Was mir ja immer wieder auffällt, ist die Tatsache, dass andere Menschen offensichtlich ein anderes empfinden von #privateSpace haben.

#rausgeschafftGedanken

Another #HowTo, this time how to use #Signal on #Android without giving it broad media permissions.

Signal does not use the 2 possible secure methods of accessint photos that Android offers, and clones #Whatsapp in that regard.

By insisting on needing access to read all your images, while being a complex app connected to the internet, and the only official versions containing proprietary #Google #blobs.

Links:
- https://community.signalusers.org/t/46828
- https://community.signalusers.org/t/55725

Other messengers like #SimpleX, #Element, #ElementX, #Fluffychat, #Conversations, #Threema and more save themselves the effort and just use the builtin options, improving security by design and unnecessary code bloat.

So, how can I use Signal without trusting it with all my images?

1. Use the "Share" Portal.

That is the obvious one, and a very nice feature on Android. It allows to share any media to an application and giving it access to only that.

This also works across the #WorkProfile or #PrivateSpace and can be used by Apps like #SaveTo to transfer files.

The workflow is often slower than just using the media chooser portal, but it works. It is what I use since years.

2. Android hacks

But this is not all. Setting a profile picture or group profile picture does not work through the share portal. So we use a Feature specific to Androids Sandbox:

- All apps can save files to various default directories like Pictures, Movies, Music, Downloads, Documents; without having read access to it.
- And all apps can access files they themself saved there.

Combining these two features, you can send a picture to Signal and use the "Save locally" button to save it from within the app.

The result is that this picture will be visible in Signals internal gallery and can be selected for profile and group pictures.

Obvious downsides are
- it is a stupid workflow
- it duplicates images that you need to delete manually afterwards
- pictures might be compressed twice, losing quality

But for this very limited purpose, it is kinda fine.

Still, @signalapp please solve this very old issue!

@[email protected] @[email protected]

Öffentlichkeit: How to use it in a relaxed way - "Das Gesetz der zwei Klicks"

https://www.youtube.com/watch?v=BPI-r3lQB18

#YoureNotLeavingThePrivateSector #PublicSpace #PrivateSpace

Apple, Can we get multiple users please? Thank you

to expand on this request - Apple, thank you for adding "Require FaceID" functionality. I think the feature works well in a pinch if its something that doesn't need to be installed in its own space. that being said, I do think apple should take things further *while still keeping the basic "require FaceID" functionality and add a separate, more comprehensive setup for folks who want the extra data separation.

To expand on the topic a bit, some phones already have a feature called "multiple users". on a phone, however, its sort of a misnomer because the feature is meant more for "multiple personal spaces" for a *single user* to be able to add and setup a few separate spaces for app/data separation for *only them*. and that's fine, but I think apple could innovate in this area and take what pixel does, but take it further, using their software prowess to help users with screen time. Also, on pixel, while there is a toggle to enable sms text messages to work in all the different users, the feature sometimes feels like maybe it doesn't work properly. that's another area where maybe apple can innovate and fix.

also, within the last year, Google added the ability to setup private space when still logged in to the default user. it works great, but I think again, apple could take that functionality and go further. one thing that could be improved is accessibility of getting to the private space itself. currently you have to scroll all the way down your app drawer to get to it, but apple could innovate a bit and give users the option to enable a launcher icon for quick access to private space, if desired.

Also, all of this doesn't have to *replace* the "Require FaceID", which still works well in instances where getting into a whole other "space" isn't required. But again, would be a solution for those of us who want a more comprehensive solution.

