this post was submitted on 18 Mar 2024

75 points (100.0% liked)

Privacy

33702 readers

487 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

Degoogling - can someone ELI5 how certain apps work on Graphene OS? (lemmy.world)

submitted 11 months ago by [email protected] to c/[email protected]

70 comments fedilink hide all child comments

Hi,

I am (very, very early) in the process of degoogling. I am definitely not a high risk as far as needing to be completely locked down. It's more about trying to have a little more control over how my data is used.

I am looking at Graphene OS, but I am a little confused how certain apps (that rely on Google services) work. I have a Pixel 8 and will have it for the foreseeable future.

The apps I currently use that I would still need (or their equivalents) are:

Clash Royale (Supercell)
Notion (Notion Labs)
Clickup (Mango Technologies)
Business Calendar 2 (Appgenix)

If I installed these exact apps "sandboxed", what exactly does that mean from a user standpoint? Will I have to use a separate account, reboot my phone, etc, or is it a quick process to use the app?
Is there a list of apps that I could browse to find equivalents to the above? Recommendations here are also ok.
I saw that Firefox isn't exactly private(?) and that Vanadium is better in that aspect but I don't understand why. Can someone ELI5, and help me see if this is a relevant concern for me?

Thank you! 😁

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] -2 points 11 months ago (2 children)

This goes back to sandboxing. Basically, Firefox doesn't play nice with sandboxing. That means if Firefox gets hacked there is a greater risk of infecting the entire phone (which wouldn't happen with proper sandboxing). Vanadium has proper sandboxing, since Chromium (what Vanadium is based off of) was made for Android.

Think of Firefox as a metal crate with a few small holes poked in it. Those holes aren't a huge concern, since it would take a very skilled person to climb out of the crate through those small holes, but having holes in the first place is not great since it risks letting a person out of the crate. Chromium is a metal crate without holes, no risk of anyone getting out of that box, no worries.

Then why does the Tor Project choose Firefox over Chromium as its browser base? Chromium is incredibly insecure and full of holes. Post this wishy washy bullshit on reddit, not on Lemmy.

[–] [email protected] 1 points 11 months ago (1 children)

Maybe TOR uses FF because it's easier to modify for their purposes.

Others would call that "insecure"

[–] [email protected] 1 points 11 months ago (1 children)

Tor Project has a whole page explaining why Chromium is inadequate and bad.

https://gitlab.torproject.org/legacy/trac/-/wikis/doc/ImportantGoogleChromeBugs

[–] [email protected] 0 points 11 months ago (1 children)

Chromium is inadequate and bad.

For a anonymous browser, but not for a secure browser. The paper is purely about privacy and anonymity. No security (sandboxing, mitigations) here.

[–] [email protected] -1 points 11 months ago (1 children)

Chromium sandboxing means nothing when it leaks so much data. Tor Project has fleshed that out pretty well.

[–] [email protected] 0 points 10 months ago (1 children)

Chromium sandboxing means nothing when it leaks so much data.

The attacker can't gain access to the host with javascript.

A browser that support javascript but doesn't have sandboxing might not leak these data but when their are bug in their js implementation, the attacker can gain more access to the host.

[–] [email protected] -1 points 10 months ago (1 children)

browser that support javascript but doesn't have sandboxing

Pretty sure that both Firefox and Chromium have sandboxing. What browser are you talking about? Also the only form of attack is not a direct browser script attack. It can also be used to extract metadata, which is used to attack someone in other ways or through other software or OS.

I think you need to learn to debate coherently on internet, and work on weird ideas you have formed in your head around security.

[–] [email protected] 1 points 10 months ago

It can also be used to extract metadata, which is used to attack someone in other ways or through other software or OS.

Threat model. Regular user aren't attacked this way?

[–] [email protected] 0 points 11 months ago* (last edited 11 months ago) (1 children)

Then why does the Tor Project choose Firefox over Chromium as its browser base? Chromium is incredibly insecure and full of holes. Post this wishy washy bullshit on reddit, not on Lemmy.

Because Tor browser's goal is maximum anonymity and onion service. Firefox might be lag behind in security, but its code and features met the privacy requirements. Tor browser try to achieve some security by using noscript and block some web feature.

[–] [email protected] -1 points 11 months ago (1 children)

Firefox lagging in security is complete nonsense. Also, security means nothing if privacy and anonymity are worse. Chromium browsers are at best second opinion browsers for regular usage. Forget them for privacy and anonymity, and therefore security as well. Because you are trying to gain security against the people you want your data/metadata to be private from.

[–] [email protected] 0 points 10 months ago (1 children)

Also, security means nothing if privacy and anonymity are worse.

Security here is protection from exploits, bugs,...

[–] [email protected] -1 points 10 months ago (1 children)

And those exploits are features in Chromium browsers. Stop posting your delusional takes here, you do not have a good history anyway with BSD elitism, weird notions on security, shitting on Linux users etc.

[–] [email protected] 0 points 10 months ago

And those exploits are features in Chromium browsers.

Nonsense.