Im having difficulty finding names I like. I need two - three names that roll off the tongue and wouldn’t be out of place with a long hyphenated surname....
The desktop security model is insecure in general. Phone OSes are much more secure.
Reasonable desktop OS to use is Qubes, Fedora, MacOS, ChromeOS, or Windows pro/enterprise (hardened)
Phones are much more secure especially the Pixel 8/pro with MTE immensely reducing remote exploitation. GrapheneOS is the only distro that enables MTE by default and recently implemented it in their Vanadium browser.
Secure phones (secure elements are important): IPhones and Pixels (GrapheneOS or stock)
Also yes, Chromium is much more secure on Linux than Gecko based browsers because of its great internal sandboxing and site isolation. Firefox on Windows is catching up though, but still bad on desktop Linux and android.
This all doesn’t matter if you’re running an EoL device. Make sure your receiving official security and firmware updates.
Hello there! This is my problem: I’m going to buy a new smartphone, and I’d really like to degoogle myself as much as possible. The idea would be to buy a device compatible with LineageOS, but… Supported devices are usually older models, and often there are newer devices with better specs for the same price, that does not...
I recommend you purchase a Google Pixel 6a or above (minimum security support ends July 2027) and flash GrapheneOS. (Pixel 8/pro preferred)
Aurora Store doesn’t avoid Google since a lot of the apps from the play store include Google’s SDK and libraries. microG also doesn’t avoid Google as it is still running proprietary Google code and has more privacy/security weaknesses
Sandboxed Google Mobile Services is a much better implementation which is featured in GrapheneOS. The services are not privileged and is treated like any other app. They don’t downgrade privacy or security unlike the other alternatives.
microG runs Google Play code just like Aurora Store. It is not fully open source. Here’s more information.. It is still connecting to Googles propriety servers.
microG requires Signature Spoofing and alternative OSes usually ship with microG as a privileged system app. This increases the attack surface as it is not confined by the regular sandbox rules.
Now you’re using a privileged component, which downloads and executes Google code in that privileged unprotected context, and which talks to Google servers because otherwise, how would FCM work for example?
Despite doing both of those things, MicroG doesn’t have the same app compatibility as Sandboxed Google Play despite the extra access it has on your device. Even in some magical universe MicroG worked without talking to Google servers or running Google code (again, in a privileged context), the apps you’re actually using it with (the apps depending on Google Play) have Google code in them.
You can always connect a USB stick or card reader with an SD card via USB-OTG
I will recommend you do use a phone that still receives security updates (Not EoL) because I don’t want you to lose out on security just to deGoogle.
If you are strict on having an SD card slot and your phone is still receiving support, you should use StockOS to receive firmware updates as soon as possible. If the phone you decide to get is EoL, the least bad option would be DivestOS (fork of LineageOS)
AOSP does get security updates first because GrapheneOS is based on unmodified AOSP. They are quick to port over updates though and they have extra features like hardened malloc and better user profile support.
Non pixel phones aren’t secure because GrapheneOS doesn’t support them. They aren’t secure because they either don’t have secure elements, broken verified boot, or don’t properly support alternative operating systems. This makes phones like OnePlus, Fairphone, etc not secure enough for GrapheneOS.
DivestOS I would say is the least worst option when it comes to supporting EoL phones. They’re at least honest about what they do and don’t provide unlike what other OSes do. On their website, they tell you they aren’t a secure OS and they can only try their best to reduce harm on an EoL device. DivestOS Security.
I looked up a solution for this with no luck…I want to use The PF app with grapheneos but with all the configurations with both the app and gp services it still asks me to update the gp services and it force closes…any of u guys figured how to get the app working?
There does not seem to be really any good FOSS SMS apps. I really like the UI of Simple SMS by SimpleMobileTools but the group chats are so glitchy that I have no clue how that application is anyhing but an alpha release. Is there anything similar to Simple SMS that works? I know QKSMS got abandoned
Has anyone used it? What was your experience with install/performance? I’m thinking of getting one because it has decent specs for $250. I don’t need banking apps or anything like that, and the only social media app I need is snapchat (I know that sort of defeats the purpose, but I just want better privacy, not perfect).
I’ve seen a few people put their delivered pizza in the oven after everyone grabs a piece to keep it warm. I’ve also seen a lot of those people forget the pizza is in there and either have to throw it out or only noticed after they preheated their oven.
I’m not sure about pizza but I’ve heard a guy putting a casserole in his oven and forgot about it because his coworker was begging him to hang out with him. When he walked back home, his house was burned down to the ground and the firefighters told him “Some knucklehead left a casserole in the oven.” He was super devastated after that.
This app isn’t fully ready yet but Accrescent is a secure and private app store for Android. It aims to be a better alternative app store on Android rather than using the Google Play Store. It currently has 11 apps right now and more to come soon.
Highly recommend to check out and support this project cuz this appstore is the best out there right now security and privacy wise.
2 - Manual installation methods can be insecure because a lot of people don’t update their apps all the time. Obviously rooting a phone is insecure, but having no auto updates in 2023 is crazy.
