• 0 Posts
  • 13 Comments
Joined 8 months ago
cake
Cake day: March 13th, 2024

help-circle

  • twig@lemmy.dbzer0.comtoPrivacy@lemmy.ml*Permanently Deleted*
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    edit-2
    5 months ago

    Your logic doesn’t escape me but in point of fact, when we’re talking about GrapheneOS we’re not talking about volunteering usage data to Google. GrapheneOS does a better job of protecting user privacy than any other mobile option I can think of.

    The problem I have is treating security and privacy like they’re opposing forces. They’re not. You don’t need to make security concessions to ensure privacy and that line of thinking doesn’t make sense when you examine it.

    Genuinely curious: what your privacy metrics (what does this actually mean to you) and what is an organization that you trust?


  • twig@lemmy.dbzer0.comtoPrivacy@lemmy.ml*Permanently Deleted*
    link
    fedilink
    arrow-up
    5
    arrow-down
    2
    ·
    5 months ago

    I’m sorry, but that’s just not how security works. Most of the “security” features exist because of patching known vulnerabilities. What this means in real terms: vulnerabilities and how they work are published to the public. There are people who specifically write and sell malware to exploit these known vulnerabilities. This is happening all the time. If you have a permissive security model, you are opening all of your information up to compromise

    You cannot reasonably expect privacy on a system that makes major concessions to security. Security is necessary for privacy. The two are not the same thing, but one is needed for the other.

    But also… GrapheneOS is in fact a very privacy-friendly operating system. I would consider it the most privacy-friendly in fact.


  • twig@lemmy.dbzer0.comtoPrivacy@lemmy.ml*Permanently Deleted*
    link
    fedilink
    arrow-up
    8
    arrow-down
    1
    ·
    5 months ago

    I don’t think it’s ironic. Google benefits massively from their projects like AOSP or OpenTitan being open source, and they even benefit from projects like GOS doing some heavy lifting for them in developing bug fixes that get integrated upstream.

    The fact that their mobile phones are relatively friendly to alternate operating systems is of pretty significant benefit to them.

    Google is invested in security research, albeit usually for reasons that don’t benefit users.


  • twig@lemmy.dbzer0.comtoPrivacy@lemmy.ml*Permanently Deleted*
    link
    fedilink
    arrow-up
    14
    arrow-down
    4
    ·
    5 months ago

    I find the criticisms of the founder pretty seriously overblown. My interactions with him have always been positive. He’s on the spectrum and a lot of people engaged in pretty serious abuse toward him and the project he created… so I’ll give him some slack.

    I’ve used GrapheneOS for 5 years. It’s good, the project has integrity, and there really isn’t anything that meaningfully compares in meeting its goals. It’s proactive in that they actually do meaningful security research and implement solutions. People who troll on the project are either straight up bad actors or just stupid.








  • Signal releases their own self-updating apk on their site, and this release doesn’t use Google services for push notifications. There are legitimate reasons why publishers sometimes avoid f-droid.

    Also there’s Molly, which is a signal fork that allows database encryption; or Session, which doesn’t require a phone number for account registration and is decentralized. Both of these forks have repos that you can add to f-droid.

    I do understand the hesitance to use a platform that has its infrastructure in the US, but I will say that international compliance with the US is a problem even if the infrastructure is located elsewhere. Session is a really promising option, since it’s decentralized, and I’d love to see more people using it.