#multipleusers #multiplepersonalspaces #2usersetup #privatespace #android16 #datasegregation #dataseparation #android15 #pixel #pixel8 #pixel9 #pixel10

draft - Google thank you for multiple users on pixel. It supports 4 slots, but 6 would be ideal, as well as the ability to setup private space when logged into an alt user

draft - can we get apple to enable multiple users on iOS? and also for Samsung to do the same for it's phones? Pixel Phones have this important security feature built in to the OS, and it works great, allowing users to have complete data separation if desired. Would like to see apple and samsung add this feature as well.

and regarding separating our own data, Thank you to google for not just multiple users (which on a phone can also be thought of as "multiple personal spaces"). They also added Private Space within the last year, which works great on Pixel. Only thing is, Private Space uses one of the "slots" for multiple users. And we only get 4. Considering that on a phone, multiple users is more about "multiple personal spaces", it would be nice if we could get two extra slots.

how I, and others may use the four multiple user slots, and why we need two more slots

slot 1 is default space

slot 2 - similar to default but with fewer "tracking apps" when we need a break without having to uninstall a bunch of apps

slot 3 - a "kiosk" mode of sorts.

slot 4 - private space. it uses one of the slots

now, I'd like to see them add the ability to set up private space, not just within the default user space, but in a second user as well. part of the reason I initially used multiple users was that i'd have my alt Google account in a separate user and avoid logging into my default Google account while logged in to the alt space as a way to keep data separate. and while that works, one thing that's missing from an "alt" space, is the ability to securely and separately sign in to our default profile just like we can from the default space, where we can use private space

#multipleusers #multiplepersonalspaces #2usersetup #privatespace #android16 #datasegregation #dataseparation #android15 #pixel #pixel8 #pixel9 #pixel10

Before anyone takes this as a discussion point pro #iOS...

A few counterarguments on #LocalMess (#Facebook #Instagram #Yandex #LocalhostTracking), why this would make #Android worse than #iOS:

This vulnerability seems to only have existed on Android, but not everyone would need to be affected by it.

I see #GrapheneOS as a perfected form of the Android idea (stripping the #Advertising and Tracking from it, and adding needed extensions to the permission system).

1. #AdBlock and #Tracking Blocking on Android is easy.

Use a Browser like #Ironfox with #UBlockOrigin in advanced mode, and block known tracking Javascript that way.

Solved, no #Metapixel, #GoogleAnalytics, #YandexMetrica, #CloudflareInsights and whatever else exists out there. It is blocked from loading or executing, so it can't listen on your localhost either.

2. Disabling apps

Android has 3 ways to isolate and disable apps. Note that due to this working on localhost, and all user profiles sharing the same localhost, the isolation is worthless here. Only the ability to disable apps is of value.

A: User profiles. Only nice to use on GrapheneOS, but they need barely any storage space and offer the strongest isolation. All data is separately encrypted too so using the same Pin is fine (if your threat is not people seeing your pin)

B: The #PrivateSpace. A new Android feature which allows having a separate nested profile within the main one. You can enable it in the settings, enable auto-lock when turning off the screen, add other restrictions. You can toggle it on and off in the app drawer.

C: The #WorkProfile. This is a pretty old feature, intended to grant your employer control over a nested user profile, but giving you the control to turn it on or off.

When using it alone you need a companion app like #Shelter or #Island, and due to the design this app has full potential control over that profile (so it should be really trusted!).

Work profiles take up a lot of space, but integrate the best into the system (easily accessible, icons can be placed on the home screen).

D: Disabling apps. Android only supports this for system apps. GrapheneOS also allows this for any app but the UI is not great (Androids fault), as apps disappear from the home screen and app drawer. They can be enabled again in the settings.

#CalyxOS has a nice toggle that is very easy to use. Apps do not disappear from the homescreen but appear disabled. This is the easiest way to stop apps from running.

---

GrapheneOS also has support for "private spaces" within separate user profiles, which makes the switching faster and easier.

All these nested or separate profiles use the same localhost (local network), but by turning them off you can fully disable the apps that would serve the cookies used for this method.

3. (Progressive) #Webapps.

While iOS has blocked this feature for years, locking developers to their pricey and walled #AppStore, on Android every Website in your browser can be used like a native app.

#Meta ironically blocks this aggressively, locking Video Playback and more to "their App™". Other apps like #GoogleMaps, #TikTok or #Shitter annoy you with popups, and offer often reduced versions, but they work.

Normal websites like #Discourse forums work just fine.

Webapps are WAY more isolated, cannot and execute random code, everything goes through your browser and the blocklists and restrictions you control.

Using only one of these isolation methods will break any future exploit with this method.

