Privacy

38375 readers

592 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

Is F-droid insecure? (sh.itjust.works)

submitted 2 days ago* (last edited 2 days ago) by someacnt@sh.itjust.works to c/privacy@lemmy.ml

30 comments fedilink hide all child comments

In the GrapheneOS forum, I encountered a claim that F-droid is insecure (and not good at privacy as well). These links (and more) were given as an evidence:

While there are some attitude against FOSS app, I think the arguments are generally sound and in good-faith. Which makes me confused, as I've been hearing good words about F-droid in lemmyverse.

I am not good at assessing arguments, so I want to ask you guys for more aspects and information.

Also, if not F-droid, what should I use? Is Aurora store, a frontend of play store, not fine to use as well?

you are viewing a single comment's thread
view the rest of the comments

[–] FriendOfDeSoto@startrek.website 2 points 2 days ago (1 children)

Some of the technical info flew right over my head in the first article. What I took from the piece is that he has valid points so far as I can see and understand it. I would say nevertheless the author was a bit biased as well. And it's 3 years old. It may still be accurate, IDK.

I use F-Droid and have been for a while and I'm not aware of any issues this could've caused me. But I'm also not using it for essential systems. Not for browsers, VPN, etc. I have downloaded games, a couple of notes apps, that sort of thing. I would never recommend you get all your apps from there. It's an addition to Google or your usual poison.

Security experts will never be happy; that's their job. The author is also talking about your threat model. Are you okay with certain risks? The truth is also that somebody could screw you over on Google Play. It may be less likely comparatively but not impossible. So you try to jump from rock to rock hoping no alligator catches you. So far no alligator got me.

[–] shortwavesurfer@lemmy.zip 2 points 17 hours ago (1 children)

The biggest thing they cite is that you have to trust fdroid to build the applications properly without inserting changes.

The way to fix that is something called reproducible builds where the developer builds their app and says that their build has this ID and then the software provider builds the app and compares the ID.

If the IDs match 100% then you can be certain that the App Store has not tampered with the developers version of the app.

[–] FriendOfDeSoto@startrek.website 1 points 17 hours ago

Thanks for the explanation.