Post AnkO2x0y5GUoy0pPLU by GrapheneOS@grapheneos.social
(DIR) More posts by GrapheneOS@grapheneos.social
(DIR) Post #AnjgKhezVwSaZjCfU8 by Tutanota@mastodon.social
2024-11-05T14:48:59Z
0 likes, 0 repeats
We'd like to hear your feedback!Brave people asked us to include Brave as a Google Chrome alternative. In the original post, Brave was not included because it is based on Chromium.What are your thoughts: Should we, or should we not include Brave in this image of Google alternatives? Why?https://mastodon.social/@Tutanota/113380857849213083
(DIR) Post #AnjgKj8S1tcT9Nzi2i by 10leej@fosstodon.org
2024-11-05T14:52:03Z
0 likes, 0 repeats
@Tutanota you should mention open source alternatives.
(DIR) Post #Anjgocwrb3xseKpdNg by aral@mastodon.ar.al
2024-11-05T14:56:58Z
0 likes, 0 repeats
@Tutanota It’s run by a homophobe. You decide.https://www.ft.com/content/461bf398-47ee-11e4-ac9f-00144feab7de
(DIR) Post #AnjgxxB1l0jRzdu6hk by aral@mastodon.ar.al
2024-11-05T14:58:41Z
0 likes, 0 repeats
@Tutanota Also, this is what Brave is actually about: https://basicattentiontoken.org
(DIR) Post #AnjjSeiIeZ9RcEEbdA by swacknificent@fosstodon.org
2024-11-05T15:26:36Z
0 likes, 0 repeats
@aral @Tutanota oh yikes.
(DIR) Post #Anjju8GCuHAP4YCEPw by jasonekratz@mastodon.world
2024-11-05T15:32:04Z
0 likes, 0 repeats
@10leej @Tutanota so the answer is yes? Brave is open source.
(DIR) Post #AnjlQ2w0LLvnm8WorY by Tutanota@mastodon.social
2024-11-05T15:48:23Z
0 likes, 0 repeats
@aral Thanks for sharing!
(DIR) Post #AnkO2v5VFQw2zUw08W by GrapheneOS@grapheneos.social
2024-11-05T22:54:04Z
0 likes, 0 repeats
@Tutanota Your current list includes 5 web browsers where 3 of them completely lack even a content sandbox due to being based on Firefox for Android and the other 2 are based on Chromium. DuckDuckGo and Privacy Browser are WebView-based browsers using the system WebView implementation, which is provided by the OS with a Chromium-based browser engine. On Android operating systems including the Google apps and services, DuckDuckGo and Privacy Browser are directly using Google Chrome itself.
(DIR) Post #AnkO2wGAtF48csw2PQ by GrapheneOS@grapheneos.social
2024-11-05T22:56:49Z
0 likes, 0 repeats
@Tutanota Aside from that, Authy disallows using any operating system that's not certified by Google. It not only requires having Google Play services but uses the Google Play Integrity API to verify that the OS is certified by Google. This is highly misguided and is performative security they added after Authy was compromised and their users were put at risk. Instead of addressing the major real issues, they pretended to care by forbidding using a non-Google-certified operating system.
(DIR) Post #AnkO2x0y5GUoy0pPLU by GrapheneOS@grapheneos.social
2024-11-05T23:00:23Z
1 likes, 0 repeats
@Tutanota Both LineageOS and CalyxOS lack current Android privacy/security patches, do not preserve the standard security model and mislead users about privacy and security. That includes setting a false Android security patch level and making directly false claims about which patches are missing. Providing current privacy and security patches is the bare minimum, and not only are they not doing it but they're misleading users. Should rule them out of any serious privacy/security recommendation.
(DIR) Post #AnkO4ZWIPKyQg8Fq3k by 10leej@fosstodon.org
2024-11-05T23:02:11Z
0 likes, 0 repeats
@jasonekratz @Tutanota I'm mostly saying that they should recommend more than just brave.
(DIR) Post #AnlRMIx5EuqbWjtK9g by 10leej@fosstodon.org
2024-11-06T11:13:42Z
0 likes, 0 repeats
@GrapheneOS @Tutanota I'm curious if firefox's container tab is a better tab isolation solution then chromium's? I know it's not used by default but it seems like a good method to me. I've been making use of them to isolate Google and Facebook off the standard clearnet.
