pull down to refresh

100 sats \ 6 replies \ @siggy47 OP 19h \ parent \ on: Cyperpunks v. Wall Street bitcoin
I haven't been able to either on my mobile. No problem through a smart tv. Weird.
write
preview
36 sats \ 5 replies \ @optimism 19h
Does the smart tv use the app or are you watching in a browser there? Because with the former they could just use gms to identify you even if you're not logged into the app directly.
This is basically why I strip off googleware and recompile every app I run on grapheneos (and why after 4 weeks of evening debugging I still don't have working protonmail on my phone, ugh)
reply
100 sats \ 4 replies \ @siggy47 OP 18h
Yes, I'm sure I'm identified on my smart tv. It's what my family uses for everything. My graphene pixel rarely lets me watch a youtube video. I don't use any Google apps on the graphene, but it sounds like I have more security holes than what you are doing. You're obviously pretty in tune with this stuff. Have you ever compared notes with @final about graphene here? He's actually one of their developers, I believe.
reply
36 sats \ 3 replies \ @optimism 18h
So graphene is the starting point, because it offers security (and sandboxes google play.) F-droid has reasonable policies to protect you from spyware by excluding non-open framework use (I'm not sure if gms is allowed.) This is already 200x better than any app you download from the play store.
However, if you're an actual target because of what you work on and a somewhat-pleb, then applying "don't trust, verify" becomes really important. So I just download source for everything, review the code (search for patterns), remove all the crap like gms, remote debuggers, call-home functions that aren't needed (they never are) and compile it. Then I packet capture the app and use it and see what it does on the network side, and audit storage.
This is way too much work if you're not a target. Just using f-droid should be good enough.
reply
100 sats \ 2 replies \ @siggy47 OP 18h
I have been mostly using Obtainium and the zapstore (nostr based). Do you have opinions on those. I was steered away from fdroid a while ago for reasons I don't remember.
reply
36 sats \ 1 reply \ @optimism 18h
I don't see how publicly sharing what apps you use w/ zapstore gives you a security benefit. If anything, it would increase your chance of success if you wanted to target me and know which apps I run?
As for Obtanium - the benefit could be reducing third party risks, but are these apks it installs actually deterministically and reproducibly built (like bitcoin core or lnd are)?
reply
0 sats \ 0 replies \ @siggy47 OP 18h
Good questions that I can't answer.
reply on another page