I am going to show what it would look like if a society had no privacy whatsoever, and then compare it to a society where privacy is a top priority. I am going to show that what little privacy we have in countries such as the United States is the thread holding those countries together, and without it society crumbles. I am going to show that privacy is essential for a free society to function properly, and also help you appreciate the privacy you may not know you have. Let's begin.

A Privacyless Society

"Our" Personal Life

Privacy, by definition, is the ability to control your data. That means controlling what data is shared, who it is shared with, how long it is shared for, when it is shared, and by what medium it is shared.

If you have no privacy, that means you lose the ability to obscure any of your data. All of your data is shared with everyone

Personal information: full name, birthday, address, occupation, social security number, etc.

Documents: birth certificate, driver's license, passport, ID, etc.

Biometrics: Facial scans, fingerprints, handprints, retinal scans, DNA, etc.

Digital information: The content of all emails, every post made online, bank account balance, spending habits, social graphs, all pictures, all ~~private~~ instant messages, every show you watch, etc.

Other information: health and workout data, past relationships, every word you say, every thought you think, likes and dislikes, every place you visit, every waking second of your life, etc.

All of that data becomes available for anyone to use. As you can imagine, this data would quickly be used for mass government control. Anyone who thinks out of line would be punished.

Without privacy, you would also no longer be allowed to obscure personal belongings. All carrying devices such as backpacks and bags would need to be transparent. Since clothing counts as a carrying device, it would need to be transparent or nonexistent.

Yes, you heard me right, everyone would be mandated to be completely nude. The French TV series Nu carries this idea, where a society has been "frog boiled" into giving up all privacy, and all clothes. One man has slipped into a coma during this transitionary period, and is disillusioned with the society.

Access Control

With all data becoming public, you may wonder "Why even have passwords anymore?" To put it simply, even if all your data is public, you still wouldn't want someone impersonating you or posting on your social media. It's the same as how you wouldn't want anyone accessing your bank account, even if transactions are public.

This falls under the topic of security. Without privacy, security would become a citizen's most valuable tool. This begins to show you a hierarchy in personal freedom. Security is the foundation, privacy is layered on top of that, and only then should convenience be added. Unfortunately, in today's world, convenience comes first.

Breaches would become much less common as security is prioritized. The use of password managers, multi-factor authentication, time-based one-time passwords, passkeys, and hardware security keys would become common. However, because all biometric data is public, the "rule of three" for multi-factor authentication can't be completely satisfied.

Documents such as your birth certificate or passport can still be used to verify your identity, as long as the physical composition can't be counterfeit. The information itself becomes useless, and so all identification using the documents must be done in person.

Autonomy

This society has no privacy for individuals, but even if you tried to enforce transparency in higher powers, those powers literally have all the power. Governments and companies would hide behind closed doors, and cover up any misconduct. These powers would use the trivially available data collection to control every member of the public, and manipulate their decisions. Good news: Elections will take place almost instantly because all individual preferences are made public. Bad news: The election is rigged so it doesn't matter who you voted for.

The control over the public would stop at nothing, until we all are turned into mindless work drones. If you control every aspect of the population, then many pieces of a society are removed entirely. The public never makes any money, so there's no reason for taxes or rent to exist. The only transactions taking place would be between different companies and the government. Homelessness is solved by cramming everybody into government issued bunkers for maximum efficiency. Soylent becomes the largest company in the world, providing the only food for every citizen. The only people with any real autonomy would be refugees that are somehow evading the global satellite surveillance cameras, high ranking government officials, and CEOs drifting on their mega yachts.

Death and birth rates would hit an all time high as humans become a disposable asset. The most common cause of death becomes black lung disease from the increase of workers mining coal. Trees may or may not be planted depending on how near-sighted the powers are. As society shifts, some terms take on new meanings, such as "self-driving cars" adapting to the meaning of "cars you drive yourself".

The powers would eventually find neurotechnology to be the most efficient means of control. Installation would become mandated for the public, and manipulation tactics such as peer pressure would force everyone into submission. The device would kill a person at the first sign of corruption. People would be selectively bred and genetically modified to minimize the risk of defiance.

The point is, your data is valuable as a means of manipulating you. The more data you give, the more effective the manipulation is. Major influential powers use manipulation to gain more power, and all of society crumbles into an authoritarian regime. One day, though, throwing disposable humans at a problem will fail, and it will lead to the extinction of our planet(s).

A day in the life

I want to end this section by outlining a day in the life of a privacyless society. This is meant to be somewhat lighthearted and humorous.

Choose your character:

• Disposaperson
• CEO
• Government official

If you chose Disposaperson:

You are Disposaperson #42069. You wake up at 7:00 AM in bunker #42, shared by you and your ordinally closest friends. You got a restful 6 hours of sleep. It's election day, so you were treated to 2 extra hours of sleep than normal. You should be in peak mental condition when making big decisions, after all. Speaking of which, you take your mandated 30 minute brain activity period, to make sure you are still able to function mentally. You scroll through Dreamscape, a new app that lets you watch the nightly dreams of each Disposaperson.

As you are scrolling, you land on a deleted video. 'This dream has been removed under suspicion of defying government powers.' Thats good. you think to yourself. Our government is protecting us from misinformation. "I agree," your bunkmate says, while listening in on your thoughts. You scroll past the occasional ad reminding you to work hard and follow the rules.

Once your mandated 30 minute brain activity period is up, your bunker marches in an organized fashion to the cafeteria. The Disposaperson in front of you accidentally stumbles, and is immediately killed. You step over the corpse, just as you have been trained how to do since childhood.

Once in the cafeteria, you take your seat and suck government issued Soylent out of tubes. You feel happy that food is free and doesn't make a mess. You feel euphoric, even, and not just because of the serotonin injected into the food. You're definitely going to cast your vote to the leader promising to increase the frequency of this Soylent flavor by 5%. Listening to everyone else's thoughts, you can tell everyone is in unanimous agreement. I'm so glad everyone can agree on everything. World peace has been achieved.

After your daily meal, you have been assigned to work in sector 12. It's nice to finally be mining coal instead of planting trees. Doesn't everybody know planting trees is bad for the environment? Where else would the government put bunker 9736?

Once in the mines, you take a nice breath of the black air. You're encouraged to breathe as much as possible during the beginning as an adjustment period. You love mining coal because it benefits everybody. You're so fortunate to be living on a planet with so many natural resources to use up. Your first planet, Earth, didn't have this much coal. You're so glad the government blew that planet up to reduce the number of depleted planets floating through space.

You check the mine's digital leaderboard. You are in the top 1% of coal miners today. You are happy at your work. After all, any lower on the leaderboard and you would be killed off to purify the gene pool. Only the best of the best should be working.

Once mining is complete, it's time for the election to be polled. It only takes a few nanoseconds. Oh good! you think. 5% more Roast Beef Soylent! I wonder what "Beef" is anyways... After that last thought, you feel yourself slowly drifting to sleep. The only words in your head: 'Defiance detected.'

If you chose CEO:

Your name is... what was your name your birth parent gave you? You can't remember, but it doesn't matter. Your servants call you "Master" anyways. You wake up on the sunny beaches on your own private island on your own private planet. You had a restful 14 hours of sleep. Your smart watch alerts your personal Disposapeople that you are awake. Disposaperson #1337 brings you your breakfast: scrambled eggs, fresh milk, and sizzling bacon.

