I don’t use RCS myself, but there are recent posts on the GOS forums and it appears to be working fine once all of the prerequisites are installed.

Sure, like I said above, GOS doesn’t at all prevent you from rooting the device. They only discourage it from a security point of view. Regarding MicroG, I’ve never had need for it myself but I’ve read many other posts over the years from users who have installed it on GOS in lieu of Graphene’s own implementation.

I would argue that overall GrapheneOS provides more control over the OS than some other Android-based operating systems.

They don’t.

You can root GOS like any other Android-based OS. It’s just highly discouraged, completely unsupported and, in the opinion of the GOS devs, you will no longer be considered to be running GOS since you are compromising the core OS by doing so.

You’ll need to provide specifics if you want solutions to many of these issues.

• What exactly isn’t working with your Yubikey?
• Which bank apps? Did you check the compatibility list maintained by GOS?
• Which apps aren’t working without Google Play?

For the keyboard, there are several FOSS keyboards which support spacebar navigation, but you can also install Gboard and simply disallow any permissions, including network access.

Regarding Signal, this would be a reality for anyone with a non-Apple device. You may need to find a compromise and simply use SMS, RCS, or even just email when dealing with certain people.

There will always be one-off features available only on other devices or platforms. Only you can decide whether they are worth the cost of security and privacy.

Craigslist is still superior in the PNW, at least in my experience.

See my follow-up post elsewhere here. Sounds like you might not have an always-online device to keep others always synced, and/or the devices you’re using to add entries aren’t online when you do. Might consider using a designated device for database modifications.

That used to happen to us before we started using SyncThing (and before we had data plans on our phones).

By the time we migrated to it, we had a home server running 24/7 and this ensured that at least one device in the chain was always online, had the latest version of the database, and pushed it to other devices as they came online. Our phones also have data plans now, so things generally sync in realtime which helps avoid issues.

If you don’t have at least one always-online device, I think the next easiest way to avoid sync conflicts is to modify the database from one designated device. That way even if a conflict does arise, you’ll know which device is always correct.

For resolving the conflicts, I would open both databases, sort by modified, and review the latest changes in each.

KeePass, and more specifically the KeePassXC (desktop) and KeePassDX (Android) ports.

My wife and I have shared a single KeePass database for about 15 years now and I couldn’t imagine switching to anything else.

My reasons have remained the same over the years:

• Free and open source
• Offline (but supports cloud sync)
• Lightweight
• Cross platform
• Supports autofill

I would never entrust the management of my credentials to a 3rd party online service. They’re an easy target (it’s only a matter of when, not if they are breached), and they could go out of business at any time.

We don’t use cloud storage for anything these days, but we keep the KP database (and many other things) synced across more than 7 devices using SyncThing, another amazing FOSS project.

I haven’t experienced that personally but Reddit’s Imgur has also cracked down on VPNs and many hosted pics and gifs will not load, depending on your selected server.

Stealth works as well.

Almost any basic web host will allow you to create unlimited email addresses and/or aliases for your domain. Most will offer this service with even their cheapest “shared hosting” plans. And if all of the aliases are going to same person, just enable the catch-all mailbox. Why bother with an email-only service at that point?

There are too many differences for me to list here, but unlike mobile operating systems, Windows and most Linux desktops do not provide sandboxed environments for userspace apps by default. Apps generally have free reign over the whole system; reading/writing data from/to other apps without restriction or notification. There are virtually no safeguards against malicious actors.

Mobile operating systems significantly restrict system-level storage space, making key areas read-only to prevent data access or manipulation. They also protect app storage, so one app can’t arbitrarily access or modify data stored for a different app.

Mobile operating systems also follow an image-based update model, wherein updates are atomic. System software updates are generally applied successfully all at once or not at all, helping to ensure your phone is never left in a partial or unusable state after a system update.

For desktop users, macOS, and atomic Linux distros combined with Flatpak are the closest comparisons.

Most operating systems will require your desktop password upon resume, and most thieves are low-functioning drug users who are not about to go Hacker Man on your laptop. They will most likely just wipe the system and install something else; if they can even figure that out.

Yeah, I’m sure there are a lot of variables there. I can only say that in my experience, I noticed zero impact to gaming performance when I started encrypting everything about 10 years ago. No stuttering or noticeable frame loss. It was a seamless experience and brings real peace of mind knowing that our financial info, photos, and other sensitive files are safely locked away.

