This list is a must.
This list is a must.
I 100% agree, its best to just stick to upstream Fedora imo. Glad you made this comment. The security issues of Nobara always put me off, especially since basically everything it does can just be applied to regular Fedora. I think Nobara would much better serve as a script or toolkit, similar to Brace, or something along those lines instead of an entire separate OS with the security issues it brings.
Didn’t realize they had one, appears a lot of functionality requires an account to use. I’d be cautious overall based on the privacy practices they use in their mobile app, doesn’t seem to be a big concern for them and I’d be careful giving them any trust. But if you do wish to use them, their mobile site with a good content blocker would definitely be the best option (preferably without an account if possible).
I like the concept of Ground News, but about the privacy…
According to Exodus, their mobile app contains 9 trackers:
Also wants location, camera, phone state, and advertising ID access?!
No thanks.
Yeah, its just stupid on all angles. Nearly all security benefits of using iMessage over something like SMS go out the window entirely when using middleware like this. The only thing you gain is the color of your bubble and maybe some extra features. Overall its useless. If someone seriously thinks lower of a person or their social status of whatever because of the COLOR OF THEIR MESSAGE… that person has issues and I could care less about what they think of me, some self reflection could be nice.
The problem with graphene is that is shamelessly promotes proprietary software.
How does GrapheneOS "shamelessly promote" proprietary software? I don't think I've ever seen them do this. Maybe you're referring to Sandboxed Play Services? But that isn't "shamelessly promoted" or recommended, it isn't even included in the OS, its just an optional app that can be installed for those who need it.
They have build tools to try to make it safe to run non-free programs (proprietary software) but that entirely misses the point.
I assume you mean Sandboxed Play Services again? That's far from the only feature or benefit that GrapheneOS gives. They do much more work than just Sandboxed Play Services or making it safe to run "non-free" programs. They make it safe to run ANY program, regardless of license.
Thorium isn't good at all imo. They don't really do much to enhance privacy/security, and have constantly delayed updates. It seems to be ran entirely by 1 college kid in his free time.
I like Chris Titus, but I wouldn't really use him as a source for privacy/security advice.
Pro would just be not directly connecting through Google/YouTube servers, and instead using a proxy. Its a nice privacy benefit. I agree it could make things slower, so I don't think it should completely replace direct connection with YouTube, but I just think the option would be nice to have.
App looks legitimately amazing. Seems a bit buggy in alpha but I'm sure it'll be ironed out. I just hope they look into supporting Piped instead of directly connecting to YouTube, as well as SponsorBlock. Once they get those 2 things and iron out some of the bugs, I'll primarily use it for sure. Its a great concept.
Yeah, anticheats are a privacy and security nightmare that most people don't even think about. You're effectively giving their proprietary software extremely invasive kernel level access to your system. They can access and do pretty much anything they want on your device with really nothing stopping them. Anticheats like this are extremely dangerous and should certainly be avoided where possible.
I understand the problem of cheating in games, but I feel like there has to be a better solution to this problem, as making users install an extremely invasive rootkit isn't acceptable at all imo. I'd recommend avoiding games that include invasive anticheat or DRM like this. Best way to get across that this isn't okay is through the wallet.
Google is actually right here for once. Signal is not offered on F-Droid, and its package name is org.thoughtcrime.securesms, not org.thoughtcrimes.securesms.
Only official places to download Signal are through the Google Play Store or their website (which self-updates).
The Hated One is my favorite. I also like Mental Outlaw.
Could you please provide and example or two? I wish to verify it, since I didn't notice any last time I checked the site.
Sure, let's look at the page for Firefox. They claim that there are "Automatic connections to some websites you've visited, including their trackers" with the new tab page, and that they "couldn't find a way to disable it." Whoever made this website couldn't take 2 seconds to go to about:preferences and see the option to display recently visited sites?
They also have a section titled "Firefox tracks users with Google Analytics", which they're very misleading about. Instead of explaining that GA is only present in about:addons and that it can easily be disabled, they're extremely vague about it and just blindly say it "sends analytics to Google", which would lead people to believe its much worse than it actually is (i.e. Chrome level). There's an important distinction between: "Google Analytics is present on 1 page in the browser and can be disabled" vs. vaguely stating "Firefox send analytics to Google" without full info or context. Hopefully I'm explaining that well enough.
Its also disingenuous to consider Firefox's Captive Portal as "phoning home" without, again, providing full info or context. It has a legitimate purpose, to allow users to connect to public networks, and can be disabled for those who wish to do so. It doesn't give any data to Mozilla, all it does is detect if a captive portal is present. I think this is another instance of the context being important to have, which the website just simply doesn't give.
Another instance, look at their page on Tor Browser, where they just flat out lie and accuse Tor Browser of "sending telemetry".
I could go through more, but these are a few I notice immediately that I take issue with.
They're very clear that this is their approach (bold text on the home page). Even if you disagree with their definition, that doesn't make the site bad.
Categorizing something as spyware solely based on the number of connections it makes is horribly irresponsible at best and dangerous at worst. Whoever made this couldn't even be bothered to find what data is actually being exchanged for most of these connections. There's a lot more to determine how privacy invasive something is then just sitting and counting the number of connections it makes, and treating them all as malicious and for "tracking".
And there are many valid situations where a threat model should be this strict, consider anti-government activists in any country.
That's why this website is so dangerous. Calling Tor Browser spyware and saying it sends telemetry could trick people who don't know better to use worse alternatives. This even moreso extends to casual users too, who could also be misled into using a less private browser as a result of this website's insane claims.
It says "Not Spyware". https://spyware.neocities.org/articles/tor
They have a separate article up calling it spyware as well, see here. Weird contradiction from them and just shows this site isn't very well designed or thought out.
The neocities link calling Brave and other browsers spyware.
That website is very bad and full of verifiably false information, they act as if any and all connections a browser makes are automatically bad and "spying". They even claim that Tor Browser is a "spyware".
Brave is not spyware. That website you linked is horrible and full of misinformation. They also claim that Firefox, and even Tor Browser, are spyware. They act as if any and all connections a browser makes are automatically bad and used for spying/tracking.
I won't disagree with the other criticisms of Brave that you made, but just wanted to point that out. That website is just highly unreliable and makes verifiably false claims about the browsers it reviews.
I wouldn't even trust the Google Play Store, its notorious for having problems with malware, and full of fake apps impersonating trustworthy ones. This has happened to apps like NewPipe several times.
Overall, only source I'd trust for apps is F-Droid, and maybe GitHub/GitLab/Codeberg, depending on how much I trust the developer and the app.
I'm not sure if it could be done without at least compromising security to some extent (at least in Android's current state, but maybe that could be changed or worked around in the future), but yeah, overall I do agree, that's what I was trying to get at. I definitely support there being an official and easier method to root on Android, as long as it isn't the default, and as long as the risks are clearly explained. People should certainly be able to do whatever they want with their own devices, it is unfortunate, and definitely an overstep from Google and OEMs.
Not sure how it hasn’t been said yet, but I really like Helium314’s OpenBoard fork. Can’t recommend enough.