this post was submitted on 17 Sep 2023
129 points (82.1% liked)

Privacy

31934 readers
781 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] CaptainAlchemy@lemmy.one 2 points 1 year ago (1 children)

I wouldn't recommend using fdroid due to security concerns. When you download a fdroid so it is signed by fdroid instead of the developer, what this means it's if fdroid gets hacked all your fdroid apps are insecure and can receive malicious updates. You also trust fdroid as another party in the chain, when in reality you should remove as many parties as possible. They also tend to host outdated apps with no updates in years. Use obtainium as it will pull directly from the developers GitHub page and will be signed by the developer instead.

[–] possiblylinux127@lemmy.zip -3 points 1 year ago (1 children)

What happens if the developer starts shipping anti features though? F-droid adds a layer of protection and verification. F-droid also allows you to find apps quickly.

[–] CaptainAlchemy@lemmy.one 5 points 1 year ago (1 children)

Wdym anti features? The only thing fdroid does is take the developer APK, sign it themselves and release it. If any anti features exist (I assume you're talking about the anti features tab in the fdroid app) it won't make any difference where you obtain it as fdroid doesn't do code checks. They only check to make sure it's under a open source licence. Fdroid adds no protection to any apps and you trust them to ship clean packages. If you get packages from the developer and they sign it and it happens to be malicious it's only one app instead of all your apps you have from fdroid. You trust them a lot and I'd recommend reading this if anyone is interested. https://privsec.dev/posts/android/f-droid-security-issues/

[–] possiblylinux127@lemmy.zip -4 points 1 year ago (1 children)

F-droid rejects any code that doesn't respect you basic freedom.

[–] CaptainAlchemy@lemmy.one 3 points 1 year ago* (last edited 1 year ago) (1 children)

Freedom from what? Good security practices? Open source does not equal security nor freedom. You're pedaling digital politics instead of fact based privacy and security. Trust me I'd love my apps to be open source but ignoring blatant security issues is going to put someone at risk. You can't have privacy without security and vice versa.

edit: like I mentioned previously, use obtainium and you can still use open source software

[–] possiblylinux127@lemmy.zip 0 points 1 year ago (2 children)

Open source doesn't equate to free software (as in libre)

[–] jack@monero.town 3 points 1 year ago (1 children)

You are seriously lost. Stop spreading misinformation

[–] possiblylinux127@lemmy.zip -3 points 1 year ago (1 children)

I'm sorry, what? You are trying to tell me that caring about free software is misinformation now? You can read about why open source misses the point here https://www.gnu.org/philosophy/open-source-misses-the-point.en.html

I respect your option but calling anything you disagree with misinformation is unprofessional at best.

[–] jack@monero.town 5 points 1 year ago (1 children)

Open source gives you all the freedoms that free software gives. So it factually equates. You are also spreading the misinformation that F-Droid guarantees that the software there is 100% libre even when it is an external repo. Totally wrong.

You are trying to tell me that caring about free software is misinformation now?

When did I say that? Are you stupid?

You can't convince people when you are just repeating what Stallman says without understanding it.

[–] possiblylinux127@lemmy.zip -2 points 1 year ago

Open source doesn't necessarily give you the freedoms the free software gives. Open source just means you can use the source code. Free software means it grants you the 4 freedoms and respects your ability to modify and distribute the code.

My problem with signal is they discourage forking and modifying the source or using modified versions of the code. I assume this is one of the reasons they don't have signal on F-droid.

Also F-droid allows you to get your programs from any repo. It is up to you not to add bad repos. Molly has a lot of encouraging things about it that make it more trustworthy for me. The main thing I like is there fully Foss version.

[–] CaptainAlchemy@lemmy.one -1 points 1 year ago* (last edited 1 year ago) (1 children)

There is no completely free software, even if you take out the Intel ME (which is a very bad idea as it'll leave you super vulnerable) The Intel chip will never be open source or FOSS at a hardware level. Even RISC-5 being open still has trust issues. Unless you setup a chip fab you're at the helm of someone. And as the closed source hardware runs the open source software, is it really free?

[–] possiblylinux127@lemmy.zip 0 points 1 year ago (1 children)

Therefore we shouldn't even try? I do my best to steer clear of proprietary software.

[–] CaptainAlchemy@lemmy.one -1 points 1 year ago* (last edited 1 year ago) (1 children)

Like everything in life it's about balance, using too much foss software and hardware could put you in much more risk, while using proprietary software won't give you the control or privacy you want. Once again foss software is great, but it is not perfect and should not be treated as such.