@Zagorath@aussie.zone wanted to know, should you expect privacy in public places?

Before I answer that, I would like to give my genuine thanks to everyone who responded in my previous post where I asked you for some controversial privacy topics. You did not disappoint, and I'm glad I will be able to cover them!

This question is a bit complex, depending on how you ask it. The answer also largely depends on what you believe. If you believe that privacy is a fundamental right, then privacy should be expected no matter where you go. If the question is "Can you expect privacy..." versus "Should there be privacy...", the answer changes dramatically.

Is there currently privacy in public spaces?

In many places, there is little to no privacy when you walk out the door. With Ring doorbells latching on to every home like a parasite, or security cameras clinging to the ceiling of every store you walk inside, surveillance is everywhere. This section won't cover whether or not surveillance is moral/ethical/justified, but either way surveillance infringes on privacy. Even with no surveillance cameras, Sarah-from-down-the-street is always on a video call with her bestie.

Saying "privacy in public" is a bit of an oxymoron, since no matter what you will always give up a little privacy the moment you walk out the door. Things you do privately in the bathroom are simply not allowed in public places.

Should there be more privacy in public spaces?

Now may be a good time to clear up a common misconception. What is privacy? Privacy does not mean obscuring every detail of your life. Privacy is the ability or choice to share or hide information about yourself. That is why surveillance cameras infringe on privacy: You have no control over what they record, who has access to those recordings, and what those recordings will be used for.

That sort of answers the question, too. If you believe privacy is a fundamental right, then there should be an expectation of privacy in public spaces, and so a reform needs to happen.

What are the real effects of privacy in public spaces?

People act differently when they know they are being surveilled. See the Panopticon for an experiment about that. It has negative effects, whether people realize or not.

@Sauerkraut@discuss.tchncs.de told a story that I particularly love:

"Just last week, my partner and I were on a long hike. No one was around us so to loosen our muscles we started dancing like goofballs on the trail only to look up and find a drone hovering in the shadows recording us. I was embarrassed, but my partner is a very private person and was really upset. [...]"

When they expected to be in a secluded, private space, they freely expressed themselves. The moment they realized that someone had been watching, they became embarrassed or upset, like a switch had flipped. That is the real affect surveillance has on us. We express ourselves less freely, we conform to rules without question out of fear. Surveillance becomes a form of oppression on a wide scale.

I even have my own anecdote. I once took a trip to a small town. When I got there, I subconsciously looked around for security cameras. I do that to gauge how much privacy I currently have. I then noticed that I couldn't see any obvious security cameras. I stopped and looked around harder. The town had not a single security camera in sight. I have almost no way to describe the sense of calm and relaxation that washed over me. It felt like someone giving you a massage after being stressed all week, or finally being honest with everyone about a secret you've been keeping. It was such a nice feeling to walk around a town privately.

Why do we have surveillance?

The main justification for these surveillance measures is to prevent crime. It makes sense intuitively, if you have an eye on every corner you can catch any criminal easily. However, it ignores one massive flaw: criminals will always find a way to do things privately. If you make privacy illegal, it doesn't change anything, because criminals won't follow the law anyways.

I have my own quote about this, that I love very much: “Unjust laws only burden the just, as the lawless will not heed them.” Removing privacy only hurts the people who will follow and abide by the rules. You're removing the privacy of the good people, while the criminals will program "illegal" software to achieve privacy. Giving privacy to everyone means that, yes, it makes criminals' jobs easier, but it means we can shift to actually solving the problems that cause the crimes in the first place. "The best way to conquer bad ideas is with better ideas, not by suppressing ideas." - Naomi Brockwell

"The optimal crime rate is not zero. We can't burn down the entire world just to stop somebody from stealing a pack of gum. The cost is too high. There is a percentage of crime that is going to exist. It's not ideal, but it is optimal." - Nick We need privacy for a free society. Surveillance is not the answer for fighting crime. There are ways to combat crime without infringing on privacy.

Is blurring your house on the map unreasonable?

This question is another one brought up by @Zagorath@aussie.zone. Blurring your house is a way to achieve some privacy, and in that scope, it is good to do. However, as @RiderExMachina@lemmy.ml points out, it could cause someone to do the opposite and start looking closer into why your house is blurred. That's called the Streisand effect.

Site note: I find it hilarious why the Streisand effect is named how it is. The story goes that Barbra Streisand tried to hide her place of residence by suppressing a photograph that had made it to the public. That, of course, had the opposite effect, drawing more attention to the photograph and her residence. Then, even more attention was drawn, because the Streisand effect got named after her and the very same image is now plastered on Wikipedia.

Unfortunately, blurring your house on the map doesn't provide much privacy, since the organization who photographed it still has a clear picture of it. It doesn't stop the surveillance. It's not unreasonable to blur it, though. You should still want privacy against the Streisand effect. The best solution would be a quiet legal take down of the images altogether.

I have another story to go along with this. I got a job, and it was later revealed in conversation to me and my coworkers that our boss likes to look up everybody's address on Google Street View. Everyone was uncomfortable with that, but our boss saw no issue with it. This is a legitimate case where blurring your house is a good idea. Sure, people may try to ask you why it's blurred, or try to look up pictures on other sites like housing retail, but it still prevents (frankly, creepy) bosses from snooping at your home.

Conclusion

Privacy is a fundamental part of our lives, and surveillance infringes on that. We should all do our part to gain what privacy we can, because every bit of privacy you gain now is freedom you will have in the future. This was a lot of fun to write, and I thank @Zagorath@aussie.zone and all of you for your suggestions. I will continue to tackle each of the topics asked in the previous post one by one.

Thank you for reading!

\- The 8232 Project

If you don't know me, I make frequent write ups about privacy and security. I've covered some controversial topics in the past, such as whether or not Chromium is more secure than Firefox. Well, I will try my hand again at taking a look at some controversial topics.

I need ideas, though. So far, I would like to cover the controversy about Brave, controversy around Monero and other cryptocurrencies, and controversy around AI. These will be far easier to research and manage than Chromium vs. Firefox, for example. I'd like to know which ideas you have!

Which controversial privacy topics do you know of that you would like to see covered?

PLEASE DO NOT ARGUE ABOUT THEM IN THE COMMENTS!

Please save any debate for if/when I make a write up about the topic. Keep the comments clean, and simply upvote ideas you would like to see covered. I won't be able to cover everything, so it helps bring attention!

Above all else, be kind, even if you don't agree with an idea or topic :)

If you're just here for the results, the best ones are listed in my list of software, Open Source Everything under the "Sports & Health" section.

For the rest of you, thanks for staying! 2 days ago I made this post asking you all about which health apps for Android you recommend. I appreciate everyone who took the time to give their recommendations, however, I didn't get as many responses as I had hoped for. So I took inspiration from Thanos and tested out 81 different health apps for Android.

Wait, 81? Doesn't the title say 49? Yes, I tested 81 apps, but a good bit of them were either unavailable, required an account to use, not open source, or not a health app at all. So, those have been omitted from this list.

I should also mention that I didn't try every app, so you may have one I didn't try! I tried to test the major ones I could find from a massive list, but obviously we are all human and make mistakes. With that, here are my opinions for each software I tried.

Beauty Product Information

The only one that fits in this category is Open Beauty Facts. It requires the Network permission to function, and it's used to look up information about different beauty products. You can add these products to a list, scan barcodes (if you grant it camera permissions), and more. It's fully featured, still active, and the best app for this so far. However, the UI is fairly basic and it contains optional telemetry.

Breathing Exercises

Inner Breeze

Inner Breeze is a somewhat basic app to help you with breathing exercises. The app has a nice UI, and a few settings. It allows you to also keep a history of your breathing sessions which can be viewed in a graph. It requires no permissions at all.

Breathly

Breathly actually would have been the top app in this category, but unfortunately there hasn't been a commit in over a year. It has a better UX than Inner Breeze, and includes calming(?) voice instructions to guide your breathing. It does require DCL via memory permissions, which is unfortunate. It also does not have a graph functionality, but it does have different types of breathing exercises.

