So I've been in the rabbit hole of android privacy for some time, last I joined the GrapheneOS community but let's just say that they doesn't have a "healthy" opinion about other projects like f-droid.
So I am looking for generic communities that focus on mobile privacy that doesn't have drama or toxicity or "extreme opinions". Any suggestions? I prefer chat based communities like matrix or simplex instead of like reddit or lemmy.
Fdroid is introducing another trusted party to your supply chain, which should be a factor in anyone's threat molding.
https://f-droid.org/docs/Reproducible_Builds/
However, with reproducible builds now a package is built and signed by both fdroid and the original developer, so you get a net security benefit of having a third party attesting they can independently reproduce the binary from source. Problem solved right? Well, yes but mostly no. Most projects and packages don't have reproducible builds, so if your using fdroid for most packages your still trusting droid.
I think a lot of the online hate comes from people making assumptions that their use case and threat model applies to everyone. That's why I prefer discourse where we just talk about the attributes and not "you should"
I feel like there's a lot of FUD around this subject, because people bring it up as if it's purely a negative without talking about the reasons why it's done the way it is. The whole point of F-Droid is that it's a repository (not a store) of free software applications. They have an inclusion policy forbidding proprietary code and dependencies, and in order to enforce this policy they have to build from publicly available source code, and in order to do so they need to sign the builds themselves. This means, yes, you are trusting F-Droid instead of the upstream developer - but given F-Droid has higher standards than upstream developers this is a tradeoff I am willing to make.
Reproducible builds solves this in a way that preserves the standards of F-Droid, however, "security peoples'" favored "alternatives" (such as Accrescent, Obtainium, and Google Play Store/Aurora Store) forego this entirely, showing they don't either have a viable solution to offer or that they don't really care about the problem that F-Droid is addressing to begin with.
Do you know of an equivalent to https://reproducible-builds.org/citests/ for Android/F-Droid packages? I'd like to see some public verification of these reproducible builds, especially Signal.
F-droid acts as a trust for all the apps you download through it, which means if F droid is hacked, hackers can push fake update to all the apps. It is an issue, but not the biggest concern of average joe. Although F-droid should take it pretty seriously.
But I think hating on them is not the solution....
So I am looking for generic communities that focus on mobile privacy that doesn’t have drama or toxicity or “extreme opinions”. Any suggestions?
the excessive and constant noise a limited number of people is making, their rage when it's not pure hatred against whatever they don't like or whoever they don't agree with, is the main reason why, a Linux user worrying about privacy myself, I decided to stop wasting my time online with any such 'tech' communities. It has become almost impossible to have an open and calm discussion on any topic without someone jumping in and barking like some crazy dog — because reasons.
No matter what their reasons or motivations are to be angry or hateful, I have zero desire to listen to endless rabid barking. There isn't much to learn in that, at least when you're not a dog.
And I have no time for that either: we only have a limited amount of time to live before the game is over and there is no extra life to get, no second chance. I realized that a few years ago and decided I would not waste a second more of my time dealing with those constantly frustrated or hateful people. In tech or elsewhere.
Tech-wise, I have had much more stimulating and enriching discussions in communities that are not tech (or privacy or security or Linux)-related but communities where tech can still be discussed and debated (including by very competent tech people) just always in a broader discussion that don't focus on tech itself.
Like did we forget about the whole “respect other people’s opinions” thing?
I cant say if we have forgotten it or not, but it sure looks like we don't want to hear about it very much.
It's all turned binary (pun intended): you're with us or you're against us, either you're good or you're evil (and then, you deserve to be eliminated). Which is as saddening as it is is... stupid.
If you're interested, I'd be open to DMing about privacy and security. I would like to learn more about your situation and your threat model and what measures you've taken
If you’re interested, I’d be open to DMing about privacy and security. I would like to learn more about your situation and your threat model and what measures you’ve taken
Not sure to understand your question, my situation is nothing special. I'm a dude that cares about what I consider a fundamental human right, as essential as is/should be the freedom of expression: privacy. A right I certainly don't want to see thrown away for a few already very rich people to be able to make even more crazy profit, nor in the name of convenience (including my own) not even for my own 'security' or well-being, for that matter.
Is there anything in what I wrote that made you believe my situation was somewhat special?
As for the 'measures' I have taken. I try to be careful & lucid when I use any app/services/device and I do as much as I possibly can without using them at all, aka offline and the analog or IRL way, which is not that hard for me as I often work much better using analog tools.
If you have any specific question feel free to PM me, I can't promise you an answer but at the very least I will let you know I've read it and can't answer it.
I've been flashing phones since my OG Droid in 2009. Done probably 200+ flashes across numerous phones.
I've been in IT since the early 90's.
Had an error with the Graphene flash on a clean Pixel. The way they talked to me would've gotten me a re-training session with my management, possibly fired, back when I was on a help desk.
Bunch of arrogant, condescending pricks. They need a Red Foreman boot up their ass.
I run graphene on several devices and recommend it. I do not participate in much discussion about it through. You can just use the best we got in android and be fine with that.
Discussion forums are the same all over I think. I don't see much difference around graphene here on Lemmy or XDA forum.
For the love of God do not ever go to their community in any case.. If you need technical help literally ask anywhere else.. If you go there, you'll end up hating GOS you've been warned
You can just join XDA. TBH if Graphene is not your thing and Lineage OS isn't supported on your device, you can just unlock the bootloader and install the patched kernel using KernelSU which will give you the control you want.
The dev has ties with the Graphene OS project and has had some controversy. Not to say that it is bad but you should be aware of the person who controls it.
I've learned a lot about privacy/security from xmpp chatrooms, especially the room for the conversations client and the divestos chatroom. They both are kind of support chatrooms for the chat client/ android rom but privacy is often a topic and the programmers/ rom maintainers are also present and very knowledgeable.
https://search.jabber.network/rooms/1