My apps
from ZinQ@lemmy.ml to privacy@lemmy.ml on 25 Sep 19:22
https://lemmy.ml/post/36661693
from ZinQ@lemmy.ml to privacy@lemmy.ml on 25 Sep 19:22
https://lemmy.ml/post/36661693
My setup on GrapheneOS with all the exploit protections on except some off for apps with compatibility issues. Thoughts?
threaded - newest
Only one: ditch that crap named Proton.
Bring the downvotes bots š¤£
Also ditch WhatsApp.
You mean the Kryptonite? That is what kills a lot of privacy setups.
Can you elaborate? From what I understand GOS does a good job at isolation. But I might just create a separate proprietary profile
I meant that this is the Achilles heels. A lot of us have it. It has the meta AI on it that we canāt deactivated. It is EEE and GOS does a good job isolating it but still a non privacy app.
I see, thanks
I wish
It would have been helpful to explain why, whether thatās privacy, ethical, or political concerns.
But maybe the use of āš¤£ā says it all
And calling ābotā anyone who disagrees. Peak Reddit behaviour.
The peak Reddit behavior is the squadrons defending that crap š
.
āChildish behaviorā is calling out a āprivacyā company that does questionable stuff.
Noted.
.
Like I already said this isnāt about any company but rather encouraging griefing
.
AHAHAHAHAHAH
Donāt cry bro, I only told you to ditch an untrustable company which at first supported Trump and then was called out for silencing journalists.
I am 100% going to make it unpleasant for all who still use it, especially if they seem to care about privacy.
.
What are you blabbering about?
Keep using whatever you like, but I will still call crap the crap.
Cry me a river.
.
But you are cryingā¦
.
š¤£š¤£š¤£
Sweet summer child wasnāt ready for a reality check of his cute āprivateā setup
.
āThoughts?ā
.
I donāt understand why you switched to this cringe victimism, but asking for an opinion and then complaining about it is weird
.
Lolā¦ Now I understandā¦
My little cute brother, I asked for Proton fanbots to downvote me, not youā¦
.
Huh?
.
š¤
Well let me ask you the real important stuff, what email service/s do you use?
Mailbox
Ah I just now realized, my mistake dude, my brain is fried from my mental state. It seems I was the delusional one all along
No worries, I do that often too š
Thank you kind stranger
.
.
Donāt post your setup if you canāt stand criticism š
.
.
Itās not my fault if you are out of the loop.
You asked for thoughts I gave you my thoughts.
Also I donāt have time to list every time everything wrong with Proton or other crappy company. Itās all over the internet, use the search button as I already told you.
.
Not my fault if you all take it personally.
.
š
Ceo of Proton is a huge Republican fan, that might deter some people. Are you not interested in this?
lemmy.world/post/24301835
I would be in the loop, but not necessarily OP. I am calling out OC to defend their suggestion with more than a simple accusation.
You are indeed correct, Iām not the type currently to stay up to date on news
As a looped in person. Do you think I should stick to Proton for less hassle (migration) or is moving to Tuta for example the right move currently?
My take is that Proton CEO Andy Yenās pro-Trump comments were born out of naĆÆvety, not the same mindset that plagues tech CEOs in the US. Combining that with Protonās benign actions since then, I think itās a good time to diversify, become familiar with alternatives like Tuta as you say, and make a backup plan should they enshittify, but donāt rush to jump ship now.
Not this shit again.
What you mean? You do realise most of us degoogle to get away from American grasp on technology, whatās the purpose of switching to Proton if thereās services even more independent?
The problem is I have been using proton for years and I have 385 entries so switching to say Tuta would be a drag (unless there is an option to migrate, I havenāt checked) Proton IIRC is also the cheaper of the two. Or would you say I should suck it up and make the switch?
After thinking some more this mindset is not good at all. If everyone becomes complacent due to habit and convenience that would be bad
Iām not sure, does managing two email accounts would be difficult for you? It wouldnāt be too bad having one extra, having some accounts on a different mail might work for you, if one gets hacked you donāt lose access to everything right away. Also you donāt have to migrate all the entries right away, you can always just make new accounts on a new email provider, and if you do use password expiry in your pw manager you can migrate emails right then
I mean I can do it like I did with Gmail, just forward all the mails and slowly migrate everything
Yep, says it all about you fanboys š¤£
Uhhh why?
Goldfish memory? It was one of the biggest things on lemmy
lemmy.world/post/24301835
Proton ceo not politically neutral as he advertised
And they recently were caught in the āaccidentalā suspension of the accounts of two journalists.
There has been enough information released to essentially debunk the connotation you are implying.
