Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

sugar_in_your_tea

@sugar_in_your_tea@sh.itjust.works

Mama told me not to come.

She said, that ain’t the way to have fun.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

sugar_in_your_tea ,

My last company was Linux only, and we could pick whatever we wanted. My current company is macOS only, which isn't great but at least it's not Windows.

sugar_in_your_tea ,

Why? macOS feels a lot like Linux in my regular workflow, which is largely terminal based. There's two decent package managers (homebrew and macports, I use macports), tmux and vim work as you would expect, etc. 90% of my workflow is the same between macOS and Linux.

I've tried WSL, and the workflow just doesn't feel right.

But at my company, there's another huge caveat: IT locks down the Windows machines, whereas there's pretty much no oversight on the macOS computers. That has a ton of value for me.

sugar_in_your_tea ,

Yup, the web page is good enough. I only use the desktop client on my work computer (macOS) for the meeting notifications, which the webapp also provides (but it needs to be open).

sugar_in_your_tea ,

Yup, I'd pay maybe $1. That's way more than the ad revenue search engines get, so it's a more than reasonable price to pay.

sugar_in_your_tea ,

Google's ad search revenue amounted to 175 billion

That includes way more than search:

That “search and other” figure includes revenue generated on Google’s search properties, along with ads on other Google-owned properties like Gmail, Maps and the Google Play app store.

I couldn't find a reliable source for a breakdown, so I'll use Microsoft Bing statistics instead:

  • $12.2B ad revenue in 2023
  • ~1.3 billion unique visitors globally as of March 2023
  • $9.66 Bing revenue per user

That last number is really close to my $1/month figure.

So something around $1/month range seems like a fair replacement for ad revenue for a search engine.

sugar_in_your_tea ,

That sounds unlikely... But they're a small search provider with a small customer base, so costs will be high maintaining all the infrastructure needed.

As I linked elsewhere, Bing makes ~$10 per user per year. That's really close to my $1/month figure. And that's revenue, which doesn't count advertiser acquisition costs and whatnot.

I'm unwilling to pay $5/month for limited searches, but I'm willing to pay for search if it's reasonable.

sugar_in_your_tea , (edited )

Yeah, Yandex censors quite a bit, at least since the war with Ukraine:

Yandex, the leading search engine for Russian speakers, has meanwhile tightened its censorship, removing independent media from its search results.

And Yandex altered results to trash Navalny.

But at least they have a banner when they're likely censoring stuff.

So I absolutely wouldn't trust it for anything related to politics or Russian interests. Maybe it's okay from a privacy and non-Russian interest perspective though, idk, but by default I don't trust it because Russia is so repressive against media in its country.

As for DuckDuckGo, here's what I found:

That said, it seems as if it's just reducing the search ranking for Russian "disinformation," not removing results. That's annoying, but not as troublesome as Yandex or Google. BTW, I found all of those links through DDG, so it's not like they're trying to hide anything.

sugar_in_your_tea ,

I've never used questions to search, I use keywords, even with Google. So if I want info on the Russia-Ukraine war, I'll search "Russia-Ukraine War". If I want casualty numbers, I'll add "casualties" there, probably at the start if I want to emphasize it. Searching "how many people have died in the ukraine war" has never been something I do.

That said, natural language search may be more useful with AI tools though, but for regular search, I've always used keyword-dense queries, roughly ordered by priority in the query (important terms first).

sugar_in_your_tea ,

Dynamic DNS only works if your IP is publicly routable. My ISP (not sure about OP) puts us behind NAT, so the only way to expose services on my network is through a tunnel, like a VPN.

But many ISPs do provide a routable IP. My last ISP did, so it's not uncommon.

And you don't necessarily need to own an IP, services like FreeDNS let you use a subdomain from someone else, but a domain can be as little as $1/year (for TLDs like .site and .store), so it's probably better to just get one. I have like 10 domains, and they only cost $10/year each or so. But if you just want to try out hosting something, using someone else's isn't a bad way to go.

sugar_in_your_tea ,

Yup. Police will probably do nothing, but having that number on file gives requests more weight because refusing to comply could get the police involved.

sugar_in_your_tea ,

If it's on a VPS, the host can see your traffic. That may or may not be an issue for you.

You may be offered a free premium Telegram subscription – but please don’t accept (archive.is)

Telegram is giving away FREE Premium subscriptions! All they need from you is to use your cell phone as a relay to text out their OTP codes! And the recipient of the OTP sees your phone number! What could POSSIBLY go wrong with this deal?...

sugar_in_your_tea ,

Wow, that's super sketchy.

I'm trying to get my wife to use something decent, and I think Signal is the way to go. It's focused on P2P communication so it's a better replacement for SMS and whatnot, but it also has groups so it can also replace MMS. She likes Discord, but I don't think she'll be as keen to try out Matrix since she'll just wonder why I don't just use Discord.

sugar_in_your_tea ,

IDK, forcing someone to use a certain app to contact you seems a bit extreme, and something that could cause conflict in a relationship. But that's just me, I obviously don't know your situation.

sugar_in_your_tea ,

Looks cool, thanks! I'm interested in P2P platforms in general, and this seems like an interesting middleground between P2P and centralized.

sugar_in_your_tea ,

Yeah, it looks like a centralized service that behaves like a distributed one. I may even (re)learn Haskell to properly understand it.

