Privacy

37039 readers

1 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

Non toxic mobile privacy community (sh.itjust.works)

submitted 2 years ago by lord___vader@sh.itjust.works to c/privacy@lemmy.ml

63 comments fedilink hide all child comments

So I've been in the rabbit hole of android privacy for some time, last I joined the GrapheneOS community but let's just say that they doesn't have a "healthy" opinion about other projects like f-droid.

So I am looking for generic communities that focus on mobile privacy that doesn't have drama or toxicity or "extreme opinions". Any suggestions? I prefer chat based communities like matrix or simplex instead of like reddit or lemmy.

you are viewing a single comment's thread
view the rest of the comments

[–] 9tr6gyp3@lemmy.world 21 points 2 years ago (23 children)

What does a healthy opinion of F-Droid look like though? Lol

[–] jet@hackertalks.com 22 points 2 years ago* (last edited 2 years ago) (11 children)

Fdroid is introducing another trusted party to your supply chain, which should be a factor in anyone's threat molding.

https://f-droid.org/docs/Reproducible_Builds/ However, with reproducible builds now a package is built and signed by both fdroid and the original developer, so you get a net security benefit of having a third party attesting they can independently reproduce the binary from source. Problem solved right? Well, yes but mostly no. Most projects and packages don't have reproducible builds, so if your using fdroid for most packages your still trusting droid.

I think a lot of the online hate comes from people making assumptions that their use case and threat model applies to everyone. That's why I prefer discourse where we just talk about the attributes and not "you should"

[–] refalo@programming.dev 4 points 2 years ago* (last edited 2 years ago) (2 children)

Do you know of an equivalent to https://reproducible-builds.org/citests/ for Android/F-Droid packages? I'd like to see some public verification of these reproducible builds, especially Signal.

[–] jet@hackertalks.com 2 points 2 years ago (1 children)

the public verification is that the developer signed binary matches the fdroid built binary

[–] refalo@programming.dev 3 points 2 years ago

Yes, but this is often not an option for non-developers

[–] possiblylinux127@lemmy.zip 2 points 2 years ago (1 children)

Signal isn't on F-droid. You need to use Molly for that.

[–] refalo@programming.dev 2 points 2 years ago

Indeed... I was not trying to imply that it was.

load more comments (8 replies)

load more comments (19 replies)