Uuuuuugh I thought that was like, the "you need to be able to See The Code like Neo to pull it off, but if done right, is very secure and private" option
headdesk
I'm rapidly approaching the point at which I turn off my pixel and go back to my decrepit iPhone 8 and accept defeat
GlytchMeister well it depends what you use it for.
I have a home lab. My services are searx for websearches, lingva for translate, and various other front ends and services. Calendar, contacts and photos are also self hosted. This is all easy, and you really dont have to worry too much about security so long as you access it all through a VPN, or do a bit of research into setting up reverse proxies securely. Tailscale is a good VPN option (free, though not all open source). I am assuming youre not being targeted by a nation state or even LE. If you are then I would not suggest self hosting or be so blasé about how easy it is to secure.
I personally dont try to self host my own email server, website or anything else that I can't just 'turn off' and cope with it if it need too.
Above anything else its a fun project.
Well, you're correct that I'm not being targeted. Well, as far as I know. I am a hobbyist SciFi and fantasy writer, so my searches are liable to raise some eyebrows, but I have yet to be visited by forgettable people in cheap suits and sunglasses, so I assume I'm not being actively targeted. :P
I don't have the knowhow to do it, I don't have the time to learn, and I don't have the hardware even if I had the knowledge and time, anyway, so... Yeah. Its just frustrating.
GlytchMeister a raspberry pi and a free weekend is all you need and you can have a self hosted version of searx and have the most private internet search engine free of big tech tracking. You can message me privately if you want a bit of help.
Anyway, this has got off topic.
My advice re: giving up GrapheneOS, dont do it. Take a deep breath and try not to over think it all. One step at a time is all thats needed. The OS out of the box is already leaps and bounds better than anything else. Dont buy into overblown minutiae regarding privacy services, and definitely dont let it fatigue you. You dont have to give up every proton service just because it makes an api call to google, something which most people dont even understand what it's actually doing.
FWIW, Ivran this logging by Proton support. They indicate that all notification data is encrypted currently but that they are looking at eliminating the need to use the google apis at all.
Speeduser7533 its not a good look if you intentionally implement it, but only after it has been exposed to public they attempt to patch things up.
Thank you for revealing and discussing this issue in Proton email (and others) apps.
FWIW, I've been quite satisfied using Vanadium to access my various Proton online storage(s), and AFAICT Google is not involved.
Also Vanadium seems the MOST trustworthy and secure (hardening) web app around. Even if Proton modifies its' apps, they won't be as secure as Vanadium. So for me, the question becomes, how badly do I need push notifications?
Don't need them.
Also, the quick-reply business crowd seems to be moving to SMS - which of course has NO privacy - but significant security thanks to GOS auditing and hardening.
(FWIW this same reasoning applies to my banking - I use Vanadium, and not some poorly-written bank app)
Just suggesting that you do not abandon Proton web storage(s). HTH.
Unfortunately, I do need notifs for my emails :/
Annoying.
I'm no security guru, so someone who knows better may give this a bad evaluation, I don't know. But, it does work for me:
rdns dev here
GlytchMeister definitely interested in a guide... And even more interested in a "RethinkDNS for Dummies" sort of guide.
I put an ad-hoc one on our subreddit: https://www.reddit.com/r/rethinkdns/comments/12ta9zo/configure_app_for_optimal_use/ / mirror: https://archive.is/Krcoh
The gist is, allow only what you trust.
youtube.com, mtalk.google.com, googleapis.com) may point to a same set of IP addresses (all owned by Google and hence may be used interchangeably), the Stats and per-app domain rules may behave in funny ways. With Advanced DNS filtering (which has other bugs) will possibly not.Rethink has grown to be a Frankenstein monster and I get a lot of emails on how difficult it is to use, but someday someone from the community will write one true guide to setup Rethink so I can point everyone to it.
ignoramous THANK YOU for putting the time and energy into posting this message! I haven't yet had a chance to read and absorb all that you have given us here - it is tech heavy - but it is clearly an important read even for us who rely upon our VPNs to provide DNS service which filters badware and adware! Thanks Again!
