I mean, losing message history is kinda a known drawback of e2ee. not that big of a deal
zwekihoyy
joined 2 years ago
fission is functional with no noticeable issues on Firefox mobile as of like ~ff115/116. it just has to be manually enabled in about:config.
well, your own server and every other server you've ever connected to.
out of curiosity, what do you use it for? I've never been able to find a useful function of it beyond a niche party trick
telemetry as a whole isn't bad. it depends what they are collecting. companies should provide a log of the (raw) telemetry data they've collected from you. if they're not comfortable sharing it it's probably too invasive.
oh great. rooting, smh
there isn't really mitigating any hardware fingerprint. whatever you're using sounds like a bit of a scam lol.
Mobile platforms like android and iOS (more specifically GrapheneOS), are leagues ahead of desktop operating systems in terms of security because of these strict policies. and besides, you are treating untrusted code as untrusted code. I don't see the flaw in that logic.
sure, they could use more apis for accessing system directories and stuff like that securely, but that's not really in scope. this is for end users. not field deployment on an sbc for something.
that's fair I suppose, I wasn't saying not to use it, just that it is worth noting. these strict security policies are what makes mobile platforms much more secure than desktop platforms. I typically use my phone for security sensitive tasks because of this, so I tend to care a lot more about this stuff. if you have any banking info or password managers stored on the device, be careful.
I'll admit, it is pretty unlikely anything to happen, though. always just better knowing.
this doesn't matter but I found it interesting bc of all the people recommending tools like shelter and insular, using profiles or work profiles to separate data would be siloing not sandboxing.
edit: with that said, as others have pointed out, apps are already sandboxed on Android. they can only really communicate with mutual consent ipc. so say for example, Google services can communicate with other Google apps because they both explicitly call for each other. while ipc is still technically something to think about, the mutual consent requirement makes it somewhat difficult to make malicious use of it.
apps aren't capable at accessing other app data whenever they wish, though. even with storage permissions granted it only really has access to user directories (downloads, documents, etc.).
edit2: additionally, it's worth noting that using any profiles (work or normal), will increase ram and battery usage by a decent margin as this will make a second user with all system apps running alongside your main user.
any solution involving root should also be considered a non-option as well, since gaining root access completely cripples androids security model.
there is a difference between no verified boot and getting the
this device is loading a different operating systemmessage. for example, grapheneos has verified boot. anything other than stock will result in that splash screen though.