Brethap

Brethap (which I keep accidentally calling "Brethrap") has a basic UI, but it includes plotting your breathing sessions on a calendar. It also includes a web interface. It requires no permissions. It has decent customization, and includes support for Text to Speech.

Diabetic Trackers

Glucosio

Glucosio is an app for tracking different things within the body, such as glucose level, cholesterol, etc. It allows you to add custom data, graph it, import and export data, etc. Unfortunately, there aren't many settings and the app has been abandoned. The UI is very basic, but it's functional. It requires no permissions.

Diaguard

Diaguard is a German diabetic tracker that also has full English support. It is similar to Glucosio in functionality, but it has many more settings and a better UX. The UI is still basic, but it requires no permissions to function. It can plot graphs and pie charts, as well as many more functions. It is the best in this category.

xDrip+

xDrip+ has a horrible UI, confusing elements, I'm not even sure which permissions it needs, but it (supposedly) can connect directly to physical glucose meters. I don't recommend this app, but this isn't as bad as it gets.

Juggluco

Juggluco has the absolute worst UI I have ever seen, not just on this list. It forces you to use it in landscape, the clock does not hide itself, it seems to be badly translated, it has no settings, it barely has controls, but for some reason the app is still being updated.

Diet Creation Tools

The only app for this that I could find is Daily Dozen. By default it uses a scientifically recommended diet for your day, with no customization. It has a very basic UI with no settings, but it allows you to check off which foods you ate that day. It requires no permissions to run. If anyone is willing to make health software, this would be a good section to make it for.

Fitness Trackers

This section is weirdly named. Gadgetbridge is a replacement software for proprietary apps for your wearable gadgets. I've never used it, but it seems to have good support. It asked for so many permissions it might as well have the root permission itself, and the themes are slightly broken. The UI is fairly basic, but there are plenty of settings.

Gym Exercise Trackers

This section was really difficult to pick a best for.

Massive

Massive is a material exercise tracker. It requires no permissions. You can view your data on graphs, import and export, create custom exercises, and more. However, the experience is a bit confusing, there's little customization for which exercises you do, and there are a few bugs. Overall, it's the best in this category, but not by much.

Fast N Fitness

Fast N Fitness has a really bad UI. It requires no permissions to run, you can customize the exercise types, graph your data, create profiles, and more. It isn't really special, but it does have a worse UI than the alternatives.

GymRoutines

Also a material fitness tracker, GymRoutines requires no permissions to run. You can create custom workouts, graph them, backup and restore, and... That's it. That is about all the app can do. It has only 3 settings. It's very basic, and the last commit was 9 months ago.

Verifit

Verifit was someone's passion project, with a surprising number of features. It has pretty much every exercise you can imagine, as well as custom exercises. You can view the data on pie charts, import and export data, log workouts, and more. Sadly, the project was abandoned. It has a basic UI and few settings. It requires no permissions.

Lift

Lift was abandoned 4 years ago. It allows you to put workouts on the calendar. The (two) settings don't work, it has a basic UI, and does not have custom workouts. It requires no permissions.

Habit Trackers

Table Habit

Table Habit is a material habit tracker. It has a setting for "positive" and "negative" habits, however the goal of the app is to enforce habits and not break them, so... if you have a negative habit of murder, and need some encouragement, Table Habit is the app for you! It's essentially fully featured, so it has way to many functions for me to list. It requires no permissions to run.

Loop Habit Tracker

Loop Habit Tracker is tied with Table Habit on which one is better. LHT has a more basic UI, but it has a lot more streamlined experience with habits. It does not allow for negative habits. It is simple but powerful. It also hasn't had a commit in 6 months, but it is still great software. It requires no permissions to run. If I had to pick though, I would probably choose Table Habit.

Medicine Reminder Tools

I only tested Simpill, but people did suggest others to me. Simpill has probably the best UI out of all of these apps. It requires notification and background usage permissions. It has few settings, but it doesn't really need many. It is a bit buggy with 24 hour time disabled, and you need to make sure you enable background usage, but it works well. I may eventually try out other apps in this category.

Meditation Tools

Medito

Medito requires a network connection initially, but you can download meditation audio offline. The purpose is to play audio to guide you through meditation for different purposes (sleep, relaxation, etc.). It has a lovely UI. However, there are no settings, and it does not allow importing meditation audio.

Om

Om was abandoned 5 years ago. You open the app, and you either have a voice guided meditation, or a self-guided meditation (an annoying bell). That is the entire functionality. It requires no permissions, and has absolutely no other features.

Meditation

Meditation, also known as Essential Meditation, is a weirdly popular meditation app. It requires notification and background permissions to function, except it shouldn't need those. You can change some settings for the sound you hear, etc. It has a basic UI. It also gives me a headache. Maybe I should log that in the...

Menstrual Cycle Trackers

Something something disclaimer about "mature topics" so this post doesn't get nuked by lemmy.ml.

drip.

drip. allows you to track menstrual cycles and symptoms. It has plenty of default symptoms, allows you to encrypt the app with a password, import and export data, and more. You can view this data on a calendar or a graph. It has a basic UI, few settings besides the ones listed previously. The UI is also slightly laggy.

log28

log28 would have made it alongside drip., but unfortunately the app was abandoned 2 years ago. It has a basic UI, some bugs, but requires no permissions. It has plenty of default symptoms. You can view data on a calendar, but not a graph.

Mensinator

Finally a material design app, Mensinator allows you to track menstrual data and symptoms. It does not come with many default symptoms, but you can add your own. It offers some customization, statistics, import and export, and more. It allows you to view data on a calendar, but not a graph. It requires no permissions, but does have a few minor bugs.

Mood Trackers

I've been writing for an hour straight, so let me log my fatigue in Pixy. Pixy has a lovely UI, although slightly laggy, and allows you to log your mood for each day. You can view the data on a calendar, graph, bar chart, and lots more. You can also log what you did that day, import and export data, change colors, etc. It is probably fully featured. However, it is sadly abandoned, requires DCL via memory permissions, and tracks your data if you give it network permissions.

Nutrition Information Tools

Let me speedrun this one: Open Food Facts, which also has a web interface, lets you scan bar codes or search products to view information such as ingredients or how humane it is. It has opt-in telemetry, requires network permissions, also requires DCL via memory, does not have a local database, and has a mediocre UI. It has plenty of customization, and you can add products to a list.

Pedometers

Pedometer (PFA)

This app is abandoned, which is unfortunate since the team behind it also makes so many other fantastic apps. It allows you to track your steps, view it on a graph, and more. It has a basic UI, few settings, and requires the physical activity permission.

Paseo

Paseo has many more features than the previous app. It has a basic UI, and requires the physical activity permission. It shows much more data in graph and circle form, such as current steps and expected steps. It has lots of customization, you can set step goals, it's overall great. It is, unfortunately, abandoned as well.

If you want to make a health app, this is another good section for it.

Physical Activity Trackers

This section was extremely difficult to decide best software for. Let me break my default style and tell you a little story. The first app I tried was OpenTracks (actually that's a lie). It is unique because you can use it fully on its own, but it does not have map capabilities. To get map capabilities, you need to install either "OSM Dashboard" or "OSM Dashboard (Offline)".

OSM Dashboard will allow you to use OpenStreetMaps directly, or download other maps for local storage, etc. OpenTracks will then display your physical activity path on that map (or without, if you really want just the shape). OSM Dashboard (Offline) does not connect to the internet ever, at all, for any reason. You have to download maps yourself and import them yourself. OpenTracks for real made 3 separate apps so you can be as private as you want by installing only what you want, and I applaud that massively.

However, it came between OpenTracks and FitoTrack. FitoTrack essentially packages the map capabilities within the app itself. You can load from OpenStreetMaps directly or import downloaded maps. What made FitoTrack better is the ability to view your data on a graph, bar chart, etc. Also, OpenTracks requires notification and nearby devices permissions, whereas FitoTrack does not. OpenTracks has a slightly broken UI, FitoTrack has a basic UI and fewer settings. While I massively applaud OpenTracks for their work so far, FitoTrack is my current preferred option.

There is also RunnerUp, which just has a bad UI. It allows graphs and connected devices.

