It also works when using cellular data or connecting to a different Wi-Fi network. Your Pi-Hole only works when you’re at home or when you VPN into your home network
No, that only applies to (some, not all) system apps. GrapheneOS allows this for all (including user-installed apps): https://grapheneos.org/features#user-installed-apps-can-be-disabled
Unfortunately not FOSS
Fuck Microsoft and all Big Tech corporations
Keep using FreshRSS, just deploy something like fivefilters-full-text-rss-docker alongside it, to get full text RSS feeds from websites, that don't provide them. If you don't want to self-host, there's morss.it. Chris Titus Tech once made a few videos about this:
https://invidious.fi/watch?v=nxV0CPNeFxY
https://invidious.fi/watch?v=Y1Ho_RrF_9I
I fucking hate Google and wouldn't use any of their (proprietary) software, but Pixel phones are amazing. Hear me out, Google is the only phone manufacturer right now, that puts extensive hardware security features like MTE, a secure element, as well as a bunch of others in their phones. The Google Titan M2 is based on an open-source project called OpenTitan, and Google has even contributed their own changes upstream. It's based on the open RISC-V architecture, and it's the most complete and secure implementation of a secure element that you can find in an Android phone. The only thing that comes even close is the "Secure Enclave" in Apple ARM chips, that are used in modern iPhones, iPads and Macs. I understand the concern about a potential backdoor in the firmware, but that's a valid concern with basically every CPU on the market right now. x86 are ARM are completely proprietary, so you can't really trust any CPU based on one of these architectures. The old Google Titan M1 was based on ARM, Apple's Secure Enclave is also based on ARM, as well as Snapdragon's SPU (which is incomplete and insecure anyway). The Titan M2, being based on open hardware architecture and firmware, is the most trustworthy secure element, despite being made by Google. It includes features like Insider Attack Resistance, support for the Weaver API, Android StrongBox hardware keystore implementation and is used for a secure implementation of Android Verified Boot. GrapheneOS is free, open-source, and doesn't use any proprietary Google apps/services by default. Although I hate Google, a Pixel with GrapheneOS is currently the best option for a secure smartphone.
Hmm, I wonder why... 🤔🤷♂️
Unfortunately LineageOS is highly insecure because there's no ability to lock the bootloader, and Android Verified Boot is completely missing. These are just the biggest and most obvious flaws in Lineage, but there are more: https://madaidans-insecurities.github.io/android.html#lineageos
OP apparently needs Chrome to log into an enterprise GSuite account, which has specific requirements, that are enforced by Chrome's enterprise policy system. I don't think this works in Chromium.
It does. You can even try it out yourself. Install Ungoogled Chromium, go to google.com and paste the following code in the Developer console (which you can bring up by pressing F12 and clicking on 'Console' at the top of the DevTools interface):
chrome.runtime.sendMessage(
"nkeimhogjdpnpccoofpliimaahmaaome",
{ method: "cpu.getInfo" },
(response) => {
console.log(JSON.stringify(response, null, 2));
},
);
If it returns nothing or an error, you're good. If it returns something like this:
{
"value": {
"archName": "arm64",
"features": [],
"modelName": "Apple M2 Max",
"numOfProcessors": 12,
"processors": [
{
"usage": {
"idle": 26890137,
"kernel": 5271531,
"total": 42525857,
"user": 10364189
}
}, ...
it means that the hidden extension is present, and *.google.com sites have special access in your browser.
Most apps should work with no issues. There’s a compatibility list at https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/