You get flashbacks to the time one of your Disposapeople tried to bring you oatmeal. You hate oatmeal. It's too similar to the food those Disposapeople eat, even though you are the CEO of Soylent. You don't thank your personal disposaperson, and eat your meal. You have a nice life, after Soylent became the leading company in the galaxy. It's nice to have all your work done for you.

You check your profits for the day. You get angry after you see that they are only up by 756%. You'll have to pull some strings with your government connections later to only keep the top 1% of coal miners. That should raise your profits, and encourage those workers to work harder and follow the rules. Haven't they seen the ads?

You are almost done with your meal when your spouse barges in. Your spouse urgently tells you to come quick. Your spouse tells you that your child has been infected with a deadly disease. You ask how that could have happened. The doctor informs you that your child likely caught it from a contagious Disposaperson who had been in the mines.

Outraged, you know that the only solution is to cut the number of workers in the mines. You make a few phone calls and order any miner not in the top 1% to be disengaged immediately. You and your spouse can now rest easy knowing that no more of those workers will be infecting your family anymore. Plus, your profits are up by 1,058%!

If you chose Government official:

Your name is Steve. You are the government official in charge of planet C-137. Today is election day, so you have to put on a good show to make it seem like there is competition. You make sure the news is convincing as many people as possible, and you partner with Soylent to launch an ad campaign. "Work hard, and follow the rules." You like it, it's catchy.

Your assistant informs you that the planet needs to cut back on planting trees, otherwise there will be no room for bunker 9736. You thank her for informing you. They say being polite to your assistants increases the chances of winning an election, after all.

You check the numbers. Good. you think. Bunker #42 is unanimous. An alert pops up: 'Potential defiance detected in worker #42069' You scan the worker to check if the it is voting for you. The worker isn't fully confident. You decide to feed the worker its favorite flavor of Soylent, and promise to increase production of that flavor by 5%. It's convenient to know every worker's preferences.

That should do it you think. You tell your assistant to disengage that worker once the election is complete, just to be sure. You tried Soylent once. It was the worst thing you've ever tasted, but you had to put on a good face, or else the CEO of Soylent wouldn't have partnered with you.

The phone rings. You pick up the phone. It's the CEO of Soylent. The CEO tells you that you have to disengage any coal worker not in the top 1%. You remind the CEO that it's already at 2%. The CEO tells you it's urgent. You need Soylent to vote for you in the election, so you give in under the pressure. You order your assistant to disengage any coal workers not in the top 1%.

You turn on the TV to watch the workers from the satellite cameras. You couldn't imagine what it would be like if anyone could hide their actions. Only criminals would do that.

It's finally time to cast the votes. You push a button, and the votes are collected almost instantly. You won the election, you should be happy... Why aren't you happy?

A Private Society

Let's compare that dystopia to a private society. In this society, privacy is a fundamental human right.

Your Personal Life

Your information is yours, and stays yours. Personal information is never collected. There's no reason to collect it, because you never need to identify yourself using personal data.

If you want to rent a house, you just start paying for it. If you try to stop paying rent, the house gets seized. No identity required.

Healthcare is either free or a very small price that you pay for on the spot. No identity required.

Voting is done in closed buildings so nobody can try going to the back of the line to vote a second time. No identity required.

You buy a car by paying on the spot. Budgeting money and saving up is a common practice. No identity required.

People are civil. If you get in an accident, you pay each other's medical bills. No identity required.

If you want to board a plane, you pay for a ticket and board. No identity required.

When you get a job, you work and get paid at the end of the day. No income taxes, no background checks. If there are references on your résumé (which are not required), jobs can call those references as a "background check". No identity required.

No taxes at all. There's no way to enforce it without tracking income, and there are plenty of other ways to fund the government. No identity required.

Education is either free or you pay for an access card to the building. If you stop the payments, the access card is revoked. No identity required.

Immigration is something that can be done while respecting privacy, but it's apparently a controversial topic, so I will avoid talking about it. I will leave this as an exercise for the reader.

Stores can prevent theft in many different ways without surveillance cameras. Some examples are putting products in lock boxes to be unlocked at checkout, or vending machines. I'd love to hear some of your clever ideas for this.

Your data remains yours. No more online accounts to read an article about bigfoot. No more "send us a picture to verify your age". No more surveillance cameras. No identity requirements.

All communications are private by design. Aliases are common. Also, you can wear clothes.

Security

Breaches hit near zero as security becomes a requirement. Software is mandated to be open source, and government used software is required to be heavily audited. People use proper multi-factor authentication in day to day life. Funds are kept secure by using anonymous digital currencies or cash. ATMs to swap these are around every corner.

Centralized banking exists, but is used less commonly. The ones that exist are closely regulated to make sure they use good privacy practices. Companies are regulated in the same way.

Innovations in physical locks skyrocket, since cameras are no longer strapped to your doorbells. People realize surveillance isn't safety, and that they can get hacked quite easily. Those who do have surveillance systems use a closed circuit to host it locally. Laws are in place so these cameras only record the owner's property. Not the sidewalk, not the road, not the neighbors. Notices must be clearly posted outside.

Self hosting becomes widespread, with the most common tool to self host being blockchain miners. Those servers can double as heating systems in the winter. This person tried mining cryptocurrencies to heat his apartment, but the post with the results got deleted.

The society runs on a full mesh network. This ensures that internet is free and not tracked or censored.

Powers

Companies and governments are fully transparent, so any misconduct is easy to spot and fix. Individuals have privacy, but businesses and corporations do not. This society prioritizes individual privacy, but also transparency.

If misinformation spreads, it is neither the government's nor a company's job to censor it. People will learn to spot misinformation on their own.

Open source software is mandated for use in the government. The government takes security very seriously. National security is not kept by obscuring actions, but by putting real protections in place.

Without being able to sell your data, companies charge for products and services, not software. This not only encourages self hosting, but provides a better business model for things that cannot be self hosted. Things like VPNs, cloud storage, streaming services, etc. are open source but paid. Essentially, you pay with money, not data.

People are not controlled by any entity, and so they can think freely and express freely. Of course, free speech always has social consequences, but it is still free speech.

Conclusion

I could flesh out a lot of the fine details, but you get the picture. Society can function and thrive with privacy, and you need privacy for a free society. It really helps you appreciate the privacy we have today, and helps you realize how our privacy is slowly being eroded. It's a fun thought experiment to see some creative solutions to work around some of the challenges with privacy. We should have privacy as an essential baseline, and work around the problems, rather than defaulting to "more cameras in schools!". Can an AI camera stop a bullet?

Anyways, thanks for reading! My mandated 30 minute brain activity period is over, so I have to go.

P.S. I've undoubtedly made some pretty stupid mistakes while writing this, but I wrote this in good faith.

Edit: Typo

I need help installing Fedora CoreOS on a Raspberry Pi 5.

I've tried this method that uses Fedora Media Writer. The Raspberry Pi fails to boot from the flash drive.

I've tried this method that uses the Fedora Arm Installer. The Raspberry Pi fails to boot from the microSD card.

I've tried adapting this method but it seems to be exclusively for the Raspberry Pi 4, and no substitute tools exist. It didn't seem to even install anything on the microSD card.

I'm at a loss. I have no idea how to install it. Can anyone help? I'd be happy to give a step-by-step process of exactly what I did for each method, if needed.

I am making this post in good faith

In my last post I asked about securely hosting Jellyfin given my specific setup. A lot of people misunderstood my situation, which caused the whole thread to turn into a mess, and I didn't get the help I needed.

