My setup on GrapheneOS with all the exploit protections on except some off for apps with compatibility issues. Thoughts?
What device are you using
Google Pixel 8 with GrapheneOS
Are those green mini icons an indication of a PWA shortcut?
I use the app Hermit to run isolated websites, usually as PWAs. It’s replaced quite a few apps, but I’ve noticed that many companies are intentionally making their web experience shit so they force you to use invasive apps.
Anyway, it can create home icons for those sites, and they run separately (i.e. in your task switcher), so it works better than browser shortcuts.
I didn’t quite catch that actually but yes it’s cromite PWAs
It does, that’s the icon for Cromite.
What’s the chrome app?
Is nano GPT 100% offline? Or self hosted?
NanoGPT is more “no-logs” from what I understand buttt you can pay in XMR and have a dedicated “account” (you get a sign in link to keep safe) and run it under tor
In NanoGPT You also got TEE (Trusted Execution Environment) models which are more private/secure from my understanding. From GPT-OSS 120B TEE:
“TEE‑based AI models run their inference or training inside a Trusted Execution Environment (TEE), a hardware‑secured enclave that isolates code and data from the rest of the system. This provides data confidentiality, protects the model’s IP, enables cryptographic attestation of the exact model version, and satisfies regulatory privacy requirements, making AI services trustworthy and suitable for secure multi‑party or decentralized applications.” One downside is that they are usually pretty expensive to run
You are also able to bring your own S3 compatible storage
deleted by creator
Firefox is not secure on mobile, Vanadium is a great browser made by the GrapheneOS devs
Firefox is not secure on mobile
Can you elaborate?
People in the comments already have “Avoid Gecko-based browsers like Firefox as they’re currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesn’t have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox does not have internal sandboxing on Android.”
deleted by creator
deleted by creator
I mean Gecko based browsers are actively recommended against on mobile. Chromium based browsers are recommended. Also I use mullvadVPN DNS based ad blocking, and I also have Brave that has built in ad blocking. Do yourself a favor and ditch adblock in favor of Ublock origin
deleted by creator
I haven’t really dived into this but I’m pretty sure GOS dev are one of the groups to recommend against it
If anyone Is wondering, this setup was based mainly on PrivacyGuides
Completely out of topic but,
I just noticed that this post has more comments than upvoted 🤣Is this my phone? Lol
You might wanna run auditor lil bro
deleted by creator
If you don’t mind hardening firefox on android. You can try Firefox with uBlock. It give some small advantage compared to Brave like more filters list from uBlock, the element picker thing, and no brave, etc. The performance can be questionable though.
I heard gecko browsers are insecure on mobile
Yes it is true. It have insecure sandbox but in your case it seem like you still use vanadium, if you only use Firefox for known website for the webapp. The insecure sandbox is not that big of a deal anymore. Still from a pure security point, Firefox is not great.
I think overall I have an edge with Brave, since I use it for NanoGPT webapp which I need to be fast or I’ll kys because it was already slow AF on Vanadium so I assume on FF it will be a lot worse
I’m thinking if I need to use WhatsApp again I’ll try to download it, connect to WhatsApp web on my laptop and then delete it from my phone. Idk if it’ll work but it’s worth a shot
Don’t!
Your whatsapp session will expire over time & you gonna need to reinstall it on your phone.
Ether install whatsapp on private space or, if you feel adventurous, selfhost a Matrix-Whatsapp bridge.Alternatively, convince your socials to use smh foss & more reliable,
Maybe telegram if they insist on mainstream,
It got a foss client but telegram doesn’t enable E2EE by default (Secret Chat).Signal would be better for a mainstream secure communication as Telegram has its flaws, and E2EE is not enabled by default. It’s also not available in channels.