4 - It is very true, having zero quality control on new apps. The flagging of apps with problems is just following the FOSS philosophy. Any FOSS app can be added to F-Droid.
5 - Not sure why you would want to install abandoned apps on F-Droid, let alone use an EOL device. A lot of people don’t check if apps are maintained because they trust their app store.
6 - FOSS doesn’t automatically mean its secure or private. Also, why is it that I have to install proprietary apps only on the Google Play Store?
7 - FDroid signing keys isn’t an advantage because it requires an extra layer of trust. I’m already trusting the developer by installing their app, so the developer should be signing the keys. This is a reason why Signal is not on F-Droid.
This is why Accrescent is amazing. It has automatic updates for Android 12+. Also leaving the bootloader unlocked is a security risk. Using stock or GrapheneOS (better option) on Android is best because you can lock the bootloader.
I don’t mind Fdroid being around. If you’re okay with the security risk, I have no problem. I’ve explained to you the security issues and the misinformation that people give that FDroid is secure. I was just explaining their security vulnerabilities and explaining why Accrescent is a much better option for installing apps.
Some will curse me out for discussing decentralization and freedom. I am NOT saying the average person should be concerned with CIA spying. What I’m saying is that one should promote decentralized internet infrastructures that empower the individual over corrupt institutions, even though this threat model likely does not apply...
When I get a message in signal that that it has specific wording that would make someone think that it’s a task then I get a notification to save it to keep how is Google doing this are they reading my signal my messages
If your referring to GBoard with network perms disabled, its highly unlikely that its using IPC as keylogger. There would be way too much useless data to store and not useful. Theoretically if they were to be a keylogger, the user would have to be in a super high threat model bracket for them to do this, but there no evidence of Google ever doing this.
Also OpenBoard hasn’t been updated since August 2022. I recommend using the OpenBoard Fork.
There’s no evidence of them actually doing this and if they were to do it, its most likely detectable via reverse engineering.
Keep in mind setting the internet permission on gboard then giving other google apps internet access is privacy theatre. This applies to Google certified devices as well because Google Play Services are privileged.
Accrescent is a new appstore that fixes all these issues but its still in alpha stage and has 11 apps right now.
I replaced fdroid with Obtainium that pulls apks from github,gitlab,fdroid,etc and it has support for auto updates. It’s a little better than Fdroid but still has its own issues.
I’ve recently changed from dns.adguard.com to extended.dns.mullvad.net as it generally seems more privacy friendly, but it seemed to go dead for a while today. Anyone else see this or was it a me problem? I can deal with a slightly flaky service but I can’t recommend one to non-techies who just need a working adblocker.
I actually just installed Arch on my gaming PC a few days ago. I’ve been testing out many games with it and I’m very happy with it. I was hesitant to switch from Windows because I wasn’t sure if the game support would be an issue, but thanks to Proton, I finally switched.
No issues using an Intel CPU and Radeon GPU as of now, except the archinstall wasn’t working for me so I had to do it the normal way.
Firefox isn’t as secure as Chromium browsers due to its internal sandboxing and site isolation being substantially weaker (especially on Linux). If you are on a Linux machine, I recommend you use Brave with no ad blocking extensions because first, it comes with an ad blocker by default. Also, the more extensions you have, your attack surface increases.
If you are on Windows, you should be using Microsoft Edge paired with UBO Lite as it offers the highest security and UBO Lite doesn’t have access to the site data. If you are concerned about the telemetry of using Edge, you can turn it off and if you’re still paranoid, you will have to switch to Linux at this point.
I haven’t been using Firefox for Android because I heard they don’t have a WebView Implementation so the firefox browser has to be used beside the Chromium WebView meaning there’s an attack surface of two browser engines. I also heard that the Firefox sandboxing and site isolation isn’t very good between websites.
I’ve been using Vanadium WebView and browser because of that.
Android System Webview allows apps to display browser windows in the app rather than taking you to your web browser app. On Android, chromium is used for webview. If you use Firefox as a default browser, the remote attack surface increases because they’re two different browsers with different security issues.
Site isolation enforces security boundaries around each site using the sandbox by placing each site into an isolated sandbox. Firefox doesn’t have that feature so they’re vulnerable to attacks like Spectre.
Hi all, through my experience, the third party apps that are supposed to do this a pure trash. I mean true caller was pretty decent, but it was packed with ads and trackers of course and the overbearing permissions that constantly tries hijacking my set SMS and dialer apps… I don’t think using a third party app is the right...
I hope this is not considered a low-effort post, but I wanted to ask if using stock Android without signing in to your Google account/ using Play Store is worth it. It should be more private, right? I’m planning on buying the cheapest Samsung phone there is (probably the A14). I currently have a stock Android Oneplus phone. I...