It also looks like it's intended to be used for applications, so that's pretty cool too.

sugar_in_your_tea ,

Cool. I mostly wanted to warn others in case they tried to do this without the proper consent.

My kids also only use Linux PCs (mine, they'll likely get their own when they get older), have no personal devices, etc, though we're getting close to the point where they'll want them. I also refuse to use any of the mainstream stuff, and I try to persuade my wife to use it too.

sugar_in_your_tea ,

It lets that person know your number works. If that person happens to be a scammer or solicitor, you could run into issues.

otl , to Privacy
@otl@hachyderm.io avatar

Finally deleted my LinkedIn account!

After putting my account into "hibernation" for the past few weeks, I finally closed it. But I'm still looking for work. Thankfully I can still find positions (SRE and software dev) by just going directly to the company's site and finding a Jobs page.

Good luck to everyone else out there looking for work!

@privacy

sugar_in_your_tea ,

Same. I keep mine, but I don't actively use it unless I'm looking for a job.

sugar_in_your_tea ,

Things could be encrypted. But yeah, that's my biggest issue with the fediverse, it's just not designed around privacy. It's also why I'm working on my own lemmy alternative, I want something a bit more privacy-friendly.

I don't think working on a LinkedIn alternative is worthwhile because it relies even more heavily on the network effect. The only point I see in LinkedIn is in finding jobs, and getting employers to look at something else is an uphill battle I don't want to fight.

sugar_in_your_tea ,

I got my current job through it, and it's a great job I never would've found otherwise. So I think it's absolutely worth keeping.

I keep forgetting about it though. I block all of their messages and only check it if I'm looking for a job.

sugar_in_your_tea ,

Sure, if you actually use it to post. I never do, I just use it to submit applications and respond to recruiters' messages.

sugar_in_your_tea ,

The point would be sharing data that's not useful without the key. So you could share your public key and public metadata, but to access private data you'd need to get approved first. An approval request would be encrypted with your public key and contain a response key, and your response would contain your response encrypted with their key.

You obviously wouldn't be able to control what they do with your data once decrypted, but all of that back and forth can happen in the clear without giving up private information. It's the same way GPG/PGP works over email, just on a fediverse instead of SMTP.

It really wouldn't be all that hard to implement, I just don't think it would get any meaningful traction because LinkedIn is so reliant on the network effect.

sugar_in_your_tea ,

Federation isn't the magic bullet you make it out to be. In fact I disagree with pretty much everything you said, but we probably agree on some fundamental concepts. I just believe federation isn't democratic, not even a little bit, it's just silos of control.

I think we need distributed platforms where data is owned through encryption and signatures. Think gossip protocol with PGP encryption and web of trust based moderation. It's still not democratic, but it puts control in the hands of individual users, not instance admins.

Similar to what Churchill said of democracy, Lemmy/ActivityPub is the worst form of social media, except for all the others. Federation isn't the goal imo, decentralization is. It just turns out that a ActivityPub and Lemmy are available today, which is why I'm here. Reddit was the best option before now (open source frontend, friendly API, etc), but that changed so now I'm here.

So no, don't enshrine a particular solution into law, focus on the principles of privacy and decentralization.

sugar_in_your_tea ,

everyone for themselves.

I'm not suggesting that at all. What I want is the next logical step after federation, which is basically data being distributed.

Basically, I want BitTorrent, but for social media. So there would be no instances, only communities (so no community@instance, just community). Right now, if lemmy.ml goes down, all of the communities hosted there go down and people would need to migrate elsewhere. With a distributed system, if someone drops out, the community goes on because it doesn't live on any one system. Lemmy could mitigate that with a feature to move a community, but you still have the fragmentation issue.

The tricky part is moderation, but I'm thinking that could be done through votes and reports/blocks. Basically, if you vote the same way as someone consistently, you'll start to trust their votes, reports, and blocks more than other uses, and you could enable automatic moderation to hide stuff based on someone else's moderation.

So you would no longer need to rely on a centralized set of mods for a community, you'd instead pick mods yourself based on who you agree with. So you and I could have a separate set of "mods" for the same content. At any time, you could inspect the moderation to see if you agree with it, and your account would learn what you like and don't like. This kills the "power hungry mods" issue that kills so many communities (i.e. I've left subreddits purely because of mods), though I'm a little worried it'll push people even more into echo chambers.

The important thing, though, is that it puts the control directly into the hands of the users, with a set of tools to customize it. And there could be multiple competing clients to handle the moderation differently. I think it's a bit more democratic than what Lemmy provides.

its okay to disagree

I absolutely agree.

My point is that I see federation as a stopgap to something better, not the destination, and it's totally reasonable to disagree. I just think federation will have similar problems as centralized services, and that it's inevitable once it grows to a certain size.

sugar_in_your_tea ,

leftist

Maybe you're just using this as an example, IDK, but I've seen a lot of people here on lemmy seem to conflate technology and political ideology. Technology can be a means to a political end, but equating the two just encourages dogmatic loyalty, and discourages diversity of thought.

