• Off Topic

  • Best Privacy Apps/Tools for GrapheneOS

wisejoy60685 Also, I heard that F-Droid has some privacy concerns now is that true?

Forgot to answer this. F-Droid Repository and the F-Droid app have caused some security (not so much privacy) concerns as far as I can tell. For my secure and private experience, I'd go through these options in order from first to last:

  1. Not using the app/service at all
  2. Using the website via Vanadium instead of the app.
  3. Install the app via GOS App Store or Accrescent which itself is installed via GOS App Store.
  4. Install the app via Sandboxed Play Store. It's secure, but for more privacy I have to use a dummy account and preferably install from owner profile but use on separated user profile.
  5. Install via Obtainium (if I want to take care of opsec and verifying the app) or Droid-ify (if I choose to trust the repository from F-Droid, Izzy etc., but still verify myself)
  6. Install via Aurora Store as a last resort. Only use case I can see compared to Sandboxed Play Store is apps that require KYC in Play Store (such as Discord, if I really don't like using the website).

But this is just my answer, and as you can see from the partly opposing answers above, there is no one correct way of privacy. Please don't trust me or any other internet stranger. Do more research and make a basic threat model so you're able to evaluate what fits your individual needs. Best practice approaches will only end up in inferior privacy.

    I can only speak for myself, after using GrapheneOS for almost two years on a Pixle6a, less is indefinably more!
    Obviously GrapheneOS is installed, along with a VPN, email and a messaging app, and that's it.
    My Pixle6a is a communications device and nothing else. Nothing is stored on the device, no photos, email or messages. Once read, deleted..
    Every time a new update of GrapheneOS is released and is downloaded to my phone, I factory reset my phone to that release, no matter how often these releases are.
    Auto reboot at 30 minutes
    16 digit pin and no fingerprint phone unlock.
    I use my laptops to do anything else, including writing this.
    my phone is a phone, nothing more...

      area51 this is not necessarily a good approach. I agree with simple setup and using always on VPN. But I wouldn't recommend desktop for everything else because in no desktop environment you can control at the same level what OS itself and apps can access as you can do with GrapheneOS out of the box.

          DeletedUser127 But I wouldn't recommend desktop for everything else because in no desktop environment you can control at the same level what OS itself and apps can access as you can do with GrapheneOS out of the box.

          This is actually not true. QubesOS offers far better control over this than what GrapheneOS does. When I really need privacy, I use my laptop.

          With that said, GrapheneOS is far better at isolating apps and controlling access than most desktop operating systems are.

              grayway2 VPN : Mullvad or Proton (I don't trust IVPN)

              I respect your opinion but definitely dont agree. IVPN in my opinion are the most trustworthy. They do regular independent audits and are very well respected in the VPN industry. Like i said i respect your opinion but wouldnt want others being put off by it.

                ryrona what percentage of desktop users uses Qubes? You can not generalize from that. Vast majority of desktop distributions and what people commonly use are well below par with GrapheneOS in security as well as privacy POV.

                    DeletedUser127 no, you're wrong and you can generalize

                    If you are doing something complicated, and don't want to be identified, you can route traffic in much more complex ways easily in Qubes. You'll have a unique fingerprint because of the connection latency and characteristics but some deanonymizing attacks are much less likely to work. Xen can be hacked and sometimes has exploits but they are rare, so it's secure, but you can isolate what you are doing in Qubes so much more easily.

                    This idea that Graphene is always better at everyrhing and all use cases is wrong. Graphene is a mobile OS and it's harder for anyone without a zero day exploit to hack it than regular mobile operating systems. It's defensive in a general way but it's not as good as Qubes for customizing things and running different types of programs. In Qubes if you wanted to daisy-chain whonix connections (which would be stupid possibly because you'll stand out) you can, if you want to work with a virus while working on other things you can (you could open up a disposable version of a mobile OS or clone it, load the virus, and safely do things in other programs at the same time as to see how the virus works). There are profiles that isolate in Graphene OS but you can't see many profiles at the same time.

