Privacy On Phone

Signal has a level of usability that no other messaging app can replace right now from being able to integrate into the normal text messaging system. I have heard of a version of Signal that runs on federated servers but these are separate from the regular Signal. You can’t have Signal E2EE between these two different versions of Signal. That means your best bet to have as many E2EE conversations as possible is to use the Google Play Store version since that is more widely adopted. If the federated version of Signal could be allowed to integrated with the original version of Signal then that would change this.

The app that can finally replace Signal will be one that can integrate with existing phone and text systems. For example, Sessions could replace Signal if you had the ability to use it like a regular phone dialer and it would do a Session to Session communications if both people have Sessions. A regular phone call otherwise.

What’s the “normal text messaging” thing? SMS? IETF standard XMPP? What?

Link?

You can get the APK from their site, no Play needed, it even autoupdates.

The crypto thing? That has Onion routing that’s not Tor? That uses Google Push so it can’t yet be in F-Droid?

Normal texting. It does a normal text if the person you happen to text doesn’t use Signal. That makes it much easier to get non technical people to use it. A lot of people are not going to accept having to use two different apps to text. The fact Signal sends the text at the highest security possible is nice.

Link?

I can’t find it. I wonder if I misread something from TwinHelix , LibreSignal or something else.

You can get the APK from their site, no Play needed, it even autoupdates.

I was not aware that it can auto update. Does the APK do that or does it auto-update through Fdroid?

The crypto thing? That has Onion routing that’s not Tor? That uses Google Push so it can’t yet be in F-Droid?

It uses the Loki network for onion routing. Texting has onion routing right now. Phone calls are direct and they plan on moving them to use onion routing. It has two options of communications and one of them uses Google Push Services while the other one does not. It updates new messages slightly slower without Google Push Services but you can use it on phones with no Google services.

Right now, it doesn’t have Signals usability where you can dial a phone number and it picks the most secure method for communicating. They don’t plan on adding it from the way it sounds. It is more like other communication apps where you add people and you can just communicate within the app.

The app does that, no F-Droid involved. IIRC even Telegram has that.

I have seen some video online and majority of the people like fdroid but there are many people blaming fdroid for lowering security .

One might say “because they are jelly on F-Droids success” but jokes aside read Privacy On Phone

Break the loop! :laughing:

The guy made some fair points against
F-Droid, eslecially in what they lack to make to make things better EXCEPT, i dont recall seeing a mention about how f-droid is a small voluntary group while Google & Apple are Umbrella companies worth trillions.
Also, Google has trackers in every one of their apps plus others distributed on their store and he seriously had the nerve to talk about how apps cant help/remove or block trackers?

Heres the thing, none of this is new. Us older generations (in case some are younger) went through this with Computers very early on. Microsoft (The closed source) was allowing their software makers to include malicious virus & trojans to apparently combat pirating.
Barely anyone knew about it until that gaming company that made addons for microsofts flight simulators i believe it was had an error with their “anti-pirating” trojan which wiped tons of their customers drives.
But many of us knew all about it but the time i thought pdople might have started paying attention, smartphones came along and of course we were crazy conspiracists again lol

He tried to soften what GSF could do also.
Hd mentioned the OTA updates without needing our appproval sure.
Most noticed Google could do this when a covid exposure app magically appeared in their settings. Idgaf what anyone says, if i can upgrade a new software feature into your OS like that remotely, then i can control your phone like its in my hand by just implementing ol’ script kiddy trojan/rat code in there.

To be perfectly honest, and here is the main point of mine. F-Droid offers FOSS only, so you or others can always see for yourself or get an experienced programmers approval if you want. In some cases I do get the developer version over f-droids but thats because in those cases i actually know the dev much better.

Now, Google and ESPECIALLY not Apple will let you look through their code to audit it. And thats what makes ghe biggest diffence too me.

If he had offered some solutions maybe instead of just kissing Googles ass and refrencing GrapheneOS which while great only supports 1 line of phones, then it wouldnt have been bad. Too me, he just wasted everyones time. Bugs have always been around as well as malicious attacks which even those smart big tech companies have yet to solve so honestly it was basically a scare tactic to those with less tech knowledge.

Btw, Google has been robbed of VOIP and Google Fi services so easily lmao
But hey, they make more than they lose by selling your data so i justified ir.

Sorry for my crappy type job, tried to do this quickly using a stylus.

We should stop whining about privacy, as long as we are not ready to pay for it.

One guy with a BIG MOUTH berates entities that ‘mark up’ their product. Dah! That’s how they put bread on their plates.

The same guy, who is all over F-Droid and Reddit, berates other developments and promotes his own and very questionable one. He claims such and such kernel was releaseed in 2018. Let’s take a look at his ‘own’ work:

His ‘software’ is lineage with a layer of some hardening commits. He has no control over Lineage’s code and in most cases, Lineages kernels are over 1-2 year old, i.e., outdated.

Example: Lineage’s kernel for Oneplus 8s is 4.19.157 ( android_kernel_oneplus_sm8250/Makefile at lineage-19.1 · LineageOS/android_kernel_oneplus_sm8250 · GitHub). The current upstream version is 4.19.257. That’s almost 2 years of skipping updates, and that is true for most of their kernels.

And here is updated upstream kernel, 4.19.257: https://android-review.googlesource.com/c/kernel/common/+/2213237/1

And by the way, it DOES NOT matter when kernel was released. What matters is that it is actively maintained.

