4d ago

My apps

My setup on GrapheneOS with all the exploit protections on except some off for apps with compatibility issues. Thoughts?

148 comments

Are those green mini icons an indication of a PWA shortcut?
I use the app Hermit to run isolated websites, usually as PWAs. It's replaced quite a few apps, but I've noticed that many companies are intentionally making their web experience shit so they force you to use invasive apps.
Anyway, it can create home icons for those sites, and they run separately (i.e. in your task switcher), so it works better than browser shortcuts.
- It does, that's the icon for Cromite.
- I didn't quite catch that actually but yes it's cromite PWAs

What device are you using
- From the wallpaper and theme, looks like grapheneos on a pixel
  
  It's also in the description lmao, good catch
- Google Pixel 8 with GrapheneOS

KeePassDX, nice choice! I really wish I could have DX or XC on both phone and desktop. Love both but would prefer to donate to one. Wallet is unhappy but I really try to donate to all FOSS apps I use...
- Yeah keepass the goat! I use mainly proton and keepass for when I'm more paranoid
  
  For me that has lately been always

Keep what's app and any Aurora store style apps inside the Private Space section. Then keep it locked when not in use
- I mean currently I only have protonpass and whatsapp from aurora so I'm chilling, everything else is from obtainium. But I'll try it out (last time I didn't understand how it works, idk If it's bugged for me but the apps I put in the private space stayed on my "desktop")
  
  Proton Pass can also be downloaded from Obtainium, if you'd rather go that route.

What’s the chrome app?
Is nano GPT 100% offline? Or self hosted?
- I see two: Cromite (Green) and Vanadium (Gray, Chromium variant by GrapheneOS)
  
  Cromite
- In NanoGPT You also got TEE (Trusted Execution Environment) models which are more private/secure from my understanding. From GPT-OSS 120B TEE:
  "TEE‑based AI models run their inference or training inside a Trusted Execution Environment (TEE), a hardware‑secured enclave that isolates code and data from the rest of the system. This provides data confidentiality, protects the model’s IP, enables cryptographic attestation of the exact model version, and satisfies regulatory privacy requirements, making AI services trustworthy and suitable for secure multi‑party or decentralized applications." One downside is that they are usually pretty expensive to run
  
  You are also able to bring your own S3 compatible storage
- NanoGPT is more "no-logs" from what I understand buttt you can pay in XMR and have a dedicated "account" (you get a sign in link to keep safe) and run it under tor

Some apps that you use are not safe. Aurora store doesnt send too much data to google but it doesnt verify app signatures which can lead to installing malicious apps, use normal play store instead which verifies app signatures (its also suggested to use by grapheneos devs). Whatsapp, collects data about you. Cromite, uses adblock plus which is really bad. Also here is another reason why cromite is bad:
“Cromite has very problematic changes included which substantially reduce privacy and security. It reduces security more than it improves it. For example, it includes the highly problematic Eyeo filtering engine from the company behind Acceptable Ads, Adblock Plus, etc. which took over the forked uBlock extension misleading people with the name pretending to be the uBlock Origin project among other extensions. Eyeo’s C++ code is low quality and has memory corruption issues… Cromite including the incredibly sketchy Eyeo content filtering engine and stuff like additional codecs goes against what we’re trying to achieve. We also don’t think the randomization-based anti-fingerprinting approach works, among other issues”.
- "Casually reminds you that Ironfox exists & it's a lot more "private" than most chromium-based browsers, & has ublock origin. (slow by default tho)
  also while aurora store doesn't verifies signatures, is has Exodus integrated which dynamically analyses & warns about spyware, tracks and telemetry so you more caucious about the littered "free" apps...
  
  Yes, ironfox is good too (i forgot to mention it) but on grapheneos you will want to end up using their browser
  Avoid Gecko-based browsers like Firefox as they're currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesn't have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox does not have internal sandboxing on Android. This is despite the fact that Chromium semantic sandbox layer on Android is implemented via the OS isolatedProcess feature, which is a very easy to use boolean property for app service processes to provide strong isolation with only the ability to communicate with the app running them via the standard service API. Even in the desktop version, Firefox's sandbox is still substantially weaker (especially on Linux) and lacks full support for isolating sites from each other rather than only containing content as a whole. The sandbox has been gradually improving on the desktop but it isn't happening for their Android browser yet.
  Also, having exodus integration in app downloader is good but not worth it for exchange of no signature verification, so it's better to just check it in browser instead or use their app to check trackers
- Ah fuck, I use Cromite because I find vanadium PWA for the stuff I use are buggy and slow. I used to use brave for this purpose, should I go back? Damn I guess I will need to link this phone to my throwaway gmail account (which still has private data) WhatsApp I can't ditch due to family and Signalphobic friends
  
  On grapheneos you should be using vanadium since its most secure browser on phone. On other android devices, use brave instead. Also if family and friends dont want to use signal but want to use whatsapp then uninstall whatsapp, one way or another they would have to either end up using sms or other form of contact

chrome could be firefox. much better, and no effort at all to switch.
bonus for using ublock origin and never seeing ads again.
- Firefox is not secure on mobile, Vanadium is a great browser made by the GrapheneOS devs
  
  Firefox is not secure on mobile
  Can you elaborate?
  
  Oh, i didn't know it was a fork. I'd take adblock over it though, just for the fact it blocks rogue malicious javascript along with ads.
  I generally recommend Firefox for people that don't use it, but there are more secure forks too if that's your jam.

Is this my phone? Lol
- You might wanna run auditor lil bro

Completely out of topic but,
I just noticed that this post has more comments than upvoted 🤣

Pro tip. If you go to an apps notification settings, then set a category to silenced and option called "minimize" should show up which allows the notification to be hidden from the notification bar, but shown in the drawer
- Oh that's very cool, I didn't know that. Although I think it isn't the most useful for me since I don't have lockscreen notifications and I have all my apps on the home screen
  
  It doesn't bother you to see mullvard in the top all the time?

It anyone Is wondering, this setup was based mainly on PrivacyGuides
- Kind reminder that Brave is a crypto browser and the devs are against LGBTQ+. Also, it's closed source.
  
  The browser itself is open source https://github.com/brave/brave-browser. The rewards and VPN are not (it seems rewards is open source on IOS)

What's the app directly above Orbot and Mullvad?
- Cromite, but I have switched to brave since, it has better fingerprinting protection, more updates, better security and better sandboxing and isolation. At least that's what Deepseek R1 with websearch has to say
  
  Isn't Brave just a scammy cryptocoin browser and ad server? I've heard bad things about them.

Only one: ditch that crap named Proton.
Bring the downvotes bots 🤣
- Also ditch WhatsApp.
  
  I wish
  
  You mean the Kryptonite? That is what kills a lot of privacy setups.
- It would have been helpful to explain why, whether that's privacy, ethical, or political concerns.
  But maybe the use of "🤣" says it all
  
  And calling "bot" anyone who disagrees. Peak Reddit behaviour.
  
  Ceo of Proton is a huge Republican fan, that might deter some people. Are you not interested in this?
  https://lemmy.world/post/24301835
  
  Yep, says it all about you fanboys 🤣
- Uhhh why?
  
  Goldfish memory? It was one of the biggest things on lemmy
  https://lemmy.world/post/24301835
  Proton ceo not politically neutral as he advertised
- It looks like protonpass, OP uses mullvad instead.
  
  Is the controversy about the VPN?
- I mean isn't proton recommended on privacyguides? Do you think they need to update it?
  
  Privacy guides recommends Brave. I've said enough.

148 comments