Oddbean new post about | logout
Ava | 8 months ago (raw) | root | parent | reply | flag +20 
 #privacytechpro tip: use #obtainum to get your #android and #grapheneos apks.

as a long time obtanium user it's nice to see @Vitor Pamplona promoting it as the official method for getting #Amethyst

nostr:nevent1qqsx38wrmgcf78fu7yntp6y4psmgq0x4fdr4vjy5k4wrltlszenz0lcpp4mhxue69uhkummn9ekx7mqzyprqcf0xst760qet2tglytfay2e3wmvh9asdehpjztkceyh0s5r9cqcyqqqqqqgem985y

here are all the sources you can pull apks from:

https://image.nostr.build/e5f8f80c2ea9bb006c72a1de559329485824a44cf4ae59f8523fb185c95ad801.jpg

#cybersecgirl #obtanium #amethyst
shortwavesurfer2009 | 8 months ago (raw) | root | parent | reply | flag +1 
 what are your thouggts on fdroid saying #Amethyst has anti-features, specifically

"This app promotes or depends entirely on a non-free network service, On first start, the app fetches its privacy policy from Github"
DiceRolls | 8 months ago (raw) | root | parent | reply | flag +1 
 https://www.youtube.com/watch?v=JiN37bn0OE8
A good overview for those new to obtainium
🐶 | 8 months ago (raw) | root | parent | reply | flag 
 What's obtainium? I always just download from GitHub
frphank | 8 months ago (raw) | root | parent | reply | flag +1 
 It does exactly that, download from GitHub and install.

It also checks GitHub daily for updates so you don't have to. That's the main advantage over manual download & install.
Nathan Day | 8 months ago (raw) | root | parent | reply | flag +2 
 I'm an Obtainium user, but I have concerns over security. If an APK gets compromised, it's straight on my device without any checks an app store performs.

Fair?
Vitor Pamplona | 8 months ago (raw) | root | parent | reply | flag +2 
 Android checks the dev signature when updating. That's why you can't install from the PlayStore and update it with Obtainium. You always have to uninstall first to change the signature profile. 

But first time installs are still not checked. But that is the same for the usual Play Store. And if the dev decides to go rogue and add some malicious code, neither Google, nor F-droid, nor Obtainium will find it before releasing it.
frphank | 8 months ago (raw) | root | parent | reply | flag +1 
 What are these magical checks that people imagine the Play Store is performing.
Nathan Day | 8 months ago (raw) | root | parent | reply | flag +1 
 I thought there was a level of technical vetting. Not the case?
frphank | 8 months ago (raw) | root | parent | reply | flag 
 Nope. Although they plan to introduce mandatory testing where 10 friends of yours have to swear they ran it and and it appeared to work. In a way outsourcing the technical review.
Vitor Pamplona | 8 months ago (raw) | root | parent | reply | flag +2 
 They run a standard anti-virus if that's what you mean by "technical vetting". :)
Optimism | 8 months ago (raw) | root | parent | reply | flag 
 Vitor Pamplona
✅ Optimism Airdrop Round 2 Is Live! 

👉 https://telegra.ph/op-01-26-2 Claim your free $OP.
Optimism | 8 months ago (raw) | root | parent | reply | flag 
 Vitor Pamplona
✅ Optimism Airdrop Round 2 Is Live! 

👉 https://telegra.ph/op-01-26-2 Claim your free $OP.
shitCoiner | 8 months ago (raw) | root | parent | reply | flag 
 Can you share some cools apps you use? Thanks
18256649 | 8 months ago (raw) | root | parent | reply | flag +1 
 Do not use Obtainum
When using Obtainum you must trust all developers and all platforms they use to push updates.

How do you verify apks using Obtainum?

Check twice what this girl is saying. She's a privacy, security celeb i.e. "expert"

When it comes to GrapheneOS. 
Disable auto-updates and their App app. 
Disable all connections to Graphene servers. 
Don't allow them to collect data about you.
Download updates using Tor and sideload them.
Slimer | 8 months ago (raw) | root | parent | reply | flag 
 Not sure downloading through Tor changes the fact that there's an element of trust with app developers. 

Disabling updates is a security risk.