But maybe I'm projecting here, IDK.

And yeah, I totally get the concern over splitting the community with too many different ideas (i.e. the Standards XKCD). My concern is that federation won't scale. Users have demonstrated that they'll largely join a handful of big instances, and those instances are poorly funded (often run by some generous benefactor) and fairly expensive to run. And that's with just 50k or so monthly active users, imagine what's going to happen if it ever gets to Reddit scale...

So that's why I'm interested in distributed social networks, they scale really well with lots of users, in fact, they can work even better the more users they get (e.g. BitTorrent). So if we're looking for a grassroots tech stack, it should be distributed. I'd really like someone else to build it (hence why I bring it up, to hopefully get someone to do it), but I'll hack on it in the meantime because I find it fun.

That said, lemmy is good enough for now, hence why I'm here. I just don't see it as a long term solution.

sugar_in_your_tea ,

saying it will work when we have no signs for it kinda is

I'm actually working on a proof-of-concept, but I honestly would prefer to not head the project. I don't think I can commit long term to a project like that, I hate being the center of attention, and honestly I think someone else would do a better job pushing it forward. But I'm intrigued by the tech, so I'm trying my hand at building it.

If I have something to show, I'll post it here. But at least from the initial work I've done, I think it should scale nicely. I'll probably get tired of it before "finishing," but I guess time to tell.

I do like lemmy and the fediverse, I just want to be prepared for it falling apart. I think it's seeing some uptake issues because of fundamentals of the fediverse (needing to understand federation just to join communities, for example), and that will limit its mainstream appeal. But I'll keep using it until there's a credible alternative.

voting to become federated

What exactly do you mean by this?

successor to crypto

Honestly, I think crypto is fine, and I'm particularly interested in privacy coins like Monero. The main issue they have is speculation, but honestly, that happens with fiat currencies as well, and if people start using something like Monero regularly that speculation will likely end up in the noise.

That said, I wouldn't say no to something like GNU Taler getting picked up by a privacy-friendly organization. I'd love to see Mozilla integrate it so I could use Taler for payments to various online services.

Have a good one.

You too!

sugar_in_your_tea ,

making PRs

I have actually made a few PRs when I first came to lemmy. I fixed a few bugs that bothered me, implemented a feature I wanted, and took a couple extra bugs from the issue tracker that bothered others. I thought about making my own client, but decided to try patching the existing ones first, and that ended up being easier.

I've stopped being active though since I'm satisfied with the platform as it is. I've considered hosting my own, which might get me to optimize the BE a bit, so I guess we'll see. But I really do think the project is solving the wrong problems, so I prefer to spend my hobby time experimenting with P2P apps since I think that's what we'll ultimately want, but I'll absolutely help if there's any project that's remotely close to what I want.

I don't have anything to show yet since it's rough and I don't want to publish anything without a good moderation story, but hopefully I'll have something later this year.

new search function

I almost did, but the current one (new since I was originally interested) is good enough. Maybe I'll add it to Jerboa or something since it completely lacks post/comment search AFAIK (should be easy now), but searching on my mobile browser works well enough.

But this gets back to the core design decisions. It can't search stuff it doesn't have cached locally, and abusing ActivityPub to broadcast search would have a risk of enabling amplification attacks.

The proper solution to search, imo, is a separate service that indexes as much of the fediverse as possible. That's a massive project, and about on the scale of building a replacement, not to mention hosting costs. I could probably build it as a P2P app though, but at that point I might as well continue with my project since it has other benefits as well (e.g. single namespace, almost no hosting costs outside a few relays, etc).

Voting, as in you vote for something to happen. Democracy. We should federate it so everyone can do it, probably cryptographically or some other way.

Right, but how does that actually work? Every proposal I've seen for distributed voting systems has issues, and federating it won't solve them. Here are a few off the top of my head:

  • barrier to entry - how are you going to get Grandma to use it?
  • malware voting on your behalf
  • privacy - how can you prove dead people aren't voting while also preventing people from knowing if you voted?
  • are normal people going to trust it? We have enough issues with people not trusting voting machines, despite no evidence that voting machines have been exploited to any real degree

I'm satisfied with the current system in my area, which is mail ballots with a barcode so voters can see whether their vote was counted. That's good enough, to the point where I'm going to put my efforts toward getting better voting systems (i.e. ranked, approval, or STAR voting) instead of more cryptography.

You‘re making an alternative to the fediverse because of issues you cant be bothered to solve

I'm making an alternative because the issues I want to solve are fundamental to federation, namely:

  • confusing namespaces - you need "community@instance", and most people would prefer just "community"
  • power hungry mods - the ones I've seen are okay, but they were also okay on Reddit until they weren't; we could vote for mods, but then interested parties could just bot spam their way in
  • hosting costs are high - you need to store everything for every community your users are interested in; that's not going to scale well, especially with so much duplication

I can't submit a PR to fix those, because if I try, it'll just be a hack that's going to have repercussions. Those are design decisions we'll just have to live with for now.

