• [deleted]

  • Edited

Graphite Michael Bazzell recommends to not do it and implies that if you cannot "live" with out GPS
then GrapheneOS may not be the operating system for you.

    • [deleted]

    • Edited

    [deleted] What do you think about his instructions on downloading Fdroid even with the security risks (https://www.privacyguides.org/android/?h=f+droid#f-droid) and refusing to download sandboxed google play services?

    Your question seems to imply complete opposite of what is written in the source, that you yourself provided.

    As for instructions on downloading F-droid: in the source, that you provided, is explicitly written: "We do not currently recommend F-Droid as a way to obtain apps."

    As for refusal to download sandboxed GPS: there is nothing in the source, that you provided, that would implicate a refusal. They only said that using Google play with the account is not great for privacy.

      • [deleted]

      • Edited

      [deleted] Sorry I was not being clear. There is a book "extreme privacy" by michael Bazzell. He tells his readers to install Fdroid as an alternative app store instead of google. He also tells readers that he recommends not to install sandboxed google play services because it "defeats the purpose of de-googling." The link was just a reference that Fdroid has some security issues. All of my questions are referring to the book.

      Sorry for any confusion.

        • [deleted]

        Graphite That actually made me lol

        [deleted] There is a book "extreme privacy" by michael Bazzell. He tells his readers to install Fdroid as an alternative app store instead of google. He also tells readers that he recommends not to install sandboxed google play services because it "defeats the purpose of de-googling."

        Having not read the book, but just a synopsis and his bio (US Marshals, advisor for Mr. Robot S01, etc.)... I'd say his audience is indeed looking for "extreme" privacy.
        I always ask, "Privacy from whom?". If your your threat model includes not only 3rd party advertisers, the big tech companies, but also law enforcement... then you'll need such "extreme" practices described in the book.
        Sandboxing Google services is enough for most people. It increases privacy from Google itself, since the google apps run without special permissions. But Google will still be able to identify you in the normal ways that law enforcement and/or criminals would care about.

        [deleted]
        Some folks “needs” preclude the use of GrapheneOS.

        In some cases, you can’t have it both ways.

        Graphite Privacy Guides has nothing to do with GrapheneOS. I don't know where you got that from. I used to be a team member over there a few months back but I'm no longer affiliated with that project. The current team and other past members are also not affiliated with that project.

        In fact, GrapheneOS and Privacy Guides have significant differences with one another. I'm curious as to where you got that assumption from.

        I have removed that post as it might mislead people.

          Graphite No problem. I'm still curious what data that is, though. Would that be me being a team member on Privacy Guides previously, or something else? Because I can't think of anyone else that is at all involved with GrapheneOS. Even I'm not involved with the project itself beyond moderation.

          @[deleted] Sorry for the tag, but I felt it was important to also stress this to you in case you got the wrong idea. Privacy Guides has nothing to do with GrapheneOS. Privacy Guides recommends GrapheneOS (along with DivestOS if you have a device that supports it), but that's about it.

          I was previously a team member there but have not been for quite a while now; I still chime in from time to time, though, both on their forum and GitHub.

            • [deleted]

            I just want to make the right choices and not make silly mistakes

            [deleted] He also tells readers that he recommends not to install sandboxed google play services because it "defeats the purpose of de-googling." The link was just a reference that Fdroid has some security issues. All of my questions are referring to the book.

            [deleted] Michael Bazzell recommends to not do it and implies that if you cannot "live" with out GPS
            then GrapheneOS may not be the operating system for you.

            The second quote especially baffles me. Granted, I know that's not what you're saying, but what Michael says in his book (I haven't read it, but I'm taking your word for it), but it makes absolutely no sense to me.

            If we assume that someone needs to use Play Services in order to get their work done, is he telling people to use Stock OS instead where Play Services has privileged access? That sounds like bad advice at best, and downright dangerous advice at worst.

            People can forgo Sandboxed Google Play, and we can talk about the pros or cons of that and different configurations based on that (such as using Sandboxed Google Play only in select profiles for select apps as needed), but this rhetoric makes no sense.

            I won't really comment on his advice to use F-Droid instead (which I disagree with), except to say that it is quite sad that currently Play Store or F-Droid are the only options that seem viable. I'm hoping that changes in the future so that folks can get the best of both worlds.

            Want extreme privacy? Throw all your electronics in the trash, live off-grid, and cut off all contacts. Anything less and you're exposed and making "mistakes."

            If you want to have your cake and eat it too by living with modern technological convenience then you need to accept that you are going to, in some shape or form, be monitored. There is no silver bullet. Pick how far on the spectrum of Luddite to Connected you want to be and make sure you can accept the tradeoffs.

            matchboxbananasynergy I'm still curious what data that is, though. Would that be me being a team member on Privacy Guides previously

            Yes. Your prior involvement. The seemingly aligned points of view on a few controversial topics. And my error about which Daniel is which. Again, sorry for the mix-up.

            Given that Google Play Store houses a ton of malware apps that get millions for download count (before reported and banned), this isn't a matter of app stores, but of the ecosystem itself. With Android, you should research apps you download and stick the most trusted and verified ones. I think F-Droid checks more for privacy features than for security, which aren't the same thing.

            Don't forget that there aside from app privacy and security, there is also service privacy and security. Some apps are 100% offline, but others rely on services. There is yet another complicated privacy and/or security aspect and it is about what Android and/or GrapheneOS developers consider privacy and security. If what I or general non-developer user population considers to be sensitive information leaks because it is supposed to do so by hardware or OS or app design, then developers may never address it. I think for developers, terms "privacy" and "security" have very specific definitions that don't match generic definitions of such terms for general user population or even privacy-security-oriented user population. It would be nice if we could get GrapheneOS developers to define those terms for us to get a better understanding of their work...

            13 days later

            Just to note that this Michael Bazzell has recently changed his mind; in his most recent ebook he explains how to set up sandboxed Google Play on GOS. He has also called it a really well done feature …

            [deleted] his latest podcast 290 and his PDF recommend for most people to use sandboxed google play.
            The only people I would advise against using it are those that are targets of 3 letter agencies.