Did the CEO tweet in support to Trump administration? Yes he did!
Did two journalists have their accounts suspended after external pressure? Yes they did!
Debunk this, fanboy!
As I have said already to another of yours, time will tell if I was too cautious or you were a fool.
I didnāt say anything about the Trump tweet. I only mentioned the journalist comment, which there is more information an nuance to it than you allow for.
But you assume because I say one thing I must be your enemy. You call me names. You refer to me as a group instead of a person.
So clearly you are an island to yourself. I hope your relationships in real life are far more fruitful.
Donāt cry, we are just having fun here.
It looks like protonpass, OP uses mullvad instead.
Is the controversy about the VPN?
Nah the controversy was with some executive at the company thanking trump for some stuff
.
I mean isnāt proton recommended on privacyguides? Do you think they need to update it?
Privacy guides recommends Brave. Iāve said enough.
Whatās wrong with brave? I didnāt like the crypto feature but I got the impression that itās a good privacy browser for people that need syncing
Do your own research, this is the most useful thing I can tell you and it applies to anything.
Yes that is correct, I just wanted to hear what people on Lemmy have to say
Brave, like Proton, has a lot of fanboys (assuming they arenāt bots) that blatantly ignore key informations about the companies of said products.
In this kind of scenario resorting to your own independent search is the only thing you can do.
I see, good to know
Whatās the chrome app?
Is nano GPT 100% offline? Or self hosted?
I see two: Cromite (Green) and Vanadium (Gray, Chromium variant by GrapheneOS)
Cromite
Fixed the name now, thank you. With all the chromium variants out there, I had it as cHromite in my head
Understandable. The name is a play on the Bromite, which is the dead project Cromite forked from.
NanoGPT is more āno-logsā from what I understand buttt you can pay in XMR and have a dedicated āaccountā (you get a sign in link to keep safe) and run it under tor
In NanoGPT You also got TEE (Trusted Execution Environment) models which are more private/secure from my understanding. From GPT-OSS 120B TEE:
āTEEābased AI models run their inference or training inside a Trusted Execution Environment (TEE), a hardwareāsecured enclave that isolates code and data from the rest of the system. This provides data confidentiality, protects the modelās IP, enables cryptographic attestation of the exact model version, and satisfies regulatory privacy requirements, making AI services trustworthy and suitable for secure multiāparty or decentralized applications.ā One downside is that they are usually pretty expensive to run
You are also able to bring your own S3 compatible storage
What device are you using
From the wallpaper and theme, looks like grapheneos on a pixel
Itās also in the description lmao, good catch
Google Pixel 8 with GrapheneOS
KeePassDX, nice choice! I really wish I could have DX or XC on both phone and desktop. Love both but would prefer to donate to one. Wallet is unhappy but I really try to donate to all FOSS apps I useā¦
Yeah keepass the goat! I use mainly proton and keepass for when Iām more paranoid
For me that has lately been always
Do you have a backup? I recently lost my crypto due to my KeePassDX getting deleted accidentally (I saved the seed there) :(
(I didnāt have a wallet at the time so I was cooked)
Nobody seems to talk about the OG pen and paper password manager!
Oh shitā¦ Damn. sorry that happened to you :(
I do back it up with the rest of my stuff to an external hard drive, but thatāsā¦ Like once in a year so could be better.
I have my keepass database file in my cloud that i use to sync it between phone and PC. I create a backup of all of my files on my PC + cloud folder once a year to an external hard drive. Better than nothing but probably would be better to do this more frequently š
I also empty my phone from time to time and move everything I want to keep to my PC (like photos).
Wait isnāt that defeating the purpose of KeePass? I strictly use it as a local password manager (no cloud backups and such), since I thought that was the main spelling point
Or is the database file encrypted with a password? If not you might want to use something like VeraCrypt to encrypt and password protect the database files on the cloud
Didnāt see this comment but: I trust enough my cloud provider + the database file is encrypted with the masterpassword you set for your keepass.
I also use this cloud to host my Joplin notes, which are also E2EE (joplin supports it) so even if my cloud provider would take a peek itās all encrypted.
Ah ok, I was wondering if the database file is encrypted, ignore my comment since it was intended for if the file is unencrypted by default
You can of course. I think the selling point is that you control it and itās a single file that you can decide where youāll keep it, how you access it, and what app you use to interact with it.
I can copy, delete, move it all without needing a service for it. Can modify it offline and everything!