Hi! ignoramous Could you please explain the reasoning behind locking local DNS filtering in Advanced proxy mode? My friend recently pointed out that Rethink's advanced proxy mode forces to use an external, non-proxy DNS, which defeats the whole purpose of VPN.
I'm confused, are you saying that if we use the proton mail with our graphenos phone google can track us?
OK... So...
Uh.
What stuff can I use alongside the Mullvad App? I don't want to use wireguard and non-mullvad DNS because Mullvad has lockdown and always-on, and using non-mullvad DNS makes my fingerprint more unique.
I really just want to use RDNS to block apps like discord and proton mail from connecting to anything except what they strictly need to connect to in order to function.
Aka, I only want the local, on-device filtering, and I don't know enough about anything to know what is local and what will mess up the Mullvad App.
GlytchMeister don't want to use wireguard and non-mullvad DNS because Mullvad has lockdown and always-on, and using non-mullvad DNS makes my fingerprint more unique.
Lockdown and always on can be done in the system VPN settings. And Mullvad DNS can be added to the wireguard config.
It appears that only the ProtonMail app uses Firebase.
Proton Mail - ProtonMail-4.0.14_9270.apk
Services - ProtonMail-4.0.14_9270.apk
androidx.appcompat.app.AppLocalesMetadataHolderService
ch.protonmail.android.mailnotifications.data.remote.fcm.PMFirebaseMessagingService
com.google.firebase.components.ComponentDiscoveryService
com.google.firebase.messaging.FirebaseMessagingService
androidx.work.impl.background.systemalarm.SystemAlarmService
androidx.work.impl.background.systemjob.SystemJobService
androidx.work.impl.foreground.SystemForegroundService
androidx.room.MultiInstanceInvalidationService
com.google.android.datatransport.runtime.backends.TransportBackendDiscovery
com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService
Receivers- ProtonMail-4.0.14_9270.apk
ch.protonmail.android.mailnotifications.data.local.PushNotificationActionsBroadcastReceiver
ch.protonmail.android.mailsettings.presentation.settings.autolock.broadcastreceiver.TimeSetBroadcastReceiver
me.proton.core.notification.presentation.deeplink.DeeplinkBroadcastReceiver
com.google.firebase.iid.FirebaseInstanceIdReceiver
androidx.work.impl.utils.ForceStopRunnable$BroadcastReceiver
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy
androidx.work.impl.background.systemalarm.RescheduleReceiver
androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver
androidx.work.impl.diagnostics.DiagnosticsReceiver
androidx.profileinstaller.ProfileInstallReceiver
com.google.android.datatransport.runtime.scheduling.jobscheduling.AlarmManagerSchedulerBroadcastReceiver
Providers - ProtonMail-4.0.14_9270.apk
androidx.startup.InitializationProvider
com.google.firebase.provider.FirebaseInitProvider
io.sentry.android.core.SentryPerformanceProvider
leakcanary.internal.PlumberInstaller
####################################
ProtonCalendar-Android.apk
Services - ProtonCalendar-Android.apk
me.proton.android.calendar.CalendarWidgetRemoteViewsService
androidx.work.impl.background.systemalarm.SystemAlarmService
androidx.work.impl.background.systemjob.SystemJobService
androidx.work.impl.foreground.SystemForegroundService
androidx.room.MultiInstanceInvalidationService
com.google.android.gms.auth.api.signin.RevocationBoundService
com.google.android.datatransport.runtime.backends.TransportBackendDiscovery
com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService
Receivers - ProtonCalendar-Android.apk
me.proton.android.calendar.ProtonCalendarBroadcastReceiver
me.proton.android.calendar.CalendarWidget
me.proton.core.notification.presentation.deeplink.DeeplinkBroadcastReceiver
androidx.work.impl.utils.ForceStopRunnable$BroadcastReceiver