Yeah a lot of substantial improvements have been made to GrapheneOS in the last couple of years to expand app compatibility. There’s Sandboxed Google Play now, as well as things like the exploit protection compatibility mode toggle so that people can use apps with memory corruption bugs which are caught by hardened_malloc if they wish to. Back in the day, apps with memory corruption would crash and there would be no way to use the until they fixed their app. They now have a toggle to disable hardened_malloc per app when you want to use it regardless.
I’m tried of how terrible Gmail is. Id like an email client with folders or categories. If it can sort them automatically (like how Googles now defunct inbox app used to) that would be even better....
Is there an email client that can sort emails by Primary, Social, and Promotions like how the Gmail client does? Also when using another client to send an email, all the email contacts don’t get autofilled like how gmail has it.
What should I call my son (due at the end of April)
Im having difficulty finding names I like. I need two - three names that roll off the tongue and wouldn’t be out of place with a long hyphenated surname....
Security advise collection - what do you recommend?
I use Linux for quite a while and would like to gather some security advice, well known and lesser known....
My internal fight over what device to buy
Hello there! This is my problem: I’m going to buy a new smartphone, and I’d really like to degoogle myself as much as possible. The idea would be to buy a device compatible with LineageOS, but… Supported devices are usually older models, and often there are newer devices with better specs for the same price, that does not...
Android adware apps on Google Play amass two million installs (www.bleepingcomputer.com)
Switching to custom rom on android device with data
Hello all,...
What is your favorite cybersecurity tool and why? (discuss.tchncs.de)
Samsung joins Google in RCS shaming Apple (www.theverge.com)
Planet fitness app with GrapheneOS
I looked up a solution for this with no luck…I want to use The PF app with grapheneos but with all the configurations with both the app and gp services it still asks me to update the gp services and it force closes…any of u guys figured how to get the app working?
What are some apps that are very very slow for no reason?
I already see the electron apps coming!
FOSS SMS App?
There does not seem to be really any good FOSS SMS apps. I really like the UI of Simple SMS by SimpleMobileTools but the group chats are so glitchy that I have no clue how that application is anyhing but an alpha release. Is there anything similar to Simple SMS that works? I know QKSMS got abandoned
Graphene OS on Pixel 6a?
Has anyone used it? What was your experience with install/performance? I’m thinking of getting one because it has decent specs for $250. I don’t need banking apps or anything like that, and the only social media app I need is snapchat (I know that sort of defeats the purpose, but I just want better privacy, not perfect).
I wonder how many fires have been started because people left the pizza box in the oven while trying to keep it warm
I’ve seen a few people put their delivered pizza in the oven after everyone grabs a piece to keep it warm. I’ve also seen a lot of those people forget the pizza is in there and either have to throw it out or only noticed after they preheated their oven.
Whats your favorite free open source software that everyone should try?
Lemmy seems like the right place to ask this. Personally I’ve really enjoyed Gurgle, which is a FOSS Wordle clone app.
Signal is Flawed, Why XMPP is Amazing! (new animated video) (monero.town)
Some will curse me out for discussing decentralization and freedom. I am NOT saying the average person should be concerned with CIA spying. What I’m saying is that one should promote decentralized internet infrastructures that empower the individual over corrupt institutions, even though this threat model likely does not apply...
Google reading signal messages?
When I get a message in signal that that it has specific wording that would make someone think that it’s a task then I get a notification to save it to keep how is Google doing this are they reading my signal my messages
I thought advertisements were supposed to be enticing... (i.imgflip.com)
I forgot Mastodon was on F-Droid, shoulda checked there first
Was there a Mullvad DNS outage today?
I’ve recently changed from dns.adguard.com to extended.dns.mullvad.net as it generally seems more privacy friendly, but it seemed to go dead for a while today. Anyone else see this or was it a me problem? I can deal with a slightly flaky service but I can’t recommend one to non-techies who just need a working adblocker.
"Arch is unreliable and breaks!"
I’m using Arch Linux for 2 years. I subscribed to Arch’s mailing lists and I check my mails daily. I use flatpak instead of AUR....
How many Adblocking/Privacy extensions are too much?
So as the title mentions, I’m wondering how much is too much?...
AirTag stalking protection is live on Android — here’s how to set it up (www.tomsguide.com)
Mozilla will open Firefox for Android for more extensions (blog.mozilla.org)
anybody have a solution for a legitimate caller ID and spam blocking service for android phones?
Hi all, through my experience, the third party apps that are supposed to do this a pure trash. I mean true caller was pretty decent, but it was packed with ads and trackers of course and the overbearing permissions that constantly tries hijacking my set SMS and dialer apps… I don’t think using a third party app is the right...
Using stock Android w/o Google account/ Play Store worth it?
I hope this is not considered a low-effort post, but I wanted to ask if using stock Android without signing in to your Google account/ using Play Store is worth it. It should be more private, right? I’m planning on buying the cheapest Samsung phone there is (probably the A14). I currently have a stock Android Oneplus phone. I...
What's your favorite email app?
I’m tried of how terrible Gmail is. Id like an email client with folders or categories. If it can sort them automatically (like how Googles now defunct inbox app used to) that would be even better....