(DIR) Post #Anlp8FBeq3HMhDXK9Q by GrapheneOS@grapheneos.social
2024-11-06T15:37:00Z
0 likes, 0 repeats
@10leej @Tutanota Firefox doesn't support site isolation or even a content sandbox at all on Android. It's a different thing from state partitioning for privacy reasons. Chromium and Firefox have been working towards full state partitioning as the default but neither has finished it yet. Firefox's container feature is a way to do that manually but it's built on sand and provides very weak protection with lots of side channels to bypass it and very weak security against exploits bypassing it.
(DIR) Post #AnlqlTVrboX0NJG4yO by strypey@mastodon.nzoss.nz
2024-11-06T15:58:16Z
2 likes, 0 repeats
@aral @Tutanota > this is what Brave is actually about: basicattentiontoken.orgWhy didn't you lead with this. If the software itself respects the people using it, and does its job well, who cares if someone in charge has dopey opinions about some things? I mean, everyone has dopey opinions about something ....I'm vegan. If I boycotted all software written by corpse eaters, I might feel righteous and pure, but I wouldn't be using computers much ....@solstice
(DIR) Post #AnlqzcZki7jwXKp4IC by strypey@mastodon.nzoss.nz
2024-11-06T16:00:50Z
1 likes, 0 repeats
@Tutanota @solstice Similarly, plenty of non-vegans think we have dopey opinions. But if they boycotted an otherwise useful piece of Free Code software because a vegan made it, that would be a bit sad.
(DIR) Post #AnlrCTzVwGuVg20ObA by silmathoron@floss.social
2024-11-05T14:50:45Z
0 likes, 0 repeats
@Tutanota based on Blink, so reinforces Google's monopoly on web engines, and uses crypto and ad services... I wouldn't.
(DIR) Post #AnlrCVEnIwj9XiA73Q by GrapheneOS@grapheneos.social
2024-11-05T23:19:10Z
0 likes, 0 repeats
@silmathoron Their list includes 5 web browsers where 3 of them completely lack even a content sandbox due to being based on Firefox for Android and the other 2 are based on Chromium. DuckDuckGo and Privacy Browser are WebView-based browsers using the system WebView implementation, which is provided by the OS with a Chromium-based browser engine. On Android operating systems including the Google apps and services, DuckDuckGo and Privacy Browser are directly using Google Chrome itself.
(DIR) Post #AnlrCWFtWLCYhPgVPM by silmathoron@floss.social
2024-11-06T08:11:13Z
1 likes, 0 repeats
@GrapheneOS I'm not saying the list is good, I'm saying I wouldn't recommend brave. We're also not optimizing for the same thing: as far as I can tell, you're focused on individuals' security (at levels that I don't care for) while I'm trying to optimize privacy and what I consider a reasonable level of security for the largest number of people. We can agree to disagree.
(DIR) Post #AnlrCWoHSUhuQ3ly0O by GrapheneOS@grapheneos.social
2024-11-06T15:43:44Z
0 likes, 0 repeats
@silmathoron No, that's not true. We're focused on privacy and security. GrapheneOS is a privacy project first and security is to protect privacy. A browser without site isolation has major privacy leaks via side channels. Firefox also has atrocious security especially on mobile rather than a reasonable level of security. Browsers are regularly exploited at a large scale in the wild, although Mozilla and the Tor Project lack monitoring for it. You're not talking about technical reasons.
(DIR) Post #AnlrCXIPeSoHvVs1yK by silmathoron@floss.social
2024-11-06T15:45:15Z
0 likes, 0 repeats
@GrapheneOS can you provide a link about your claim that FF does not have site isolation? They are advertising it on first run...
(DIR) Post #AnlrCY9EU53qZKaDIm by strypey@mastodon.nzoss.nz
2024-11-06T16:03:09Z
0 likes, 0 repeats
@silmathoron @GrapheneOS > Can you provide a link about your claim that FF does not have site isolation? They are advertising it on first runOn desktop or mobile? I believe @GrapheneOS said that about the mobile browser in particular, although I could have misread that.