Seasonal Food Information Tools

Speedrun time: Seasonal Foods Calendar is an abandoned app that simply tells you which foods are in-season for your location, as well as basic information. The app lacks in data and customization, has a basic UI, but allows you to search for foods. It requires no permissions.

Relaxation Tools

Noice allows you to play relaxing background noise sounds. It requires network permissions, but you can download audio for offline listening. It is material design, has plenty of settings, and I would say it is fully featured. However, it does have optional telemetry.

Weed Trackers

Something something disclaimer don't do drugs please don't nuke this post.

Petals helps you track your weed usage to help you see how much you're using, if it's dangerous, and educate you on everything it can. It requires no permissions, you can import and export data, it has an app lock, and plenty of settings. It has a mediocre UI, but it includes many graphs. For some reason it added icons on the home screen for me, YMMV.

Weight & Diet Trackers

I'm not going to be detailed with this section because it was honestly the worst one to gather info on. trale is as minimal as it gets, but it's available for Accrescent if that's your thing. openScale can connect to Bluetooth scales and track lots of data. Energize has integration with OpenFoodFacts. OpenNutriTracker forces you to agree to a privacy policy and EULA. Waistline is laggy and requires a network connection for some integrations. All these apps basically do the same stuff, except for trale which does very few stuff. You can track what you eat, your weight, and set goals. I couldn't decide on a "best" for this section.

Workout Routine Tools

I've been testing all of these apps for the past 3 days as well as writing for the past 2 hours, so you can start to see my slow descent into insanity. I really need an editor.

Workout Time

This was abandoned, is slightly laggy, and straight up does not work.

Liftosaur

This app requires network permissions because the entire app is just a website. That means it's super laggy, and has no settings.

openWorkout

This app has ads for some reason, but it doesn't need network permissions so it doesn't matter. It has a basic UI, and lacks in settings and features.

Those 3 are pretty terrible, but these last 2 apps were pretty much tied.

Feeel

Feeel is great for creating custom workout routines. It not only lets you pick which exercises to do and for how long, but it also teaches you how to do those exercises, which pictures. The design is great, it has few settings, and has its own polygon style. It requires no permissions.

LiftLog

Liftlog is a material design app to create workout routines. It lets you create your own exercises, view stats, and more. The app is kind of laggy, but it provides plenty of good settings. It does, however, have premium features such as AI. It also requires DCL via memory permissions.

Workout Timers

Finally, the last section, I'm going to break my style again to save my sanity. HIIT was abandoned 3 years ago. OpenHIIT lacks in settings, has a material design, and only allows up to 9 exercises.

Just Another Workout Timer and TimeR Machine almost tied. JAAT is material design, fairly fully featured, but the UI is confusing, button positions are weird, and icons can be unclear. It makes it very difficult to use. However, it has plenty of settings, including import and export.

TimeR is a more basic UI, but it is much more clear what is going on. It even puts you through a tutorial in the beginning. You can view data on graphs, etc. It's my preferred option. It requires no permissions, has plenty of settings, it's great.

Conclusion or something

People get mad at me for not adding summaries or conclusions, so... Hello, I've lost all personality and soul after writing this. I hope this helps someone in the future find some good Android health apps. Please make more health apps, since the open source community really needs it. Please check out Open Source Everything, which is my own curated list of open source software that I've been working on for years.

Anyways, thanks for reading!

\- The 8232 Project

Oh yeah, P.S., I didn't actually double check that I listed 49 software here. If it's 48 or something it's because I was going to add Quit Smoking but it's abandoned and the source code no longer exists besides archives.

I maintain my own list of open source software, but one of the biggest struggles has been finding open source health apps to add to the list. It seems like the open source community is lacking in this area, compared to proprietary counterparts.

I'm beginning to flesh out some of the health apps on my list, and I am looking for recommendations on which apps are generally used. This is an extremely rare circumstance in which I am asking for community feedback to add software to the list.

My preferred criteria is as follows:

Available for Android

It can be available for other platforms, but I tend to prioritize open source operating systems such as Android or Linux. In this case, a health app for Linux would rarely be useful. If available, please note whether or not the app works well with strict permissions on GrapheneOS.

Has a clear, distinct purpose

I prefer not to categorize the same app in multiple places. I am a believer of software being the best at one thing, rather than trying to be the best at everything. So, I would like to categorize different apps for each purpose (calorie tracking, nutritional information, fitness tracking, etc.)

Works entirely offline

Ideally, apps should work without ever requiring an internet connection. Having the ability to download data for offline use later is fine, if the data is large enough to warrant not being packaged with the app itself.

Still actively maintained

It's rare that I add outdated or abandoned apps to my list, but there will always be exceptions. The apps should be actively maintained, and have modern usability and appearance.

Those are best case-scenario criteria, your recommended app may not follow that. All apps should, of course, be open source. I am leaving the definition of "health apps" without elaboration on purpose, because I am looking for all health-related and physical wellbeing apps.

Thank you for your suggestions! :)

StreetComplete makes contributing to OpenStreetMap easy and fun by turning contributions into "quests" on a map for you to complete. No personal information is required, just create an OpenStreetMap account, and start contributing directly in your area!

I tried this out myself, and it is truly fantastic! I had never heard of it, and I'm sure many of you haven't either, so spread the word!

Tip: When entering buildings to ask questions (opening hours, etc.) be ready to explain what OpenStreetMap is :)

I made this post, outlining my verdict about whether or not Chromium is more secure than Firefox. At the very end of the post, I noted "GrapheneOS did not respond to my requests for a comment."

Well, after weeks with no reply, they finally responded. I don't plan to do any more research about this topic, but this information is still incredibly valuable. Keep in mind the questions I asked the GrapheneOS team were created before I had done much research about the topic. Here are the questions and GrapheneOS's replies:

Does Firefox have isolation between tabs?

incomplete

Is Firefox's implementation of tab isolation as secure as Chromium's?

no, it's incomplete and their sandbox is significantly weaker across all platforms, but it varies based on platform

Firefox uses Fission to isolate embedded content from the main website. Is Fission used for tab isolation as well?

it's incomplete

Is Fission the main cause of concern about Firefox's security?

there are many ways in which it's less secure than Chromium, but the weak sandbox particularly that's entirely not implemented on Android is one of the main issues

Are there other reasons why Chromium is more secure than Firefox, besides Fission?

Chromium uses full garbage collection for a lot of the C++ objects, has much more hardened memory allocators for native allocation, has the V8 sandbox as another layer of security missing in Firefox before the OS sandbox, has much more fuzzing, auditing, etc. and much more modern exploit mitigations implemented too

Firefox is far behind in nearly every way and laid off a lot of their security people

Isolation of embedded content is important to prevent Spectre and Meltdown exploits, but is this actually something that an everyday user will be majorly affected by? It seems that, unless you are logging in through embedded content, there is far less risk associated with this from an everyday standpoint. Again, more security is obviously better, but is this as big of an issue as it's made out to be?

yes it impacts users because browser vulnerabilities are widely exploited in the wild and the OS sandbox is one of the main defenses against it, as is the V8 sandbox feature entirely missing in Firefox

Google heavily monitors for browser exploits and catches a lot of it happening in the wild

Mozilla / Firefox has little visibility into it

therefore, it's much more widely reported for Chrome but does not mean it isn't happening with Firefox regularly

Is Firefox less secure on Linux (besides Qubes, Tails, etc.) than other desktop operating systems?

Tails is not a hardened OS at all, that's a misconception about it, and it has nearly all the problems of desktop Linux

Firefox on desktop Linux has weaker sandboxing than elsewhere

on Android they haven't even implemented a content sandbox, although the OS provides an app sandbox around it as a whole but that's not the same thing

In which ways are Fission less secure than Chromium's Site Isolation?

it's not even completed yet, the issue is still open since not everything is isolated yet and there are known ways out

Does Brave provide the same privacy against fingerprinting as the Tor Browser?

