31337 h4xx0r | c7ph35punk | h4ck 7h3 pl4n37
If you think Fdroid security is on par with Google security… then I got a bridge to sell you
An upstream compromise that affects downstream hosts. A good example is the NPM supply chain attack -> https://hackaday.com/2021/10/22/supply-chain-attack-npm-library-used-by-facebook-and-others-was-compromised/
The diminished security resulting from the increased likelihood of a (single point of failure) supply chain attack.
Yes its possible for malicious devs to trojan apps, but due to apk signing it is much more difficult for a third party entity to induce a supply chain attack, which is my real concern when it comes to phone security.
If you have a lower threat model, this post isn’t for you…
Sure, atleast you admit there’s a trade off (security) for (FOSS) and maybe some additional privacy.
People should be made aware of the risks and choose according to their threat models, which is why I’ve highlighted some of these issues to begin with.
What’s gonna happen when hackers take over skynet?
Sounds like the perfect opportunity for GrapheneOS
Doesn’t affect the end user… beyond diminished security. Are you implying I should trust Fdroid devs as much as I would trust Google devs?
Sure, I’ll spell it out for you since apparently the point went right over your head. Fdroid devs are a single point of failure by signing every application themselves. This introduces a potential for supply chain attack, not to mention Fdroid running on EOL servers.
When you use an individual dev repo, you can avoid any trojanized apps from Fdroid because the developers maintain their own infrastructure and sign their own apks.
That’s called… D I S T R I B U T E D T R U S T
You can’t use online maps anonymously. Even if you downloaded offline Google Maps, you cant trust Google not to upload your historical data the moment you get internet connection.
Organic Maps and Osmand+ work on Graphene without google play services and 100% offline.
Did you even read the article? F-Droid signs all the apps in the main repo…
Love F-Droid but be aware of the risks and always try to use a developer repo when possible…
Normie’s gonna normie. If we ain’t talking over signal we ain’t talking.
That’s the whole point… hackliberty.org!
Reporting for duty
I never trusted bitcoin and knew every move was being tracked by the feds… I also got tired of shady in person cash deals in parking lots for ‘clean’ BTC…
Fast forward many years and now I’m a Monero extremist.
Teens should be allowed to enter the workforce if they want. The issue is with exploitative parents who would force their children to work.
From Riseup: “Due to Thanksgiving and other deadlines, our lawyers were not available to advise us on what we can and cannot say,” the collective member told me. “So in the interest of adopting a precautionary principle, we couldn’t say anything. Now that we have talked to [counsel], we can clearly say that since our beginning, and as of this writing, riseup has not received a NSL, a FISA order/directive, or any other national security order/directive, foreign or domestic.”
Intercept article: “And yet, when I asked if riseup had received any request for user data since August 16, the collective did not comment. Clearly, something happened, but riseup isn’t able to talk about it publicly. The riseup collective is currently having internal discussions about when it will be able to update its warrant canary.”
I have engineered my instance to not log IPs at the reverse proxy, so yes it can be done, however, you should always use a VPN because of network observers (ISP, datacenters).
If you’d like to be able to search for house addresses in osmand+ you can download these map packs… A total life saver…
https://github.com/pnoll1/osmand_map_creation