No, the average user will never know the difference. I couldn’t tell you exactly what the current performance impact is for hardware encryption, but it’s likely around 1-4% depending on the platform (I use LUKS under Linux).

For gamers, it’s likely a 1-5 FPS loss, depending on your hardware, which is negligible in my experience. I play mostly first and third person shooter-style games at 1440p/120hz, targeting 60-90 FPS, and there’s no noticeable impact (Ryzen 5600 / RX 6800XT).

It does help greatly in general though, because all of your data will be encrypted when the device is at rest. Theft and B&Es will no longer present a risk to your privacy.

Per-app permissions address this specific threat model directly. Containerized apps, such as those provided by Flatpak can ensure that apps remain sandboxed and unable to access data without explicit authorization.

While it would certainly be nice to see this addressed, I don’t recall Signal ever claiming their desktop app provided encryption at rest. I would also think that anyone worried about that level of privacy would be using disappearing messages and/or regularly wiping their history.

That said, this is just one of the many reasons why whole disk encryption should be the default for all mainstream operating systems today, and why per-app permissions and storage are increasingly important too.

Our Smart TV is offline 99% of the time, so I rarely see the smart features. We’ll sometimes have company stay over and they’ll connect the Ethernet to use the built-in streaming apps with their own credentials, so it’s a nice option to have and it doesn’t impact us otherwise.

JF’s UI hasn’t really done it for me for whatever reason…I have it running in an LXC already and mostly use it at my workstations.

I have a JF instance running on Proxmox as well, but it hasn’t won me over yet. Still, I know a lot of folks do prefer it to Kodi and others so there must be something to it.

As others have said, just buy a TV that meets your A/V needs and don’t connect it to the internet.

I know everyone talks about Jellyfin these days, but Kodi is an excellent option too if you don’t need streaming to multiple devices. I use Kodi via LibreElec on an rpi4 and it’s been great. All media is stored on my home server and shared over Samba, but you can easily store it locally on the box if you don’t have a server.

For music streaming, I run a separate instance of miniDLNA on my server, since I like to browse-by-directory for my music instead of relying solely on metadata. This also allows you to stream to any DLNA-friendly device on the LAN.

I’ve digitized my disc collection and just keep the physical media as a backup. The local library has a huge selection of media too…and if we don’t use it, we’ll lose it.

That sounds like a time saver for sure. I imagine that some of those elements (grammar rules) are widely available everywhere, while others (practice dialogues, activity suggestions focused on the use of language) would require a fairly specific training model.

Thanks for sharing! I’m probably too set in my ways to ever utilize AI for things like this. I never use virtual assistants like Alexa or Google either, as I like to vet and interpret the source of information myself. Having the citations would be handy, but ultimately I’d want to read them myself so the IA/VA just becomes an added step.

If a layman may ask, what are folks even using AI/LLMs for mostly? Aside from playing around with some for 10-15 mins out of simple curiosity, I don’t have a practical use for platforms like ChatGPT. I’m just wondering what the average tech enthusiast uses these for, outside of academia.

Quite a lot of apps cease to provide real-time notifications/messages, if they work at all, when Google Play components are not installed under GOS. At the very least, Google Services Framework is required for many mainstream apps.

Not OP but I think they’re just saying they’re not invested in Android as an ecosystem.

For what it’s worth, GrapheneOS includes neither Google Play nor Android Auto. Like nearly any Android-based OS, it allows you to install apps of your choosing, but it does not include either of those. It is a FOSS project through and through.

Yep. My only real goal is to reduce the amount of advertising I’m exposed to on a daily basis, and to that end it’s working…for now.

No cable, no streaming services, no broadcast radio, automated downloads of media, ad blockers everywhere, DNS sinkhole, etc. Thankfully, it’s all low maintenance once in place.

First, it’s important to realize that Meta is likely tracking you already through its ad-related services even if you don’t have an actual FB account. Countless retailers and services are using Meta and Google for ads and analytics and it’s virtually impossible to be completely off their radar if you do any online shopping, banking, or service consumption.

