So I’ve been in the rabbit hole of android privacy for some time, last I joined the GrapheneOS community but let’s just say that they doesn’t have a “healthy” opinion about other projects like f-droid.
So I am looking for generic communities that focus on mobile privacy that doesn’t have drama or toxicity or “extreme opinions”. Any suggestions? I prefer chat based communities like matrix or simplex instead of like reddit or lemmy.
What does a healthy opinion of F-Droid look like though? Lol
Fdroid is introducing another trusted party to your supply chain, which should be a factor in anyone’s threat molding.
https://f-droid.org/docs/Reproducible_Builds/ However, with reproducible builds now a package is built and signed by both fdroid and the original developer, so you get a net security benefit of having a third party attesting they can independently reproduce the binary from source. Problem solved right? Well, yes but mostly no. Most projects and packages don’t have reproducible builds, so if your using fdroid for most packages your still trusting droid.
I think a lot of the online hate comes from people making assumptions that their use case and threat model applies to everyone. That’s why I prefer discourse where we just talk about the attributes and not “you should”
I feel like there’s a lot of FUD around this subject, because people bring it up as if it’s purely a negative without talking about the reasons why it’s done the way it is. The whole point of F-Droid is that it’s a repository (not a store) of free software applications. They have an inclusion policy forbidding proprietary code and dependencies, and in order to enforce this policy they have to build from publicly available source code, and in order to do so they need to sign the builds themselves. This means, yes, you are trusting F-Droid instead of the upstream developer - but given F-Droid has higher standards than upstream developers this is a tradeoff I am willing to make.
Reproducible builds solves this in a way that preserves the standards of F-Droid, however, “security peoples’” favored “alternatives” (such as Accrescent, Obtainium, and Google Play Store/Aurora Store) forego this entirely, showing they don’t either have a viable solution to offer or that they don’t really care about the problem that F-Droid is addressing to begin with.
I run graphene on several devices and recommend it. I do not participate in much discussion about it through. You can just use the best we got in android and be fine with that.
Discussion forums are the same all over I think. I don’t see much difference around graphene here on Lemmy or XDA forum.
Doesn’t tick all the boxes as it is on Lemmy, but feel free to join us at [email protected]
Two words: Fuck Graphene
(More words): and the assholes who run it.
I’ve been flashing phones since my OG Droid in 2009. Done probably 200+ flashes across numerous phones.
I’ve been in IT since the early 90’s.
Had an error with the Graphene flash on a clean Pixel. The way they talked to me would’ve gotten me a re-training session with my management, possibly fired, back when I was on a help desk.
Bunch of arrogant, condescending pricks. They need a Red Foreman boot up their ass.