Tor Browser's anti-fingerprinting is greatly overestimated and does not really work with JavaScript enabled, which it is for most users

Brave's is not strictly better or worse

neither anti-fingerprinting approach works well

Could you provide good resources for my article about the state of Firefox security on Android?

no, but it is awful, they don't even implement any content sandbox let alone site isolation, and have almost no exploit mitigations or anything implemented

Would it be easy for a developer to create a fork of Firefox for Android that uses isolatedProcess?

no, but it's easy for them to do it relative to doing it elsewhere

Would using isolatedProcess in Firefox fix isolation issues? If not, what would still need done?

no, but it would allow them to provide a content sandbox on Android and partial site isolation to the extent they implement it overall

Is there tab isolation for Firefox on Android? Is this as secure as Chromium's?

there's an incomplete implementation, and no, it's not nearly as secure aside from being incomplete

Loops is a federated alternative to TikTok created by Pixelfed. Once it first came out, users were able to sign up for early access. Confirmation emails weren't sent right away, but today they announced that emails were being sent out, and registration is now closed.

I got a confirmation email today, attached in the image. I will be loosely documenting my experience, and may (no promises) make a writeup about it.

Wiz Khalifa would be proud

Happy Halloween! Tails released a small update, but it's nice to see that the software in Tails is getting updated more frequently!

Here are the major changes:

• Update Tor Browser to 14.0.1.
• Update the Tor client to 0.4.8.13.
• Update Thunderbird to 115.16.0.
• Fix automatic upgrades aborting with the error message "The upgrade could not be downloaded" even after a successful download. (#20593)

Alternative link: https://tails.net/news/version_6.9/

Introduction

Many years ago, when I was first getting into privacy and security, I wanted to see how long passwords should be in order to be secure from brute forcing. There are plenty of password strength testers already, but I wasn't sure if they accounted for the increase of cracking speeds over time. Then, the idea came to me: What is the maximum speed for a password cracker?

The Planck Cruncher

The Planck Cruncher is a theoretical supercomputer, designed to crack passwords as fast as the laws of physics will allow. Here is how it is constructed:

Imagine a little computer that can fit in the smallest possible space in the universe: a cubic Planck length. This little computer is able to test one password every Planck time, the shortest possible unit of time. Now, fill every cubic Planck length in the observable universe with these little computers, all testing passwords at the same time, and you have constructed the Planck Cruncher!

I should note here: of course this is impossible to create. This is just a fun idea I had, to test the theoretical security of passwords. Don't take it too seriously.

How fast is it?

First, you need to calculate how many of those little computers can fit inside the observable universe.

The diameter of the observable universe is estimated to be 8.8×10\^26 meters in diameter. To calculate the cubic volume of the observable universe, you can use the equation for the volume of a sphere: 4/3\*πr\^3

A sphere 8.8×10\^26 meters in diameter has a radius of 4.4×10\^26 meters. Substitute that into the equation to get 4/3\π\(4.4×10\^26)\3 which equals 3.6×10\^80 cubic meters in volume.

A Planck length is approximately equal to 1.616255×10\^(-35) meters. That means a cubic Planck length would have an area of 4.222111×10\^(-105) cubic meters.

Divide the volume of the observable universe by the area of a cubic Planck length, and you get how many little computers make up the Planck cruncher: (3.6×10\^{80)/(4.222111×10\}(-105)) which is approximately 8.52654×10\^184 little computers. This is the exact number (rounded up):

85265403964983393378336097748259105456962168924502458604238495861430455049618543899011655543873668882698725826961915496774007125819288029139925501721769039231796606010595173836026575332

Next, you have to find out how many Planck times are in a second.

A Planck time is approximately equal to 5.391247×10\^(−44) seconds. To find how many Planck times are in a second, you simply take the inverse of that to get: 1/(5.391247×10\^(−44)) which is approximately equal to 1.854858×10\^43 Planck times in a second.

If you multiply the number of little computers in the Planck Cruncher by the number of Planck times in a second, you find out how many passwords the Planck Cruncher can test every second: (8.52654×10\^{184)*(1.854858×10\}43) is approximately 1.581553×10\^228 passwords tested every second. The exact number is below (rounded up):

1581552541832778082294061053931661922686201706664570527082852925518538754570483301896790400140703419500140242637035837845567215262429787192831741927642510892782256238873773986538301349050212882962091805863577761872814550820473182

The complete equation is this: !

How secure are passwords against it?

Since you know how many passwords the Planck Cruncher can test in a second, you can calculate how secure a password must be to fend it off for, say, 100 years.

There are 95 printable characters on a standard QWERTY keyboard. If you make each character of your password a randomly selected character from the 95 printable characters, you can calculate the number of possible combinations for your password using the equation 95\^length where length is the length of your password. I will refer to this as the "complexity" of the password.

With that, you can calculate the bits of entropy of the password by using the equation log2(combinations) where combinations is number of possible combinations for your password. For simplicity, I will be referring to the strength of passwords by their bits of entropy. The unit used to represent entropy is the shannon unit, denoted as "Sh".

To calculate how many seconds it would take to crack a password, you divide the password complexity by the speed of the Planck cruncher. For example:

An 8 character password has a complexity of 95\^8, or approximately 6.6342×10\^15. That password has an entropy of log2(6.6342×10\^15), or approximately 52.56 Sh. To crack the password, assuming it was the very last password tested, the Planck cruncher would take 4.1947×10\^(-213) seconds. That is orders of magnitude shorter than a Planck time itself.

So, how many bits of entropy is secure against the Planck Cruncher? If you wanted a password that is strong enough to keep the Planck Cruncher at bay for 100 years, the password would need an entropy of approximately 789.66 Sh. The password would be 121 characters in length (rounded up).

A passphrase with the same entropy (assuming 7,776 words are in the wordlist, from the EFF Large Wordlist for Passphrases) would have 62 words (rounded up).

Conclusion

Obviously if the the universe is (literally) against you, you have bigger problems than a password protecting your sensitive data. This was just a fun thought experiment to see what the upper limit of password cracking is. It's interesting to see how a 1024 bit key would be resistant against even the fastest theoretical supercomputer for over a vigintillion years (assuming it has no other weaknesses). I hope you had as much fun reading this as I did writing it. Be sure to use strong passwords, and use a password manager.

Two weeks ago, I made this post. The goal was simple: I wanted to dig into the details of Chromium and Firefox to see if the claims that Chromium is more secure than Firefox are true or not. You'll notice I also started turning that post into an update log, but only one update got released. There is a reason for that. Life suddenly got extremely busy for me, I could barely make time to continue researching. However, during that time, I spent a lot of time thinking about the issue. I tried breaking down the problem in a million different ways to find a way to simplify it and start from the ground up.

I came to a conclusion today, a realization. I have no way to put this gently: I cannot conclusively determine which one is more secure. This will upset many of you, and it upsets me too considering I maintain my own list of software that relies on only providing the most secure and private versions of some software. I need to explain why there cannot be a solid conclusion.

I managed to collect many sources to be used for the research. A lot of the information is parroting this article which, despite having many sources, fails to provide sources for some of the most crucial claims made there ("Fission in its current state is not as mature as Chromium's site isolation" has no source, for example). My favorite source is this Stanford paper which I think does a great job at tackling the problem. The problem I noticed is that a lot of privacy advice is given from an echo chamber.

Think about what privacy advice you like to give, and think about where you heard that. A YouTube video? Reddit? Lemmy? Naomi Brockwell gives a lot of advice that stems directly from Michael Bazzell's Extreme Privacy book, as I found out after reading it. Her videos about convincing people to use Signal are paraphrased passages from the book itself, which has a whole section about it. People touting Chromium as more secure than Firefox, or that the Play Store is a more secure option than F-Droid or Aurora Store, often get their information from GrapheneOS. I've never seen anyone research those in depth.

The point I'm trying to make is that a lot of privacy advice is circular reporting. I'm certain that if Michael Bazzell and GrapheneOS were to provide sources as to where they got their information (they rarely do, I checked) it would come to light that it boils down to a few real sources. GrapheneOS, no doubt, likely has inspected at least some part of the Firefox codebase, but Firefox is rapidly changing, so any sources that used to be true may not be true today.

FUTO Keyboard and GrayJay get recommended often because of Louis Rossmann, but HeliBoard and FreeTube (or NewPipe) were options long before those pieces of software. The reason the former became so recommended over the latter is simply because people used a popular figure, Louis Rossmann, as a primary source. It then became an echo chamber of recommendations and best practices.