Even with the use of VPNs, uBlock and other tools, Meta likely already has your particulars, including full name, phone number, email, and physical address simply by way of family members and colleagues saving that information to their own address books which are then shared to Meta through FB, WhatsApp, etc. In this way, your name, phone number and/or email address has likely already been associated to otherwise anonymized data through retailer back-ends.

That said, if Marketplace is important to you I would simply create a FB account and use it solely for that. I would avoid installing any FB/messenger apps, and opt for a browser-only experience in order to minimize additional privacy infringement. Use FF containers, incognito mode, or a separate browser altogether for FB access if you feel it’s necessary.

Meta has taken a hardline approach to fake/obfuscated accounts, so I suggest using legitimate tombstone info but only provide what’s necessary for account generation. Anything less and you’ll risk a deactivated account, or Marketplace ban.

Don’t overthink it. If you use the platform with basic care (no apps, no persistent cookies), then the most they’re going to glean is that you like shopping for retro games and other used goods.

While Reolink hardware is perfect for Blue Iris and other self-hosted solutions, I try to warn everyone that Reolink’s own Android app now captures your device’s clipboard whenever accessed. The same may be true for their desktop or iOS apps, I don’t know.

I have several Reolink cameras and I’ve been happy with their overall image quality and capabilities, but I do not trust their software whatsoever and recommend keeping them isolated from the internet entirely.

Honestly, any enterprise OEM will be similar, such as Dell or Lenovo. Yes, their mainboards are proprietary, but you can easily source them from legitimate parts vendors. That’s why there are so many refurbished Optiplexes and ThinkCentres on Amazon. They’re trivial to repair and most don’t even require tools.

You cannot easily upgrade to a dedicated GPU unless replacing an existing unit, which is standard for laptops as well.

Perhaps more importantly, websites can determine which fonts are installed on your system (regardless of which you’re enforcing), making fingerprinting much easier.

Simple SMS, obtained from F-Droid, is probably the best universal option until the Fossify project adds the fork to their suite (assuming they do).

If you have the ability to toggle network access for your apps (GrapheneOS, etc.), Google Messages is a very solid SMS app that receives regular updates. I would normally only recommend FOSS apps, but many of those options are limited and/or dangerously outdated for SMS.

Relevant topics also missing from the survey:

• Choice of desktop operating system
• Choice of mobile platform and OS
• Use of email encryption
• Use of cloud storage
• Use and method of disk encryption

The bottom line is that GrapheneOS is the most security-focused mobile operating system available, and the Google Pixel is pretty well the only mainstream phone with an unlockable bootloader.

If Alphabet were to ever lock down the Pixel’s bootloader, the GOS devs would undoubtedly jump ship to a lesser available platform in order to continue the project. But until then, no other hardware comes close with respect to embedded security.

For what it’s worth, I use F-Droid and the Play Store via the Aurora store frontend, all without a Google account.

I don’t install the Google Play Store bundle, as I feel it defeats the purpose. I do install Google Services Framework though as most apps rely on it and it doesn’t require network access.

I generally don’t use any apps that compromise user privacy, so apps like Facebook, Instagram, TikTok, Spotify, YouTube, and Google Maps are all a no-go for me. If and when I need to access their services, I use an alternative front end or simply use a browser.

Even if you do need to use the above apps though, you’ll find GrapheneOS a much more secure and privacy-respecting way of doing so.

How does GOS work with apps, or how would a proper Linux OS work with apps?

For the former, GOS works really well for what I want from a smartphone. Self-hosted contacts and calendaring, Signal for messaging, Firefox and Vanadium for browsing, markdown editor, file sync, etc. all work great.

For the latter, a proper Linux-oriented release would be something like a mature version of the GNOME Shell mobile project. I don’t need specific Android apps, but rather the ability to complete certain tasks (banking, appointments, email, etc.). With Linux, there’s already an app for most of those tasks. The only exception might be Signal, but I’m sure if GNOME Shell matures enough we’ll see a solution for mobile Linux activation too.

Pixel 7 with GrapheneOS. It’s the first and only time I’ve ever felt I was in control of my own smartphone.

If GOS is ever no longer an option, I will likely stop using smartphones altogether until a proper community-based Linux OS with similar features is available.

I use the flatpak version, which keeps all of the cache and config directories together, and I’m fairly certain I’ve simply copied the flatpak data folder between computers in the past. I could be wrong though; I might have only copied it between distros on the same hardware.