Other inits cut out udev and logind and run away giggling into the sunset, obviously

Just shove wondows in a VM or something

They’re more secure (albeit in many wsys security through obscurity) than private, although the privacy aspect is probably among the best you can get by default as far as I can tell. On the other hand, if you’re willing to do some relatively simple steps and buy specific hardware, you can achieve better privacy and security on both mobile (graphene) and desktop (qubes) devices.

I personally dislike them for building unrepareable crap, tho.

Wannabe crapple being wannabe crapple.

I’m wondering if something interesting will fall off the truck this time :D

Context: before that blogpost, cellebrite claimed they can “hack” signal (or they were kinda closer to the truth, and that was media talking abt hacks without reading stuff)

Idk about iOS, but android lets you add a fingerprint using the lock screen password

Correct. Not sure about iOS either, but many custom roms can, e.g. divestos, probably resurrection remix used to have it back when it was a thing (not sure here, but I distinctly remember having this feature somewhere before graphene)

The idea is usually to access the victim’s banking app, or 2fa app, etc, AFAIK.

And then some random dude takes a peek at you entering said password, and steals the phone :/

Have all the sites you visit rolled out ech so far? 'Cause otherwise it’s enough for your ISP to notice you visiting fcriiff* to draw certain conclusions.

* a reference to Cory Doctorow’s “Radicalized”. Mb anything your government doesn’t want you to do, be it torrents, LGBT stuff, abortion clinics, etc.

That’s the first time I hear about that issue. Any links?

I mean, “if it doesn’t suite your needs – fork it” still stands. As for the lack of moderation – that’s applicable to the official instance, I guess? 'Cause it’s like more than a half of all the users, so no wonder they can’t moderate everything

Questionable: should’ve been replaced with an API call that shows user a pop-up like “do you want to change the default browser to $browser_name?”. Rn it’s just breaking stuff for the sake of keeping internet chromesplorer.

Sending plain-text passwords is rather interesting, tho. Could’ve at least optionally encrypted 'em with a key derived from smth known by the user only.

1. Compile jvm into wasm
2. ???
3. Be universally hated

May I interest you in https://tushar.lol/post/cursed-for/

So, as I’ve mentioned, you’ll need another machine (I’d advice running Linux on it, but it’s probably not strictly necessary)

The easiest route would probably be to run their all-in-one docker image. I believe, their instructions are rather straightforward. It would be enough to expose port 8080 only in the provided docker run command.

Then accessing from outside the local network may be accomplished via tailscale.

By default it will be accessible from within your tailnet only, but if it doesn’t suite you (e.g. you want to use another VPN on your phone to hide your traffic from your provider or bypass regional restrictions) you can expose it to the internet via tailscale funnel.

So, regarding the account: it depends. AFAIK, there’s no “graphene account” in grapheneos, but you can use the regular google account after installing sandboxed play services. Note: you don’t have to, the only things from google I personally used were gcam (since their hdr+ thingy is quite good) and photos (since foss alternatives I’ve tried can’t 3d transform), both without play services and internet access. On other roms there may be an optional account (ex, /e/os).

Applications: there’s a messaging app (regular SMS) and gallery (not sure here, tho, mb there wasn’t; once again I decided to keep using google photos), otherwise - nope. All can be obtained from f-droid/play store/aurora. Syncing probably needs to be done via 3rd party stuff (I’d probably go with self-hosted nextcloud instance, which can be done rather easily and for free with tailscale if you have a spare laptop/pc)

App installation: I personally went with f-droid plus aurora (since the proprietary software I use doesn’t rely on play services other than for sending notifications, exception - gcam, but fixable with gcam services provider from f-droid with the caveat of not being able to use sandboxed play services due to the name collision). Idk how exactly sandboxed play services are “better” compared to f-droid, mb in terms of software availability? Otherwise I prefer f-droid since stuff there is Foss, trackerless and overall better audited (paste here the links to numerous articles about actual malware being found in play store).

Self-hosting nextcloud is relatively easy (I can drop some links later if you’re interested), but you can also keep using whatever you used before. Also (correct me if I’m wrong) /e/ provides their cloud with some amount of free storage, so you may want to start with that.

I’d just wipe everything; also change the passwords to the accounts used during suspected infection, mb try to ask the cellular provider the SMS history in case it reset any passwords. Y’know, the usual stuff.