Hmm have to check that again.

I really like SimpleX on Android, it is a good and often way better Signal replacement.

And now I am replying back, just like that!

Nobody talked about Calyx, but yeah, Fairphone is the worst XD

Others like /e/OS are similar to Fairphone (it runs on Fairphones)

I also dont think you give Google a lot of money when just leeching on their services with lots of fake accounts.

I use Youtube with adblock / custom apps since 6 years or something, so that should be equal to the market value I gave their phones on the used market

The phones are good. Yes it is a lot of money, and they do silly stuff with these phones, like removing everything or using glass everywhere

I just buy used. Way cheaper, never gonna pay more than for my Laptop

Their hardware requirements are pretty clear. Samsung is the only one with comparably secure devices, but they use nonstandard tools like Odin and lock down many security features to the stock OS only.

Other companies are supposedly not making anything as secure.

https://grapheneos.org/faq#future-devices

Also, only Google can really ship updates that quickly and fully, as Android is literally their OS. They are also a huge company, so yeah they have way more resources than a random other company you might prefer.

Example Fairphone, which has horrible update schedules

Damn that was fast.

This is standard PGP but kind of done automatically as people are lazy. And Thunderbird could be better, AND there is no maintained PGP on Android?

Tracking just sender/recipient needs way less storage than saving entire mails, HTML, Images etc.

So if you have your name in the address, and you communicate with shit servers, it will be saved for sure.

If not, then maybe not.

Most people just need to fear their passwords being cracked remotely. In masses.

If your threat model is being known, people stealing your stuff to login to your things, this is very high.

A password can be cracked and is often very bad.

Yeah that factor may not be wanted. But it is a security factor, because only you have it.

You could hash it securely so the computer gods dont know your fingerprint. And you could only use it in addition to another factor.

You could archive chats encrypted too.

Something you know, something you have, something you are.

3FA:

• Pin
• Security Key/TPM/Secure element
• fingerprint / iris scan

You could also start with just one of these

Some way to encrypt the decryption key.

This could also mean TPM + Pin. Or using a Nitrokey, externally, which stores the password to decrypt the decryption key.

That is how user account unlocking (on GrapheneOS with Pixel phones) is done.

opportunistic TPM integration would be nice.

I.e. use the security chip of the device, if one is found. Otherwise use password.

OR use a Nitrokey etc, which can act as a secure device to store these keys too.

Take that, Windows. You dont need a builtin TPM if you can use a Nitrokey 3 with a secure element, externally.

Finally! Their deb was broken even on Ubuntu, and Appimages are no real option.

But the size is insane, Electron is really an issue.

Also, the app just works if your phone is in the same LAN, and requires an open port which is also randomized, so secure firewall configs are very problematic, as you need to open the port manually every time.

Horrible… this is just horrible. The Android app is 300MB and it is the actual client.

The Desktop app is just a relay “receiver”, it doesnt work without the phone.

And it also uses a randomized port everytime which you need to allow, every time… at least using normally secure firewalls.

Thanks for the info

Yep and hope their servers dont have equally bad code.

He says Windscribe sucks. Mullvad obviously not as they are regularly audited

Meanwhile Windscribe…

Killswitch is the extreme one, if the VPN is off no connection gets through.

Blocking is similar but allows to split tunnel

Yes, blocking mode and kill switch.

https://lmddgtfy.net/?q=vpn killswitch

Yes you can do that. Keep an eye on blocking mode as that may be unavailable

Damn! This is good news as I use NoScript for years now.

Noscript manages cookies? Are cookies only loaded if you enable javascript?

PiHole is obviously not a solution…