I like trains - and privacy
[deleted] Stuff like computrace exists in the bios of many work machines that can trace it in the event it’s stolen. It makes total sense as it’s not really you’re laptop, they want to be able to recover it. There’s probably guides online for your specific model on how to check if these features are enabled, maybe you could go searching and see what you find.
I am sure you already know this but you can check your browser's fingerprint here: https://coveryourtracks.eff.org/
It may or may not be very accurate but it provides a good first impression on your situation.
This one (https://browserleaks.com/) is a little more in depth. I am sure there are others.
K8y I think you need a better picture of what some of these terms actually mean. "Sandboxing" basically means enforcing barriers between processes. This is a normal feature of Android that all user installed applications are subjected to, EXCEPT for applications installed with greater than normal privileges as part of the system image. Google services are typically installed in such a way, where they have more privileges than user-installed applications. For all intents and purposes, you could think of it as Google giving themselves root (admin) privileges over YOUR phone. Now if you install google services instead as normal applications without the extended privileges that come with being in the system image, it won't work. What GrapheneOS has done, is make it so that google services WILL work (for the most part), even when installed as regular user applications, which limits its privileges just like any other user installed application. In other words, you have the ability to grant and deny permissions as you see fit.
Now here's the thing... g-camera doesn't require g-services. You can just install it standalone, and it can pretty much be considered safe within the bounds of the permissions you grant to it. For instance, deny it network access and it will be completely isolated as a local application without granting any kind of control or monitoring to google.
One caveat; interprocess communications allow applications signed with the same key to send data to and from each other, so if you had other google applications installed, they could potentially share data with each other, and if one has network access, the other could, in theory, communicate with google through it. So if you want to install multiple google applicactions, its probably best to deny network access to ALL of them.
Pocketstar
Depending on how you use TOR, exit nodes are at risk of being managed by US gov. (correct me if I am wrong)
Briar leaks metadata to your contacts (if you trust your contacts and their security practices, then this might be fine). Using a vpn might mitigate this risk, but idk how much more than just your IP is leaked with Briar. So maybe in some situations it is fine, but signal/molly and simplex are my go-to.
I'm curious, you use/suggest pairing Orbot as the vpn with briar and using TOR, I2P, and zeronet in combination to achieve a high level of privacy, security, and anonymity? I don't utilize the deep web/dark web, so I'm not completely familiar with some of these best practices.
For email (like you said, I would separate it completely), I wouldn't even use it on your GOS or what you consider "secure device." Email is by design insecure and it will be better to use secure messengers over email. I would use email on a completely different device.
ILIKETRAINS
https://grapheneos.org/releases#2024083100
Settings: add per-app storage dynamic code loading restriction toggle (applies to both native code and Android Runtime class loading for Java/Kotlin), temporarily without a global toggle until Google phases out the old dynamite module system for Google Play due to many apps temporarily depending on this through it
Eirikr70 just wanted to clarify that my first recommendation to use multiple profiles is also because you said that you use these apps rarely, so I assumed the "multi user hustle" wouldn't be disruptive day-to-day. I guess it depends on how you define "rarely."
Have you looked into alternative apps or using a PWA version instead?
If you're comfortable sharing which apps you're referring to, this community might be able to direct you to a suitable alternative that doesn't require play services. If you're not comfortable, that's perfectly fine too.
I had the same issue. After stopping the app from the Seetings>Apps menu Firefox ceased to annoy me with failed background stuff. I haven't used it ever since.
I don't know why Firefox assumes it's ok to start background processes and I've never bothered to check. I know FF on android still shares usage data (or whatever) despite unchecking the box in the settings. So I assumed it had something to do with that.
I think it's a bit premature to assume you've been hacked because FF generates errors. It's certainly not trivial to hack into a GOS device and I doubt that a sophisticated attack would solely rely on Firefox. Before you start to reset your device try to rule out any other possible explanation for FFs behavior. Then, if being hacked is still the most likely explanation proceed with a clean reinstall of GrapheneOS.
It is not worth wasting any thought on /e/OS
Thx so far. I meant to install GOS on the Pixel, not my current phone, of course.
I thought all non-natively GOS apps should be sandboxed as to to prevent security leaks.
Sounds promising so far!
Goldtop57 if not, can I install gcam in a sandbox?
if not, can I install google's camera apk in a sandbox?
What do you mean "sandbox"? All apps are sandboxed (including Google Play). Do you mean in an isolated user profile?
if GrapheneOS is easy to install
Yes. Process takes 15-20minutes and is very easy to follow as per instructions.
Bricking the phone is borderline impossible. Any problems can be fixed with assistance from community channels.
Thermometer is dope. I don't have a fever. Good stuff.
Don't these folks ever go home? It's hard to fathom how frequently updates get made with this crew.
mogacy-nadproza0m you'll be much better off with GrapheneOS plus Sandboxes Google Apps as they have no privileged rights (aka Google doesn't have more control over your phone like they do on Stock OS, similar to Apple having more control over your iPhone than you do).
I recommend you watch this great video from The Hated One for more details.
If you want more privacy (since Google will still collect all the data they get from you inside the apps), you might want to check out the Proton Suite which can replace many of the Google apps (mail, calendar, drive, docs, password manager) but they are also missing a lot.
You'll give up on some convenience, especially if you already bought a lot of Apple devices and services. All your app purchases have to be paid for again as you're now on Android and not iOS. Also your Apple devices don't work as seamless as on iPhones (but it's the same the other way around, if you buy only Google devices, they work seamless with Pixel phones but are more inconvenient on iPhones).
The sad truth is that if you want full security and especially privacy, you need to switch to Pixel phones running GrapheneOS. The great news are: Once you've done this, you'll have full agency over your data and also a nice user experience. If you only want to have security and not privacy, staying at Apple will be a good choice, but you'd have to trust that Apple will never ever abuse all the data they collect from you, despite it being the obvious choice for them to do so.
ILIKETRAINS
Yes, I also thought of OCR capabilities, but it would become quite resource-intensive, especially for legal text PDF.
I was taking an example from softwares like Dangerzone, that’s why I guessed it was maybe the reason.
In Acrobat Reader (desktop), while in Protected Mode, the basic search function is only able to search in the current page; advanced search can scan the whole document but it seems to be hindered regarding speed.
We will see.
No need to wait for an SMS. In your phone system app, go to Settings -> Blocked numbers -> Add a number
areaman have you tried installing it from the GOS App Store?
lovefromisrael i use a lot of his apps from fdroid. is that safe?
To be fair, Tibor's original apps (SimpleMobileTools) are only unsafe to use if you've installed them from Google Play, as that is where they are continuing to be updated by ZipoApps and are riddled with ads. The apps from Github / Fdroid are still "fine".
But there isn't really a reason to still use the SimpleMobileTool apps (from Fdroid) though, as you can get new features and things from the Fossify apps instead (Fossify are developed by Naveen who was involved with SimpleMobileTools by the way).
ILIKETRAINS I personally also use some of the "fossify" apps - but only those that can be used local without any connection.
Are there any Fossify apps that have network connection?
I'm sure someone will/can link the blog post about that topic.