I am very new to selfhosting, which means I don't know everything. Instead of telling me that I don't know something, please help me learn and understand. I am here asking for help, even if I am not very good at it, which I apologize for.

With that said, let me reoutline my situation:

I use my ISP's default router, and the router is owned by Amazon. I am not the one managing the router, so I have no control over it. That alone means I have significant reason not to trust my own home network, and it means I employ the use of ProtonVPN to hide my traffic from my ISP and I require the use of encryption even over the LAN for privacy reasons. That is my threat model, so please respect that, even if you don't agree with it. If you don't agree with it, and don't have any help to give, please bring your knowledge elsewhere, as your assistance is not required here. Thank you for being respectful!

Due to financial reasons, I can only use the free tier of ProtonVPN, and I want to avoid costs where I can. That means I can only host on the hardware I have, which is a Raspberry Pi 5, and I want to avoid the cost of buying a domain or using a third party provider.

I want to access Jellyfin from multiple devices, such as my phone, laptop, and computer, which means I'm not going to host Jellyfin on-device. I have to host it on a server, which is, in this case, the Raspberry Pi.

With that, I already have a plan for protecting the server itself, which I outlined in the other post, by installing securecore on it. Securing the server is a different project, and not what I am asking for help for here.

I want help encrypting the Jellyfin traffic in transit. Since I always have ProtonVPN enabled, and Android devices only have one VPN slot enabled, I cannot use something such as Tailscale for encryption. There is some hope in doing some manual ProtonVPN configurations, but I don't know how that would work, so someone may be able to help with that.

All Jellyfin clients I have used (on Linux and Android) do not accept self-signed certificates. You can test this yourself by configuring Jellyfin to only accept HTTPS requests, using a self-signed certificate (without a domain), and trying to access Jellyfin from a client. This is a known limitation. I wouldn't want to use self-signed certificates anyways, since an unknown intruder on the network could perform a MITM attack to decrypt traffic (or the router itself, however unlikely).

Even if I don't trust my network, I can still verify the security and authenticity of the software I use in many, many ways. This is not the topic of this post, but I am mentioning it just in case.

Finally, I want to mention that ProtonVPN in its free tier does not allow LAN connections. The only other VPN providers I would consider are Mullvad VPN or IVPN, both of which are paid. I don't intend to get rid of ProtonVPN, and again that is not the topic of this post.

Please keep things on-topic, and be respectful. Again, I am here to learn, which is why I am asking for help. I don't know everything, so please keep that in mind. What are my options for encrypting Jellyfin traffic in transit, while prioritizing privacy and security?

Please take this discussion to this post: https://lemmy.ml/post/28376589

Main content

Selfhosting is always a dilemma in terms of security for a lot of reasons. Nevertheless, I have one simple goal: selfhost a Jellyfin instance in the most secure way possible. I don't plan to access it anywhere but home.

TL;DR

I want the highest degree of security possible, but my hard limits are:

• No custom DNS
• Always-on VPN
• No self-signed certificates (unless there is no risk of MITM)
• No external server

Full explanation

I want to be able to access it from multiple devices, so it can't be a local-only instance.

I have a Raspberry Pi 5 that I want to host it on. That means I will not be hosting it on an external server, and I will only be able to run something light like securecore rather than something heavy like Qubes OS. Eventually I would like to use GrapheneOS to host it, once Android's virtual machine management app becomes more stable.

It's still crazy to me that 2TB microSDXC cards are a real thing.

I would like to avoid subscription costs such as the cost of buying a domain or the cost of paying for a VPN, however I prioritize security over cost. It is truly annoying that Jellyfin clients seldom support self-signed certificates, meaning the only way to get proper E2EE is by buying a domain and using a certificate authority. I wouldn't want to use a self-signed certificate anyways, due to the risk of MITM attacks. I am a penetration tester, so I have tested attacks by injecting malicious certificates before. It is possible to add self-signed certificates as trusted certificates for each system, but I haven't been able to get that to work since it seems clients don't trust them anyways.

Buying a domain also runs many privacy risks, since it's difficult to buy domains without handing over personal information. I do not want to change my DNS, since that risks browser fingerprinting if it differs from the VPN provider. I always use a VPN (currently ProtonVPN) for my devices.

If I pay for ProtonVPN (or other providers) it is possible to allow LAN connections, which would help significantly, but the issue of self-signed certificates still lingers.

With that said, it seems my options are very limited.

I'm making this post to share some interesting less talked about things about privacy, security, and other related topics. This post has no direct goal, it's just an interesting thing to read. Anyways, here we go:

I made a post about secureblue, which is a Linux distro* (I'll talk about the technicality later) designed to be as secure as possible without compromising too much usability. I really like the developers, they're one of the nicest, most responsible developers I've seen. I make a lot of bug reports on a wide variety of projects, so they deserve the recognition.

Anyways, secureblue is a lesser known distro* with a growing community. It's a good contrast to the more well known alternative** Qubes OS, which is not very user friendly at all.

* Neither secureblue, nor Qubes OS are "distros" in the classical sense. secureblue modifies and hardens various Fedora Atomic images. Qubes OS is not a distro either, as they state themselves. It's based on the Xen Hypervisor, and virtualizes different Linux distros on their own.

** Qubes OS and secureblue aren't exactly comparable. They have different goals and deal with security in different ways, just as no threat model can be compared as "better" than any other one. This all is without mentioning secureblue can be run inside of Qubes OS, which is a whole other ballpark.

secureblue has the goal of being the most secure option "for those whose first priority is using Linux, and second priority is security." secureblue "does not claim to be the most secure option available on the desktop." (See here) Many people in my post were confused about that sentence and wondered what the most secure option for desktop is. Qubes OS is one option, however the secureblue team likely had a different option in mind when they wrote that sentence: Android.

secureblue quotes Madaiden's Insecurities on some places of their website. Madaiden's Insecurities holds the view that Linux is fundamentally insecure and praises Android as a much better option. It's a hard pill to swallow, but Madaiden's Insecurities does make valid criticisms about Linux.

However, Madaiden's Insecurities makes no mention of secureblue. Why is that? As it turns out, Madaiden's Insecurities has not been updated in over 3 years. It is still a credible source for some occasions, but some recommendations are outdated.

Many people are strictly anti-Google because of Google's extreme history of privacy violations, however those people end up harming a lot of places of security in the process. The reality is, while Google is terrible with privacy, Google is fantastic with security. As such, many projects such as GrapheneOS use Google-made devices for the operating system. GrapheneOS explains their choice, and makes an important note that it would be willing to support other devices as long as it met their security standards. Currently only Google Pixels do.

For those unfamiliar, GrapheneOS is an open source privacy and security focused custom Android distribution. The Android Open Source Project (AOSP) is an open source project developed by Google. Like the Linux kernel, it provides an open source base for Android, which allows developers to make their own custom distributions of it. GrapheneOS is one such distribution, which "DeGoogles" the device, removing the invasive Google elements of the operating system.

Some Google elements, such as Google Play Services can be optionally installed onto the device in a non-privileged way (see here and here). People may be concerned that Google Pixels can still spy on them at a hardware level even with GrapheneOS installed, but that isn't the case.

