Oddbean new post about | logout
 #Primal is doing some good stuff for sure. On Android I like good old Swiss army knife #Amethyst. 
 exactly the two i recommended! amethyst for android, and primal for ios/android.. next to Obtanium (alternative opensource appstore) and Amber (nostr signer) 
 How do you check all signatures of APKs added to Obtanium e.g. APKs from Github?



 
 nostr:nevent1qqs8vlullc7vusrwvfas4u8pldxk2h67xgs9jxy9mfw36u8vvnj7y4gprfmhxue69uhhyetvv9ujummjv9hxwetsd9kxctnyv4mqygzwhzp3p445ak2ud4n289dn6084txu9ltkg7a53mt75qk5jup2ad5psgqqqqqqsdtntsj 
 Just bought a Pixel so I can try out GrapheneOS + Amethyst. I'm stoked! 
 ooooh let us know, a pixel * graphene is the end boss fr (but also not fr, offgrid is.)  
 Try DivestOS.org
GrapheneOS builds a walled garden.
You're forced to use GrapheneOS servers if you want to have a working device.
GrapheneOS doesn't allow you to choose type of Network permission for apps.
.. 
 terrible advice. tad, the lead developer of divestos uses #grapheneos.

"I like the DivestOS project. However, it cannot provide the same security and privacy guarantees as GrapheneOS. Tad, the lead developer of DivestOS admits so themselves.

The reason why DivestOS exists is to provide harm reduction for obsolete and EOL devices, not to provide a secure and private phone, because it is hard/almost impossible to do so.

If you have the means, I would personally suggest that you go for the 6a with GrapheneOS, just like the DivestOS developer does." 
 That's important context, thanks! 
 Tell us about privacy guaranteed by GOS, about forcing people to use GOS servers about encouraging to use Google apps.
You're pathetic. Security/privacy celeb.:)))) 
 hmm  
 ignore the troll everyone. this person keeps creating what they think are "anonymous" accounts, they post nothing, only harass 
 @matata @bitcoin.rocks...they also have no idea what they are talking about.

Privacy by default

GrapheneOS doesn't include or use Google apps and services by default and avoids including any other apps/services not aligned with our privacy and security focus. Google apps and services can be used on GrapheneOS as regular sandboxed apps without any special access or privileges through our sandboxed Google Play feature, but we don't include those apps by default to give users an explicit choice on whether they want to use those apps and which profiles they want to use it in.

We change the default settings to prefer privacy over small conveniences: personalized keyboard suggestions based on gathering input history are disabled by default, sensitive notifications are hidden on the lockscreen by default and passwords are hidden during entry by default.

Some of our changes for attack surface reduction can also improve privacy by default by not exposing unnecessary radios, etc. by default and avoiding the impact of potential privacy bugs with the hardware.

By default, we also use GrapheneOS servers for the following services instead of Google servers:

Connectivity checks
Attestation key provisioning
GNSS almanac downloads (PSDS) for Broadcom and Qualcomm (XTRA)
Secure User Plane Location (SUPL)
Network time
Vanadium (Chromium) component updates

We provide a toggle to switch back to Google's servers for connectivity checks, attestation key provisioning and GNSS almanac downloads along with adding proper support for disabling network time connections. This combines with other toggles to allow making a GrapheneOS device appear to be an AOSP device. This is only particularly important for connectivity checks since the other connections get routed through a VPN which is needed to blend in on a local network in practice.

In addition to our SUPL privacy improvements, we override the SUPL server to our proxy by default. We also add a toggle for users to switch to the standard SUPL server for their carrier (usually supl.google.com) or disable it entirely.

https://grapheneos.org/faq#default-connections 
 the opening paragraph below says it all. but do take the time to read the rest

nostr:nevent1qqsgstrx39fasr2nqssn0l8yq699d50gn25whmjxk6vleu6a08esppqpp4mhxue69uhkummn9ekx7mqzyppkx733rg2lrsjnkhtqw79tw4z2ccum3rsk3eezf2gq6jjp9qccxqcyqqqqqqg4qdyza 
 Do not rely on opinions of privacy/security 'experts'

They are here to build their position to monetise it later.

Look.

The same people promote GrapheneOS, Protonmail or Tutanota.

People with basic skills in cybersecurity know that mentioned services are not as secure as they are promoted.

Think about it! 
 awesome. i think you're going to love it. lmk how it goes

#grapheneos 
 Be sure to hit me up with how you get on. 🤙