76
submitted 8 months ago by acetanilide@lemmy.world to c/privacy@lemmy.ml

Hi,

I am (very, very early) in the process of degoogling. I am definitely not a high risk as far as needing to be completely locked down. It's more about trying to have a little more control over how my data is used.

I am looking at Graphene OS, but I am a little confused how certain apps (that rely on Google services) work. I have a Pixel 8 and will have it for the foreseeable future.

The apps I currently use that I would still need (or their equivalents) are:

  • Clash Royale (Supercell)
  • Notion (Notion Labs)
  • Clickup (Mango Technologies)
  • Business Calendar 2 (Appgenix)
  1. If I installed these exact apps "sandboxed", what exactly does that mean from a user standpoint? Will I have to use a separate account, reboot my phone, etc, or is it a quick process to use the app?

  2. Is there a list of apps that I could browse to find equivalents to the above? Recommendations here are also ok.

  3. I saw that Firefox isn't exactly private(?) and that Vanadium is better in that aspect but I don't understand why. Can someone ELI5, and help me see if this is a relevant concern for me?

Thank you! 😁

you are viewing a single comment's thread
view the rest of the comments
[-] jjlinux@lemmy.ml 1 points 8 months ago

That's a pretty pretty good set of suggestions and explanations, and i appreciate you taking the time to express them.

What is this list, that has no equivalent in Android/AOSP in general? Storage scope existed since Android 10, when GSF was introduced separately from native storage access. I have no clue when they claimed to "invent" contact scope, but a different user account (like work profile) segregates everything from storage to network tunnel to contact storage, and user accounts have existed for 10ish years. Disabling all userspace apps is possible on all Android phones as well, just not system apps, for which you need a computer and ADB/Shizuku API access, all of which can be done without rooting or a special "custom ROM".

While the storage scopes ability has been there since Android 10, I have never seen the level of granularity by app that GrapheneOS provides anywhere else, which justifies the mention of it on GrapheneOS. I never said that they invented Contacts scope, and I am not aware if this is their doing or someone else's. The ability to choose scoped content by app is super convenient, and IMO more straightforward than using different accounts for this purpose. Now, having segregated profiles for the apps that I know I need and have no way of replacing with a "tracker-less" alternative (such as my Aruba InstantOn app) is a God-sent, no doubt. Using ADB is not for the faint of heart, we all know the capacity of damage it has if used carelessly, and punching a hole with Shizuku does expand the vulnerable attack surface, specially since it enables those holes over WiFi.

CalyxOS. Even LineageOS is fine. Even not putting one of these things on your phone, and doing things non-rooted (my guide) via ADB/Shizuku on any Android phone in the past 5 years is going to be fine. An exceedingly more important (99% as you say) thing is the user, them forming a proper OPSEC, and not making OPSEC mistakes.

If you could share your guide, I'd appreciate it. I am paranoid about using Shizuku or any other type of hole punching method.

These AOSP forks are tools, and all of these open source tools are uncompromised, that is a common theme. Tools do not really matter at this point if you use any of them. It is like picking any Linux distro. You are pretty much safe from telemetry and spyware immediately compared to a vanilla Windows installation, the moment you pick a distro.

I'm 100% in agreement with you in this comment. Any Linux distro will remove almost all risk of telemetry or spyware when we choose to move away from Windows or Mac, unless you opt-in to some telemetry on a few, like Ubuntu for example, and even then, the difference is night and day.

That is impractical if you want to enjoy the benefits of urban society, and function more smoothly in it. You should treat your communicator (smartphone) as a normal device that cannot be made bulletproof, and relegate the utmost private activity to a Linux (or debloated Windows) computer instead, either of which is easier to control than a phone. If you need to have work apps, have them. If you need to have a rental cab app, do not risk your life for that extra bit of privacy, keep it maybe in work profile. If there is a game, it may be fine to enjoy it, unless it requires privacy invasion (no throwaway account possibility).