That doesn't mean the claims of Chromium being more secure are false, but as a researcher it is very hard to credit something that doesn't provide any primary sources. In the eyes of a researcher, GrapheneOS's word holds just as much weight as a random internet user, without any proof. I see it play out like this: A source like GrapheneOS or Extreme Privacy makes a claim, secondary sources such as GrapheneOS users or Naomi Brockwell present this information without providing the sources, the general privacy community sees both, and begin giving the same recommendations on Reddit or Lemmy (sometimes with sources), and eventually the privacy community as a whole starts presenting that information, without any primary sources. Even if GrapheneOS, Extreme Privacy, or Louis Rossmann provided no research or direct comparisons, their word is taken without question and becomes the overarching recommendations in the privacy community. They each gained credibility in their own ways, but there should always be scrutiny when making a claim, no matter how credible.

The main reason why I cannot give a concrete conclusion is this: the focus on the article was to compare Chromium's Site Isolation to Firefox's implementation, however there are too many variables at play. Chromium may be more secure on one Linux distro than another. Debian is an example. Firefox supposedly has worse site isolation on Linux, but then how does Tails deal with that? It's based on Debian, so does that make it insecure for both browsers? Tor is based on Firefox ESR, which is an extended support release with less security, but Tor is also deemed a better option than Chromium browsers for anonymity. Isolating iframes doesn't really affect daily use, so is it really necessary to shame Firefox for that? Some variants of Firefox harden the browser for security, but some variants of Chromium (such as Brave Browser) try to enhance privacy. No matter what limits I set, how many operating systems or browser variants I set, there is no way to quantify which one is more secure.

"Is Chromium more secure? Yes, under XYZ conditions, with ABC variants, on IJK operating systems. Chromium variants XYZ are good for privacy, but ABC Firefox variants are better at privacy..." The article would be a mess. The idea for the article came because I was truly sick of the lack of true in-depth sources about the matter, and so I wanted to create that. I now realize it was a goal that is far too ambitious for me, or even a small group of people. Tor and Brave give different approaches to fingerprinting protection (blending in vs. randomizing), and there's no way to directly compare the two. The same goes for the security of each. There is no "Tails" for Chromium, but there is no "Vanadium" for Firefox. There's no one to one comparison for the code, because some of it is outside of the browser itself.

I regret making that initial post, because it set unrealistic expectations. It focused on a problem that can't tell the whole picture, and then promised to tell that whole picture. At a point, it comes down to threat model. Do you really need to squeeze out that extra privacy or security? Is someone going to go through that much effort? You know how to spot dark patterns, you know not to use privacy invasive platforms. Take a reality check. Both Chromium and Firefox are better than any proprietary alternatives, that's a fact. Don't bother trying to find the "perfect" Linux distro or browser for privacy and security, because you already don't use Windows. Privacy is a spectrum, and as long as you at least take some steps towards that, you've already done plenty.

Be careful next time you hear a software recommendation or a best practice. Be careful next time you recommend software or a best practice. Always think about where you heard that, and do your own research. There are some problems that are impossible or infeasible to solve, so just pick what you feel is best. I really am sorry that I wasn't able to provide what I promised, so instead I will leave a few of the sources I found helpful, just in case another ambitious person or group decides to research the matter. Not all of these sources are good, but it's a place to start:

GrapheneOS responded to my requests for a comment after this post was made, here: https://lemmy.ml/post/22142738

https://www.cvedetails.com/version-list/0/3264/1/

https://en.wikipedia.org/wiki/Site_isolation

https://madaidans-insecurities.github.io/firefox-chromium.html

https://news.ycombinator.com/item?id=38588557

https://seclab.stanford.edu/websec/chromium/chromium-security-architecture.pdf

https://grapheneos.org/usage#web-browsing

https://www.reddit.com/r/browsers/comments/17vy1v5/reasons_firefox_is_more_secure_than_chrome/

https://www.wilderssecurity.com/threads/security-chromium-versus-firefox.450867/

https://forums.freebsd.org/threads/why-im-switching-from-firefox-to-ungoogled-chromium.87878/

Edit: Here is the verdict: https://lemmy.ml/post/21887275

I am currently doing a deep dive into whether or not Chromium is more secure than Firefox, and I will make a very long and comprehensive Lemmy post outlining my findings with specific sources. I expected this to take a few days, maybe a week, but after finding out many of the claims for both sides give no real sources, I expect this to take a month or longer. I will be reaching out to multiple first-party sources (Mozilla, GrapheneOS, etc.) to get their detailed statements on the matter. I want to provide something that actually covers the full picture of the issue with up to date sources, to hopefully put this to rest for anyone who doesn't want to do the research.

I'm making this post in case anyone wants to provide any extra resources they have about the issue. Do not fight about this issue in the comments, save that until after I am able to release my work. I'm tired of the constant back and forth about this with little to no direct sources. This means that my other project, Open Source Everything, will be put on pause. The FAQ section of that very project is what sparked this, because I realized the issue was far more complex than I outlined in there. (Don't trust the information in the FAQ just yet: it is still in the works.)

As always, don't just give blind support to this just because I am making promises, but if you feel your support is needed then by all means go for it.

If any of you want me to turn this post into an update log, let me know and I will.

DISCLAIMER: These update logs are NOT meant to be taken as a source. I am generalizing a lot of things here for simplicity and brevity, so do not try to pick it apart. Anything I say here is likely a summary of something that will be talked about in fine detail in the article, and so it may contain mistakes.

Update 1

I need to stop posting before bed, since I end up not being able to respond to drama quickly and it grows out of proportion. Anyways, I want to answer a few questions that keep popping up (maybe I'm obsessed with writing FAQs, I don't know) and then talk about my research process.

Google Chrome is NOT the same as Chromium

This is something I already have a draft to write about in my article, because a lot of people mess up the distinction. Google Chrome is Google's proprietary "en-Googled" browser. That browser obviously has numerous privacy issues. What I am referring to in the article is what Google Chrome was built off of: Chromium. Chromium is open source (or source available, or something like that. Please stop trying to remind me of the difference, "open source" gets the point across). Many browsers such as Brave were built on top of Chromium. Many users in the privacy community use Chromium-based browsers. Chromium is mainly maintained by Google, but I will not be focusing on that since I am taking a look at the actual software and not any future problems that may arise.

I'm summarizing things here, but I will go in depth in a section of my article about this, since a lot of people are still stuck on the mindset that Google is always evil. It is true that Google is bad with privacy, but they are good when it comes to security. They have to be, given that Chromium-based browsers and Android are the most used in their respective fields. Any privacy issues can be nullified with some projects like ungoogled-chromium or GrapheneOS which remove any privacy invasive Google components. Anything Google tries to sneak in doesn't get past those projects, like a safety net, because they take very close inspection of the code.

Security vs. Privacy

Security and privacy are two distinct topics with some overlap. As I mentioned above, any privacy issues can be dealt with by using some variants of the software. Because of this, my article will focus primarily on how secure these browsers are. I do understand that security and privacy can go hand in hand: Without security there is little privacy, and without privacy there is little security. However, that is all out of the scope of what I am researching here. The reason a lot of projects such as GrapheneOS recommend against Firefox browsers (especially on Android) is because they claim Firefox has weak site isolation. That is the main point of research for my article. If I can prove that those claims are true, I can demonstrate why it is such an issue. If I can prove that those claims are false, I can try to see if Firefox is more private than Chromium, and is therefor a better option. There will be other related ideas that will crop up that will be covered in the article, that I will research about. The broad hypothesis is "Chromium is more secure than Firefox" and it is my job to find out why people say that and investigate it.

Also, many users talked about ad blocking and the recent removal of Manifest V2, which killed a lot of Chromium ad blockers. This is not the focus of the article, but let me remind you that using a browser such as Brave lets you block ads entirely. Brave is the only other browser recommended by the GrapheneOS project for its security, besides Vanadium. Yes, Brave has some bloat that can infringe on privacy, but those can be disabled. Don't forget that Brave is open source, so you are free to make a fork of it and remove whatever you'd like. The point is this: Both Chromium and Firefox both still have ad blocking, so this is a non-issue.