So I'm addressing it with a personal research project, and here's briefly how I'm solving them:

  • no namespaces, just "topics"
  • no permanent moderators, moderation is based on people you explicitly or implicitly trust (everyone would start with some default set)
  • hosting costs are $0, unless you run a relay on a $5 VPS; all storage is on user devices (aside from caching nodes to help with availability)

The hardest part is moderation, which is also the biggest selling point, at least until lemmy instance admins can no longer afford to keep hosting.

I think I can make an ActivityPub bridge as well, and I may end up having it act like a lemmy instance to help seed with data. But that's not in the initial goals, I just want to see if client-side moderation based on votes and whatnot can actually work well.

sugar_in_your_tea ,

The issues that lemmy solves

Oh, I'm not saying the issues it solves aren't important, I'm saying it's focusing on the wrong goals.

What I want out of lemmy is a credible Reddit alternative (so link aggregator with comments), that will be around long term with minimal disruption. It succeeds as a link aggregator, I'm worried about longevity based on its design.

Lemmy also had a goal of being on ActivityPub. Link aggregators (I assume) have a ton more shared data than something like Mastodon. But I don't know for sure, I haven't hosted either, it's just a hunch. Likewise, people already complained about having to deal with a ton of instances on Mastodon, which seems to be an adoption issue for new users. Those aren't solveable with lemmy as designed since they're quirks of federation, but it was probably a faster way to get something out.

I want to be able to see all communities, not posts or comments... together with a rought member and post count

Ok, that's pretty reasonable. I'm not sure how syncing those statistics would go without subscribing, but it's probably not a ton of work.

But isn't that essentially what [Lemmy Explorer] (https://lemmyverse.net/instance/lemmy.world/communities) is for? You get all of that info, and can narrow by instance if you want, even if your instance doesn't federate with it.

Not sure if it was you, but there's an issue for it with generally positive responses. I agree with Nutomic's concern that this could be a lot of data (world alone has >10k communities), but as another user mentioned, we could filter by active communities and drastically reduce that.

The reason we are all here and the ultimate goal of lemmy and the fediverse imo is agency, nothing else

That's pretty vague IMO.

I'm here because I want Reddit, but Reddit made some choices I strongly disagree with, such as:

  • effectively closing its API, which killed my favorite apps
  • selling user data (more recent)
  • "new Reddit," which harvests more data than before; also, new Reddit isn't open source AFAIK
  • sacking mods and probably replacing them with AI

I honestly don't care about federation or ActivityPub, I'm just here because it replaces a service I like but refuse to use. Maybe that's what you mean by agency, but for me personally, I'd just not use any social media if lemmy didn't exist (or maybe I'd go back to hacker news).

So that's the lens I'm seeing things through. I see Lemmy as a temporary stopgap, and I'd really rather not invest a bunch of time into something I think needs to be replaced. But I do believe in cleaning up my corner of the world, so I'll contribute here and there, and I hope to donate to my instance once they accept donations (I've asked).

Maybe we should connect on github or something

Perhaps. I'll save this comment so I can come back later if interested. I'm not in a position to really commit to anything right now, but perhaps starting a Matrix channel for like-minded people would be interesting.

I'd much rather keep discussions in some publicly accessible medium than over DMs, so hopefully someone else can pick up the torch when you or I inevitably lose interest.

That said, once I have a working project, I'll post it on a few relevant communities for review (probably under an alt). So you'll at least hopefully see that. I work primarily in Rust and plan to build my MVP with Tauri and Iroh, but I'm fairly comfortable in a variety of languages (Python and Typescript at my day job, lots of years with Go, looking into Haskell because FP rox and I want to study SimpleX chat).

If you want help on a project, post about it and I'll take a look. I'm comfortable with most fullstack stuff (databases, React, Docker, etc).

sugar_in_your_tea ,

Here's an article with most of the relevant information for those who don't want to watch. Basically it's the story of D3f4ult and Cracka, two hackers who embarrassed the CIA and got arrested for it.

The most interesting thing to me is that they were uncovered because one bragged about it to his friend, who likely turned him in (or, since it was over Xbox Live, maybe it got caught in a filter or something). That's the #1 rule of criminal OPSec, don't tell anyone about your crimes.

The message for the general privacy community is similar, you're only as safe as your weakest link. For example, nobody cares if your email is self-hosted at an anonymous VPN and triple encrypted or whatever if you send plaintext emails to your friends and family on less secure email services.

sugar_in_your_tea ,

I did...

sugar_in_your_tea ,

Story of my life. Fortunately, now that I'm older, I often catch myself and provide the context. But not always.

sugar_in_your_tea ,

How is the ad blocker? I use Brave at work for debugging frontend code, but I don't really trust the org behind it. But I need something in the Chromium family to test our app, and the ad blocker is nice (main browser is Firefox).

If Vivaldi's ad blocker is as good as Brave's, I'll switch. I'll probably keep Chromium on my personal computers though (all Linux) because Vivaldi isn't open source. I use it very rarely since Firefox meets my needs, so it's less of an issue.

sugar_in_your_tea ,

Cool, I'm playing with it. One concern is that it's closed source.