With that introduction of secure Android out of the way, let's talk about desktop Android. Android has had a hidden option for Desktop Mode for years now. It's gotten much better since it was first introduced, and with the recent release of Android 15 QPR2, Android has been given a native terminal application that virtualizes Linux distros on the device. GrapheneOS is making vast improvements to the terminal app, and there are many improvements to come.

GrapheneOS will also try to support an upcoming Pixel Laptop from Google, which will run full Android on the desktop. All of these combined means that Android is one of, if not the, most secure option for desktop. Although less usable than some more matured desktop operating systems, it is becoming more and more integrated.

By the way, if you didn't know, Android is based on Linux. It uses the Linux kernel as a base, and builds on top of it. Calling Qubes OS a distro would be like calling Android and Chrome OS distros as well. Just an interesting fact.

So, if Android (or more specifically GrapheneOS) is the most secure option for desktop, what does that mean in the future? If the terminal app is able to virtualize Linux distros, secureblue could be run inside of GrapheneOS. GrapheneOS may start to become a better version of Qubes OS, in some respects, especially with the upcoming App Communication Scopes feature, which further sandboxes apps.

However, there is one bump in the road, which is the potential for Google to be broken up. If that happens, it might put GrapheneOS and a lot of security into a weird place. There might be consequences such as Pixels not being as secure or not supporting alternative Android distributions. Android may suffer some slowdowns or halts in development, possibly putting more work on custom Android distribution maintainers. However, some good may come from it as well. Android may become more open source and less Google invasive. It's going to be interesting to see what happens.

Speaking of Google being broken up, what will happen to Chrome? I largely don't care about what happens to Chrome, but instead what happens to Chromium. Like AOSP, Chromium is an open source browser base developed by Google. Many browsers are based on Chromium, including Brave Browser and Vanadium.

Vanadium is a hardened version of Chromium developed by GrapheneOS. Like what GrapheneOS does to Android, Vanadium removes invasive Google elements from the browser and adds some privacy and security fixes. Many users who run browser fingerprinting tests on Vanadium report it having a nearly unique fingerprint. Vanadium does actually include fingerprint protections (see here and here), but not enough users use it for it to be as noticeable as the Tor Browser. "Vanadium will appear the same as any other Vanadium on the same device model, and we don't support a lot of device models." (see here)

There's currently a battle in the browser space between a few different groups, so mentioning any browser is sure to get you involved in a slap fight. The fights usually arise between these groups:

• The group that is strictly anti-Google and uses Firefox-based browsers
• The security focused group that recognizes that Firefox is insecure and opts for privacy enhanced versions of Chromium
• The political group that only care about the politics behind an organization rather than the code itself (examples: Firefox Terms of Use update, Brave Browser including a crypto wallet)

For that last one, I would like to mention that Firefox rewrote the terms after backlash, and users have the ability to disable bloatware in Brave. Since Brave is open source, it is entirely possible for someone to make a fork of it that removes unwanted elements by default, since Brave is another recommended browser by the GrapheneOS team for security reasons.

Another interesting Chromium-based browser to look at is secureblue's Trivalent, which was inspired by Vanadium. It's a good option for users that use Linux instead of Android as a desktop.

Also, about crypto, why is there a negativity around it? The reason is largely due to its use in crime, use in scams, and use in investing. However, not all cryptocurrencies are automatically bad. The original purpose behind cryptocurrency was to solve a very interesting problem.

There are some cryptocurrencies with legitimate uses, such as Monero, which is a cryptocurrency designed to be completely anonymous. Whether or not you invest in it is your own business, and unrelated to the topics of this post. Bitcoin themselves even admit that Bitcoin is not anonymous, so there is a need for Monero if you want fully decentralized, anonymous digital transactions.

On the topic of fully decentralized and anonymous things, what about secure messaging apps? Most people, even GrapheneOS and CISA, are quick to recommend Signal as the gold standard. However, another messenger comes up in discussion (and my personal favorite), which is SimpleX Chat.

SimpleX Chat is recommended by GrapheneOS occasionally, as well as other credible places. This spreadsheet is my all time favorite one comparing different messengers, and SimpleX Chat is the only one that gets full marks. Signal is a close second, but it isn't decentralized and it requires a phone number.

Anyways, if you do use Signal on Android, be sure to check out Molly, which is a client (fork) of Signal for Android with lots of hardening and improvements. It is also available to install from Accrescent.

Accrescent is an open source app store for Android focused on privacy and security. It is one of the default app stores available to install directly on GrapheneOS. It plans to be an alternative to the Google Play Store, which means it will support installing proprietary apps. Accrescent is currently in early stages of development, so there are only a handful of apps on there, but once a few issues are fixed you will find that a lot of familiar apps will support it quickly.

Many people have high hopes for Accrescent, and for good reason. Other app stores like F-Droid are insecure, which pose risks such as supply chain attacks. Accrescent is hoped to be (and currently is) one of the most secure app stores for Android.

The only other secure app store recommended by GrapheneOS is the Google Play Store. However, using it can harm user privacy, as it is a Google service like any other. You also need an account to use it.

Users of GrapheneOS recommend making an anonymous Google account by creating it using fake information from a non-suspicious (i.e. not a VPN or Tor) IP address such as a coffee shop, and always use a VPN afterwards. A lot of people aren't satisfied with that response, since the account is still a unique identifier for your device. This leads to another slap fight about Aurora Store, which allows you to (less securely) install Play Store apps using a randomly given Google account.

The difference between the Play Store approach and the Aurora Store approach is that Aurora Store's approach is k-anonymous, rather than... "normal" anonymity. The preference largely comes down to threat models, but if you value security then Aurora Store is not a good option.

Another criticism of the Play Store is that it is proprietary. The view of security between open source software and proprietary software has shifted significantly. It used to be that people viewed open source software as less secure because the source code is openly available. While technically it's easier to craft an attack for a known exploit if the source code is available, that doesn't make the software itself any less secure.

The view was then shifted to open source software being more secure, because anyone can audit the code and spot vulnerabilities. Sometimes this can help, and many vulnerabilities have been spotted and fixed faster due to the software being open source, but it isn't always the case. Rarely do you see general people looking over every line of code for vulnerabilities.

The reality is that, just because something is open source, doesn't mean it is automatically more or less secure than if it were proprietary. Being open source simply provides integrity in the project (since the developers make it as easy as possible to spot misconduct), and full accountability towards the developers when something goes wrong. Being open source is obviously better than being proprietary, that's why many projects choose to be open source, but it doesn't have to be that way for it to still be secure.

Plus, the workings of proprietary code can technically be viewed, since some code can be decompiled, reverse engineered, or simply read as assembly instructions, but all of those are difficult, time consuming, and might get you sued, so it's rare to see it happen.

I'm not advocating for the use of proprietary software, but I am advocating for less hate regarding proprietary software. Among other things, proprietary software has some security benefits in things like drivers, which is why projects like linux-libre and Libreboot are worse for security than their counterparts (see coreboot).

Those projects still have uses, especially if you value software freedom over security, but for security alone they aren't as recommended.

Disclaimer before this next section: I don't know the difference in terminology between "Atomic", "Immutable", and "Rolling Release", so forgive me for that.

Also, on the topic of software freedom, stop using Debian. Debian is outdated and insecure, and I would argue less stable too. Having used a distro with an Atomic release cycle, I have experienced far less issues than when I used Debian. Not to mention, if you mess anything up on an Atomic distro, you can just rollback to the previous boot like nothing happened, and still keep all your data. That saved me when I almost bricked my computer motifying /etc/fstab/ by hand.

