Imagine having to take the train, Geringverdiener! Your rich dad didn't get you an RS6 for your 18th birthday? Suck it, looser!

Notesnook is truly awesome, I'm really excited for their upcoming self-hostable sync server

https://lemmy.dbzer0.com/post/23022172

They unfortunately come with some proprietary Chinese apps by default

Wow, that's really awesome. Which Kobo devices are supported?

All your points are true, yet still depend on Google in sandboxed form. That negates everything else for me, who wants a reasonably secure device that works out of the box and also respects my privacy.

Graphene doesn't "depend" on Sandboxed Play services. In fact, it's not installed by default, and it is totally optional. Also, Sandboxed Play services doesn't make your device less secure in any way, it can be installed as a normal user app, you can fully control access to sensitive parts of your device like the microphone, camera, location, etc. through the Android permission manager, and Play services don't have any special permissions, since it's not installed as a system app. As far as I'm aware (correct me if I'm wrong) you can't remove microG on Calyx, since it's installed as a system app and even granted root privileges. microG is a cheap, hacked together workaround, which requires root to function correctly. This greatly expanded attack surface makes it inherently insecure. microG also requires proprietary Google code to be run, in order to work (most of microG is open source, but it still uses some Google blobs). As far as I'm aware, this Google code is not sandboxed, and simply executed as a child process of microG (which runs as root), meaning that this Google blob is also run as root. This makes microG much more insecure than Sandboxed Google Play services, and it potentially gives Google much greater access to your device compared to the sandboxed approach.

If a nation-state wants into my phone, it’s delusional to believe even graphene can hold them off

The GrapheneOS team never claims that their OS is "NSA-proof", but they actually look at which parts of the OS are commonly exploited by (nation-state) hackers, and massively improve them. As you can see in this spreadsheet, created by Google's Project Zero, most vulnerabilities in Android come from memory corruption. That's why GrapheneOS's biggest and most important feature is their custom hardened memory allocator. It protects against most memory-related exploits, and is even stronger when used on a device with hardware memory tagging, which is the reason why GrapheneOS currently only supports Google Pixel devices.
Another significant security feature is secure app spawning. Creating new processes via exec (instead of using the traditional Zygote model on Android) randomizes the initial memory layout, which also helps to defend against memory-related vulnerabilities. The aspects I just mentioned are important protections about malware/remote code execution.

GrapheneOS also protects your device against physical attacks, e.g. by implementing a driver-based control mechanism for the USB-C port, making it impossible to connect to the device while it's locked. This protects against forensic data extraction, e.g. using Cellebrite or XRY hardware.

Graphene even has a feature that protects you, when you are forced to give up your password. The Duress feature let's you set a second PIN/password, which will cause the device to entirely wipe all the encryption keys, which are used for unlocking the device, from the secure element. This process is irreversible, can't be interrupted and happens instantaneously, making the data impossible to recover.

No one claims that GrapheneOS is 100% secure and will absolutely protect you against NSA hackers, but it is by far the best and most secure mobile OS that's currently out there. It is easy to use for everyone, and secure enough to be used by high-profile targets like Edward Snowden.

you need real opsec for that

Good OPSEC includes a secure operating system. Calyx is not security focused whatsoever, it rolls back standard AOSP security features, significantly increases attack surface, and doesn't release security patches regularly.

Happy cake day btw!

Calyx is unfortunately pretty slow to release security patches, uses privileged apps with root access like microG and the F-Droid privileged extension by default and doesn't really provide any unique features. All of the privacy features of Calyx are either already present or can be easily replicated in a better form on GrapheneOS. Take Datura Firewall, it's yet another privileged app with root access which adds unnecessary attack surface, and is less secure than the Graphene equivalent. GrapheneOS implements a network permission toggle, which is embedded in Android's native permission manager and uses the INTERNET permission to restrict network access. It disables both direct and indirect network access, including the local device network (localhost). GrapheneOS also has a bunch of unique security features, that can't be found on any other Android ROM, like for example a hardened memory allocator, hardened kernel, secure app spawning, improved SELInux policies, Duress PIN/Password, driver-level USB-C control, Storage Scopes, Contact Scopes and soon App Communication Scopes. GrapheneOS also includes Sandboxed Google Play services, a better GMS implementation than microG, which doesn't require root and has better app compatibility.

My original post https://lemmy.dbzer0.com/post/22889071 is now hidden in favor of this one

Hey, thanks for posting to this community btw, I looked at your profile and saw that you had some regular periods of inactivity, so I just created the post instead of waiting for your reply. I'm gonna hide this one in favor of your post.

Perplexica isn't a plugin for SearXNG, but it's based on that and it integrates with Ollama

No

Change your DNS resolver to one of these https://www.privacyguides.org/en/dns/

I tried using Jerboa and found it to be incredibly buggy and poorly designed. Not sure what's going on there, considering that it's the official mobile app made by the Lemmy devs

Probably people who have been using Boost for Reddit before and now want the same experience but for Lemmy

Who gives a fuck whether it's legal?

That's what you get for using a proprietary Lemmy app. Switch to Thunder, it doesn't have ads, it's open source and in my opinion has the best UI out of all Lemmy apps. Also support the development and join their community: !thunder_app@lemmy.world

I recommend NextDNS, it allows you to block ads, trackers and other unwanted stuff on the DNS level. Check out this video: https://neat.tube/w/19r4YnE6fpce6e2B9MepnB

Ok now I get what you mean - I fully agree. UserVoice really sucks as a platform, but there aren't many good alternatives and I imagine they don't let you migrate and move the existing feature requests, so Proton is stuck with them.

There is Sign in with SimpleLogin, which is a Proton subsidiary

Average DB experience