They allow Android users to restrict, disable or confine untrusted apps.

GrapheneOS stays secure and private.

Hopefully the "app disabling" from Calyx will be included soon.

#PWAs

"Fitbit will delete data if you don’t migrate to Google Account by 2026"

draft - Can they keep an email and password login option? An issue with strictly Google account SSO is that it doesn't play nicely with a multiple users setup. For example, some folks, me included, have a default user logged into their "default" Google account. But then we also have an alt user where we login to our alt Google account. The idea being data segregation, especially for things like Google photos which could potentially risk cross account data contamination. Anyways, while it's fine to login with Google when in the default space, when we login to our alt user space, the whole idea is to not be logged into our "default" Google account while logged into our "alt" user space. They have sort of solved the issue a bit with private space. It works great in the default user, so when we're in the default user, we can unlock private space and access our alt Google account without having to log out of the default space. Can they please bring private space to more than just the default user? Then, when logged into a second user, we could unlock private space and have that be logged into the default user, without having to worry about cross-account data contamination. We could then also use Fitbit. Another kinda maybe simpler option is that Fitbit could also add support for login with Microsoft, since, microsoft is a non-google entity, you don't have to worry about all the Google apps syncing data. Another option would be to just keep email and password login. The same thing goes for the nest app, Google chat, Gemini, and any other apps and services which only support login with google. Thank you.

https://9to5google.com/2025/03/28/fitbit-google-account-2026/

#datasegregation #loginwithgoogle #loginwithmicrosoft #sso #multipleusers #2usersetup #privatespace #android16 #googlechat #gemini #android15 #pixel #pixel8 #pixel9 #pixel9pro

draft - Google Photos -

Could we also get an option something to the effect of like:

"disable this Google Photos Account on this device." or something to that effect, so when you select that specific Google account in Google photos it would just display a big lock icon and say something like "this account is disabled on this device. If you would like to enable it, you may do so in settings" or something to that effect.

#googlephotos #cybersecurity #datasegregation

edit - private space on android kind of solves the issue in the default user space, but for those of us who make a dedicated alt user for ourselves, in addition to using private space to access *some* of the alt profile when logged into the default user, when we log out of the default user and into one of our alt users logged into our alt google account, there's no way to setup private space in another user. on pixel, private space works great in the default user. but it would really seal the deal if they would bring the ability to setup private space when logged into a second user. even if they don't want to bring it to more than 2 users, 2 users would be better than 1, and I think would solve the majority of issues.

but, since private space is not an option in the second user, then if Google photos could just have an option in the app to do something to the effect of like "disable this account on this device" for better peace of mind when it comes to data segregation etc... that way we could still access Gmail, Google Chat, Gemini, etc, apps that aren't as worrisome from a data segregation standpoint because they don't really have like an "auto-upload" feature. i'm not saying that's a bad feature. its good and works well. i'm just saying from a data segregation standpoint, I think its disconcerting that there's not an option to the effect of ... "disable Google photos for this account on this device".

so I wonder if I should add the #privatespace hashtag since its kind of related. i'd take both solutions - both "private space" but ALSO the ability to "disable Google photos for this account on this device".

draft - sms+multiple users, private space+ multiple users

if we're talking about Google messages, can I ask them to make it support multiple users better? What I mean is that on pixel, using multiple users, the texts don't always "sync up" properly between users. Like if I send an sms when logged into user 2, sometimes when I switch to the default user, I don't see the sent sms there. By nature I have a default user+ alt user space kinda setup. Because of the issues with sms, and because I also have a multiple device setup, I have began trying to rely on something like MS teams chat, and to some extent Google chat. Since these are server based, there's no issue with syncing. With private space, I can login to my alt Google account without having to log out of my default account but still keep it separated from the default system. However one thing lacking is private space is not available in multiple users. It's only available to setup in the default user. Google, could we get private space for multiple users? Or at least one more user. Thank you.

#googlemessages #multipleusers #privatespace #android #pixel #android15 #android16 #android16Beta #pixel9 #pixel9a #pixel10 #pixel9pro #googlechat #microsoftteams #msteamschat #communication