Since fixes are pushed out every day, and all software is kept as up to date as possible, Atomic distros I argue give more stability than having an outdated "tried and tested" system. This is more an opinion rather than factually measured.

Once I realized the stable version of Debian uses Linux kernel 6.1, (which is 3 years old and has had actively exploited vulnerabilities), and the latest stable version of the kernel is 6.13, I switched pretty quick for that reason among others.

Now, many old kernel versions are still maintained, and the latest stable version of Android uses kernels 6.1 and 6.6 (which are still maintained), but it's still not great to use older kernel versions regardless. It isn't the only insecurity about Debian.

I really have nothing more to say. I know I touched on a lot of extremely controversial topics, but I'm sick of privacy being at odds with security, as well as other groups being at odds with each other. This post is sort of a collection of a lot of interesting privacy and security knowledge I've accrued throughout my life, and I wanted to share my perspective. I don't expect everybody to agree with me, but I'm sharing this in case it ever becomes useful to someone else.

Thanks for taking the time to read this whole thing, if you did. I spent hours writing it, so I'm sure it's gotten very long by now.

Happy Pi Day everyone!

cross-posted from: https://lemmy.ml/post/26453685

Not many people have heard about secureblue, and I want to spread the word about it. secureblue provides hardened images for Fedora Atomic and CoreOS. It's an operating system "for those whose first priority is using linux, and second priority is security."

secureblue provides exploit mitigations and fixes for multiple security holes. This includes the addition of GrapheneOS's hardened_malloc, their own hardened Chromium-based browser called Trivalent, USBGuard to protect against USB peripheral attacks, and plenty more.

secureblue has definitely matured a lot since I first started using it. Since then, it has become something that could reasonably be used as a daily driver. secureblue recognizes the need for usability alongside security.

If you already have Fedora Atomic (e.g. Secureblue, Kinoite, Sericea, etc.) or CoreOS installed on your system, you can easily rebase to secureblue. The install instructions are really easy to follow, and I had no issues installing it on any of my devices.

I'd love more people to know about secureblue, because it is fantastic if you want a secure desktop OS!

Yesterday I decided to start "officially" selfhosting. With almost no experience with Docker, I struggled for eight hours straight, but I finally have it working.

Currently, the two tools I am selfhosting with Docker Compose are LibreTranslate and spotDL. I'm only accessing them over the local network using a direct IP:PORT, so there's no domain name. I don't want to use a custom DNS, since it is fingerprintable online, so I want to keep it the same as my VPN.

With that said, I want to add encryption to the connections. I was able to generate my own self signed certificates with this command:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ./certs/key.key -out ./certs/cert.crt

spotDL was easy to setup with these self signed certs, since it has command flags for --enable-tls, --key-file, and --cert-file. LibreTranslate has an environment variable for - LT_SSL=true, however it gives the following error:

libretranslate  | (URLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)')),)

That led me to this issue which is 2 and a half years old. LibreTranslate doesn't have a way to specify certificates that I know of.

I tried using Nginx Proxy Manager to create a reverse proxy, but I couldn't quite figure it out. (I also didn't understand Docker Compose at the time. I had a few hours to go before I did) NPM also seems to want Let's Encrypt certificates which can't be given without a DNS record. I tried manually providing certificates in the config file, but I don't quite understand NPM enough to be able to set it up properly on my own.

My requirements are:

• No changing the DNS from my VPN's default
• No port forwarding, everything should be accessed by the local network only
• No email required (ability to use a fake email without risk is fine)
• Only free and open source software
• Modern security standards where available

I also would like help adding the self signed certificates as a permanent exception in Brave browser, if possible.

After about 2 and a half years of battling for my privacy, I'm finally at a place where I can step back and be happy. Technically the seed of privacy was planted 5 years ago, but it hadn't become a goal yet.

I used to use Windows 7 (even 10 and 11, eventually), an iPhone 6, Gmail, Google Hangouts (anyone else remember when it was called that?) and Discord as my main messengers, Snapchat, Instagram, Spotify, Netflix, Reddit, ChatGPT, Chrome, Google, Avast and Avast VPN, YouTube, Authy, and so, so much more.

I am so fortunate to be able to be where I'm at now. I use Fedora (Silverblue. I tried secureblue but it was too strict for my taste), a Pixel 8 running GrapheneOS, Proton Mail + addy.io (although I try to use email as little as possible), Signal and SimpleX Chat, a "self-hosted" music library, some cheaper ways to stream movies, Lemmy (duh), HuggingChat (because I don't have the hardware to run my own model quite yet), Tor Browser and another (I want to avoid arguments about my browser choice), SearXNG, Proton VPN (until I can get Mullvad VPN paid for), FreeTube, Aegis Authenticator, and a plethora of other software.

I got quite lucky with device compatibility. My computer and laptop just so happen to be compatible with every distro I've tried, and I've sure dragged them through hell to find the one I want. I'm blessed to have been able to snag a decent phone for GrapheneOS, and so glad to have automated the transition from Spotify.

It's been a good run. I'm glad to finally be satisfied with where I'm at. I started to see the fruit of my labor months ago. Now I can rest easy and do my part to help others become more privacy aware. I'd love to hear your story too, maybe mine isn't far off!

Bonus story: The straw that broke the camel's back that caused me to fully switch to Linux was Windows 11's Efficiency Mode. It's a cute feature that throttles the performance of programs to save on carbon emissions... and (at the time) you couldn't disable it. You could disable it per-process, but it would re-enable itself shortly after. ChatGPT was becoming quite popular at the time, but Efficiency Mode slowing down the browser made it nearly unusable. I did look for ways to permanently disable it, but either I wasn't experienced enough or it didn't exist yet. Well, no way except to replace Windows altogether!

If you're just here for the results, the best ones are listed in my list of software, Open Source Everything under the "Sports & Health" section.

For the rest of you, thanks for staying! 2 days ago I made this post asking you all about which health apps for Android you recommend. I appreciate everyone who took the time to give their recommendations, however, I didn't get as many responses as I had hoped for. So I took inspiration from Thanos and tested out 81 different health apps for Android.

Wait, 81? Doesn't the title say 49? Yes, I tested 81 apps, but a good bit of them were either unavailable, required an account to use, not open source, or not a health app at all. So, those have been omitted from this list.

I should also mention that I didn't try every app, so you may have one I didn't try! I tried to test the major ones I could find from a massive list, but obviously we are all human and make mistakes. With that, here are my opinions for each software I tried.

Beauty Product Information

The only one that fits in this category is Open Beauty Facts. It requires the Network permission to function, and it's used to look up information about different beauty products. You can add these products to a list, scan barcodes (if you grant it camera permissions), and more. It's fully featured, still active, and the best app for this so far. However, the UI is fairly basic and it contains optional telemetry.

Breathing Exercises

Inner Breeze

Inner Breeze is a somewhat basic app to help you with breathing exercises. The app has a nice UI, and a few settings. It allows you to also keep a history of your breathing sessions which can be viewed in a graph. It requires no permissions at all.

Breathly

Breathly actually would have been the top app in this category, but unfortunately there hasn't been a commit in over a year. It has a better UX than Inner Breeze, and includes calming(?) voice instructions to guide your breathing. It does require DCL via memory permissions, which is unfortunate. It also does not have a graph functionality, but it does have different types of breathing exercises.

