this post was submitted on 25 Sep 2025
104 points (84.2% liked)

Privacy

42132 readers
952 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
Yayannick@lemmy.ml
ranok@sopuli.xyz
tmpod@lemmy.pt
104
My apps (lemmy.ml)
submitted 3 days ago* (last edited 2 days ago) by ZinQ@lemmy.ml to c/privacy@lemmy.ml
148 comments fedilink hide all child comments
 

My setup on GrapheneOS with all the exploit protections on except some off for apps with compatibility issues. Thoughts?

you are viewing a single comment's thread
view the rest of the comments
[–] Igilq@szmer.info 6 points 3 days ago (3 children)

Some apps that you use are not safe. Aurora store doesnt send too much data to google but it doesnt verify app signatures which can lead to installing malicious apps, use normal play store instead which verifies app signatures (its also suggested to use by grapheneos devs). Whatsapp, collects data about you. Cromite, uses adblock plus which is really bad. Also here is another reason why cromite is bad:

“Cromite has very problematic changes included which substantially reduce privacy and security. It reduces security more than it improves it. For example, it includes the highly problematic Eyeo filtering engine from the company behind Acceptable Ads, Adblock Plus, etc. which took over the forked uBlock extension misleading people with the name pretending to be the uBlock Origin project among other extensions. Eyeo’s C++ code is low quality and has memory corruption issues… Cromite including the incredibly sketchy Eyeo content filtering engine and stuff like additional codecs goes against what we’re trying to achieve. We also don’t think the randomization-based anti-fingerprinting approach works, among other issues”.

[–] Kailn@lemmy.myserv.one 10 points 3 days ago (1 children)

"Casually reminds you that Ironfox exists & it's a lot more "private" than most chromium-based browsers, & has ublock origin. (slow by default tho)

also while aurora store doesn't verifies signatures, is has Exodus integrated which dynamically analyses & warns about spyware, tracks and telemetry so you more caucious about the littered "free" apps...

[–] Igilq@szmer.info 3 points 2 days ago* (last edited 2 days ago) (1 children)

Yes, ironfox is good too (i forgot to mention it) but on grapheneos you will want to end up using their browser

Avoid Gecko-based browsers like Firefox as they're currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesn't have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox does not have internal sandboxing on Android. This is despite the fact that Chromium semantic sandbox layer on Android is implemented via the OS isolatedProcess feature, which is a very easy to use boolean property for app service processes to provide strong isolation with only the ability to communicate with the app running them via the standard service API. Even in the desktop version, Firefox's sandbox is still substantially weaker (especially on Linux) and lacks full support for isolating sites from each other rather than only containing content as a whole. The sandbox has been gradually improving on the desktop but it isn't happening for their Android browser yet.

Also, having exodus integration in app downloader is good but not worth it for exchange of no signature verification, so it's better to just check it in browser instead or use their app to check trackers

[–] Kailn@lemmy.myserv.one 2 points 2 days ago

Cool, especially more so on PWA.
But I'd still recommend having ironfox for general browsing & not throwing privacy to the window.

(You won't believe it but, I just wrote a blog-size reply and accidently deleted it for trying to put it on a pastebin service...)

[–] ZinQ@lemmy.ml 1 points 3 days ago (1 children)

Ah fuck, I use Cromite because I find vanadium PWA for the stuff I use are buggy and slow. I used to use brave for this purpose, should I go back? Damn I guess I will need to link this phone to my throwaway gmail account (which still has private data) WhatsApp I can't ditch due to family and Signalphobic friends

[–] Igilq@szmer.info 3 points 3 days ago (1 children)

On grapheneos you should be using vanadium since its most secure browser on phone. On other android devices, use brave instead. Also if family and friends dont want to use signal but want to use whatsapp then uninstall whatsapp, one way or another they would have to either end up using sms or other form of contact

[–] ZinQ@lemmy.ml 1 points 3 days ago (1 children)

Hmm I might do that actually, I've been wanting to get rid of WhatsApp for a while now, I think I'm still gonna use a second browser (Brave now) for my PWAs, my threat model allows it

[–] ZinQ@lemmy.ml 1 points 3 days ago

On the contrary if in the end everyone moves to SMS and normal calls wouldn't that actually be pretty bad? Since WhatsApp is E2EE (with the major flaw of default unencrypted backups which are shoved down your throat). But maybe it's not that big a deal since I assume most if not all of the people I'm talking to likely have unencrypted backups