Yeah, Shizuku opens up a massive attack surface through ADB. ADB can do a lot to your device without you even realizing it in a lot of cases, and you're basically giving ADB access to Shizuku itself and any apps that use it (which could be exploited) at all times, so its very risky. Its pretty dangerous and definitely best to avoid an app like this.

App looks legitimately amazing. Seems a bit buggy in alpha but I'm sure it'll be ironed out. I just hope they look into supporting Piped instead of directly connecting to YouTube, as well as SponsorBlock. Once they get those 2 things and iron out some of the bugs, I'll primarily use it for sure. Its a great concept.

Yeah, anticheats are a privacy and security nightmare that most people don't even think about. You're effectively giving their proprietary software extremely invasive kernel level access to your system. They can access and do pretty much anything they want on your device with really nothing stopping them. Anticheats like this are extremely dangerous and should certainly be avoided where possible.

I understand the problem of cheating in games, but I feel like there has to be a better solution to this problem, as making users install an extremely invasive rootkit isn't acceptable at all imo. I'd recommend avoiding games that include invasive anticheat or DRM like this. Best way to get across that this isn't okay is through the wallet.

Google is actually correct here for once. Signal is not offered on F-Droid, and its package name is org.thoughtcrime.securesms, not org.thoughtcrimes.securesms.

Only official places to download Signal are through the Google Play Store or their website (which self-updates).

The Hated One is my favorite. I also like Mental Outlaw.

Could you please provide and example or two? I wish to verify it, since I didn't notice any last time I checked the site.

Sure, let's look at the page for Firefox. They claim that there are "Automatic connections to some websites you've visited, including their trackers" with the new tab page, and that they "couldn't find a way to disable it." Whoever made this website couldn't take 2 seconds to go to about:preferences and see the option to display recently visited sites?

They also have a section titled "Firefox tracks users with Google Analytics", which they're very misleading about. Instead of explaining that GA is only present in about:addons and that it can easily be disabled, they're extremely vague about it and just blindly say it "sends analytics to Google", which would lead people to believe its much worse than it actually is (i.e. Chrome level). There's an important distinction between: "Google Analytics is present on 1 page in the browser and can be disabled" vs. vaguely stating "Firefox send analytics to Google" without full info or context. Hopefully I'm explaining that well enough.

Its also disingenuous to consider Firefox's Captive Portal as "phoning home" without, again, providing full info or context. It has a legitimate purpose, to allow users to connect to public networks, and can be disabled for those who wish to do so. It doesn't give any data to Mozilla, all it does is detect if a captive portal is present. I think this is another instance of the context being important to have, which the website just simply doesn't give.

Another instance, look at their page on Tor Browser, where they just flat out lie and accuse Tor Browser of "sending telemetry".

I could go through more, but these are a few I notice immediately that I take issue with.

They're very clear that this is their approach (bold text on the home page). Even if you disagree with their definition, that doesn't make the site bad.

Categorizing something as spyware solely based on the number of connections it makes is horribly irresponsible at best and dangerous at worst. Whoever made this couldn't even be bothered to find what data is actually being exchanged for most of these connections. There's a lot more to determine how privacy invasive something is then just sitting and counting the number of connections it makes, and treating them all as malicious and for "tracking".

And there are many valid situations where a threat model should be this strict, consider anti-government activists in any country.

That's why this website is so dangerous. Calling Tor Browser spyware and saying it sends telemetry could trick people who don't know better to use worse alternatives. This even moreso extends to casual users too, who could also be misled into using a less private browser as a result of this website's insane claims.

It says "Not Spyware". https://spyware.neocities.org/articles/tor

They have a separate article up calling it spyware as well, see here. Weird contradiction from them and just shows this site isn't very well designed or thought out.

The neocities link calling Brave and other browsers spyware.

That website is very bad and full of verifiably false information, they act as if any and all connections a browser makes are automatically bad and "spying". They even claim that Tor Browser is a "spyware".

Brave is not spyware. That website you linked is horrible and full of misinformation. They also claim that Firefox, and even Tor Browser, are spyware. They act as if any and all connections a browser makes are automatically bad and used for spying/tracking.

I won't disagree with the other criticisms of Brave that you made, but just wanted to point that out. That website is just highly unreliable and makes verifiably false claims about the browsers it reviews.

Not having root is done on Android for some very good security reasons to be fair, it opens up a giant attack surface and risk for all kinds of malware and nasty stuff to take advantage of. I don't think it's done completely in malice as you think. Its a very important part of the app sandbox and Android's security model at large.

With that said, I do think that people should have the option to root if they want to, I'm not a fan of OEMs like Samsung and whoever else purposely preventing people from rooting at all costs. I think people should be able to do whatever they want with their own device, root just certainly shouldn't be the default, and users should be aware of the risks if they choose to use it. But I do think it should be a possibility for those who really do wish to do so.