I'm not going to use it as a main browser most likely though, I'm happy with Firefox, but I need something for when websites refuse to work w/ it.

sugar_in_your_tea ,

Eh, several seems like a bit much, but diversity in general is good. I use Firefox because it solves my needs, but I need a Chromium-based browser for random broken sites.

sugar_in_your_tea ,

You'd use a password to encrypt the keys and/or store that key in your password manager.

sugar_in_your_tea ,

Cool, I haven't heard of this! Thanks!

sugar_in_your_tea ,

I wish I was lost in dessert, but it's better for my wasteline that I'm not.

And good on VLC for standing up against this. This type of thing should absolutely be opt-in by the developer.

sugar_in_your_tea ,

Yup, the network effect is real.

Maybe you can set up a bridge for those who want to switch? You'd still need both until all everyone moves over, but it reduces friction in that process.

sugar_in_your_tea ,

Yup. If you're paranoid, you can self-host and watch network traffic to ensure things are encrypted when they're supposed to be.

sugar_in_your_tea ,

Set up two clients and send data between them. You can have it log out exactly what data is being sent since the whole thing is FOSS.

sugar_in_your_tea ,

Be careful with Motorola, here's a Louis Rossmann rant about Lenovo/Motorola sucking, and here's the official unlocking policy and procedure he mentioned. Some specific issues to call out:

  • need to wait a week before unlocking the bootloader after purchase
  • you lose your Motorola warranty
  • you cannot sell or transfer your unlocked device (in linked legal agreement)

That's pretty scummy IMO, and why I'm not interested in Motorola devices. I don't intend to ever use the warranty or sell my phone, but I'm not okay with that being a legally binding agreement.

sugar_in_your_tea ,

graphene or calyxos is out

Graphene can run actual Google Play services sandboxed, so you might be in luck. I think CalyxOS has Google Play installed by default, so they may work as well, though it doesn't seem to be sandboxed. DivestOS may be an option as well.

Here's the page I'm pulling this from, I don't have any actual experience here (though planning to get a phone with an unlocked bootloader soon).

hoping in 5+ years time when my phone stops getting updates, that things will be a lot better in the linux mobile space

That's what I thought 4-ish years ago when I bought my current phone when I realized PinePhone wasn't going to be daily driveable, but things don't seem to have changed much (MMS seems to have gotten better, but still incomplete). Now I'm ready to replace it, and Linux phones still aren't daily driveable for me, but it's much better than before.

I'm still hopeful, but a little less excited than I was 4 years ago.

sugar_in_your_tea ,

Nah, just ask the telecoms nicely and they'll give you whatever stream you want.

sugar_in_your_tea ,

sharing apps

Yeah, unfortunately that's not possible (legally) without being the digital store owner (like Valve for Steam) or the seller of the app. Fortunately, we don't buy apps, so it's not an issue (everything we want to share is a free download, like Netflix or whatever).

But I think the rest should be possible, there just isn't a nice, FOSS ecosystem for it.

Plex

I've never actually used it. I just configured minidlna to stream in my home, so I put my movies and whatnot on my NAS and it's available on my TV. I set up a Samba share for my wife so she can upload/download whatever she wants, and it's working well.

sugar_in_your_tea ,

Unlocked meaning you've unlocked the bootloader. So if you want to flash your own ROM, you agree not selling your device.

I'm not sure if it's enforceable, but it certainly chills people from trying.

sugar_in_your_tea ,

Does everybody have a personal beef with this disgusting person?

IDK, seems like it. But that still has nothing to do with the product itself. As long as the product is good and is FOSS, I can look past the people behind it.

It is mostly a rebranding of AOSP features with app permission controlling and firewalling.

That's a good thing IMO. The more an Android ROM deviates from AOSP, the more difficult maintenance becomes and the more problematic a toxic core contributor is.

There are only 3 things they ever did on their own as extras, and even they have basically no value in the grand scheme of things

That doesn't match with what I'm reading online. This comparison table lists a number of differences between the various projects, and many of those are important to me. That source claims to not be affiliated with any of the projects (I haven't done much due diligence though).

I don't really care if these changes were made by GrapheneOS themselves or pulled in from other projects, the end result is a more interesting product that has a fast response to security updates.

Look at Linux distributions, most aren't anything more than a set of configuration changes, packaging policies, and maybe a home grown package manager. Yet there are interesting differences between Ubuntu, Debian, Fedora, Arch, openSUSE (my preference), and others. It's all mostly the same code underneath, just packaged differently. That's what I want from an Android ROM, a secure, privacy-focused configuration.

It's not snake oil if the difference between ROMs/OSes are tangible.

This person is who you seem to like.

I never said I liked him, I said the website has valuable information. I don't really care who makes the recommendation provided the statements are independently verifiable, and they do a way better job of linking sources than PrivacyTools.