Brethap

Brethap (which I keep accidentally calling "Brethrap") has a basic UI, but it includes plotting your breathing sessions on a calendar. It also includes a web interface. It requires no permissions. It has decent customization, and includes support for Text to Speech.

Diabetic Trackers

Glucosio

Glucosio is an app for tracking different things within the body, such as glucose level, cholesterol, etc. It allows you to add custom data, graph it, import and export data, etc. Unfortunately, there aren't many settings and the app has been abandoned. The UI is very basic, but it's functional. It requires no permissions.

Diaguard

Diaguard is a German diabetic tracker that also has full English support. It is similar to Glucosio in functionality, but it has many more settings and a better UX. The UI is still basic, but it requires no permissions to function. It can plot graphs and pie charts, as well as many more functions. It is the best in this category.

xDrip+

xDrip+ has a horrible UI, confusing elements, I'm not even sure which permissions it needs, but it (supposedly) can connect directly to physical glucose meters. I don't recommend this app, but this isn't as bad as it gets.

Juggluco

Juggluco has the absolute worst UI I have ever seen, not just on this list. It forces you to use it in landscape, the clock does not hide itself, it seems to be badly translated, it has no settings, it barely has controls, but for some reason the app is still being updated.

Diet Creation Tools

The only app for this that I could find is Daily Dozen. By default it uses a scientifically recommended diet for your day, with no customization. It has a very basic UI with no settings, but it allows you to check off which foods you ate that day. It requires no permissions to run. If anyone is willing to make health software, this would be a good section to make it for.

Fitness Trackers

This section is weirdly named. Gadgetbridge is a replacement software for proprietary apps for your wearable gadgets. I've never used it, but it seems to have good support. It asked for so many permissions it might as well have the root permission itself, and the themes are slightly broken. The UI is fairly basic, but there are plenty of settings.

Gym Exercise Trackers

This section was really difficult to pick a best for.

Massive

Massive is a material exercise tracker. It requires no permissions. You can view your data on graphs, import and export, create custom exercises, and more. However, the experience is a bit confusing, there's little customization for which exercises you do, and there are a few bugs. Overall, it's the best in this category, but not by much.

Fast N Fitness

Fast N Fitness has a really bad UI. It requires no permissions to run, you can customize the exercise types, graph your data, create profiles, and more. It isn't really special, but it does have a worse UI than the alternatives.

GymRoutines

Also a material fitness tracker, GymRoutines requires no permissions to run. You can create custom workouts, graph them, backup and restore, and... That's it. That is about all the app can do. It has only 3 settings. It's very basic, and the last commit was 9 months ago.

Verifit

Verifit was someone's passion project, with a surprising number of features. It has pretty much every exercise you can imagine, as well as custom exercises. You can view the data on pie charts, import and export data, log workouts, and more. Sadly, the project was abandoned. It has a basic UI and few settings. It requires no permissions.

Lift

Lift was abandoned 4 years ago. It allows you to put workouts on the calendar. The (two) settings don't work, it has a basic UI, and does not have custom workouts. It requires no permissions.

Habit Trackers

Table Habit

Table Habit is a material habit tracker. It has a setting for "positive" and "negative" habits, however the goal of the app is to enforce habits and not break them, so... if you have a negative habit of murder, and need some encouragement, Table Habit is the app for you! It's essentially fully featured, so it has way to many functions for me to list. It requires no permissions to run.

Loop Habit Tracker

Loop Habit Tracker is tied with Table Habit on which one is better. LHT has a more basic UI, but it has a lot more streamlined experience with habits. It does not allow for negative habits. It is simple but powerful. It also hasn't had a commit in 6 months, but it is still great software. It requires no permissions to run. If I had to pick though, I would probably choose Table Habit.

Medicine Reminder Tools

I only tested Simpill, but people did suggest others to me. Simpill has probably the best UI out of all of these apps. It requires notification and background usage permissions. It has few settings, but it doesn't really need many. It is a bit buggy with 24 hour time disabled, and you need to make sure you enable background usage, but it works well. I may eventually try out other apps in this category.

Meditation Tools

Medito

Medito requires a network connection initially, but you can download meditation audio offline. The purpose is to play audio to guide you through meditation for different purposes (sleep, relaxation, etc.). It has a lovely UI. However, there are no settings, and it does not allow importing meditation audio.

Om

Om was abandoned 5 years ago. You open the app, and you either have a voice guided meditation, or a self-guided meditation (an annoying bell). That is the entire functionality. It requires no permissions, and has absolutely no other features.

Meditation

Meditation, also known as Essential Meditation, is a weirdly popular meditation app. It requires notification and background permissions to function, except it shouldn't need those. You can change some settings for the sound you hear, etc. It has a basic UI. It also gives me a headache. Maybe I should log that in the...

Menstrual Cycle Trackers

Something something disclaimer about "mature topics" so this post doesn't get nuked by lemmy.ml.

drip.

drip. allows you to track menstrual cycles and symptoms. It has plenty of default symptoms, allows you to encrypt the app with a password, import and export data, and more. You can view this data on a calendar or a graph. It has a basic UI, few settings besides the ones listed previously. The UI is also slightly laggy.

log28

log28 would have made it alongside drip., but unfortunately the app was abandoned 2 years ago. It has a basic UI, some bugs, but requires no permissions. It has plenty of default symptoms. You can view data on a calendar, but not a graph.

Mensinator

Finally a material design app, Mensinator allows you to track menstrual data and symptoms. It does not come with many default symptoms, but you can add your own. It offers some customization, statistics, import and export, and more. It allows you to view data on a calendar, but not a graph. It requires no permissions, but does have a few minor bugs.

Mood Trackers

I've been writing for an hour straight, so let me log my fatigue in Pixy. Pixy has a lovely UI, although slightly laggy, and allows you to log your mood for each day. You can view the data on a calendar, graph, bar chart, and lots more. You can also log what you did that day, import and export data, change colors, etc. It is probably fully featured. However, it is sadly abandoned, requires DCL via memory permissions, and tracks your data if you give it network permissions.

Nutrition Information Tools

Let me speedrun this one: Open Food Facts, which also has a web interface, lets you scan bar codes or search products to view information such as ingredients or how humane it is. It has opt-in telemetry, requires network permissions, also requires DCL via memory, does not have a local database, and has a mediocre UI. It has plenty of customization, and you can add products to a list.

Pedometers

Pedometer (PFA)

This app is abandoned, which is unfortunate since the team behind it also makes so many other fantastic apps. It allows you to track your steps, view it on a graph, and more. It has a basic UI, few settings, and requires the physical activity permission.

Paseo

Paseo has many more features than the previous app. It has a basic UI, and requires the physical activity permission. It shows much more data in graph and circle form, such as current steps and expected steps. It has lots of customization, you can set step goals, it's overall great. It is, unfortunately, abandoned as well.

If you want to make a health app, this is another good section for it.

Physical Activity Trackers

This section was extremely difficult to decide best software for. Let me break my default style and tell you a little story. The first app I tried was OpenTracks (actually that's a lie). It is unique because you can use it fully on its own, but it does not have map capabilities. To get map capabilities, you need to install either "OSM Dashboard" or "OSM Dashboard (Offline)".

OSM Dashboard will allow you to use OpenStreetMaps directly, or download other maps for local storage, etc. OpenTracks will then display your physical activity path on that map (or without, if you really want just the shape). OSM Dashboard (Offline) does not connect to the internet ever, at all, for any reason. You have to download maps yourself and import them yourself. OpenTracks for real made 3 separate apps so you can be as private as you want by installing only what you want, and I applaud that massively.