With Android, it all just comes down to the OEM and variant of it that you're stuck with. As a whole, I think its an amazing project and OS, though unfortunately Google, and especially OEMs, tend to make a lot of bad choices. It's similar to Linux as a whole in that aspect. You've got options like ChromeOS which are a nightmare for privacy and user freedom any way you look at them, but then you've got your traditional distros like Debian, Arch, Fedora, etc, which are the exact opposite. Its an important distinction.

Why not get the flatpak?

Security concerns. There's a lot of debate over it, but from the research I've done, I believe the Flatpak of Firefox is less secure, since it seems to remove part of Firefox's internal sandboxing, and relies heavily on Flatpak's sandboxing.

Basically makes it easier to compromise your data within the browser (like cookies, site data, passwords, etc), but maybe harder to get to the rest of your OS.

I just prefer using the rpm of Firefox with Firejail, as that keeps Firefox's built-in sandboxing intact, while adding an extra layer similar to Flatpak to restrict it further. Best of both worlds.

Its great and has a lot of potential, I like a lot of what it does. I just wish they had packaging easily available for Fedora/RHEL through a COPR or the like. Also would've preferred if they used a stable release vs. the ESR of Firefox as the base, but I can understand why.

with hardening out of the box

Floorp definitely isn't hardened out of the box in my testing. Only thing it does is seems to disable Firefox's telemetry, which is nice, but more hardening is certainly needed through other projects like Arkenfox (which work here on Floorp too). Also looks like Floorp makes it easier to toggle some privacy settings that you'd usually have to tweak the about:config for, and comes pre-installed with uBlock Origin, which is great.

I think overall my only concern with Floorp will be how well and quickly the developer can keep up with updates. The track record for now looks good, but only time will tell. Besides that, this is a good and very promising project, will definitely keep an eye on it.

GrapheneOS has pretty much perfect app compatibility. I don't think I've ever ran into an issue in around a year of using it as my daily driver.

Most apps function without Play Services, but you may lose some functionality like notifications, and a couple apps do very rarely genuinely break. But, that's where Sandboxed Play Services comes in, which you can even put in an entirely separate user profile if you want to, so that you can still safely use those apps.

But yeah, I've personally had no issues with app compatibility. Even my bank app works perfectly on Graphene (didn't even require Play Services either!).

I recommend checking this table out.

CalyxOS misses the mark imo. It does a couple things well (such as its improved Dialer app, and the ability for hotspots/tethered devices to be able to use the phone's VPN/Tor) that I hope to see other projects adopt, but beyond that, it just doesn't seem to stack up.

I'm not trying to bash them or anything because at the end of the day, they clearly have good intentions which I can respect, but I do hope they improve on a lot of things, because in its current state, CalyxOS just doesn't even compare to GrapheneOS or DivestOS.

Not sure I follow, there are plenty of Firefox-based browsers:

Tor, Mullvad, LibreWolf, Floorp, Pulse, Mull, Waterfox, Mercury, Ghostery, IceCat, Iceraven, etc.

Unfortunate... I assume the loss of the old instance is probably what contributed to the decline in users here. I used your instance a good bit on and off while it lasted, it was great, easily one of the best on Lemmy imo. Rest in peace and thanks for your great work and dedication running it. 🫡

deleted by creator

Not Chromium, Extremely customizable and configurable, and add-on support on mobile, to name a few reasons.

I don't think you can install microG in this case unfortunately, since 1: the lack of signature spoofing by your stock OS, and 2: the signatures/package name microG uses have already been used by the official Google Play Services in this case, so I don't believe Android will let you re-use them for microG.

I would just recommend uninstalling any Google apps and Samsung bloatware and any other garbage that you can through ADB in this case if you haven't yet. It can be a bit hacky and isn't perfect, but its definitely the best option you have since you're unable to install any custom OS.

I tried Gmaps WV but it still needs google play services to work.

GMaps WV definitely doesn't need Google Play Services to work FYI, though nowadays its developer recommends just using Google Maps with uBlock Origin in incognito in a browser like Mull instead anyways.

As far as anti-viruses/virus removals/etc go:

• For Windows & macOS, I would just enable and use the built-in anti-virus protection (Defender on Windows, XProtect on macOS).
• On macOS, I would also enable and use the built-in firewall (Nearly every other OS already comes with a firewall enabled out of the box, no idea why macOS doesn't enable theirs by default...), as well as Lockdown Mode if you're able to.
• On Linux, I would use ClamAV & ClamTK.
• On Android, I would use Hypatia & Auditor.

I would also strongly recommend making use of DNS level protection through a service like NextDNS, ensuring you have a good content blocker like uBlock Origin in your browser, and using Safe Browsing in your browser (As long as you use a good browser like Brave or Firefox, then Safe Browsing won't endanger your privacy, it just improves your security and protection, so I'd recommend using it).

As far as encryption goes, I would recommend just using whatever is built-in to your OS, such as BitLocker on Windows, FileVault on macOS, & LUKS on Linux. You can also use VeraCrypt if you wish to as well, may be preferable in some cases, though I personally don't bother.