At the end of the day, I'm not blindly trusting anyone's advice and I'm looking at a variety of sites. I actually disagree with some of the recommendations, especially omissions, but I can usually find those when searching "X vs Y" with two recommendations from their site. Privacy Tools includes some odd suggestions, and it seems like they just throw a bunch of stuff that claims to be privacy-focused without doing much research (or at least they don't link anything).

Ken Thompson, co-creator of Unix and C, on why we should be able to trust the developer and NOT the code.

That's not my takeaway, in fact it's the opposite.

I don't believe in trusting developers, I believe in a mix of security audits, reproducible builds, eyeballs, code signing, and cryptographic hashes. Developers can be bought, accounts can be hacked, etc, but code can't. For example, I don't think Linus Torvalds would intentionally break Linux security, but that's not why I trust Linux, I trust is because it's the subject of a lot of security researchers, large organizations, and a team of proven-capable subsystem maintainers. If I trust the developers, they could sneak in a malicious Trojan horse like Ken Thompson mentioned and I'd just roll with it.

As the Russian proverb goes, "trust, but verify."

selflessly

Well, you certainly talk about it a lot. Maybe you're genuine, but that's kind of irrelevant. I trust technical sources, not personal attacks.

I'm not suggesting you create a wiki at all, I'm saying that having a community effort for a wiki could be valuable. The place for a mod, imo, is to police rule violations (ideally mostly responding to reports, not active policing), and those rules should come from the community they operate in. Issues arise when the police make the rules. Maybe it makes sense for a mod to coordinate that effort, but contributions should come from the community with proper sources and whatnot.

I will not lie or sugarcoat things

And that's commendable, I prefer transparency when I can get it.

My issue here is that I think you're letting your distaste for individuals (however well founded) supercede technical discussions. I think it's reasonable to put a footnote on the technical discussions noting potential conflicts of interest (e.g. Microsoft's push for TPM is commendable from a security standpoint, but there are concerns about NSA backdoors, chilling effect on alternative OSes, etc), but not reject projects entirely just because of an association with a distasteful entity. For example, most here don't trust Google, but that doesn't mean Chromium-based browsers are automatically bad. Doing so is just poisoning the well. Provide 2-3 points of independently verifiable, technical evidence of BS and that makes a pretty strong case to avoid something.

But that's my 2c. I absolutely thank you for your efforts and intentions, and I appreciate the transparency. However, that doesn't necessarily mean I agree with your conclusions, though I could be persuaded with technical arguments. Since you seem to believe GOS is all marketing fluff, perhaps we could start a community initiative (I'm willing to help) to verify claims of various projects. At the end of the day, citations and methodologies should carry the day.

sugar_in_your_tea ,

seems to get pressured by Daniel Micay (thestinger) himself and his minion/mod mbananasynergy in GitHub issues all the time

I read a few of those, and I didn't see any kind of pressure, just clarifications. And they provided information on not just GrapheneOS, but LineageOS and AOSP.

That's exactly how I would handle things as well if I was working on a project and someone publishes a comparison table that gets posted a few places.

As for why GrapheneOS is mostly green, I guess there are three explanations:

  • GrapheneOS is really that good
  • GrapheneOS happens to meet all the metrics the author is interested in
  • nobody has bothered adding other fields (most likely)

But it's also not all green, GrapheneOS gets red for Google Pay compatibility and device support, which are two pretty important categories for many people.

If you know of categories where GrapheneOS doesn't do well, by all means, suggest them in an issue or open a PR. It's the best comparison I've seen, and seems worthwhile to contribute to.

It is either impossible for one person

Well yeah, Linus Torvalds does almost no actual development, but he's involved in merging patches. That job has value, and the end result is that people trust his branch.

That's the same way I see GrapheneOS or any Linux distro, it's just a handful of patches and configurations on top of a common core. AOSP is a high quality OS and there are lots of independent researchers looking at it, so it's a good base to build on, with the main problem being integration with Google services. Forking it is a huge task, so they should stay as close to AOSP as they can while achieving their goals.

And yeah, if GrapheneOS is an embargo partner, that's has a lot of value, and I hope other ROMs are able to get that as well. Faster access to patches is a good thing.

Code can be bought. Developers can be bought

Sure, and that would likely be pretty obvious, and can happen to pretty much any project. But the community could easily fork it and move on if that happens. That's what GrapheneOS did when they split from CopperheadOS, and that's what'll happen if GrapheneOS is bought or compromised.

So the real concern isn't with copyright, but with Trojan Horse inclusions, which is where security researchers come in. GrapheneOS has documented how to audit their changes vs AOSP, and they share code with other projects, which apparently has uncovered more bugs. That sounds pretty responsible to me.

Micay wants to steer everyone away from Firefox towards Chrome

But Chrome is superior to Firefox on mobile in terms of security because Mozilla hasn't ported many of the security features from the desktop browser. That's a fact. There's also an argument that Chrome is more secure on desktop as well, but there are tradeoffs to that.

I don't see any evidence that Micay prefers closed source code (most of Chrome is open source btw), so I'm not sure where this is coming from.

Fuchsia is the future, where Google's microkernel

Well yeah, Fuchsia is incredibly interesting and mikrokernels have fantastic security and isolation properties. If Google can pull it off, it'll be a really interesting kernel to use.