(DIR) Post #AnlrGMEiiFg4mgxvcW by aral@mastodon.ar.al
2024-11-06T16:03:50Z
0 likes, 0 repeats
@strypey @Tutanota @solstice So no qualms about doing business with Nazis, then? Or do you actually have a line somewhere and it just happens to not be homophobia?
(DIR) Post #AnlsDcajY4JSatWO0m by strypey@mastodon.nzoss.nz
2024-11-06T16:14:34Z
1 likes, 0 repeats
@aral @Tutanota @solstice It might make you sleep better at night to believe your personal morals beliefs are based on universal moral laws. But I'm sorry, they're not (see: https://meaningness.com/fixation-and-denial).As I said, I think homophobia is dopey. But comparing it to a fascist regime that caused the deaths of millions of people is hyperbolic in the extreme. Just like the people demanding Nuremberg trials, to punish politicians for their pandemic measures.
(DIR) Post #AnlssqiDx72EGIgSY4 by Erklaerbaer@mastodon.social
2024-11-05T15:03:08Z
0 likes, 0 repeats
@Tutanota #Chromium itself is not the problem. Look at #firefox. If you do nothing it collects your data. Use #librewolf which I miss here, and the story is different. I also miss #mullvadbrowser and #firefox_focus. #invidious in the meantime is unfortunately almost useless. I miss #standardnotes #Threema, #magicearth, #KeepassDX, #strongbox.
(DIR) Post #Anlsss6ilWDyaZ9XN2 by strypey@mastodon.nzoss.nz
2024-11-06T16:22:02Z
1 likes, 0 repeats
@Erklaerbaer @Tutanota > invidious in the meantime is unfortunately almost uselessIt goes through stages. Just like any tool for adversarial interoperation. Hopefully as DMA enforcement continues, legal action can be taken against these gatekeepers blocking third-party apps that people want to use with their services.On Android I've found NewPipe to be pretty good. LibreTube was good for a while but hasn't worked for me for ages.There might be some more ideas here;https://degooglisons-internet.org/en/
(DIR) Post #Anlv6y9xGCCZK0W17A by GrapheneOS@grapheneos.social
2024-11-06T16:46:23Z
0 likes, 0 repeats
@strypey @silmathoron They're mixing up site isolation with state partitioning, which are not the same thing. What Mozilla calls First Party Isolation is state partitioning. Site isolation is an incomplete part of what they call fission.Suggest looking at Firefox's documentation and issue tracker, which shows it has no content sandbox or site isolation on Android and incomplete site isolation on desktop. It also has a much weaker sandbox than Chromium on desktop and no sandbox on Android.
(DIR) Post #AnlxfzJ3BkWSvDazZ2 by aral@mastodon.ar.al
2024-11-06T17:15:38Z
0 likes, 0 repeats
@strypey @Tutanota @solstice I didn’t compare it. I asked if you had a line. And if that line isn’t homophobia, what is it. But you know what, I’m so not in the mood to argue minutiae with you right now. With everything that’s going on, you thought: “Hey, here’s my hill. Why Aral called out the homophobia instead of the cryptocurrency play.” Ok, cool, you win. Goodbye.
(DIR) Post #AnmXDzspQxTJLVDeoS by acitta@canada.masto.host
2024-11-06T23:53:39Z
0 likes, 0 repeats
@aral@TutanotaI have been using Brave for a long time and it has never asked me to be a homophobe. This is the first time I have heard of this allegation.
(DIR) Post #Ann7hpwSYaxtYBRgpc by aral@mastodon.ar.al
2024-11-07T06:42:29Z
0 likes, 0 repeats
@acitta @Tutanota Congratulations, I guess?
(DIR) Post #AnpkazlvtYjGXWAcYS by Azarilh@social.vivaldi.net
2024-11-08T13:07:36Z
0 likes, 0 repeats
@aral Crypto is shady af!
(DIR) Post #Anpl1wvGb64fWMOAb2 by Azarilh@social.vivaldi.net
2024-11-08T13:12:46Z
0 likes, 0 repeats
@strypey So you are saying it's like buying vegan products from non-vegan companies?Mmh... I think that is not the case, because the browser itself uses this feature + crypto. It's not about some employees from Brave that have certain opinions; they are getting green light to implement it in the product itself. So it'd be like them adding milk powder to something that was vegan.