However, it came between OpenTracks and FitoTrack. FitoTrack essentially packages the map capabilities within the app itself. You can load from OpenStreetMaps directly or import downloaded maps. What made FitoTrack better is the ability to view your data on a graph, bar chart, etc. Also, OpenTracks requires notification and nearby devices permissions, whereas FitoTrack does not. OpenTracks has a slightly broken UI, FitoTrack has a basic UI and fewer settings. While I massively applaud OpenTracks for their work so far, FitoTrack is my current preferred option.

There is also RunnerUp, which just has a bad UI. It allows graphs and connected devices.

Seasonal Food Information Tools

Speedrun time: Seasonal Foods Calendar is an abandoned app that simply tells you which foods are in-season for your location, as well as basic information. The app lacks in data and customization, has a basic UI, but allows you to search for foods. It requires no permissions.

Relaxation Tools

Noice allows you to play relaxing background noise sounds. It requires network permissions, but you can download audio for offline listening. It is material design, has plenty of settings, and I would say it is fully featured. However, it does have optional telemetry.

Weed Trackers

Something something disclaimer don't do drugs please don't nuke this post.

Petals helps you track your weed usage to help you see how much you're using, if it's dangerous, and educate you on everything it can. It requires no permissions, you can import and export data, it has an app lock, and plenty of settings. It has a mediocre UI, but it includes many graphs. For some reason it added icons on the home screen for me, YMMV.

Weight & Diet Trackers

I'm not going to be detailed with this section because it was honestly the worst one to gather info on. trale is as minimal as it gets, but it's available for Accrescent if that's your thing. openScale can connect to Bluetooth scales and track lots of data. Energize has integration with OpenFoodFacts. OpenNutriTracker forces you to agree to a privacy policy and EULA. Waistline is laggy and requires a network connection for some integrations. All these apps basically do the same stuff, except for trale which does very few stuff. You can track what you eat, your weight, and set goals. I couldn't decide on a "best" for this section.

Workout Routine Tools

I've been testing all of these apps for the past 3 days as well as writing for the past 2 hours, so you can start to see my slow descent into insanity. I really need an editor.

Workout Time

This was abandoned, is slightly laggy, and straight up does not work.

Liftosaur

This app requires network permissions because the entire app is just a website. That means it's super laggy, and has no settings.

openWorkout

This app has ads for some reason, but it doesn't need network permissions so it doesn't matter. It has a basic UI, and lacks in settings and features.

Those 3 are pretty terrible, but these last 2 apps were pretty much tied.

Feeel

Feeel is great for creating custom workout routines. It not only lets you pick which exercises to do and for how long, but it also teaches you how to do those exercises, which pictures. The design is great, it has few settings, and has its own polygon style. It requires no permissions.

LiftLog

Liftlog is a material design app to create workout routines. It lets you create your own exercises, view stats, and more. The app is kind of laggy, but it provides plenty of good settings. It does, however, have premium features such as AI. It also requires DCL via memory permissions.

Workout Timers

Finally, the last section, I'm going to break my style again to save my sanity. HIIT was abandoned 3 years ago. OpenHIIT lacks in settings, has a material design, and only allows up to 9 exercises.

Just Another Workout Timer and TimeR Machine almost tied. JAAT is material design, fairly fully featured, but the UI is confusing, button positions are weird, and icons can be unclear. It makes it very difficult to use. However, it has plenty of settings, including import and export.

TimeR is a more basic UI, but it is much more clear what is going on. It even puts you through a tutorial in the beginning. You can view data on graphs, etc. It's my preferred option. It requires no permissions, has plenty of settings, it's great.

Conclusion or something

People get mad at me for not adding summaries or conclusions, so... Hello, I've lost all personality and soul after writing this. I hope this helps someone in the future find some good Android health apps. Please make more health apps, since the open source community really needs it. Please check out Open Source Everything, which is my own curated list of open source software that I've been working on for years.

Anyways, thanks for reading!

- The 8232 Project

Oh yeah, P.S., I didn't actually double check that I listed 49 software here. If it's 48 or something it's because I was going to add Quit Smoking but it's abandoned and the source code no longer exists besides archives.

I maintain my own list of open source software, but one of the biggest struggles has been finding open source health apps to add to the list. It seems like the open source community is lacking in this area, compared to proprietary counterparts.

I'm beginning to flesh out some of the health apps on my list, and I am looking for recommendations on which apps are generally used. This is an extremely rare circumstance in which I am asking for community feedback to add software to the list.

My preferred criteria is as follows:

Available for Android

It can be available for other platforms, but I tend to prioritize open source operating systems such as Android or Linux. In this case, a health app for Linux would rarely be useful. If available, please note whether or not the app works well with strict permissions on GrapheneOS.

Has a clear, distinct purpose

I prefer not to categorize the same app in multiple places. I am a believer of software being the best at one thing, rather than trying to be the best at everything. So, I would like to categorize different apps for each purpose (calorie tracking, nutritional information, fitness tracking, etc.)

Works entirely offline

Ideally, apps should work without ever requiring an internet connection. Having the ability to download data for offline use later is fine, if the data is large enough to warrant not being packaged with the app itself.

Still actively maintained

It's rare that I add outdated or abandoned apps to my list, but there will always be exceptions. The apps should be actively maintained, and have modern usability and appearance.

Those are best case-scenario criteria, your recommended app may not follow that. All apps should, of course, be open source. I am leaving the definition of "health apps" without elaboration on purpose, because I am looking for all health-related and physical wellbeing apps.

Thank you for your suggestions! :)

I made this post, outlining my verdict about whether or not Chromium is more secure than Firefox. At the very end of the post, I noted "GrapheneOS did not respond to my requests for a comment."

Well, after weeks with no reply, they finally responded. I don't plan to do any more research about this topic, but this information is still incredibly valuable. Keep in mind the questions I asked the GrapheneOS team were created before I had done much research about the topic. Here are the questions and GrapheneOS's replies:

Does Firefox have isolation between tabs?

incomplete

Is Firefox's implementation of tab isolation as secure as Chromium's?

no, it's incomplete and their sandbox is significantly weaker across all platforms, but it varies based on platform

Firefox uses Fission to isolate embedded content from the main website. Is Fission used for tab isolation as well?

it's incomplete

Is Fission the main cause of concern about Firefox's security?

there are many ways in which it's less secure than Chromium, but the weak sandbox particularly that's entirely not implemented on Android is one of the main issues

Are there other reasons why Chromium is more secure than Firefox, besides Fission?

Chromium uses full garbage collection for a lot of the C++ objects, has much more hardened memory allocators for native allocation, has the V8 sandbox as another layer of security missing in Firefox before the OS sandbox, has much more fuzzing, auditing, etc. and much more modern exploit mitigations implemented too

Firefox is far behind in nearly every way and laid off a lot of their security people

Isolation of embedded content is important to prevent Spectre and Meltdown exploits, but is this actually something that an everyday user will be majorly affected by? It seems that, unless you are logging in through embedded content, there is far less risk associated with this from an everyday standpoint. Again, more security is obviously better, but is this as big of an issue as it's made out to be?

yes it impacts users because browser vulnerabilities are widely exploited in the wild and the OS sandbox is one of the main defenses against it, as is the V8 sandbox feature entirely missing in Firefox

Google heavily monitors for browser exploits and catches a lot of it happening in the wild

Mozilla / Firefox has little visibility into it

therefore, it's much more widely reported for Chrome but does not mean it isn't happening with Firefox regularly

Is Firefox less secure on Linux (besides Qubes, Tails, etc.) than other desktop operating systems?