However, there's a reason mikrokernels aren't very popular: they're kind of difficult to work with. It just so happens that having your drivers in kernel space is incredibly convenient and performant. RedoxOS is another interesting mikrokernels project, and both Windows and macOS' kernels are moving that direction (both are hybrid kernels).

So it's only natural for him to be excited by it, I'm excited too. I don't like Google much, but their FOSS R&D side is really interesting. I don't know if he's a "fanboy" (I haven't bothered to do more than a cursory read of the links you've provided), but that's only relevant if it impacts his security choices (e.g. trusts Google with user data "for security").

feature rebranding plus firewalls, app permission modifications and stuff you can do without rooting, I see absolutely no reason how it claims to be better than anything else

Sane defaults has a ton of value. Most people don't know how to configure an OS to be secure.

It's not the only option obviously, that's just stupid dogmatism, but it is a good option, and perhaps the best option out of the box. There are also security features that Pixels have that other phones either don't or lock away from users, so GrapheneOS can have even better defaults than others due to the hardware it's limited to (e.g. the open bootloader). Whether that matters to you depends on what you're looking for.

So I'll agree that dogmatism should be policed, but ideally with reminders and not comment removals. Maybe have a three strikes policy or something if you're worried about repeat, intentional offenders.

why Google hardware is backdoored by NSA

I'm guessing most phones are, or at least compromised by the NSA. The NSA's job is to maintain backdoors to go after national security threats, so there's no reason to expect any default configuration to protect you.

Projects like GrapheneOS try to protect you as much as they can, but at the end of the day, anything that touches a network is going to risk.

That's why I'm so excited about Linux phones, the Pinephone and Librem 5 both have hardware kill switches for times when you're worried about surveillance.

Snowden lives in Russia to stay alive

Yet Snowing allegedly recommends GrapheneOS. Unless you think Micay is bullying Snowdon as well...

https://sh.itjust.works/pictrs/image/449f5fb4-b78c-4c2e-89b4-445643697b04.png

That said, I don't put a ton of stock into what Snowdon has to say. He's not a security expert, he's just a contractor who got away with government documents. He's careful, but fairly average.

Apple's security chips have all been pwned, and their latest one also got pwned recently

Sure, that's going to happen because they're a big target. That said, it's unlikely to impact regular users because those attacks are quite sophisticated and often caught by security researchers pretty quickly. The Android market is more sketchy because there's so much more diversity to the point where security researchers are going to miss a lot.

Regardless, staying up to date on security patches is the best line of defense, and sandboxing everything is the next line. GrapheneOS provides both.

"security by obscurity"

Ok, you lost me here. What they're providing is security by layers (sandboxing, reducing attack surface by having less stuff running, etc) and rapid security updates from upstream.

The proper solution is to completely open source the telephony stack, but that's not happening for any phone (though the Pinephone community is reverse-engineering theirs, so that's cool).

sugar_in_your_tea ,

propaganda dissemination

I read or skimmed each of your links each time. I'd quote from them, but it's incredibly annoying since that particular link is an image and the others are massive walls of text (that mostly attack the character of individuals, not technical work).

I'll quote one particular part that relates to what I'm talking about:

Attack the message rather than the messenger

You seem to do the opposite. I agree those people suck, but I don't agree that implies their work sucks.

There is nothing "out of the box" about flashing a custom ROM on any phone

Out of the box means what you get right after installing the ROM. It's the set of defaults. Like on a Linux distro, it's the firewall configuration, default apps, memory allocator, etc.

Modifying app permissions and using a strong firewall can be done without root

It's still not going to get you everything GrapheneOS, DivestOS, or CalyxOS provide. A firewall isn't going to protect you from an app accessing files it shouldn't, memory exploits from an attacker, or fingerprinting with your MAC and IP address.

Custom ROMs provide a level of protection that users messing with permissions and firewall settings won't get. Here's how I see it, using the Pareto principle:

  1. 80% of privacy benefits with app permissions and a firewall
  2. 80% of the remaining benefits by installing a decent custom ROM (GrapheneOS, DivestOS, CalyxOS, etc)
  3. GrapheneOS will leave you a bit more secure than other ROMs due to per-connection network spoofing, storage segmentation, EXIF metadata stripping (could be done with an app), etc
  4. Linux phones - no oversight from any tech company (huge privacy win), complete control over the OS, etc

As you go further down that list, you get more painful tradeoffs. So you need to decide how far down that list you want to go.

I think GrapheneOS has the best trade-off of usability vs security and privacy, but everyone is different. For some people, even LineageOS has too many tradeoffs.

He did all the development needed to be done.

I don't see how that's relevant at all. Linux was incredibly insecure, had very liked hardware support, etc until others joined. These days, most code comes from manufacturers building drivers or large tech companies (like RedHat) driving subsystem development (BTRFS, systemd, etc).

These days, the value of a Linux distro has very little to do with the developers (people who write code) and everything to do with the maintainers (people who build, test, and publish packages).

Google partnership is avoided by other custom build makers like LineageOS for a reason

Yeah, cost.