I donāt host the file on a password manager dedicated cloud, itās my own cloud space with other files I have there as well. So the file is just in my cloud space, with other files, and i have a synced folder on my phone + pc and just access that cloud folder with the file from keepassXC on my PC and keepassDX on my phone :)
For me keepass offered a single databae file that I can decide where and how I keep it. Also works offline because the cloud syncs folders and even without internet a version exists on my phones cloud folder (until it gets synced again with internet).
Can you give me a quick rundown of how you run your cloud space? Can I just Ubicloud + Coolify + Nextcloud?
I had not heard of ubicloud, thatās pretty cool! Thanks for the tip!
And sure:
I donāt self host it, I got managed owncloud space from a domain and web host provider.
I manage my own VPS that I got from them but the cloudspace came extra with buying the domain + email services (Iāve managed email server at my job and no way in hell will I do that for myself, too much headache).
So basically, in short, I have a managed email + owncloud space (just 5gb, donāt honestly need more) from a commercial provider and just use owncloud app on my phone and PC to sync folders on both. I keep my encrypted joplin notes and (encrypted by default) keepass database on this cloud. Owncloud takes care of syncing and I just use Joplin and KeePass on both devices and set them to use the files in owncloud folder. Never had an issue in 2 years with anything.
Technically my provider could scan my stuff, but they wonāt get anything out of joplin notes or keepass.
Your idea for a setup sounds way more private, but i think for my usecase Iāve been happy since itās so low effort and still does what I want it to do.
I have seen on lemmy people recommend syncthing (syncthing.net) for keepass, which directly synchronizes a folder between devices without a middleman if you wanr. But everytime you want to sync you need to have both devices on for that as there is no automatic middleman that is always available. Maybe that could be done with a raspberry pi?
Anyway: you can easily set this up with proton if you already have proton cloud no?
Iām moving away from Proton, and self hosting is cooler anyway. Instead of Proton Iām trying out Tuta, Mailbox, Addy.io and Bitwarden
That sounds like a nice stack! And true, self hosting is really nice. Just wanted to give options if you donāt feel like getting into self hosting.
Nevertheless, good luck on your privacy journey! Iām working on it too!
BTW I find SimpleX is great for syncing between your phone and PC. I used it with multiple computers/profiles on GOS and just created an incognito group without history and with disappearing message and thatās how I moved stuff like addresses and passwords to my PC. The app is also great for communication ofc
Nice tip, thanks! still havenāt given simpleX a try. Mostly because it was hard enough to get family and friends to move to signal :)
Itās AMAZING, so many settings, and I use Orbot proxy (doesnāt take VPN slot) and configure SimpleX to use it for that extra extra protection (and concurrently I use mullvadVPN for that extra extra extra protection)
Note is that I donāt link my SimpleX to my PC but create separate profiles
Are those green mini icons an indication of a PWA shortcut?
I use the app Hermit to run isolated websites, usually as PWAs. Itās replaced quite a few apps, but Iāve noticed that many companies are intentionally making their web experience shit so they force you to use invasive apps.
Anyway, it can create home icons for those sites, and they run separately (i.e. in your task switcher), so it works better than browser shortcuts.
It does, thatās the icon for Cromite.
I didnāt quite catch that actually but yes itās cromite PWAs
Is this my phone? Lol
You might wanna run auditor lil bro
Keep whatās app and any Aurora store style apps inside the Private Space section. Then keep it locked when not in use
I mean currently I only have protonpass and whatsapp from aurora so Iām chilling, everything else is from obtainium. But Iāll try it out (last time I didnāt understand how it works, idk If itās bugged for me but the apps I put in the private space stayed on my ādesktopā)
Proton Pass can also be downloaded from Obtainium, if youād rather go that route.
I wasnāt able to find a release on github for ProtonPass, I did find releases for ProtonMail tho
You can download from this site which comes from Proton directly, this Github repo, or this link which downloads the F-Droid build
Thanks, I am already migrating to Tuta, Bitwarden and Addy.io tho
If anyone Is wondering, this setup was based mainly on PrivacyGuides
Kind reminder that Brave is a crypto browser and the devs are against LGBTQ+. Also, itās closed source.
