DuckDuckGo, being so straightforward – not that making fewer connections implies better privacy, as even a single connection can transmit any kind of data, but moreso that there some browsers that are designed to operate with less complexity.
Really surprised by Zen, which is a FF derivative claiming to be all about a ‘beautiful’ and ‘simple’ web browsing experience, having a ton of connections.
Currently, I prefer the Kagi model as my daily driver – pay a small fee each month and not worry about having your search data, in all its forms, sold instead. They have some neat features, as well, like AI summaries and the ability to ask questions about pages. It’s those two features I have used to determine what kind of content, even musical, may be on the page for me without having to go to the page, itself, first. I can reduce page-load-waiting on my end, in other words, because I am able to make better judgement calls beyond any provided preview text / provided metadata.
There is also SearXNG, which is an open source, privacy-respecting, hackable metasearch engine. It can be self-hosted and also has a number of instances you can access.
Use the user profiles feature of grapheneos to make a “social” profile and only use that to access Instagram / facebook.
You’ll want to consider isolating IG from your primary profile, to start. The above user’s suggestion hits the nail on the head.
Once the profile ks created, and you’ve installed IG, you’ll want to deselect the option in your Manage Profiles settings on GrapheneOS to ‘Allow running in the backgroud.’ This way, you can ensure the app is entirely stopped until you want it open.
Another consideration may be to turn off your Bluetooth when it’s not in use, as well: BT emits an ‘address’ of sorts that, if another IG user has enabled BT access on their IG app, may be able to detect your phone and track a conversation knowing you are in the other user’s vicinity.
I would highly consider leveraging the AsteroidOS project – a privacy-focused linux smart watch effort – on one of their approved devices. That link should bring you straight to the watches they support.
Pine Time works well with Pine Phone, but only has basic functionality with other Android devices, like notifications. Not much else last I looked, but I may be out of sync with the community’s development efforts.
The Bangle.js 2 smart watch is another open source device you could look into.
LibreTranslate has a FF addon:
https://addons.mozilla.org/en-US/firefox/addon/libretranslate/
Likewise, I think FF has (or will have?) a native capability to translate, as well:
Last I recall, friendica was the most solid alternative. It is a fairly feature-complete analogue of Facebook and a few other social platforms. Maybe give it a look!