honestly it’s guilded, but before the enshittification of discord mobile discord wasn’t far off and also it’s easier to get mod in guilded, though matrix being federated is interesting. and revolt i really haven’t tried but i have a account there
There may be some other comments being unfair. People shouldn’t complain about free software someone else gives to them falling short of perfection, but we should be careful about granting random apps root permissions.
Having root is almost never a security benefit, it allows you to close one hole, but opens up 10 new more
I think it’s more like two:
If an app granted root privileges is compromised, the damage it can cause is much greater
The bootloader has to be unlocked for most approaches to gaining root; I consider it a design flaw that it isn’t easier for users to add signing keys and re-lock the bootloader
F-droid is not secure, some of the issues had been resolved, but it’s still not recommended for best practices
This is another very binary statement about security. The article addresses a number of design issues with F-Droid and concludes that most users are better off getting apps from Google Play. I don’t disagree with the design complaints in theory, but in practice it doesn’t hold up. I’ve seen people get malware from Google Play and read a number of documented cases. I have never heard of malware in the official F-Droid repository.
I’m reminded of comparing Windows to Linux 20 years ago. In theory, Windows had a more sophisticated permissions model and more reliable logging, making it potentially more secure. In practice, it took significant care to keep a Windows desktop clean, while Linux was very unlikely to be compromised.
Of course someone with high-value secrets on their device or who’s likely to be directly targeted by sophisticated threats should probably take a more conservative approach, install very few apps, and consider a hardened ROM like GrapheneOS.
It’s reasonable for an app like this to need root, but also reasonable for everyone to ask for third-party verification of anything they’re granting administrative access to their devices.
Izzydroid’s security policy appears to be primarily based around automated scans that enumerate badness, and has far fewer users than the official F-Droid repository making it less likely that problems will be noticed, reported, and acted on.
Is there more reputation information about this app available?
I’m not complaining. I’m asking for some evidence this app is trustworthy.
Security is not binary. Having root can be bad for security, but it doesn’t have to be especially if you’re careful about what apps you grant root to, which is the point of my original comment. Having root can also be a security benefit because it offers more opportunities for detecting and blocking harmful and privacy-invasive apps, as this app does (if it’s trustworthy).
I don’t think F-Droid with the official repositories is a negative for security either; I suspect it’s less likely to contain outright malware than Google Play, and I’m sure the average app on F-Droid is less likely to be privacy-invasive. Adding random repositories suggested by strangers on the internet can be a different story, and asking who can vouch for the one suggested in this thread seems like a reasonable mitigation to me.
I did not know that it was possible to have root on GrapheneOS with a locked bootloader, but there have been ROMs with SU functionality built in, and adding their keys would be a straightforward way to have root and a locked bootloader.
Seriously. I don’t want to install something on my phone when the dev is just using a WebView, if that’s what it’s called. When the app is basically just a website with the browser hidden....
I’m surprised users find the app store that compelling for a one-time “install” with updates not a factor. Do they cite any other reasons for wanting a different approach?
The number I’ve seen floating around a few places is that app users are, on average seven times more profitable than web users. Reasons include:
The app being on the device acts as a reminder to the user to interact more
It’s easier for an app to send notifications to get users to open it and interact more (Android has reduced this by requiring permission; browsers required it long before)
There are more limited options for blocking ads in an app
There are more opportunities to collect data in an app
Are there any good reasons for it, too? Security, maybe?
Security for the user? Probably not. “Security” for the developer in that they can prevent people from using the app in ways that aren’t profitable? Likely.
I’ve never had a Facebook account or any other social media. I know they keep shadow profiles, but I’ve never given permission. I never had any interest and frankly still don’t....
I don’t think anyone can give you good advice without knowing the reasons you’d rather not get in to.
I can think of various scenarios where some sort of minimal internet presence under your real name would be useful for social or employment reasons, but exactly what it is you’re trying to accomplish makes a big difference in terms of what tools (including corporate platforms, federated microblogging like Mastodon, a blog, or a static website) will get you the results you want.
What’s popular where you live or in your professional field matters too. For some people, not using Facebook or Linkedin specifically is unusual, but we don’t have enough information to know if that’s true for you.
Texas and I believe a few other states have passed anti-abortion laws that attempt to cover people leaving their states to seek safe and legal abortions. The ones I’m familiar with (as I recall) applied to things like traveling on state-owned roads to seek an abortion out of state....
The US constitution forbids states from creating ex post facto crimes, and the jurisdiction of state laws does not extend into other states. Texas cannot make it a crime to have an abortion in California, nor to have previously had an abortion in California.
Texas may be able to make it a crime to leave Texas for the purpose of having an abortion. That would make creating any evidence of the reason for travel, or providing explanations to authorities dangerous.
