• 1 Post
  • 90 Comments
Joined 2 years ago
cake
Cake day: June 16th, 2023

help-circle




  • Thats the thing. I buy apple products for that sole reason rather than use a GrapheneOS device.

    I want it locked down. I want it immutable. I want it matching every other device so im not fingerprinted. I want it backing up to the cloud with end to end encryption while syncing with all my other devices. I want it to airplay to my TV. I want it to be a webcam for my macbook. I want it to hold some health data while keeping it out of prying eyes. I want iMessage to end to end encrypt my text messages to other iMessage users.

    Why bother getting an iOS device if thats not what you’re after? Their products are some of the most secure devices, with the longest support life. I save money by holding an iPhone for 6 years, versus 3 years with an Android phone.

    Listen, I LOVE grapheneOS. Its just not a complete ecosystem yet.









  • There are quite a few reasons to avoid flatpaks tbh.

    • You have no control over the dependencies. A flatpack can include a very old dependency and there is nothing you can do about it. You are at the mercy of the developer.

    • Many Flatpak applications available on flathub are not effectively sandboxed by default. Do not rely on the provided process isolation without first reviewing the related flatpak permission manifest for common sandbox escape issues.

    • Running untrusted code is never safe; sandboxing cannot change this. It can be a false sense of security.

    • It is generally not a good idea to run unattended updates via systemd, as the applications can get new permissions without the user aware of the changes. See this blogpost for examples

    • Flatpak does not run on the linux-hardened kernel unless you do additional kernel modifications that could have negative security implications.