Who am I?

@dingdongitsabear@lemmy.ml

https://lemmy.ml/post/21367269/14283651

> first off, I have serious doubts that any one dude - or even a group of those for that matter - can ascertain the security of such a complex system; a browser is essentially an operating system, with all the layers and complexities that entails. > > even if you're somewhat successful in such an endeavor, I don't really care if it potentially is. chromium comes from those shitmakers and I'm not willingly using anything they had their nasty fingers in. they threw one shovel of shit too many on the heap and they are now forever on my ignore list. if that means that I don't get to access certain domains, sites, and/or apps - so be it, I'll make do without.

@echolalia@lemmy.ml

https://lemmy.ml/post/21367269/14283932

> Are you a single person or a group of people? Do you have any credentials that you'd like to share that might give some context to your research? > > Where is the quote in your bio from?

I could leave some cryptic retrospective answer here, and I would love to, but as fun as that would be it may cause more harm than good. I am an independent, singular person. If I were in your shoes, I too would doubt that any one person could research the intricacies of the matter. However, I don't need to look over every piece of code to make a conclusion. The main focus of the article, as I said, is site isolation. This is what most people reference when they talk about Chromium being "more secure" than Firefox. I already addressed the other argument about Chromium being "evil," as there are other projects that aim to remove some of the damage that has been done. Readers of my article will need to let down their precedent of Chromium being as bad as Google, and realize that Google is bad for privacy but good for security.

If by "credentials" you mean actual identification, no. Even if I told you exactly who I was, you still would have no idea who I am. However, I can give you some of my background: I am advanced in the privacy field, proof of this can be seen with my other project. I used to work as a penetration tester for a low ranking government branch, focusing on network and website security. I am fluent in Python and C++, so I can understand a lot of the code that has been written. I hope that gives you context into who I am and what I do. I guess I could also mention I like to keep high standards, I'm a bit of a perfectionist. I want the article to be nothing short of extremely thorough and comprehensive.

The quote in my bio “Unjust laws only burden the just, as the lawless will not heed them.” is my own (hence why I put "- 8232" there). I have other quotes, but that one is my favorite.

How is the research going?

I didn't quite know where to start, but eventually I settled for this: I have three notes. One is for questions I have (e.g. "What is site isolation?") that I put answers under as I find them. This means I will never be trying to fill in the gaps without sources in the article. I'll have a well informed knowledge of everything. The next note is for all the sources about the issue, categorized into "Primary," "Secondary," and "Unverified" (when there is no source listed for the claim). The last notebook is people. This one contains people and groups who know about the issue that I may get statements or help from for the article. That is all I have right now, because I needed some sleep. I plan to add a "To-Do" note, some various drafts, and a list of documents about the issue. I'll keep this updated.

TL;DR: I accidentally deleted the old repository with 107 stars, and have moved the project to GitLab because GitHub requires a paid account to recover deleted repositories. I take full responsibility for this, it was an extremely stupid mistake on my part. I deeply apologize for the inconvenience. I understand if this damages the trust in the project.

I appreciate all the support you all have given towards the project, it truly means a lot to me! For those of you who bookmarked the repo, please update it to the new GitLab page which will now be actively maintained.

If you don't know what Open Source Everything is, see my original post. It's my own curated list of open source software.

Update: GitHub was able to restore the repository! Special thanks to Seve from GitHub Support for bending the rules a bit. GitLab will still be the primary place where the repository is hosted.

It's pretty easy to spot dark patterns when you look out for them, but I found a pretty obvious example of this.

Stoofie is a brand that sells water fountains for your pet (I don't know what the problem with a water bowl is, but I digress). WayBack Machine

Plastered at the top of their website is "33% OFF Ends Today- Free Shipping" with no way to dismiss it. There is a scrolling text under the main image "FAST AND FREE SHIPPING 60-DAY FREE RETURNS"

If you scroll down, you're immediately introduced with a product with the option to buy two preselected. The rest of this section explains itself:

!

Other things are sprinkled in the main page, but it really is the prime example of dark patterns. I am personally sick of finding them, but would love to see more examples of what others have found. Please, share your favorite examples of dark patterns. Don't forget to archive them first so they can never be lived down.

For those who are unaware: GrapheneOS is a privacy and security focused mobile operating system built on Android.

https://grapheneos.org/

Yes, the phone in the picture is running GrapheneOS.

I made this post a few weeks ago, and I've finally been using GrapheneOS for one month. I'd like to point out things that changed, and my experiences with some of the GrapheneOS communities.

The changes

I stressed far too much about which methods to use for installing apps. In the end, it's up to you and your preference. Sure some are considered less secure than others, but it's your phone. I'll explain more about why I'm saying that later. Anyways. I get as many apps as I can via Obtainium, and install a few apps via Aurora Store.

I'd like to clarify the reason I have ProtonVPN installed via Aurora Store. App developers often develop different versions of the app depending on how you install it. Play Store versions of it might rely on Google services, whereas direct apk files may not. ProtonVPN allows you to use it as a guest, but only when you install the Play Store version. No other version of the app (e.g. installed via Obtainium) allows you to use it as a guest. Please stop commenting about this, I explained it to way too many people.

My game selection has remained the same, however Antimine is a bit of a weird one. It is still actively maintained, but the GitHub releases page is versions behind the F-Droid version, and the F-Droid version is versions behind the Play Store version. I tried installing the Play Store version, but it required Google Play Services to work (even though the app could actually run without it, it just thinks it needs it). So, unfortunately, I'll just use the outdated F-Droid version.

2048 by SecUSo actually got dark mode! Good for them for keeping things nice on the user end. Audire has been abandoned, and so I tried out Audile and it works fine.

As many users pointed out, AndBible is not abandoned. It also recently got updated. The UX is still sub par. Fossify projects are also, as many pointed out, not abandoned. Development is just slow. I'm eager to see what updates will come.

HeliBoard still has some weird autocorrect suggestions, but I made a few bug reports about it. KeePassDX no longer has the weird biometrics bug.

For eBooks, I tried out a lot of the top proprietary eBook readers:

• Amazon Kindle was authwalled (required logging in)
• FBReader was netwalled (required a network connection)
• Google Play Books was playwalled (required Google Play Services)

Then, I tried Moon+ Reader. I am so sorry, but this app is honestly fantastic. I will reiterate: it is proprietary, but it has support for Apple Book's page turning animation as well as other stuff. The open source eBook readers peril in comparison. The app is perfect, I just wish it was open source.

My music player has changed to VLC Media Player, which is honestly so much better than the desktop version. It has incredible support for use as a music manager. The only annoying bug is that it will sometimes lag for a few seconds before resuming, and there's no clear "queue" section.

I got too upset with Vanadium's lack of anti-fingerprinting and privacy features, that I switched to Brave. Honestly, I'm happy with it. It's not perfect, but I can get behind it.

The new stuff

Alright, now let me mention the new things I got to try. I wanted to try out an RSS reader, so I got Feeder. It's honestly what you expect from an RSS reader. I will say: I wish there was more distinction between read and unread articles. Currently the only difference is whether or not the title is in bold. I also wish the "Show read articles" could be changed for each feed, and not globally, or have an "Unread articles" section.

I have the I2P DEBUG app in case I ever want to access I2P pages. I'm learning about what I2P is. From what I gather, it's like Tor but... not Tor.

I tried out Image Toolbox for editing images. It's very feature rich, but very unintuitive to use.

This is the biggest change: I tried out Lawnchair and Lawnicons. It is honestly so great. I wish the default launcher had that level of customization. You can customize it in 100 different ways until your heart gives out, it's honestly fantastic. There are inconsistent minor bugs and annoyances, but the benefits far outweigh those. I'm a sucker for the iOS look, and I was very pleased I was able to achieve something in between Android and iOS. I just wish they would bring dock colors back! One of my favorite features is being able to customize any icon and name for any app on the home screen. I could make a dating app look like a graphing calculator, for example...

I tried out the proprietary Pydroid 3 app as a Python IDE. I give the developers a solid pat on the back. It's a great app. It works super well, and just has the occasional "upgrade to premium" popup to remove the "ads" that it can't load because it can't touch the internet. Good job guys.

