this post was submitted on 15 Nov 2023
156 points (95.3% liked)
Privacy
32159 readers
665 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
On GrapheneOS ironically you can just use whatever keyboard and disable network permissions. Android is great
i just run afwall+ on my aosp rom to block network perms from apps
Isnt that a root-only app?
Because if it uses the internal VPN feature, EVERY system app can bypass it, and the Captive Portal app and others certainly do.
Only GrapheneOS fixes that afaik, providing their own Servers for captive portal, connectivity check, SUPL proxy server (strips off data and Google still has to manage because monopoly)
Or you could just use software that is actually free/libre. Graphene os misses the point
Yes of course, but for example people that dont know the language yet and need suggestions. What do you mean by that?
The problem with graphene is that is shamelessly promotes proprietary software. They have build tools to try to make it safe to run non-free programs (proprietary software) but that entirely misses the point.
When you run non-free software you do not control the program, it controls you. There is no way to know what it really is doing and you can't make changes to it or even see what it is doing.
I agree and also avoid using their Sandboxed Play Services. Their values are security and "making sense". Its great to have the play services and store just working but as user apps. You can isolate them in a work profile without a problem.
There is no alternative, their point is that microG is not FOSS but a hacked together version of the proprietary play services parts, it may be verrry insecure as it needs to run as system app and often doesnt get updates. And it still talks to Google and actually sends lots of data.
Their approach is very economic. They ship regular play services, framework and store, but with a compatibility layer. This saves efford a lot and avoids breakages or blocking services (Aurora) over time.
Literally everyone can run GrapheneOS, thats the point. You dont need to use the sandboxed Play, but if you need it, it works.
It annoys me too that their preinstalled apps all suck.
They promote Vanadium and literally installing binaries from some random Github release.
F-Droid basic uses the new libraries and should be preinstalled as user app. They have reproducible builds now.
And I wont use Vanadium, as it doesnt support Firefox Addons. It may be hardened in some way but without Noscript and Ublock in my eyes no browser is really hardened if it can run every Javascript or block all, breaking 90% of websites.
I like that they don't foce apps on me , I'd rather install what I need myself. F-droid is not the best app as I see it. I use neo store so do not want extra bloat.
Regarding Firefox , you are either running chrome/vanadium or chrome/vanadium plus Firefox. Since webview. So what you have with Firefox is at best the in use browser features. Open a link in an app and you still use the webview. Firefox on android has it issues as well (sandboxing) . So 1+1 = 2 issues. Using a VPN / DNS with adblock makes ublock unnecessary.
How does GrapheneOS "shamelessly promote" proprietary software? I don't think I've ever seen them do this. Maybe you're referring to Sandboxed Play Services? But that isn't "shamelessly promoted" or recommended, it isn't even included in the OS, its just an optional app that can be installed for those who need it.
I assume you mean Sandboxed Play Services again? That's far from the only feature or benefit that GrapheneOS gives. They do much more work than just Sandboxed Play Services or making it safe to run "non-free" programs. They make it safe to run ANY program, regardless of license.
In no way do they "shamelessly promote" proprietary software. Assuming you mean the sandboxed play services, their neutured, have no priveilged access and youre 100% in control of what they can and cant do.
I'd take that above some band-aid workaround like microG, which does need priveilged access, and fails to do what the actual play services do.
So what youre saying is that you personally audit the entire code, including when updates happen, and then "make changes" when you see fit? If so, Congrats. Youre the 1%. Most dont code, can't read it, and sure as shit dont have the ability to change anything, that's simply a talking point for the blind trust of FOSS apps. Context (and reality) matter.
can't and wouldn't.
You just proved that they promote proprietary software though. Like it or not they encourage users to not seek freedom which is something I can not promote
I did no such thing, and they're not "promoting" anything, you've clearly never used Graphene, nor familiar with the definition of the word Promote. The Play Services aren't installed by default, nor are they even mentioned as an option during the installation. It takes a user intentionally going into the Graphene apps store, and installing them after the fact. They also make it a point to mention that most apps work fine without them. Maybe actually read how they work, because you're clearly unaware. Some people want them, and microG is shit, which is why they developed that option.
Agreed with Mr random. Graphene gives users options, it's literally the cleanest phone install I've ever seen, there is no extra fluff installed. The users have to choose what they install. Full agency . We should celebrate more options for users.
What point are you claiming Graphene misses? FOSS apps on a system where Google has root access is what misses the point.
True but ROMs like lineage os are much better. They still ship a ton on proprietary software but at least there's none in user space.
Same with Graphene, there's no way around that if you want the phone to work. But I can't agree with Lineage being better. They're user debug ROMs, the dev's are never willing to call a release stable, don't even remotely have the hardening that Graphene does, and walking around with an unlocked bootloader is a huge security threat both from a physical and remote exploit that would attack the boot partition/space. Add to that you don't have verified boot working, so you'd never even know it's happened, or attempted.
Then there's the microG problem of apps that need the play store verification to work, banking apps that won't work, even apps that don't do license checks and simply need to prove they've been paid for will be dead most of the time. Plus, Lineage out of the box is still contacting Google, yes, you can undo that, but how many are aware of that and actually finish de-googling it? If I was stuck with a phone that wasn't a Pixel I (may) use it, but given a bunch of apps I want to work wouldn't, would probably just sell the phone and get one that'd run Graphene. If you take user bias out of hit and logically compare them, saying Lineage is better than Graphene is basically impossible to do. You can run Graphene and have a phone that in most cases runs 100% normally, most apps that bitch about modified phones are perfectly happy running on it and the user gains the security and privacy upgrades, without the downsides. Clearly they still need to make smart app choices, but they also don't have a phone that isn't a constant pain in the ass.
I've never has a libre app need play services. That would be bad programing by the developer
OK, I never claimed one did. We're talking the masses here, including the masses of people who still like privacy. Not one off use cases where people are content with F-Droid only phones, most aren't. Most want the line of Privacy, Security, but also still have smartphones that are smartphones and not a bunch of outdated many times abandoned apps that look like they're from the KitKat days. If you're OK with that cool, but the majority typically isn't.