reply on: Cyperpunks v. Wall Street \ stacker news ~bitcoin

pull down to refresh

36 sats \ 3 replies \ @optimism 19h \ parent \ on: Cyperpunks v. Wall Street bitcoin

So graphene is the starting point, because it offers security (and sandboxes google play.) F-droid has reasonable policies to protect you from spyware by excluding non-open framework use (I'm not sure if gms is allowed.) This is already 200x better than any app you download from the play store.

However, if you're an actual target because of what you work on and a somewhat-pleb, then applying "don't trust, verify" becomes really important. So I just download source for everything, review the code (search for patterns), remove all the crap like gms, remote debuggers, call-home functions that aren't needed (they never are) and compile it. Then I packet capture the app and use it and see what it does on the network side, and audit storage.

This is way too much work if you're not a target. Just using f-droid should be good enough.

100 sats \ 2 replies \ @siggy47 OP 19h

I have been mostly using Obtainium and the zapstore (nostr based). Do you have opinions on those. I was steered away from fdroid a while ago for reasons I don't remember.

36 sats \ 1 reply \ @optimism 18h

I don't see how publicly sharing what apps you use w/ zapstore gives you a security benefit. If anything, it would increase your chance of success if you wanted to target me and know which apps I run?

As for Obtanium - the benefit could be reducing third party risks, but are these apks it installs actually deterministically and reproducibly built (like bitcoin core or lnd are)?

0 sats \ 0 replies \ @siggy47 OP 18h

Good questions that I can't answer.