If I want to quickly pitch “you should follow X, Y, and Z using RSS because [problems with social media]” to people who have never heard of RSS, what readers should I recommend?...
I’m coming at it from the opposite side; social media isn’t a reasonable alternative to RSS, but people often use it as such. RSS is as you say, for getting updates from specific sources without being at the mercy of a third-party’s recommendation algorithm.
I’m not very aggressive about disabling[0] notifications. I don’t install apps that try to sell me stuff or otherwise manipulate me though so it’s rare I get unwanted notifications.
Quite a few commercial apps have perfectly good websites, and I use those in preference to apps most of the time.
[0] Technically just not enabling; Android now requires them to ask for permission before sending any
In the modern era, the main purpose of a screen saver is to lock the screen, and has been for most users for a long time. Many of us would also like to have pretty pictures on our locked screens.
It no longer has anything to do with preventing burn-in, so you’re right from a certain point of view.
On X11 systems, XScreenSaver is two things: it is both a large collection of screen savers; and it is also the framework for blanking and locking the screen.
I’m in a situation with my manager who is suggesting that clock-in starts when the employee arrives to the site of work. Effectively saying that everyone should be coming in 15 minutes earlier than their start time....
The line here is always arbitrarily set, so you’d want to look up what it is at your specific company.
There are very likely laws defining where that line can be set, as Dippy’s comment suggests. It is very likely that the employer is legally obligated to pay an hourly employee for any time they require that employee to be on site, which would include employer-mandated security checks.
Do I trust that vanilla Lemmy code doesn’t contain something nefarious, such as code that detects political positions it doesn’t like and reduces their visibility? Sure. It would be hard to hide something like that.
Do I trust that major servers aren’t secretly running software that manipulates content? Mostly yes. I think it would get noticed since there are lots of vanilla servers to compare behavior to.
Do I trust that all the software is well-designed and bug-free? I write software for a living. No software is bug-free and most of it isn’t well-designed.
Do I trust that everyone who runs a fediverse server isn’t an asshole? Absolutely not. Any jackass can run a server. I run a Mastodon server (on which all users are me).
They can be my really close friends or family and ask me for an account, which I would actively discourage (join something well-run like .world) but eventually allow if they really wanted to.
I’ve been seeing a dog food ad that includes one of those pads with the buttons that talk, I was curious to hear about them from people who actually have them.
discord vs guilded vs revolt vs element/matrix what is your favorite?
honestly it’s guilded, but before the enshittification of discord mobile discord wasn’t far off and also it’s easier to get mod in guilded, though matrix being federated is interesting. and revolt i really haven’t tried but i have a account there
What is your tracker stats? (lemmy.dbzer0.com)
This is warden, just a better ui for exodus....
Why are there so many apps that could be websites?
Seriously. I don’t want to install something on my phone when the dev is just using a WebView, if that’s what it’s called. When the app is basically just a website with the browser hidden....
After a lifetime against, I'm considering joining social media. Any advice?
I’ve never had a Facebook account or any other social media. I know they keep shadow profiles, but I’ve never given permission. I never had any interest and frankly still don’t....
How does federation actually work?
…and why is it often PAINFULLY slow to acknowledge an up/down vote or to open the reply dialog?
Question for legal folks: Travel based abortion restrictions
Texas and I believe a few other states have passed anti-abortion laws that attempt to cover people leaving their states to seek safe and legal abortions. The ones I’m familiar with (as I recall) applied to things like traveling on state-owned roads to seek an abortion out of state....
What RSS readers should I recommend to others?
If I want to quickly pitch “you should follow X, Y, and Z using RSS because [problems with social media]” to people who have never heard of RSS, what readers should I recommend?...
Do you disable notifications for all your apps?
let them all in or only allow for some specific apps (if so which ones)?
People of Lemmy that take more than 5 seconds to start your car and drive, what are you doing?
As the title says…what are you all doing?
A response to the "Boycott Wayland" article
Link to article: gist.github.com/…/9feb7c20257af5dd915e3a9f2d1f227…...
Mandatory security check followed by a long travel to area of work. When do you clock in?
I’m in a situation with my manager who is suggesting that clock-in starts when the employee arrives to the site of work. Effectively saying that everyone should be coming in 15 minutes earlier than their start time....
How are "We" to place trust in the fediverse?
I came here for the same reasons as most of you and chiefly among them was to escape the corporate embrace of common social media platforms....
People who have those talking buttons for their pet, how long did it take for them to catch on, and do they really work?
I’ve been seeing a dog food ad that includes one of those pads with the buttons that talk, I was curious to hear about them from people who actually have them.