The browser itself is open source github.com/brave/brave-browser. The rewards and VPN are not (it seems rewards is open source on IOS)
Some apps that you use are not safe. Aurora store doesnt send too much data to google but it doesnt verify app signatures which can lead to installing malicious apps, use normal play store instead which verifies app signatures (its also suggested to use by grapheneos devs). Whatsapp, collects data about you. Cromite, uses adblock plus which is really bad. Also here is another reason why cromite is bad:
Ah fuck, I use Cromite because I find vanadium PWA for the stuff I use are buggy and slow. I used to use brave for this purpose, should I go back? Damn I guess I will need to link this phone to my throwaway gmail account (which still has private data) WhatsApp I canāt ditch due to family and Signalphobic friends
On grapheneos you should be using vanadium since its most secure browser on phone. On other android devices, use brave instead. Also if family and friends dont want to use signal but want to use whatsapp then uninstall whatsapp, one way or another they would have to either end up using sms or other form of contact
Hmm I might do that actually, Iāve been wanting to get rid of WhatsApp for a while now, I think Iām still gonna use a second browser (Brave now) for my PWAs, my threat model allows it
On the contrary if in the end everyone moves to SMS and normal calls wouldnāt that actually be pretty bad? Since WhatsApp is E2EE (with the major flaw of default unencrypted backups which are shoved down your throat). But maybe itās not that big a deal since I assume most if not all of the people Iām talking to likely have unencrypted backups
.
"Casually reminds you that Ironfox exists & itās a lot more āprivateā than most chromium-based browsers, & has ublock origin. (slow by default tho)
also while aurora store doesnāt verifies signatures, is has Exodus integrated which dynamically analyses & warns about spyware, tracks and telemetry so you more caucious about the littered āfreeā appsā¦
<img alt="" src="https://lemmy.myserv.one/pictrs/image/2f5d4abe-3c9d-4f90-8c75-d3611179819b.jpeg">
Yes, ironfox is good too (i forgot to mention it) but on grapheneos you will want to end up using their browser
Also, having exodus integration in app downloader is good but not worth it for exchange of no signature verification, so itās better to just check it in browser instead or use their app to check trackers
Cool, especially more so on PWA.
But Iād still recommend having ironfox for general browsing & not throwing privacy to the window.
(You wonāt believe it but, I just wrote a blog-size reply and accidently deleted it for trying to put it on a pastebin serviceā¦)
.
Iām thinking if I need to use WhatsApp again Iāll try to download it, connect to WhatsApp web on my laptop and then delete it from my phone. Idk if itāll work but itās worth a shot
Brave is WAY worse than cromite. And, why arenāt you using Vanadium more?
I am, itās just that for some of my PWAs, they are unusable/buggy/slow on Vanadium. And lol Iām going around in circles. Do I reinstall Cromite now haha?
Donāt!
Your whatsapp session will expire over time & you gonna need to reinstall it on your phone.
Ether install whatsapp on private space or, if you feel adventurous, selfhost a Matrix-Whatsapp bridge.
Alternatively, convince your socials to use smh foss & more reliable,
Maybe telegram if they insist on mainstream,
It got a foss client but telegram doesnāt enable E2EE by default (Secret Chat).
Signal would be better for a mainstream secure communication as Telegram has its flaws, and E2EE is not enabled by default. Itās also not available in channels.
Yeah I would rather just nudge them towards Signal, I very much dislike telegram and have recently retired it
:O uhhhhm, Great!! š Donāt mind me, I accidentally wrote a whole blog
It happens to the best of us
I use Molly with Orbit proxy, so I feel Signal is the next best thing after SimpleX
WARNING: this reply have 2 ounces of opinion-like āāfactsāā, a pinch of logic that make 0 sense & a whole bottle of chunky post,
Read, at your own warrentyā¦
Of course, signal, molly&unipush or even threema or anything more practical / security-audited is more worthy of your phone number and storing your data in an encrypted form,
Iād recommend conversation or matrix even more so they donāt require a phone number(but for some reason, theyāre more scarce in usage)
Since messaging apps have to do with, well, messaging people & socializing, going to a person that doesnāt have your app & genteelly asks them to install an app is an inconvenience that people want to avoidā¦
Donāt get me wrong, Iād spend an hour talking messaging apps their differencies & cons but, as far as Iām aware, most non-tech invested ppl would consider this ādead-timeā and would rather already text on the āavaliable appā
So, instead, youād preinstall āmainstreamā apps to not even mention it and start texting instandly since youāre usually expected to have it (pre)installed. (i remember whatsapp and fb-messanger being preinstalled on some vendors)
This or use imessage & make them question their existence :) Even on android
To the best of my knowledge, the top āmainstreamā apps out there are:
whatsapp, telegram, discord (yes, DiScOaRd), imessage and sadly, facebook messanger.
(I know signal is getting recognised in āmainstreamā & getting more adoption, but for some reason, I donāt see ppl installing it because itās not āthatā viral to have enough contacts or it would go unoticed by them because āmuh FBI and privacy controversies are too creepyā )
most ppl are aware of these apps and their mass adoptions so they wouldnāt even bother and just get it done with or install the app already.
