• 5 Posts
  • 291 Comments
Joined 1 year ago
cake
Cake day: July 6th, 2023

help-circle




  • FutileRecipe@lemmy.worldtoAndroid@lemmy.worldWe need LibreWolf of android.
    link
    fedilink
    English
    arrow-up
    14
    arrow-down
    1
    ·
    1 month ago

    or randos on the internet then?

    I mean isn’t that practically everyone on the Internet that you don’t know personally? Or do you actually know the Firefox and/or Librewolf team, and audit their code as well?

    If no to both…sounds like you are putting some measure of trust into “randos on the Internet.” Which is not abnormal. Trust is required at some point in most processes.


  • FutileRecipe@lemmy.worldtoAndroid@lemmy.worldWe need LibreWolf of android.
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    8
    ·
    1 month ago

    My thing against Firefox/Librewolf is lack of security…unless it’s improved?

    Avoid Gecko-based browsers like Firefox as they’re currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesn’t have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox does not have internal sandboxing on Android. This is despite the fact that Chromium semantic sandbox layer on Android is implemented via the OS isolatedProcess feature, which is a very easy to use boolean property for app service processes to provide strong isolation with only the ability to communicate with the app running them via the standard service API. Even in the desktop version, Firefox’s sandbox is still substantially weaker (especially on Linux) and lacks full support for isolating sites from each other rather than only containing content as a whole. The sandbox has been gradually improving on the desktop but it isn’t happening for their Android browser yet.

    Ref: https://grapheneos.org/usage#web-browsing




  • Your data has monetary value to google. Giving them access, without getting any money from them (or even knowing what ways it will be used) is not something you must do.

    To be fair, while you may not be getting money in its direct form (cash, bank deposit, etc) from Google, they are providing you a service which costs them money for free. So they are providing something of monetary value.

    Only the individual can determine if their data is worth that free (to the individual, not free to Google) service. I’m assuming that most people in a privacy community would be against that, though.


  • Clickbaity, sure. But this is one of the justifiable clickbaity times. They said the meat of the article, while clickbait, that was the essence of the problem. “I’ll give you a child.” That’s the issue. It doesn’t really matter if he’s randomly setting his sights on her, or if she said she was childless. That part does not matter. They could’ve left everything out but the quote. The part that does matter, is he said he’ll give her a child without being asked.

    You agree it’s a terrible thing for him to say. Is it less terrible for him to say it because she signed as childless? No? Then context does not matter. Yes, it’s less terrible because she said it? Well, then there’s the hiccup as we disagree on that part and we’ll disagree on the context, too.










  • I don’t even use proprietary apps so most if the “security features” aren’t even useful to me

    So only proprietary apps may have malware? Malware aside, only proprietary apps may have bugs that can be exploited? And all nonproprietary apps are perfectly safe? But seriously, there is so much wrong with that thinking.

    Apps aside, GrapheneOS protects the actual OS and is kept up to date, much quicker than pretty much any other variant.

    It is overly complex for no benefit to me.

    What’s overly complex? Contact and storage scope I mentioned? You don’t have to use it. Separate profiles for work I mentioned? Again, don’t have to use it. GrapheneOS is one of the closest OSes to AOSP that I’ve seen. You could even just install the Play Store (which is in a sandbox by default, with no root, and you don’t have to do anything to specify that), only use the owner profile, and you get all of the security benefits with no extra work. You introducing F-Droid and using all nonproprietary apps is more complex than GrapheneOS out of the box.


  • Graphene sucks the life of android in my humble option.

    What’s not “fun” or lifeless about it? It’s a phone. I use it exactly as I would a normal Pixel, with the exception of having the convenience of Google Wallet.

    Everything is about security with anything else being second.

    Would you rather it be all about fun/having life with everything else being second? That doesn’t sound safe. And I’m still confused about you saying it having no life.

    I will say what I do differently vs a normal Pixel, is I use the storage scopes and lock certain apps to certain folders as well as contact scopes to lock certain apps to only see certain people. I don’t use my phone for work, but if I did, that would be a separate profile/user.