Usually I tend to avoid sarcastic responses, but since no one mentioned it, how about the game of Telephone?
The 8232 Project
“Unjust laws only burden the just, as the lawless will not heed them.” - 8232
- 26 Posts
- 116 Comments
Joined 9 months ago
Cake day: February 25th, 2024
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
5·2 days agoSearXNG also lets you use Google as one of the engines, allowing you to obtain Google search results anonymously.
I made my own list of software, and most of those listed are software I use daily.
I made a list of open source software that you can use in the future when looking for software! My list recommends OpenStreetMap, OsmAnd, and Organic Maps under the “Map Services” section.
I do not know, sorry. Someone who does know is free to answer this, otherwise you could try researching using some of the sources listed in my previous post, or contact some knowledgeable people such as the GrapheneOS team, Mozilla, etc.
Chrome sounds more secure
Chromium is not the same as Chrome. I highly suggest reading the previous posts.
yet I don’t want an advertising company looking at my browsing habbits
There are more privacy respecting options such as ungoogled-chromium and Brave (which can be configured to minimize data collection and bloat).
In the end, the choice is yours.
Either option works.
This depends on what you’re trying to defend against. In my opinion (on GrapheneOS):
- “Accessibility” permission (i.e. full control of the device)
- “Network” permission
- “Modify system settings” permission
- “Install unknown apps” permission
- Any permission that allows apps to communicate with one another (such as a reduced sandbox, file permission, or app communication scopes)
Those are the only permissions that I can think of off the top of my head that could potentially allow an app to phone home. Turning off Wi-Fi for the device does little if the app also has the “Wi-Fi control” permission.
I was about to make a pull request to expand the list to the top 109 websites, but the developer blocked me from all interactions because I “spammed too many issues” (I opened 5 and they were all legitimate). Buggy software gets multiple bug reports, what a surprise… The software (or at least the idea) has a lot of potential, but a lot of work and care needs to be put into it.
After getting the crash issue resolved (it is now fixed), I tested this to see how it behaves by using PCAPdroid. I also attempted to decrypt the traffic, to see what it sends.
This is the traffic analysis:
Type Port IP version Size Status DNS 53 IPv4 Random >120 B Closed (Good) TLS 443 IPv6 120 B Unreachable HTTPS 443 IPv4 Usually 2.4 KB Error (Did not trust my decryption certificate) It sends to a random list of hosts, all of which are listed here:
After digging through the code, here is the file with a list of hosts. It also seems to randomly generate user agents, which is good.
The developer blocked me from opening issues on all of his projects.
I’m going to parrot what people in the GrapheneOS community would say: “The most secure place to get apps from is Accrescent. If an app isn’t available there, the next best place is the Play Store itself with an anonymous Google account.” Some bother to add that Obtainium+AppVerifier can be used if it isn’t available for either of those methods. Anyways, they’re very stingy about where they get their apps from.
Here is my take: Despite claims of F-Droid and Aurora Store having security issues, I don’t care. It’s based on your threat model and personal preference. Google may soon be forced to open up Play Store apps to more third parties, so more secure methods of getting them may crop up in the future. You’ll really never have a 100% private way to get apps, that’s the unfortunate reality of how things are. If your threat model is against Google and supply chain attacks, those limit your options down to some less-than-convenient methods. If you do decide to use AppVerifier, do note that you only need to verify the hash once and you’re good for the rest of your phone’s life.
Nitrokey sells laptops that let you remove all wireless connectivity. They are also Qubes OS certified.
Will you be analyzing forks such as tor and mull?
Yes.
Lmk if you need any support finding evidence in source code.
Thank you! I may ask for your help eventually
See Update 1 for answers and clarification.
See Update 1 for answers and clarification.
See Update 1 for answers and clarification.
I agree, and this is no easy task. For now, I am hoping I can gather information and let some of the pieces fall together before I can begin making hard decisions.
“You don’t want to go down that road” taken literally