@optimumpro
Did you completely overlook the CVE patcher I spent 5 years making? It does the maintenance.
And the page on my website that documents how it isn’t actually secure, along with noting the kernel versions you mention above?

Aren’t you shipping a Chromium 104.0.5112.97 in your latest OS? That is 3 versions behind with 25 known security issues, including one being abused in the wild.

You also claim your project is directly better because you supported the OnePlus 5 one month before I did. Yet to this day I provide it updates every single month, and you don’t?

I don’t see how what I do is very questionable, when it is well documented and all open source.
Meanwhile you keep coming back here trying to make some point except your own OS is poorly documented and proprietary.

We can go back and forth on this forever, I don’t know what you want to achieve.

CVE commits represent a very small portion of kernel updates. There have been literally thousands of upstream commits that are missing in lineage and your kernel. They have to do with numerous issues including performance, usability, features etc., etc., etc., etc… .

More importantly, and here is where your ‘DivestOS is the most secure rom’ claim falls apart:

Among those thousands of missing commits, there are hundreds that fix various ‘overflows’ and ‘memory leaks’ that represent open doors for exploitation. Without those commits, and even with CVE updates, your kernel is WHOLLY INSECURE.

Chromium webview: No, my roms always include the latest at the time webview (currently 105.x). This may not be reflected in the description, but if users go to Developer settings, they can verify that.

I have never claimed that my project is ‘directly better’. You have just made it up.

I support devices that I support and the fact that there is no longer support for Oneplus 5 has no bearing on the quality of my work.

And finally, as I have already said, your ‘project’ isn’t even a project, but rather a limited number of scripts that sit on top of LineageOS of which you have ZERO control. So, my point stands: your big mouth is NOT supported by the work you do.

@optimumpro

CVE commits represent a very small portion of kernel updates

You mean as I document in the README?
When Linux 4.9 is EOL come January, you’re welcome to use my program to keep your OnePlus 6 kernels patched.

Chromium webview

I extracted the webview.apk from version 24 of your OnePlus 8 Pro OS yesterday. It was 104.

LineageOS of which you have ZERO control

You are extremely hung up on this point.

your big mouth is NOT supported by the work you do.

Except it is?
Why is DivestOS listed here? Why isn’t Jaguar listed?

Do you offer anything else to users who don’t use your proprietary OS? Like these things?

Edit: You’re not even my competition, I don’t support root or similar. Why do you even keep comparing these projects when they clearly have different goals in mind?

You can do whatever you want with your ‘project’. What you can’t do is open your Big Mouth and berate other developers (without recourse), especially that:

I have proven that your kernels, for example, have missed thousands of upstream commits for the past 2 years. In other words they are outdated. So, you basically take an obsolete kernel and patch it with CVE scripts, which represent a very small portion of updates and still leave that kernel severely outdated.

You can’t even maintain a discussion without promoting your ‘project’ with numerous redundant links. I hope users can easily spot informercial where infomercial is - your posts.

I have no desire to argue with you. The only reason I posted here a few times was because of your Big Mouth and transparent self-promotion.

Best regards.

P.S. I have never compared your project with mine. You have made it up again.

@optimumpro

In other words they are outdated.

Yes, they are! The goal of DivestOS is to support end-of-life devices!
That is an inherent limitation of them.
And again I clearly document this: Patch Levels - DivestOS Mobile

You are intentionally confusing end of life of a device with end of life of software. They are not the same: Software (Kernel and Android code) get updated all the time regardless of the device’s end of life. As I have already said, it doesn’t matter when kernel was released, what matters is that kernel sources are continuously updated.

I haven’t read a description of your project in its entirety, but I am pretty sure no one will find a statement, which you’ve just admitted to, that:

Kernels used in DivestOS are 2 year old, miss thousands of upstream commits and therefore OBSOLETE , except for a small portion of updates represented by CVE patches, which nonetheless leave your kernels and the entire roms INSECURE.

Guys, sorry to interrupt your interesting discussion, but maybe we should focus on how to convince users that fdroid and foss apps are better in terms of security and privacy to regular non-tech users?

My humble suggestion is that blaming and bashing each other or pointing out weak points is not supporting this.

2 Likes

I completely agree that please take the bashing on PM if needed, or on chit-chat.
Though optimumpro, your work has been questionable and bashed upon for years now, as you keep hiding your main work. You had stopped sharing the source code for OP5 and also you went very rude with people. You copied a lot of stuff from others while claiming all that as YOURS in XDA. So as I said and others are saying, please keep this to the topic. I am not going to respond even if you reply. Everyone on XDA and places can go and check OP5 and OnePlus threads against your ROMs and then say.
For Skewed, I still say, as a humble request, please do not literally advertise DivestOS and products everywhere. It just puts questions to start thinking about why advertising for everything.

How did we get to a place where criticism and debate is not a good way to compare and contrast things like ROMs?

I’d like this mini debate to continue until a post has been edited 9 times and has at least one whole sentence all caps and bold. :laughing: Joke. We can declare victory by knockout already.

There is a line between spam posting for publicising a ROM, and useful posting information to clarify errors or mis-statements or vulnerabilities, while mentioning your ROM also. Anyone who views a few forums knows a few bad examples of the former. IMO Skewed is a good example of the latter.

In this mini debate my scorecard is for SZ, by technical knockout. Optimumpro doesn’t even know their ‘shocking’ statements are already on SZ’s website.

2 Likes

This is not about me or my software or his software. This is about being obnoxious and bad-mouthing other developers, when his own lacks elemental security that he is bragging about.