Tails is not a hardened OS at all, that's a misconception about it, and it has nearly all the problems of desktop Linux

Firefox on desktop Linux has weaker sandboxing than elsewhere

on Android they haven't even implemented a content sandbox, although the OS provides an app sandbox around it as a whole but that's not the same thing

In which ways are Fission less secure than Chromium's Site Isolation?

it's not even completed yet, the issue is still open since not everything is isolated yet and there are known ways out

Does Brave provide the same privacy against fingerprinting as the Tor Browser?

Tor Browser's anti-fingerprinting is greatly overestimated and does not really work with JavaScript enabled, which it is for most users

Brave's is not strictly better or worse

neither anti-fingerprinting approach works well

Could you provide good resources for my article about the state of Firefox security on Android?

no, but it is awful, they don't even implement any content sandbox let alone site isolation, and have almost no exploit mitigations or anything implemented

Would it be easy for a developer to create a fork of Firefox for Android that uses isolatedProcess?

no, but it's easy for them to do it relative to doing it elsewhere

Would using isolatedProcess in Firefox fix isolation issues? If not, what would still need done?

no, but it would allow them to provide a content sandbox on Android and partial site isolation to the extent they implement it overall

Is there tab isolation for Firefox on Android? Is this as secure as Chromium's?

there's an incomplete implementation, and no, it's not nearly as secure aside from being incomplete

I made this post a few weeks ago, and I've finally been using GrapheneOS for one month. I'd like to point out things that changed, and my experiences with some of the GrapheneOS communities.

The changes

I stressed far too much about which methods to use for installing apps. In the end, it's up to you and your preference. Sure some are considered less secure than others, but it's your phone. I'll explain more about why I'm saying that later. Anyways. I get as many apps as I can via Obtainium, and install a few apps via Aurora Store.

I'd like to clarify the reason I have ProtonVPN installed via Aurora Store. App developers often develop different versions of the app depending on how you install it. Play Store versions of it might rely on Google services, whereas direct apk files may not. ProtonVPN allows you to use it as a guest, but only when you install the Play Store version. No other version of the app (e.g. installed via Obtainium) allows you to use it as a guest. Please stop commenting about this, I explained it to way too many people.

My game selection has remained the same, however Antimine is a bit of a weird one. It is still actively maintained, but the GitHub releases page is versions behind the F-Droid version, and the F-Droid version is versions behind the Play Store version. I tried installing the Play Store version, but it required Google Play Services to work (even though the app could actually run without it, it just thinks it needs it). So, unfortunately, I'll just use the outdated F-Droid version.

2048 by SecUSo actually got dark mode! Good for them for keeping things nice on the user end. Audire has been abandoned, and so I tried out Audile and it works fine.

As many users pointed out, AndBible is not abandoned. It also recently got updated. The UX is still sub par. Fossify projects are also, as many pointed out, not abandoned. Development is just slow. I'm eager to see what updates will come.

HeliBoard still has some weird autocorrect suggestions, but I made a few bug reports about it. KeePassDX no longer has the weird biometrics bug.

For eBooks, I tried out a lot of the top proprietary eBook readers:

• Amazon Kindle was authwalled (required logging in)
• FBReader was netwalled (required a network connection)
• Google Play Books was playwalled (required Google Play Services)

Then, I tried Moon+ Reader. I am so sorry, but this app is honestly fantastic. I will reiterate: it is proprietary, but it has support for Apple Book's page turning animation as well as other stuff. The open source eBook readers peril in comparison. The app is perfect, I just wish it was open source.

My music player has changed to VLC Media Player, which is honestly so much better than the desktop version. It has incredible support for use as a music manager. The only annoying bug is that it will sometimes lag for a few seconds before resuming, and there's no clear "queue" section.

I got too upset with Vanadium's lack of anti-fingerprinting and privacy features, that I switched to Brave. Honestly, I'm happy with it. It's not perfect, but I can get behind it.

The new stuff

Alright, now let me mention the new things I got to try. I wanted to try out an RSS reader, so I got Feeder. It's honestly what you expect from an RSS reader. I will say: I wish there was more distinction between read and unread articles. Currently the only difference is whether or not the title is in bold. I also wish the "Show read articles" could be changed for each feed, and not globally, or have an "Unread articles" section.

I have the I2P DEBUG app in case I ever want to access I2P pages. I'm learning about what I2P is. From what I gather, it's like Tor but... not Tor.

I tried out Image Toolbox for editing images. It's very feature rich, but very unintuitive to use.

This is the biggest change: I tried out Lawnchair and Lawnicons. It is honestly so great. I wish the default launcher had that level of customization. You can customize it in 100 different ways until your heart gives out, it's honestly fantastic. There are inconsistent minor bugs and annoyances, but the benefits far outweigh those. I'm a sucker for the iOS look, and I was very pleased I was able to achieve something in between Android and iOS. I just wish they would bring dock colors back! One of my favorite features is being able to customize any icon and name for any app on the home screen. I could make a dating app look like a graphing calculator, for example...

I tried out the proprietary Pydroid 3 app as a Python IDE. I give the developers a solid pat on the back. It's a great app. It works super well, and just has the occasional "upgrade to premium" popup to remove the "ads" that it can't load because it can't touch the internet. Good job guys.

I added Shadowsocks to my censorship circumvention toolkit. I can't find any free servers, but hey it's there in a pinch.

The community

I got some time to experience the Matrix/Discord/Telegram (they're all bridged) community as well as the issue tracker for GitHub. The issue tracker closes a lot of issues that I personally think should remain open. One I made was changing one of the default pings for an (obscure) menu from Google to GrapheneOS, a very simple fix. They closed it, which I'm upset about. I get it though, they can't fix everything.

The Matrix/Discord/Telegram community is... interesting. There's 3 people: The ones who understand almost nothing and need a lot of help, the general users who are super friendly and have wholesome interactions, and the ones who know (and/or think they know) everything. That third group is quite prevalent. They will constantly push their own threat model on you as if it's the only correct answer, and will (quite often) refuse to answer questions if it goes against their threat model (e.g. questions about Aurora Store when "Play Store is the only correct answer").

It's annoying to say the least. I try to mention as much as possible that everyone has their own threat model and it's your phone so you get to choose your own preferences at the end of the day, but that never goes over well. GrapheneOS isn't always known for taking kindly to some lesser threat models, which is a double edged sword. It's good that they have such high standards, but they need to know when to relax and let other people help. It's not bad by any means, you'll get the help you need, but it's not a good look at the end of the day.

Conclusion

That's my experiences after one month. It's been nothing short of fantastic, even with some problems. I am a strong advocator for open source software, but for a couple things the proprietary alternatives are simply the best. That's the unfortunate truth for some things. This will be my last post about my experiences with GrapheneOS, but coming from iOS, it is a super fun transition.

I'd also like to mention quickly for anyone wondering: Backups for me are currently under 5GB (not including music), and in a month with all the app downloads and music transfers over LocalSend, I used about 70GB of internet. Tubular used the most internet (about 22GB in a month). For all you curious, this can give you a nice baseline.

Thanks for reading!