I’m not so sure about clients that are specifically focused on security and privacy, however my general FOSS mobile app suggestions would be Voyager for a polished UX, or Eternity for a more native Android experience.
I’ve tried all the other popular apps, and keep coming back to Connect.
The main features that pull me back are profile-specific settings so I can set up different accounts without having to reconfigure everything every time I switch instances, and the ability to customize post card quick actions, specifically the Mark As Read quick button combined with the persistent Hide All Read toggle. It’s just so convenient, I keep coming back even though it deletes my account info every time it logs me out.
The ads come from an ad network where there is very little visibility into what’s going to be displayed in your app. And bad people also keep managing to get their ads published even though the ad network doesn’t allow them
And it all ties into the whole targeted advertising, where they also make sure very few people get the bad ad, and tries to target people they think may be more susceptible to these kinds of tactics. Depending on the amount of interactivity allowed, the ad can even display two different things if it deems you too savvy to fall for it.
It’s basically unescapable unless you only use apps without ads, or pay for the ad-free versions.
The whole advertising industry is sketchy, more news at 10.
Pi-hole blocks ads served by these networks just fine. Never seen an ad in Boost for Lemmy or for Reddit, though I tend to use Jerboa now that I’ve gotten used to it while I was waiting for Boost for Lemmy to release.
DNS based adblocking like Pihole or Adguard limits you to receiving advertising hosted by the app provider (youtube for example) which is usually better curated than third party advertising networks and less commonly found at all.
Hey, could you elaborate or send some lecture? I have the upstream quad9 DoH address in adguard. It’s supposed to better encrypt my traffic right? Never saw any ads or strange DNS requests.
Never heard about ads being inject though DoH or DoT, or did I misunderstood your comment?
Theoretically an app could use a custom DoH endpoint to retrieve ads instead of the standard dns provided by the system. As this uses purely https without a preceding dns request, pihole/adguard would fail to block it; but it’s just not something currently employed.
Maybe in comming years, but I’ve never encountered an ad served explicitly through DoH/DoT. It’s certainly possible, just not actually in use yet.
You can also setup DoH front and back ends for pihole so traffic entering and leaving it is encrypted. When/if it becomes necessary I’ll probably look into https packet inspection using custom Root certs to force clients to use my local DoH services and block other traffic, or look into inspecting the SNI to apply blocking there; but again its just not needed yet and may not be for a long time. We’ll see. I’m sure the pihole/Adguard teams are also investigating solutions.
Yep, also the ads don’t get initialized at all if the user buys the ad-free version (going to top all in the Lemmy Boost community should bring up the post about it). It’s relatively cheap and the dev is very active with bugs and requests. The dev is developing for the Fediverse and I’m happy to support that (as well as devs for Sync, Connect, Lemmy, etc.)
I like Boost and paid for ad-Free, but a lot of other clients should work for your needs. While they might not be privacy focussed, many are open source so you can check what is going on.
My preference goes
Boost (not FOSS, one time payment to remove ads)
Connect (not FOSS, ad free)
Eternity (FOSS & ad free)
I uninstalled the other ones and haven’t kept up with them. There may be better ones out there, these are the ones I’m keeping up with
Boost loads adds from a shitty network though. Most open source apps don’t do this stuff because nobody wants a Lemmy client to load ads; users only ever tolerate it in return for a more polished UI or whatever.
Maybe pedantic, but it’s a totally different developer that took the Infinity for Reddit source code and forked it into Eternity for Lemmy. The Infinity dev was not interested.
If new versions don’t make it to F-Droid, they might as well not exist for me. There are only a couple of apps that I find important enough that I’ll spend time manually building/pulling/installing, and a Lemmy reader isn’t one of them. Thanks for the tip, though.
Have you considered using github.com/imranr98/obtainiumYou give it the repository of the app and it will handle checking for new versions and updating them
This is exactly the reason why I don’t like F-Droid as a way to get apps. You’ll have to trust an additional party when getting your apps, and updates are often a couple days behind. I prefer to get it straight from the developer’s GitHub or Coderberg or whatever.
You’ll have to trust an additional party when getting your apps, and updates are often a couple days behind.
I know how it works, and in this case, that’s fine with me.
F-Droid has an excellent track record; better than many developers have. And I’m not addicted to having the latest versions of everything on the day they’re released. In fact, not immediately jumping on the latest versions has saved me from nasty bugs more than once.
Part of what I value in F-Droid is the additional layer in the build/release process, because it makes tampering more likely to be detected.
Barely and not really. “F-Droid can’t ensure the apps are safe. You still need to trust the upstream developers. We only do some basic check.” forum.f-droid.org/t/…/2
So it could still be considered less secure than N.
It could be, or it could not be. Depends on the particulars, and on the needs of the individual.
Mind, I’m not going around presuming to tell other people what’s better for them, as one or two others in this thread are doing. I’m just stating what’s a good fit for me.
Depends on the particulars, and on the needs of the individual.
That’s not really how things like security works. It’s either more secure or it’s not. The security of a thing does not depend on needs. Now, does the application of it or does someone need it to be more secure? That’s where risk acceptance and the needs of the individual come into play.
I’m not going around presuming to tell other people what’s better for them, as one or two others in this thread are doing.
Same. I’m not saying “stop doing this.” I’m just trying to educate people and make sure they’re not operating with a misunderstanding. Needs of the individual and all that. I think some people just go crazy for something that’s not big tech, and then quit looking at the particulars.
If that were true, threat modeling wouldn’t exist.
I feel like we’re talking about different things. I’m talking about static concepts, if X is more secure than Y, not individual setups where something is tweaked. Threat modeling is tailoring the security to your needs. It doesn’t bend security of a static object or make the application of something less than what it is. It requires one’s actions to do that by not utilizing it.
Take bullet proof glass, for example. Bullet proof glass is more secure than regular glass. Now, do you need (does your threat model require) bullet proof glass? No? Ok, that doesn’t mean bullet proof is now less secure than regular glass, it’s just unneeded.
The dev has to do what they have to do to feed themselves. If you really like the app, deal with the ads or pay for the app. I personally can’t deal with ads so I’m on Eternity for Lemmy (through the fdroid store)
Add comment