GrapheneOS @ GrapheneOS @grapheneos.social Posts 0Comments 7Joined 2 yr. ago
@lka1988 We focus our effort on the base OS and areas which are not already covered by high quality open source apps. We don't need to build our own domain-based filtering and blocklists for it because they already exist.
We have built-in content filtering in Vanadium based on EasyList + EasyPrivacy. That's more usable (per-site toggle) and much less limited than what domain-based filtering can do but it's still limited by needing to permit dual use functionality and is still easily bypassed.
Plus, in the first comment, you suggested “RethinkDNS”, which depends on their own DNS servers.
You do not need to use their DNS servers. You can use local filtering and your choice of DNS servers including the network provided ones.
I wouldn’t think a security and privacy-focused ROM should be recommending anything but a locally hosted option.
We're recommending using local filtering via RethinkDNS, not the RethinkDNS servers. They allow downloading the blocklists locally.
You can see from https://eylenburg.github.io/android/_comparison.htm that we have no limitations on call recording while others do. The fact that it's manual means users are taking responsibility for it each time. It's little different than recording a call with a tape recorder on speaker phone. If we did it automatically, then users would not be making a conscious decision to enable it case-by-case. That would be a problem, and not an acceptable way to do it without an extra explicit opt-in.
GrapheneOS does add call recording to our fork of AOSP Dialer. Unlike most alternate operating systems including LineageOS, we don't limit the regions where it's available. The fact that users are choosing to use it for specific calls means users are taking responsibility for the legality of recording that specific call and informing the other person of it. Automatic call recording would need more complexity to make it practical for people to comply with recording laws.
Why do you want to have a slow, legacy and hard to debug implementation of domain-based filtering instead of managing it with an app?
Domain-based filtering is also very limited in what it can since it's trivially bypassed by apps or web sites using IPs or doing their own DNS resolution, which is fairly widely adopted. For example, WhatsApp will still work with the domains blocked. In practice, you'll also only be filtering domains not used for useful functionality.
System-wide hosts-based adblocking
That's not a good way to do it.
DNS/always-on VPN is not a reasonable solution
You don't need to use a DNS service or VPN service to filter remotely. You can filter locally via the VPN service feature, including while using a VPN if you want.
You should follow our advice and do it with an app like RethinkDNS providing support for both local filtering and optionally using WireGuard VPNs at the same time including chained VPNs.
OEM support for the device is needed because an alternate OS cannot provide firmware updates otherwise. In practice, driver updates also come from the OEM. Providing the Android Open Source Project backports is nowhere close to full security patches. It's unfortunate that most alternate operating systems mislead users about this by setting an inaccurate Android security patch level field, not being honest about what's missing and downplaying the importance of it.