Podcast Projets libres1d ago

New podcast episode: Put some privacy in your smartphone! 📣 🎧

How can you use an Android smartphone while protecting your privacy? Who should you turn to for more privacy-friendly Android alternatives?
Can you install Linux on your phone?

With @fla from @Framasoft , we answer these questions!

👉 https://www.projets-libres.org/en/podcast/smartphone-put-privacy-in-your-smartphone/

#podcast #opensource #privacy #eos #iodeOS #calyxos #postmarketos #fairphone #commown #murena #ubuntutouch #grapheneos

Show threadGrapheneOS1d ago
@projetslibres_podcast @Framasoft The claims made about GrapheneOS in this interview are extremely inaccurate. It heavily misrepresents the purpose of GrapheneOS and what we've worked on for years. The claim GrapheneOS is a security project rather than a privacy project is misinformation. Contacts are specifically brought up and yet our Contact Scopes feature is ignored. @fla knows GrapheneOS is a privacy project. He replied to a thread with our response to this misinformation only 4 days ago...
Show threadGrapheneOS1d ago
@projetslibres_podcast @Framasoft @fla /e/ doesn't keep up with providing standard Android privacy patches and protections. It doesn't provide features comparable to the added privacy protections in GrapheneOS including but not at all limited to Storage Scopes, Contact Scopes, Sensors toggle, per-connection Wi-Fi MAC/DHCP privacy and far more. /e/ has a bunch of default connections to Google services and gives highly privileged access to those. It also bundles other invasive services in the OS.
Show threadGrapheneOS1d ago

@projetslibres_podcast @Framasoft @fla GrapheneOS heavily improves privacy compared to the Android Open Source Project in contrast with /e/ heavily reducing it.

GrapheneOS is far ahead of the standard pace for privacy patches instead of behind and we fix many privacy weaknesses ourselves. We've fixed a bunch of Android VPN leaks and many forms of data leaks to apps.

Since GrapheneOS is a serious privacy project, we have to put substantial work into security too because privacy depends on it.

Show threadGrapheneOS1d ago
@projetslibres_podcast @Framasoft @fla /e/ tries to provide privacy by bundling a small blocklist of domain names solely used for ads and analytics. This doesn't do anything to address the most privacy invasive behavior by apps which happens via their own services. It doesn't stop apps sending data to arbitrary third parties from their servers or even client side. It can't block anything without the app using a dedicated domain for the unwanted behavior which usually isn't how things are done.
Show threadGrapheneOS1d ago

@projetslibres_podcast @Framasoft @fla The domains they block are a tiny subset of domains used for those purposes and do not stop the most privacy invasive behavior by apps.

Apps and SDKs have also increasingly bypassed DNS blocklists via DNS-over-HTTPS resolvers, hard-wired IP addresses and most of all moving connecting to third party APIs to their servers where they don't need to leak their API keys.

DNS filtering works fine on GrapheneOS but isn't a viable approach to protecting privacy.

Show threadGrapheneOS1d ago

@projetslibres_podcast @Framasoft @fla Exodus Privacy uses a very similar approach to label apps as having trackers based on whether they include a library from a small list they've decided as trackers. Many of those decisions are dubious and it misses that the most privacy invasive behavior by apps isn't done that way. It also has extremely inaccurate labelling of permissions misleading users about how that works. Here's a great example of both with Facebook Lite:

https://reports.exodus-privacy.eu.org/en/reports/com.facebook.lite/latest/

Report for com.facebook.lite 505.0.0.8.102

Known trackers, permissions and informations about this specific version of this application

εxodus
Show threadGrapheneOS
@projetslibres_podcast @Framasoft @fla According to Exodus Privacy, there's no tracking being done by Facebook Lite. This is the information about trackers which is provided to users within /e/ when they use their Play Store frontend. They're telling users one of Facebook's main apps isn't tracking them. They're also certainly not stopping the tracking via their DNS blocklist. The list of permissions shown there and by /e/ is also extremely inaccurate and misleading. It doesn't work that way.
Apr 10 at 2:04pmWeb
Show threadGrapheneOS1d ago

@projetslibres_podcast @Framasoft @fla /e/, Murena and their supporters have spent years misleading people about GrapheneOS. They heavily push the false claims that it isn't a privacy project, isn't usable, isn't broadly compatible with apps and isn't useful to regular people. /e/ and Murena have repeatedly claimed GrapheneOS is only useful to criminals and spies. Here's the leader of both /e/ and Murena stating that as a broader claim about hardening in general:

https://grapheneos.social/@GrapheneOS/116353973732143171