                    You just aren't a Qubes user and don't know. If you know, you know. Qubes also, unlike GOS, is often a pain in the ass. Qubes is not smooth, upgrades can cause problems. Graphene OS and Qubes both have small teams but GOS updates are frequent and mostly completely problem free. Because Qubes works on all sort of hardware (but often fails), the new Qubes update can suddenly break your system. Many ethical hackers don't like Qubes because it's so much work to maintain and use. Something that will take two minutes to do in Kali may take 20 minutes in Qubes. Multiple that times many things and Qubes is often not worth it unless a person really loves technology or has extreme needs or is just intuitively good at technology or has extreme paranoia. It is 100x harder to use than GOS. GOS is easy, everything about it is easy, and it's harder to mess up GOS. The only hard part of GOS is a person's own mindset and getting past their own fears regarding installation. After installation, the only problem is for Apps that use Play Integrity API.

                    Some of the hardening doesn't even matter in Qubes because you use templates with very low attack surface or templates that spawn something temporarily so that if you are hacked, it's destroyed as soon as you are done anyway. You're more likely to get hacked in Qubes but it often matters less. Even with Qubes there are things you can't do because of limits of Xen which is why many tinkerers use things other than Qubes. There are lots of advanced use cases that can't be done in GOS out of the box, such as if you are trying to make and or compile a program.

                        grayway2 never heard of anyone distrusting them before. Any reason?

                          DeletedUser127 what percentage of desktop users uses Qubes? You can not generalize from that. Vast majority of desktop distributions and what people commonly use are well below par with GrapheneOS in security as well as privacy POV.

                          I am not certain I understand your point. I mean, what percentage of mobile users use GrapheneOS? In both cases it is minuscule numbers. I was only remarking on your statement that no desktop operating system can offer control similar to GrapheneOS, as that in an absolute sense isn't true. QubesOS offers more control, and is a desktop operating system.

                            angela everyone is entitled to a wrong opinion, including you, yet again my real point wasn't understood. I am pretty much done with this forum. But not with GrapheneOS, for sure.

                                DeletedUser127 also I apologies if my reply seemed insulting. They are just incrediy different operating systems with different use cases that often don't overlap.

                                • N1b replied to this.
                                • thmf likes this.

                                    angela no worries, @DeletedUser127 is in an on/off relationship with this forum for a while, and definitely not leaving because of your post. Their posts are good and informative most of the time and I learn a lot by reading them, but let's not feel responsible for someone acting unreasonably.

                                    DeletedUser127 I did not understand your point either. But GOS vs QubesOS is another topic anyway and shouldn't be discussed here.

                                    Does anybody have to add something to OP's question regarding privacy apps and F-Droid?

                                        I personally use:

                                        Vpn: Mullvad (with their DNS)
                                        Password Manager: Bitwarden
                                        Email: Tuta (and Proton as backup)
                                        Notes: standard notes app
                                        Browse: Vanadium (as recommended)

                                        (I also use the standard grapheneOs apps, if one is provided)

                                        I didnt look up any other categories for apps.
                                        And i decided on this based mostly on the opinion of people in forums, i didnt review any source code or anything (so evalute my opinion based on that)

                                        For password managers, as far as im aware, if you want to use multiple profiles (and the same passwords), its easier to use a cloud base one like bitwarden, instead of a local one like keypassx (because sharing the files is harder)..

                                        (proton vpn and password manager is also good btw, i am just personally not much of fan of the company anymore)

                                        I see standard notes mentioned quite often here but the free version does not support anything but plain text, does that mean people buy plans for stuff like markdown, check lists etc or am I missing something?

                                          0xsigsev I'm a Proton Unlimited customer and got a hefty discount for Standard Notes. I also presume that a number of Standard Notes users are also Proton users, crossing their fingers for Standard Notes to integrate into the Proton ecosystem.

                                          But I agree, Notesnook has much for features in their free plan compared to Standard Notes, which is just a glorified text editor in the free version.

                                            0xsigsev Anytype can offer a lot of that for free, 1GB storage, no registration.

                                              What do you use for file management? I find most apps missing basic functionality coming from iOS. For example, no way of merging pdf files or deleting duplicates.

                                                DrantaRAT this is not a basic functionality of a file manager and I believe very few file manager apps have it. You should look for a specialist app that has the set of features you need if it indeed exists. You may in fact use several apps to cover that desired functionality.

                                                Don't compare with particular app on iOS, even Android. Some apps can do what others can't and vice versa. Find an app that best suits your expectations.

                                                • N1b likes this.