I think your logic for this comment is inherently flawed based on your personal use case and experience. In my very personal case, it is practical, because, while I do want to enjoy some of the benefits of what you call urban society, I am not willing to trade privacy for convenience, much less security. No device is bulletproof, we agree on that, but wee can make it harder for others to invade our privacy, and I believe that, the more of us put in the effort to doing just that, the more likely these privacy nightmare companies are to rethink their business practices, whereas if everyone is just following the path of least resistance, which is the case with the vast majority of the users out there, they have no incentive to even try to change their ways. Practicality will always boil down to how far any 1 individual is willing to go to achieve something without dramatically breaking their way of life. That's why it's important to voice all these concerns and provide potential solutions to replace mainstream software (OSs, ROMs, apps, etc.) with alternatives with which we may have more control on what we share. There's no one-size-fits-all solution, proprietary or open source, it just does not exist, simply because we're all different to at least one minimum degree, which is what makes this subject as open for debate as it is. I do just that, with GrapheneOS, keep my "trusted" apps in my main profile, and all the crap I don't trust in a separate profile. But just keeping profiles separate is what I think counts ass following the path of least resistance, when there are so many other options to add to just that 1 action. It is exactly as you say, if I didn't have my car, I would probably have Lift or Uber on my phone, because I'm a privacy and security freak, but I'm not stupid enough to put myself in danger over that alone. What's more, I do keep an Uber account that I have, however, I don't have it in my phone. If I ever need it, I'll download it, use it, and remove it thee moment I don't need it anymore. In my personal case, I do most of everything in my PC or laptop, both running Linux (the distro is irrelevant, as we seem to agree on that. But that does not mean that I will be away from my computers, and if I need to do something urgently I have to blast out like a rocket to do it instead of just doing it right there on my phone because I can do it without worrying about spyware or surveillance, or even a potential hack of any kind, because I trust my phone more than if it was using the software the manufacturer wants me to use for their sake, not mine.

Understand that your communicator is a pocket computer that is handy in a pinch on the go, not your main computing device. Segregate activity between your phone and computer as needed. If that is too hard with work/job, introduce a second dedicated work phone, for a total of 3 devices.

This is unrealistic for most people. I'm inn a privileged position where I can get as many devices as I want without missing a house payment or going hungry, but that's not the case for everyone. But not having the means to have more devices, for example, does not have to forcibly render you unable to do something about achieving a higher level of privacy and a higher level of security, together with more control over your device and data. This is why these projects exist, they give us options.

Also understand your mental health and physical safety is more important than 1% more digital security. If either of those 2 are compromised, your digital privacy or security means nothing. This is the key reason why most “privacy” people get fatigued and say “fuck it” and leave the idea of attaining privacy altogether. Everyone does not need to be a Snowden.

This is yet another matter of perspective comment. We agree 100% on the health subject. Nothing should come first. Chasing more privacy and security can be pretty exhausting, I should know. But once I started seeing it ass a hobby that brings with it benefits, as opposed to "something I need to do so I don't loose as much sleep over who's racking me", it's turned into a game for me, in which I will either win, or loose, and even that will vary as time moves forward. Since I started moving towards a less invasive lifestyle regarding technology, that's all it is for me, a game. True, it's a souls-like game, where the enemies will probably kill you a few times before you level up and finally pass them to move on to harder enemies, but a game nonetheless.

I want to make this abundantly clear. While I am passionate about privacy and security, the pursue of this is not something that drives my daily life, but something else in which I can achieve more knowledge and potentially help others with along the way. This also provides me with the possibility of having meaningful (and sometimes just silly) conversations form people of all walks of life, cultures, philosophies, etc.

Please, if you would, remember to send me your guide, the one you mentioned on your second paragraph. I'd genuinely like to see what your process looks like and compare it to what I currently have.

This is the type of conversations I like to have, somewhat different points of view with logical ways to back them up.

this post was submitted on 18 Mar 2024
76 points (100.0% liked)

Privacy

32130 readers
1007 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS