this post was submitted on 13 Jan 2024
494 points (93.8% liked)
Privacy
31886 readers
509 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I start with whatever is on F-Droid, and narrow it down from there.
Jerboa was the only option there until recently. I see Voyager and Eternity are there now. I'll have to give them a try.
Voyager is currently many versions ahead of the one listed on F-Droid. It is still usable but you may want to get the latest version from GitHub.
If new versions don't make it to F-Droid, they might as well not exist for me. There are only a couple of apps that I find important enough that I'll spend time manually building/pulling/installing, and a Lemmy reader isn't one of them. Thanks for the tip, though.
Have you considered using https://github.com/imranr98/obtainium You give it the repository of the app and it will handle checking for new versions and updating them
Part of what I value in F-Droid is the additional layer in the build/release process, because it makes tampering more likely to be detected.
It's still nice to know a tool like obtanium exists, though. Thanks for the link.
This is exactly the reason why I don't like F-Droid as a way to get apps. You'll have to trust an additional party when getting your apps, and updates are often a couple days behind. I prefer to get it straight from the developer's GitHub or Coderberg or whatever.
I know how it works, and in this case, that's fine with me.
F-Droid has an excellent track record; better than many developers have. And I'm not addicted to having the latest versions of everything on the day they're released. In fact, not immediately jumping on the latest versions has saved me from nasty bugs more than once.
Barely and not really. "F-Droid can’t ensure the apps are safe. You still need to trust the upstream developers. We only do some basic check." https://forum.f-droid.org/t/is-it-as-safe-as-it-is-from-fdroid-official-repo/15956/2
N + 1 > N
N + X - Y ? N
Except now you're adding an additional party to trust (the -Y). So it could still be considered less secure than N.
It could be, or it could not be. Depends on the particulars, and on the needs of the individual.
Mind, I'm not going around presuming to tell other people what's better for them, as one or two others in this thread are doing. I'm just stating what's a good fit for me.
That's not really how things like security works. It's either more secure or it's not. The security of a thing does not depend on needs. Now, does the application of it or does someone need it to be more secure? That's where risk acceptance and the needs of the individual come into play.
Same. I'm not saying "stop doing this." I'm just trying to educate people and make sure they're not operating with a misunderstanding. Needs of the individual and all that. I think some people just go crazy for something that's not big tech, and then quit looking at the particulars.
If that were true, threat modeling wouldn't exist. ;)
I expect that's probably true. It's safe to assume I'm not one of them, though. Cheers.
I feel like we're talking about different things. I'm talking about static concepts, if X is more secure than Y, not individual setups where something is tweaked. Threat modeling is tailoring the security to your needs. It doesn't bend security of a static object or make the application of something less than what it is. It requires one's actions to do that by not utilizing it.
Take bullet proof glass, for example. Bullet proof glass is more secure than regular glass. Now, do you need (does your threat model require) bullet proof glass? No? Ok, that doesn't mean bullet proof is now less secure than regular glass, it's just unneeded.
thunder is awesome too
Eternity FTW
I'm not sure why people insist on F-Droid, considering the F-Droid Security Issues.
I use it because, contrary to what that scare piece you linked would have the reader believe, it's better for my needs than the alternatives.
(I'm no stranger to software development and security, by the way. I understand the pros and cons.)
So an indepth and critical analysis of something is now a "scare piece?" Ok.