I added Shadowsocks to my censorship circumvention toolkit. I can't find any free servers, but hey it's there in a pinch.

The community

I got some time to experience the Matrix/Discord/Telegram (they're all bridged) community as well as the issue tracker for GitHub. The issue tracker closes a lot of issues that I personally think should remain open. One I made was changing one of the default pings for an (obscure) menu from Google to GrapheneOS, a very simple fix. They closed it, which I'm upset about. I get it though, they can't fix everything.

The Matrix/Discord/Telegram community is... interesting. There's 3 people: The ones who understand almost nothing and need a lot of help, the general users who are super friendly and have wholesome interactions, and the ones who know (and/or think they know) everything. That third group is quite prevalent. They will constantly push their own threat model on you as if it's the only correct answer, and will (quite often) refuse to answer questions if it goes against their threat model (e.g. questions about Aurora Store when "Play Store is the only correct answer").

It's annoying to say the least. I try to mention as much as possible that everyone has their own threat model and it's your phone so you get to choose your own preferences at the end of the day, but that never goes over well. GrapheneOS isn't always known for taking kindly to some lesser threat models, which is a double edged sword. It's good that they have such high standards, but they need to know when to relax and let other people help. It's not bad by any means, you'll get the help you need, but it's not a good look at the end of the day.

Conclusion

That's my experiences after one month. It's been nothing short of fantastic, even with some problems. I am a strong advocator for open source software, but for a couple things the proprietary alternatives are simply the best. That's the unfortunate truth for some things. This will be my last post about my experiences with GrapheneOS, but coming from iOS, it is a super fun transition.

I'd also like to mention quickly for anyone wondering: Backups for me are currently under 5GB (not including music), and in a month with all the app downloads and music transfers over LocalSend, I used about 70GB of internet. Tubular used the most internet (about 22GB in a month). For all you curious, this can give you a nice baseline.

Thanks for reading!

My threat model is against mass surveillance. This is one of the hardest threat models to defend against and to justify, because (at least here in the US), mass surveillance has become normalized. I've heard people directly tell me that "privacy is weird." I'm not here to shoot down the Nothing to hide argument literally labelled on Wikipedia as "a logical fallacy," instead, I want to take my own approach to show just how unnatural mass surveillance is.

Picture this: Your best friend tells you that he heard rumors that someone put cameras in your house and was actively spying on you. That is super creepy, but you brush it off and say that nobody would do that, because who would care that much about you? However, when you get home, you look around and find multiple dozen hidden cameras everywhere. Think about how you're feeling right now, knowing that you're being watched. Even though you know that you're being watched, but have no idea who has been watching you, what they have seen, or how long they've been watching you, it's disillusioning and creepy to find out that what your friend said was true.

Then, you do some digging online and find out that everyone in your neighborhood is also being watched. Oh, it's fine then, right? Suddenly it's much better that you're not alone. No! More surveillance is not a good thing. People fall into the false belief that as long as it's not targeted surveillance or a personal attack that it's suddenly fine, that you will just blend in with the noise. Your data is valuable, and spying in any capacity is NOT normal. Remember: The situation never changed, you are still being watched, you just found out that not only you, but everyone around you is also being spied on.

You still have no idea who is watching you, and it's even worse to find out that it might not just be one person, that anyone can buy this data for cheap. Data like this can be used to stalk you, drain your bank account, read intimate personal texts, rig elections, manipulate you into buying things you never intended to buy, and so much more. This is the state of mass surveillance and it needs to stop. It's not a conspiracy, the dystopia is today.

Mass surveillance is not normal. Privacy also isn't normal: it's a right, instead.

cross-posted from: https://lemmy.ml/post/20306561

> Hi everyone! For... I guess over a year now? I've been observing and trying out lots of software recommended by the privacy community and internet as a whole. With that time, I've been able to slowly put together a list of all the software I personally believe to be the best for their own various reasons. I finally have enough to be able to share it with all of you! > > I'm also looking for feedback. I haven't tried all the software on that list, and I'm sure there's software I've never heard of that needs added. I'm looking for your feedback on what you think should be added, removed, or changed. That includes the list itself, if you think there are any design improvements. > > Do note: Any software marked with a ⭐️ I am not looking for feedback on. This is software that I firmly believe is the best of the best in its category, and likely will not be changed. However, if there is a major issue with the software that you can provide direct proof of, then there is a chance it will be changed in the next release. There are no grantees. > > The sections marked with ℹ️ are lacking, and can use your help! Some software there may not be the best one, or may have many software or sections missing. I am absolutely looking for help and feedback here, and would love your help! > > My goal with this project is to help people find the best software from many standpoints, and to prove that there really are good open source alternatives for almost anything! I hope this helps someone, and I look forward to your feedback! > > Thank you all for reading and taking the time to look through my list!

Edit: This project has moved to GitLab!

Hi everyone! For... I guess over a year now? I've been observing and trying out lots of software recommended by the privacy community and internet as a whole. With that time, I've been able to slowly put together a list of all the software I personally believe to be the best for their own various reasons. I finally have enough to be able to share it with all of you!

I'm also looking for feedback. I haven't tried all the software on that list, and I'm sure there's software I've never heard of that needs added. I'm looking for your feedback on what you think should be added, removed, or changed. That includes the list itself, if you think there are any design improvements.

Do note: Any software marked with a ⭐️ I am not looking for feedback on. This is software that I firmly believe is the best of the best in its category, and likely will not be changed. However, if there is a major issue with the software that you can provide direct proof of, then there is a chance it will be changed in the next release. There are no grantees.

The sections marked with ℹ️ are lacking, and can use your help! Some software there may not be the best one, or may have many software or sections missing. I am absolutely looking for help and feedback here, and would love your help!

My goal with this project is to help people find the best software from many standpoints, and to prove that there really are good open source alternatives for almost anything! I hope this helps someone, and I look forward to your feedback!

Thank you all for reading and taking the time to look through my list!

Edit: This project has moved to GitLab!

I didn't want to make two separate posts for these, so I am combining them into one. The two hardest apps to find for Android were a music player capable of playing local files, and an ebook reader with a nice design. With some help from the community, I was able to find nice apps for both of those. All apps here are available to install via Obtainium. My goal here is to raise awareness for some unknown but high quality apps that I have found.

Music player: VLC

Credit: @HanShan@lemmy.nowhere.moe, @thayerw@lemmy.ca, @Corngood@lemmy.ml

I have tried plenty of music players, and most of them are either copies of each other, are lacking in features, or are just plain buggy. Despite what I expected, VLC is actually the best choice in this category.

Besides being a must-have in general, VLC actually has fantastic support for music management. It has plenty of customization, however I found that the Black theme did not work. Besides that, it has support for folders, creating playlists, playback history, albums, artists, genres, shuffling, queue management, equalizers, sleep timers, playback speed, A-B repeat, and so much more. It is honestly exactly what I was looking for, with a sleek UI and very feature packed. It's nothing like the desktop app.

eBook reader: Book's Story

It was a struggle to find an eBook reader with nice usability. I managed to find two that are very promising. One such reader is Book's Story.

Book's Story offers a completely offline experience to managing and reading eBooks. It's what I would want if I were to code an eBook reader, with a nice Material design and a minimalistic layout. However, there are things I don't like about it. For starters, it doesn't correctly read my eBooks. That's honestly disappointing, since that means the app is currently dysfunctional, but I am including it in this list because I have high hopes for it. There is also no page turning view, which isn't bad, but it's a feature I look forward to. Overall, I don't currently recommend using this, but in the future I can easily see it becoming one of the best eBook readers out there.

eBook reader: Myne

Unlike Book's Story, Myne is able to read all of my eBooks just fine. Myne is an even more polished eBook reader, also with support for downloading eBooks from the internet in the app.

It too lacks in a page turning view, and doesn't allow you to customize which screen is your default. The second one is slightly annoying because if you are offline and open the app the first thing you see is a 404 page. You can still view your offline ebooks, of course, but it would be nice to select which page is the default. Furthermore, while it was able to read my eBooks well enough, there are still a few minor HTML artifacts visible in the book. If I was able to merge the layout of Book's Story with the design and functionality of Myne, it would become the perfect eBook reader.

