IcyPenguin

@IcyPenguin@beehaw.org
0 Post – 32 Comments
Joined 11 months ago

Great to see people care about their privacy, especially on their mobile devices, as these are often the worst in regards to privacy. GrapheneOS is definitely the best choice, other options are not worth considering. I absolutely recommend against the Librem 5 (or any Linux phone), as these are not really usable, lack essentially every important app and have far worse security than Android or GrapheneOS. There's a great article about Linux phones: https://madaidans-insecurities.github.io/linux-phones.html

If you want to use GrapheneOS, get a Pixel 6 or newer, because the older models don't get security updates anymore. The Pixel 6 will be supported until 2026, the 6a until 2027, you can check out the full list out on this site: https://grapheneos.org/faq#device-lifetime

GrapheneOS doesn't ship any unnecessary bloatware by default, it only comes with stock AOSP applications and no Google services at all. You can install Sandboxed Google Play services from the GrapheneOS Apps repository. For all the other things you need, I recommend searching on F-Droid. It's a repository of FOSS Android apps that don't spy on you.

I would really love to keep it as a utility: phone, text, camera, GPS, web browser, notes, email, music player. Im think of switching to local NextCloud backup system as well.

For your use cases I recommend the following apps:

  • Simple Dialer

  • Simple Messenger

  • GrapheneOS includes their own 'Secure Camera' app, but it can't make use of the post processing in the Google Pixel. You can install the normal Google Camera app from the Play Store through Aurora Store (an anonymous way to download apps from Google Play) and revoke it's network permission in the settings. The network toggle is a feature unique to GrapheneOS.

  • For maps and navigation I recommend the following solutions: OsmAnd, Organic Maps and Magic Earth. Magic Earth isn't open source, but they have a good privacy policy and at least in my experience it's better than the other solutions.

  • GrapheneOS ships with the Vanadium browser, which is a hardened version of Chromium. Vanadium is also used in the WebView API, which other apps use to display web content. If you don't like to a Chromium-based browser, I recommend Mull which is hardened Firefox.

  • For Notes, I really like Notesnook. It's open-source, available on F-Droid and if you use their cloud sync feature, it's end to end encrypted. You can also use it locally and revoke it's network access, so it never connects to the internet, if that's what you prefer. Standard Notes is another option. It also encrypts you notes database locally. There's also Simple Notes, which has less features and it's fully offline.

  • K-9 Mail is probably the best FOSS email client. There's also FairEmail, but the user interface isn't great.

  • Retro Music is an amazing, good looking open source music app. Simple Music is an alternative.

  • The Nextcloud app is also available on F-Droid.

  • If you're into self hosting, I recommend Immich for syncing photos.

If you find these apps useful, consider donating to their developers. They deserve a tip for making all of this great software available to everyone.

Hope you find this useful.

3 more...

Personally I think Beehaw needs other instances and the Fediverse needs Beehaw

1 more...

It really brings me down when I think about how many morons vote for the orange turd

There's Mycroft AI

1 more...

How do they fit in the connector?

I've been using Collabora Office recently, you can get it through F-Droid but you have to add their repo

IVPN is another

It doesn't matter if you host it yourself. You should still have full disk encryption (LUKS on Linux) enabled on your server though.

8 more...

I know, but if they add any weird shit to their apps, it won't be accepted on F-Droid anyway. Also, most of the Fossify apps aren't available on F-Droid right now. I can only find the gallery app at the moment. Once the Fossify forks of the Simple Mobile Apps I mentioned are available on F-Droid, I will edit my comment.

I agree, GrapheneOS is the best. I'm very happy with it.

Just like in Russia where woman are expected to have 8 children lol

is the Gcam app noticeably better than a stock camera app?

Yes, there's a very noticable difference.

What sorts of things would it do better?

It uses the custom ML chip in the Google Tensor processor for post processing. This makes the photos and videos look amazing.

Low lighting or blur reduction?

Both, and a lot more.

In my other comment, I outlined a solution for easily installing the Google Camera app.

I really like Thunder (GitHub, IzzyOnDroid, Lemmy community)

IVPN created an awesome website called doineedavpn.com where they honestly and objectively answer that question. It's one of the reasons why I like IVPN as a VPN provider, they are honest and don't hide anything from their customers. Also their apps are open source and they support anonymous signup.

Understandable, I would never trust my internet service provider either

Oracle Cloud has a free tier and this video shows you how to set up your own VPN there. I wouldn't really recommend this as a free VPN solution though. If you need something that's free, go with Proton VPN's free tier, Proton is pretty trustworthy and they are very upfront about their business model...

Don't root your GrapheneOS system. This site offers a great summary why it's bad. Root and Magisk are huge increases in attack surface and microG isn't recommended either, as it requires root for basic functionality. GrapheneOS has created Sandboxed Google Play services, which takes the official Google Play services binary and runs them in the normal Android application sandbox. This is more private and secure than both the implementation on the Stock OS and microG. Most banking apps work on GrapheneOS with Sandboxed Google Play services, no need for root. In fact, root decreases your chances of getting banking apps to work, because a rooted device can't pass Google Play device integrity checks (previously known as SafetyNet).

3 more...

On GrapheneOS there's a much simpler solution. Install the Google Camera app from the Play Store (perhaps use the Aurora Store to stay anonymous), install Sandboxed Google Play services from the GrapheneOS apps repository and revoke the network permission for all of those. Also, I tried the Gcam-Services-Provider app you mentioned on GrapheneOS and it didn't work. microG doesn't work on GrapheneOS either. Sandboxed Play services is the easiest and best solution.

Water is wet

Second choice should be something like DivestOS. It's definitely not as good as GrapheneOS, but far better than Lineage.

2 more...

As far as I know Duplicati has a Windows version

I would add a few things. Thunder is another amazing Lemmy app. LibreTube is a great, private and open source YouTube client. Tuta (previously Tutanota) is another end to end encrypted email provider and an alternative to Proton Mail.

1 more...

Linux phones like the Librem 5 are fundamentally insecure. It's also outdated and overpriced, I really wouldn't recommend it.

3 more...

That's why I recommend full disk encryption. If someone steals your hard drives, the data is inaccessible without your password.

Agreed

No, but the guy publishes some great articles in regards to privacy and security. privsec.dev is another one I recommend.

Airplane mode exists because it is mandated by law that every handheld cellular device needs a reliable way of disabling the cellular modem to prevent interference with airplanes. When airplane mode is turned on, the cellular modem actually needs to be turned off. Otherwise, the device is not compliant with regulations and can't be sold. Obviously, this is not a 100% guarantee, but the chances that the cellular modem randomly turns on while in airplane mode are very slim. And the Wi-Fi switch isn't really useful, because GrapheneOS and even Stock Android use Wi-Fi MAC address randomization. On GrapheneOS you can also fully disable Wi-Fi scanning.

Yes, but it's far better than LineageOS because it works with a locked bootloader and can make use of Android Verified Boot. LineageOS lacks this fundamental security feature.

Honestly, the stock ROM on most phones is probably better than LineageOS. I would stick to that, maybe use the Universal Android Debloater to remove some of the crap and eventually get a Pixel with GrapheneOS.

This theory is really dumb and there's no real evidence. Everyone can say that something is a honeypot, I don't care about auch allegations as long as there's no proof.

Unfortunately, LineageOS is pretty insecure. Worse than stock Android. https://madaidans-insecurities.github.io/android.html#lineageos

Does Lineage actually have any advantages over Graphene?

1 more...

Mycroft actually sells devices (pretty similar to the Amazon Echo lineup) that are powered by Raspberry Pis. But making your own is much cheaper.