Out of these options only 2 are actually viable for secure & private messaging especially for Floss: Telegram, for being ātransparentā & having itās source avaliable for security auditing. imessage: for being E2EE encrypted by default with The Manufactureįµį“¹ showing some dedication about the anonimity & security of the product.
Telegram donāt E2EE by default, but you can just start a secret chat that would be private, at least they allowed for foss, third-party clients & made their own āproxyā while encoraging VPNs,
imessage canāt be really called floss because the offical client isnāt & is also gate-limited by The Manufactureįµį“¹ , but at least it has a foss unoffical client that still faily usable (with the compromise of needing MacOS āinstalled & certifiedā or paying for an access token.
Outside of this, thereās really no scope for consideration, most messaging apps that made it to āmainstreamā ether doesnāt care about their users securities & would actively report anything big bros for " the general safety of the userbase" or be a hidden honeypot that collect dats & sell it to advertisers while lying about it. (even whatsapp does that & think weāre dumbies),
When one starts to pick for messaging applications, thereās no āchoiceā, āconsiderationā or even the qualities to think if it genually a good platform, youāre left with only dedication to utilize a messaging app for what it offers & push your circle of people to join you thereā¦
You may convince your friends, but you canāt convince your coworker, team, boss, partner of a project, your online fellas or even your family memebers depending on their tech literacy.
OP didnāt consider ditching whatsapp, instead, they considered methods to hinder whatsappās privacy violations & telemetry, Iām not OP but, thatās seemingly the case;
Even if they run whatsapp on an sandboxed, private space & use a 20 yr-old trash phone, running whatsapp at all on android is a risk since android has lots of APIs that provides device metadata that can be used to uniquely profile users & fingerprint them.
I can be wrong, but I see only 2 actions OP can do:
Alright, in the future I will likely run an Android VM with WhatsApp using a physical SIM bought with cash or a virtual SIM bought with monero
I see,
But at this rate, you gonna always make sure whatsapp runs on a VPN AND behind a kill switch so it doesnāt leak,
also maybe youāre interested in using tailscale or netbird to skip the port forwarding / domain hassle so you can connect to your matrix server and use the bridge in minutes.
Thereās a new foss netbird client for android if it satisfies.
Ofc, I always have killswitch on my VPN, using alternatives didnāt cross my mind so thanks, Iāll also keep the client in mind
If you donāt mind hardening firefox on android. You can try Firefox with uBlock. It give some small advantage compared to Brave like more filters list from uBlock, the element picker thing, and no brave, etc. The performance can be questionable though.
I heard gecko browsers are insecure on mobile
Yes it is true. It have insecure sandbox but in your case it seem like you still use vanadium, if you only use Firefox for known website for the webapp. The insecure sandbox is not that big of a deal anymore. Still from a pure security point, Firefox is not great.
I think overall I have an edge with Brave, since I use it for NanoGPT webapp which I need to be fast or Iāll kys because it was already slow AF on Vanadium so I assume on FF it will be a lot worse
Whatās the app directly above Orbot and Mullvad?
Cromite, but I have switched to brave since, it has better fingerprinting protection, more updates, better security and better sandboxing and isolation. At least thatās what Deepseek R1 with websearch has to say
Isnāt Brave just a scammy cryptocoin browser and ad server? Iāve heard bad things about them.
Itās audited and open source
.
Completely out of topic but,
I just noticed that this post has more comments than upvoted š¤£
.
Firefox is not secure on mobile, Vanadium is a great browser made by the GrapheneOS devs
.
I mean Gecko based browsers are actively recommended against on mobile. Chromium based browsers are recommended. Also I use mullvadVPN DNS based ad blocking, and I also have Brave that has built in ad blocking. Do yourself a favor and ditch adblock in favor of Ublock origin
.
I havenāt really dived into this but Iām pretty sure GOS dev are one of the groups to recommend against it
Can you elaborate on this?
People in the comments already have āAvoid Gecko-based browsers like Firefox as theyāre currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesnāt have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox does not have internal sandboxing on Android.ā
.
Iām on the go right now. This is a quote for an old privacy guides snapshot, but when I was looking for it, I saw some articles from April saying that this was no longer true, so further searching needed when I get home
Pro tip. If you go to an apps notification settings, then set a category to silenced and option called āminimizeā should show up which allows the notification to be hidden from the notification bar, but shown in the drawer
Oh thatās very cool, I didnāt know that. Although I think it isnāt the most useful for me since I donāt have lockscreen notifications and I have all my apps on the home screen
It doesnāt bother you to see mullvard in the top all the time?
Quite the opposite, I rather it be up there so I see itās running. Altough not that it matters much since I have a killswitch