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy
androidx.work.impl.background.systemalarm.RescheduleReceiver
androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver
androidx.work.impl.diagnostics.DiagnosticsReceiver
androidx.profileinstaller.ProfileInstallReceiver
com.google.android.datatransport.runtime.scheduling.jobscheduling.AlarmManagerSchedulerBroadcastReceiver
Providers - ProtonCalendar-Android.apk
androidx.startup.InitializationProvider
io.sentry.android.core.SentryPerformanceProvider
################################################
Proton Drive
Services - Proton Drive
androidx.work.impl.background.systemalarm.SystemAlarmService
androidx.work.impl.background.systemjob.SystemJobService
androidx.work.impl.foreground.SystemForegroundService
androidx.room.MultiInstanceInvalidationService
com.google.android.datatransport.runtime.backends.TransportBackendDiscovery
com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService
Receivers - Proton Drive
me.proton.android.drive.receiver.NotificationBroadcastReceiver
me.proton.core.notification.presentation.deeplink.DeeplinkBroadcastReceiver
androidx.work.impl.utils.ForceStopRunnable$BroadcastReceiver
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy
androidx.work.impl.background.systemalarm.RescheduleReceiver
androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver
androidx.work.impl.diagnostics.DiagnosticsReceiver
androidx.profileinstaller.ProfileInstallReceiver
com.google.android.datatransport.runtime.scheduling.jobscheduling.AlarmManagerSchedulerBroadcastReceiver
Providers - Proton Drive
androidx.startup.InitializationProvider
androidx.core.content.FileProvider
me.proton.core.drive.documentsprovider.data.DriveDocumentsProvider
me.proton.core.drive.documentsprovider.data.DriveFileProvider
io.sentry.android.core.SentryInitProvider
io.sentry.android.core.SentryPerformanceProvider
leakcanary.internal.PlumberInstaller
####################################
Proton VPN - ProtonVPN-5.3.93.0.apk
Services - ProtonVPN-5.3.93.0.apk
com.protonvpn.android.vpn.wireguard.WireguardWrapperService
com.protonvpn.android.vpn.openvpn.OpenVPNWrapperService
com.wireguard.android.backend.GoBackend$VpnService
com.protonvpn.android.components.QuickTileService
com.protonvpn.android.ui.settings.AppInfoService
androidx.work.impl.background.systemalarm.SystemAlarmService
androidx.work.impl.background.systemjob.SystemJobService
androidx.work.impl.foreground.SystemForegroundService
androidx.room.MultiInstanceInvalidationService
Receivers - ProtonVPN-5.3.93.0.apk
com.protonvpn.android.OnUpdateReceiver
com.protonvpn.android.notifications.NotificationActionReceiver
com.protonvpn.android.quicktile.QuickTileActionReceiver
me.proton.core.notification.presentation.deeplink.DeeplinkBroadcastReceiver
androidx.work.impl.utils.ForceStopRunnable$BroadcastReceiver
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy
androidx.work.impl.background.systemalarm.RescheduleReceiver
androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver
androidx.work.impl.diagnostics.DiagnosticsReceiver
androidx.profileinstaller.ProfileInstallReceiver
Providers - ProtonVPN-5.3.93.0.apk
androidx.core.content.FileProvider
androidx.startup.InitializationProvider
io.sentry.android.core.SentryPerformanceProvider
################################################
Is Proton notification data end-to-end encrypted or only point-to-point encrypted?
Reference: https://firebase.google.com/docs/cloud-messaging/concept-options#encryption_for_data_messages
[deleted] I believe e2e
https://proton.me/blog/proton-vs-tuta-encryption
This is specifically referring to the calendar app, but I doubt its any different with email. Worth double checking.
The calendar app does not appear to use Firebase.