Privacy

38493 readers

1000 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

Is F-droid insecure? (sh.itjust.works)

submitted 4 days ago* (last edited 4 days ago) by someacnt@sh.itjust.works to c/privacy@lemmy.ml

33 comments fedilink hide all child comments

In the GrapheneOS forum, I encountered a claim that F-droid is insecure (and not good at privacy as well). These links (and more) were given as an evidence:

While there are some attitude against FOSS app, I think the arguments are generally sound and in good-faith. Which makes me confused, as I've been hearing good words about F-droid in lemmyverse.

I am not good at assessing arguments, so I want to ask you guys for more aspects and information.

Also, if not F-droid, what should I use? Is Aurora store, a frontend of play store, not fine to use as well?

you are viewing a single comment's thread
view the rest of the comments

[–] kolorafa@lemmy.world 9 points 4 days ago (2 children)

In case of f-droid, it's follow more the Linux distro phylosopy, where the binaries are build and offered to you not by the developer but by distro/repository maintainers people.

You can add your own repository or use your friend repository or use f-droid ones.

In case od f-droid repository, to get app published your app need to adhere to rules one of them is that the code need to be public so the repo maintainers can build the app from it.

Comparing it to play store where the app is build and sign by the developer without making the code public, in turn making it almost impossible to know and follow what the app is doing.

So its a matter of trust.

For some apps I would rather install them from f-droid as I have higher confidence that someone looked at it if the app is not harmful or leaking my private data. For other apps like Banking apps I would rather install them from Aurora store where I dont know what the app is doing but I trust more to protect my money than some random dude on internet. And if bank does something bad I will sue them or just stop using their service.

[–] shortwavesurfer@lemmy.zip 2 points 2 days ago (1 children)

I actually take it even one step farther than that. I don't want a bank app on my phone because it's proprietary and I don't know what it's doing. So I only access my bank through the web browser.

[–] kolorafa@lemmy.world 1 points 1 day ago (1 children)

I use bank app for contactless payments. But the bank app have no other permissions, even location is fake.

[–] shortwavesurfer@lemmy.zip 1 points 10 hours ago* (last edited 10 hours ago) (1 children)

The one good thing about banks is they make these little plastic rectangles with metal chips in them that you can insert into a device at the terminal in order to pay for your stuff. No bank app required.

At least in the United States, these little plastic rectangles have a series of 16 numbers on them, followed by a date and a year and a three digit code.

[–] kolorafa@lemmy.world 1 points 22 minutes ago* (last edited 12 minutes ago)

Those plastic rectangles doesn't have any security against range extend attacks so they can steal money from you and you would be plain unaware and defenses. While phone or watch will only enable contactless payment on demand making it way safer. And you can pay with contactless payment everywhere in Poland while you sometimes can't pay with inserting physical card on some automated devices as there is no where to insert that card, you can only use contactless feature of that card.

Not to mention those plastic rectangles cost yearly or sometimes even monthly, while app is 100% free. And if the app at any point in time do anything that I didn't agree in the agreement and/or bypass any permissions I didn't grant them there will be hell to pay for them.

But maybe I'm wrong, I don't know...

[–] autonomoususer@lemmy.world 4 points 3 days ago* (last edited 3 days ago)

I trust those online far more than any offline rando to make my bank app.

Suing, stopping, or looking at how its broken, does not fix an app. We cannot fix it, when we are banned from changing it, when we do not control it.