Yeah I would rather just nudge them towards Signal, I very much dislike telegram and have recently retired it
:O uhhhhm, Great!! 👍 Don’t mind me, I accidentally wrote a whole blog
It happens to the best of us
I use Molly with Orbit proxy, so I feel Signal is the next best thing after SimpleX
WARNING: this reply have 2 ounces of opinion-like ““facts””, a pinch of logic that make 0 sense & a whole bottle of chunky post,
Read, at your own warrenty…Of course, signal, molly&unipush or even threema or anything more practical / security-audited is more worthy of your phone number and storing your data in an encrypted form,
I’d recommend conversation or matrix even more so they don’t require a phone number(but for some reason, they’re more scarce in usage)Since messaging apps have to do with, well, messaging people & socializing, going to a person that doesn’t have your app & genteelly asks them to install an app is an inconvenience that people want to avoid…
Don’t get me wrong, I’d spend an hour talking messaging apps their differencies & cons but, as far as I’m aware, most non-tech invested ppl would consider this “dead-time” and would rather already text on the “avaliable app”
So, instead, you’d preinstall “mainstream” apps to not even mention it and start texting instandly since you’re usually expected to have it (pre)installed. (i remember whatsapp and fb-messanger being preinstalled on some vendors)
This or use imessage & make them question their existence :) Even on android
To the best of my knowledge, the top “mainstream” apps out there are:
whatsapp, telegram, discord (yes, DiScOaRd), imessage and sadly, facebook messanger.(I know signal is getting recognised in “mainstream” & getting more adoption, but for some reason, I don’t see ppl installing it because it’s not “that” viral to have enough contacts or it would go unoticed by them because “muh FBI and privacy controversies are too creepy” )
most ppl are aware of these apps and their mass adoptions so they wouldn’t even bother and just get it done with or install the app already.
Out of these options only 2 are actually viable for secure & private messaging especially for Floss: Telegram, for being “transparent” & having it’s source avaliable for security auditing. imessage: for being E2EE encrypted by default with The Manufactureᵀᴹ showing some dedication about the anonimity & security of the product.
Telegram don’t E2EE by default, but you can just start a secret chat that would be private, at least they allowed for foss, third-party clients & made their own “proxy” while encoraging VPNs,
imessage can’t be really called floss because the offical client isn’t & is also gate-limited by The Manufactureᵀᴹ , but at least it has a foss unoffical client that still faily usable (with the compromise of needing MacOS “installed & certified” or paying for an access token.
Outside of this, there’s really no scope for consideration, most messaging apps that made it to “mainstream” ether doesn’t care about their users securities & would actively report anything big bros for " the general safety of the userbase" or be a hidden honeypot that collect dats & sell it to advertisers while lying about it. (even whatsapp does that & think we’re dumbies),
When one starts to pick for messaging applications, there’s no “choice”, “consideration” or even the qualities to think if it genually a good platform, you’re left with only dedication to utilize a messaging app for what it offers & push your circle of people to join you there…
You may convince your friends, but you can’t convince your coworker, team, boss, partner of a project, your online fellas or even your family memebers depending on their tech literacy.
OP didn’t consider ditching whatsapp, instead, they considered methods to hinder whatsapp’s privacy violations & telemetry, I’m not OP but, that’s seemingly the case;
Even if they run whatsapp on an sandboxed, private space & use a 20 yr-old trash phone, running whatsapp at all on android is a risk since android has lots of APIs that provides device metadata that can be used to uniquely profile users & fingerprint them.
I can be wrong, but I see only 2 actions OP can do:
- Utilize whatsapp web (& android vm to scan) to setup a bridging server / service (like matrix-bridge or beeper & make devices connect to it (port forward, local “vpn” or beeper) or,
- Push their circule of people to use an another “mainstream” platform OP can trust…
Sometimes, having online conversation can be totally inconvenient or tiresome, not only because of whom, but how, this is one of them…
I don’t like telegram at all, especially so with the latest policy change but, it’s easier.
Alright, in the future I will likely run an Android VM with WhatsApp using a physical SIM bought with cash or a virtual SIM bought with monero
I see,
But at this rate, you gonna always make sure whatsapp runs on a VPN AND behind a kill switch so it doesn’t leak,also maybe you’re interested in using tailscale or netbird to skip the port forwarding / domain hassle so you can connect to your matrix server and use the bridge in minutes.
There’s a new foss netbird client for android if it satisfies.
Ofc, I always have killswitch on my VPN, using alternatives didn’t cross my mind so thanks, I’ll also keep the client in mind
What’s the app directly above Orbot and Mullvad?
Cromite, but I have switched to brave since, it has better fingerprinting protection, more updates, better security and better sandboxing and isolation. At least that’s what Deepseek R1 with websearch has to say
Isn’t Brave just a scammy cryptocoin browser and ad server? I’ve heard bad things about them.
It’s audited and open source
deleted by creator
