I am trying to re-adjust how much effort I want to put into privacy concerns. Too much stuff I’m using isn’t working properly or using a lot of my mental resources that I need elsewhere.

For (a bad) example: I recently performed a half-switch from my self-hosted Nextcloud instance to ProtonDrive, in the hope that it would spare me the stress to maintain my private Nextcloud. Unfortunately, it doesn’t, as basic functionality like cross-device-sync is not possible (there isn’t even a client app for Linux, as of yet).

This brings me to the question: have you found any services/apps/stuff that significantly eases your life while still being privacy friendly? I know, this is a broad question, but I think this is for the best as this thread then maybe even has use for other users.

  • @FutileRecipe
    link
    08 months ago

    Mobile Fennec (or pick your poison for any Firefox fork)…

    I can’t get behind Android Firefox/Gecko-based due to their lack of security:

    Avoid Gecko-based browsers like Firefox as they’re currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesn’t have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox does not have internal sandboxing on Android. This is despite the fact that Chromium semantic sandbox layer on Android is implemented via the OS isolatedProcess feature, which is a very easy to use boolean property for app service processes to provide strong isolation with only the ability to communicate with the app running them via the standard service API. Even in the desktop version, Firefox’s sandbox is still substantially weaker (especially on Linux) and lacks full support for isolating sites from each other rather than only containing content as a whole. The sandbox has been gradually improving on the desktop but it isn’t happening for their Android browser yet.

    Ref: https://grapheneos.org/usage#web-browsing

    • @[email protected]
      link
      fedilink
      48 months ago

      Personally, I’m okay with shouldering the security risk considering the internet-wide toxicity of Chrome and forks.

      Lynx would be more secure than either.

      • @FutileRecipe
        link
        18 months ago

        okay with shouldering the security risk

        To me, that depends on what you use the phone for. I sometimes use mine for banking as well as logging into various sites, so I want to reasonably minimize the security risk I am taking. If I wasn’t, then sure.

    • @laughterlaughter
      link
      18 months ago

      I’ve used Firefox mobile for a while now and I’ve had zero issues. The attack surface may be “much more,” but that doesn’t mean that it’s completely open to hackers.

      Plus let’s be real: Gecko-based browsers are, what, 1% of the browser market? Guess which browser is the most targeted by malicious actors? Not the one having 1% of the market, that’s for sure.

      • @FutileRecipe
        link
        1
        edit-2
        8 months ago

        Gecko-based browsers are, what, 1% of the browser market?

        Last I checked, Firefox was close to 3%, but you right, still not a large number.

        Guess which browser is the most targeted by malicious actors? Not the one having 1% of the market, that’s for sure.

        It doesn’t have to attract the most attackers, especially if it is notoriously weak. You shouldn’t choose software that is easier to exploit simply because it’s more obscure. Do you also choose weaker encryption algorithms because no one uses them? I sure hope not.

        And your comment would probably ring a little more true, except we just had the xz debacle, and guess how much Linux has of a market share? Probably close to Firefox’s, both in the single digits.

        • @laughterlaughter
          link
          1
          edit-2
          8 months ago

          No, I use Firefox because it’s an excellent browser. It doesn’t fit GrapheneOS’s security requirements, but then, I’m not too concerned, because it’s quite secure regardless. Even to the point in which it’s more annoying than Chrome for certain things (like HTST.) You’re trying to paint Firefox as “easy to exploit” when that’s not true. Easier doesn’t mean easy. The Kremlin might be easier to sneak into than the Pentagon. But that doesn’t mean it’s easy. Hell, Tor uses it to build its Tor browser. They could very well use Chromium for that.

          guess how much Linux has of a market share?

          You’re probably referring to desktop Linux. Linux is used in billions of devices all over the world, and it reigns in the server space. So, no. Not “in the single digits” usage.