I don't know the requirements, but I know there's a trust system there. If you break the embargo and release early, that gives attackers who didn't know about the vulnerability a window to attack participating projects (i.e. the rest of the Android ecosystem) before the embargo is lifted. Here's an example of OpenBSD getting in trouble for patching before the embargo was lifted.

Perhaps those other projects just don't have the manpower, organization, or funds to get a partnership. Partnering with Google on security embargoes likely has no impact to the privacy of a given project's users, it merely has expectations on the participant.

Tor Project avoids Chromium base for both desktop and mobile browsers for multiple reasons, one of them being security

Tor cares more about privacy and anonymity than security, and Firefox likely provides a stronger base for that. But security is another issue entirely.

After a brief review of that linked Tor page, here's what I saw:

  • the first part is about an extension of Chrome, not a fork of Chromium
  • almost everything is related to privacy, not security

Here's DivestOS's take, which ships Gecko-based Mull on why Android Chrome has superior security. The big one is per-site process isolation:

Firefox calls per-site process isolation Fission and is enabled by default on desktop. Fission is not yet enabled by default on Android, and when manually enabled it results in a severely degraded/broken experience. Furthermore Firefox on Android does not take advantage of Android's isolatedProcess flag for completely confining application services.
Standalone Chromium based browsers strictly isolate websites to their own process.

That said, I agree with DivestOS devs here:

It is an important hardening feature, but the browser isn't completely insecure without it assuming it is up-to-date and that you aren't on the receiving end of targeted/zero-day attacks.

I also care more about per-site data isolation:

The goal of per-site data isolation is to prevent say a third party script from being able to store data and use that to track you across many websites, instead any data set will be keyed to the website it was set from.

...

Chromium calls per-site data isolation (network) state partitioning and is not enabled by default.

It's a trade-off between security and privacy, and Chrome arguably has better security, while Firefox arguably has better privacy. Both are quite secure, so I prefer Firefox.

It risks bricking

That's not a security or privacy issue, and is essentially the same across custom ROM vendors.

Snowden is not a security expert, but an OPSEC expert.

He's neither. He was a contractor for the NSA who had way more access than he needed (NSA fail), and was under less scrutiny vs full time employees. I think he largely got lucky and only got away once. I've read both his account and an alternative perspective and that's my assessment.

I think he has valuable things to say (and should be protected as a whistleblower), but I do verify what he says.

shutter sound

From your link (edit to post concerning the OpenCamera alternative):

The fault is with the device for not supporting standard method for cameras to disable the shutter sound on Android.

OpenCamera doesn't have as good of quality as either the system camera or Pixel Camera included in GrapheneOS (both seem to be based on upstream code).

My guess is that this shutter sound issue is from upstream, and likely only takes effect in Japan. It's a miss for sure, but the GrapheneOS docs make it clear that the goal is to have the same features as the original camera, but with some privacy and security features on top (stripping of metadata, fewer permissions, etc).

But you really shouldn't be using the built-in camera anyway for OPSec, there's too much risk of OTA updates, metadata (tons of sensors), etc. There are smaller cameras if you need something discrete, and OpenCamera may be good enough for even sensitive uses.

That said, good example of a miss by GrapheneOS, I'm interested in any more you might have. That's an odd one I wouldn't have thought of (I rarely use my camera).

Android's zero days cost more than iOS' zero days

This is an unfair comparison imo. Android gives users and apps a lot more system features, so the attack surface is much larger. I'd have to look at the report, but it's probably counting all costs across vendors as well, which have a lot of different hardware.

I'd be interested in narrowing it to just Pixels (or any other phone line) vs iPhones. That's a bit more charitable toward Android since Pixels aren't nearly as popular as iPhones, but it's at least fair from a number of supported models standpoint.

it is Apple that is sketchy, not Android

Both are sketchy. Apple is sketchy because it's closed, Android is sketchy because it's run by an ad firm and tons of data is run through Google's servers (notifications, Play services, etc).

I'd much prefer a Linux phone (Pinephone Pro ideally) to Android, but usability counts too, and Linux phones just aren't there yet.

on Google hardware with proprietary "security" chips that it refuses to open up

Every phone has proprietary hardware they won't open up, the most important of which is the modem. Even Linux phones have this issue.

So I have to ask myself what Google gets out of screwing me with their security chip. It doesn't help them get more ad revenue, and if there's a breach, it could scare customers away from using their hardware. So I don't see any special motivations for Google to compromise this and other phone vendors not to. Google surely doesn't need the NSA's money either.

If you'll look, you'll find Google getting into hardware security tokens (Titan), offering FIDO U2F on their products, etc. They want more people trusting their security so they can collect more interesting data, so it's more likely for them to fingerprint through things like Play services (to serve more relevant app recommendations) than to compromise security.

That said, if you know of a provably more secure device, I'm so ears.

Why is it the only custom Android build to get this?

That's a good question for the other custom Android projects. I'm guessing they haven't put in the effort needed or don't have the infrastructure to comply with whatever Google needs to include them.

I'll have to ask their maintainers.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • incremental_games
  • meta
  • All magazines
    •