I'd love to see where both of these projects go, and even in their current state they beat some of the most popular eBook readers in my opinion, such as Librera and KOReader.

Edit: Before you read, I made some mistakes here that I mention in my part 2

My mobile operating system of choice is GrapheneOS. I run it on a used Google Pixel 8, as I didn't have enough money for any of the phones in the Google Pixel 9 lineup, which offer a more secure ultrasonic fingerprint scanner. I used to use iOS, but I finally managed to switch. I wanted to share my thoughts on GrapheneOS, problems I had, and the apps that I use.

To install apps, I first check if it is available on GrapheneOS's built in app store. If not, it is installed via Accrescent. Because Accrescent is still very small in support, most of my apps are installed via Obtainium. One app however, ProtonVPN, is installed via Aurora Store, because that is the only installation medium that allows me to sign in as a guest.

I do have a Proton account, so signing in isn't an issue, but since I plan to use ProtonVPN until I can pay for Mullvad VPN, I might as well get as much anonymity as I can. I don't use the actual Google Play Store, despite claims of it being more secure, mainly due to me required to create a Google account. I only use Aurora Store for ProtonVPN. For apps that are not available for Obtainium but are available on F-Droid, I simply use the F-Droid repo inside of Obtainium. All apps are verified with AppVerifier.

For games I have a very small selection. Simon Tatham's Portable Puzzle Collection is a game collection I have been using since before I even knew it was open source. Antimine is a Mines client, which is a classic. I also play a game called Zoysii, which is only available on F-Droid. It passes the time. Code Word is a nicely made Wordle app, with some extra features. Open Sudoku is a nice Sudoku app, however I found that almost all of the available puzzles to install are very easily solvable. 2048 by SecUSo is a decent app to play 2048 that is still maintained, however it currently does not have a dark mode theme. blichess is a fork of lichess that simply adds the option to play over Bluetooth, which I really like.

My mobile 2FA app is Aegis, which is really everything you would expect. Audire is an open source frontend for Shazam, which I use for music recognition. I'm sure there are some better apps with different APIs, but Shazam works really really well, and that is what I am looking for in the app. Aves is my photo manager, as it allows for proper photo hiding. It is available through Accrescent, which is nice. It is one of few apps that required me to sign terms and conditions, but it doesn't matter since it doesn't have internet access anyways. It allows me to view extensive details about photos, and even remove metadata in the app.

I use AndBible for Bible study, but the project seems to be abandoned and needs lots of improvements. I sincerely hope a good alternative is developed eventually. I would be willing to help out any way I can.

For messaging I use SimpleX Chat for my most personal chats, but for mostly everyone I contact them via Molly, which is a hardened version of Signal available on Accrescent. When I am offline, I contact nearby people through Briar over Bluetooth, which is awesome while camping. I don't have any cellular provider, so I occasionally have to make sacrifices in terms of contact.

The default GrapheneOS calculator has no dark mode, so I opt for OpenCalc as my default calculator. I tried both Etar and Fossify Calendar as a calendar, and have been much happier with Fossify Calendar. A lot of Fossify projects have been abandoned, sadly, so I may have to switch.

I use the default GrapheneOS camera for most of my pictures, but when I need high quality shots I will use Open Camera. It supports HDR and some post processing. The GrapheneOS camera has incredible support for code scanning, such as QR codes and bar codes. I don't plan to use the Pixel Camera, since those apps work just fine for me. To edit photos I use the GrapheneOS gallery, but it is somewhat lacking. I plan to stick with it as they add new features.

I have a ClearClipboard app that, simply, clears the clipboard when you open it. It's a small tool but I get very paranoid about clipboard access. I've found that my password manager doesn't reliably autoclear, which I will discuss later.

The default GrapheneOS clock app is fine. I wish there was an OLED theme, but it's worked for what I need. DeepL is what I use for translations, because I cannot seem to find an offline translator app. It's very upsetting. For my keyboard I use HeliBoard with the proprietary swipe to type module, and it's great. There are a few weird autocorrect suggestions, such as not recognizing the word "A", but it's honestly not been a huge issue.

I use Joplin to take notes. I had issues with Standard Notes when I was on iOS, and had switched to Joplin there. I now can't even imagine why anyone would even try to use Standard Notes, Joplin makes Standard Notes look like a joke. It has all (or at least all I care about) of the paid features of Standard Notes, for completely free.

My password manager is KeePassDX, which is honestly exactly what I would want from a password manager. The only issue I've had is that it sometimes disables biometric unlock and makes you unlock it yourself, which is super weird. Besides that, I will be using it until either it dies or I do.

For eBook reading I use Librera, but the UI is honestly atrocious. The best eBook reader I have ever used is Apple's stock Books app, and I honestly wish something of that polish existed on Android. Librera will work but it's not nice to use.

I have LibreTorrent in case I ever need to torrent something on the go. It's fine, I wish torrent software would include a hard toggle to disable seeding, but it's worked as intended. In a similar category I use LocalSend to transfer between any of my devices. I haven't tried KDE Connect because LocalSend has never caused me problems. The only issues I have encountered were because of strict VPN settings.

I eventually plan to use Mullvad VPN, but until I can afford it I am using ProtonVPN as I mentioned. I have no real comments because I have only used ProtonVPN. IVPN is on my radar, but Mullvad VPN is still at the top of my list. IVPN is available via Accrescent. I also have Orbot in case Proton or Mullvad are blocked.

Music players have been a struggle for me. All of them have their own various issues. All I really need is a nice way to play mp3 files offline and sort them into playlists. A night timer is nice. Vinyl Music Player is what I use for now, since Fossify Music Player seems to be abandoned. I'm open to some open source alternatives here, since the ones I have tried all have issues. Ideally these should be available by Obtainium.

I use Organic Maps for navigation. Support is alright in my city. OsmAnd has a pretty bad UI but it's gotten better. Organic Maps I've heard has a few issues, and OsmAnd has a premium tier, but I don't really care. I am just sticking with Organic Maps. I'm happy with it, so it's fine.

I have RadioDroid installed to try it out. It lets you listen to radio stations over WiFi. I'm jealous of Motorola users for their built in AM/FM radio receiver antenna. I might not keep this app, since it's fairly useless when you think about it. Either way, maybe a GrapheneOS phone will come along with a built in antenna.

I have Tor Browser installed just in case I ever need to visit an Onion site or use a Gecko based browser. My main browser is Vanadium, and I did try Mull but it doesn't block advertising redirects even with uBlock Origin. Vanadium is fine for now.

I have Trail Sense as a compass and emergency survival app. I hope I never have to use it for survival, but at the same time, I hope this app saves my life. It's cool to see how many sensors it utilizes to help you out.

Tubular is a fork of NewPipe that has SponsorBlock support. I like it, it's not as polished as I would want but it's plenty usable. I wish it had DeArrow as well, but I'm sure it won't be long until it's added.

I use the Fossify Voice Recorder for voice recordings. It's what you would expect, not much to say here. For weather, I use Breezy Weather. For some reason some features were unavailable on the F-Droid version, but after installing with Obtainium I now have plenty of features at my disposal. It's almost as good as the iOS weather app, and has plenty more features. The accuracy where I am is slightly iffy, but it's good enough that I can rely on it.

I use a passphrase to lock my phone, and use biometric unlocking to ensure no one can shouldersurf passcodes. GrapheneOS only lets you add up to 4 fingerprints, which is a good enough limit, but I do wish it was higher. If I wanted only 4 fingerprints, I would choose that myself. I backup GrapheneOS using my own USB stick and the built in backup option. Some apps such as SimpleX refuse to be backed up automatically, but I can simply manually export the database and backup that file.

Even without any Google frameworks installed, GrapheneOS has been a really seamless and polished experience. The issues I would raise are actually with Android itself, such as weird management of app signing, but overall GrapheneOS has been incredible. GrapheneOS is honestly the minimum every person should expect in terms of privacy and security on their phones, because nothing else even comes close to GrapheneOS in those categories. The gap between iOS and GrapheneOS is absolutely massive, given that so many of the apps I use are Android specific.