I see what you did there 😏👏

Not the OP, but there was a time about a year ago (can’t remember if it was pre- or post- Daniel leaving the team lead role) where graphene was very vocal about how they felt that the Google play store security model was superior to that of F-Droid and Aurora. They poured massive amounts of development in to making it possible to use the play store directly in the OS through the sandboxed plag services. They expressed very clearly that they felt the only safe places to get apps was either directly from the developer or through the play store.

Graphene hasn’t been as vocal about this kind of stuff since Daniel stepped out of the limelight, and I did a quick search for the old twitter posts that covered the topic but couldn’t connect to them on twitter. That could just be because I don’t have a Twitter account and Elon is jacking up Twitter access these days.

I’ve been using GrapheneOS for about a year and I’ve never seen F-Droid bundled in their installer or app store. They’ve been vocally against F-Droid for quite some time. Other more FOSS focused projects bundle F-Droid.

Is user data stored on air-gapped computers? I’d be very surprised if it was. Offline doesn’t necessarily mean innaccessible, and in fact user data must be accessible as a database on the company’s intranet in some way in order to perform the search and removal efforts. Plus there’s the (albeit small) possibility of rogue employees deciding to do something nefarious with their personal access to that info.

Trusted to do their job? Personally, I think so, and would go as far as to say the main contenders are not doing anything fishy with your data.

I think the trouble comes in with the fact that they become a high-value target to hackers because of how much information they have on their customers. I’m sure that they take a lot of technical precautions to safeguard user data, but for me personally, the risk is not worth the value proposition.

Certainly not, as a resource they are invaluable. Just a few trends that I personally take in to account when it comes to their leadership. Kind of like recognizing a news outlet has a slight political leaning.

Yeah there was drama between the current team and the original founder of Privacytools.io

Long story short, they disagreed on how to manage the site and had differences regarding ownership of contributed content, so the bulk of the team started up their own site in an effort to separate from the founder. Probably good given the monetization efforts the founder was starting to incorporate in the site (and is currently doing last i checked).

It does seem wrong to me that they archived the privacytools.io reddit though, I can only take that as them wnting to drive traffic to their new site and subreddit. They should have let their work stand on its own merits.

I’m unaware of any specific failings as well, but I think there can be some issue with the very specific set of priorities that shape their recommendations. It was one of their main admins that corresponded for Techlore at the Synology conference in the video mentioned by the OP, promoting closed source software. That’s all based on your values though, as closed source software can still be privacy respecting. All in all they are a good resource, but it seems like they, along with Techlore, have shifted focus to convenience and centralization instead of more rigorous compartmentalization and FOSS.

I’ve been following Techlore from the early days Go Incognito, and I’ve definitely noticed a change in his content too. He seems to have lost some of his idealism and is more focused on convenience and the just works mentality. The shift started to happen around the time he started collaborating with the admin team from Privacy guides more often.

I get it that a person may get to a place where their approach to privacy takes on a more general and unfocused approach, but his videos do seem a little tone deaf to the specific audience he spent years creating 😕

Haha well done! 😄

Tuta is where I’m at for now. They have stricter privacy than proton and are much more active in their app development. They have an Fdroid release for android and a desktop app for Linux which make life pretty nice.

I have had some connectivity issues with their servers lately though, especially on desktop. I don’t know if it’s my DNS setup or if it is unreliability on the server end. In any case it hasnt been too bad.

They seem like a great company, If I ever did move to a paid service I would probably go Mullvad or IVPN, but I just can’t bring myself to sign up for the $5 monthly with how infrequently I need it.

I hear you there. I’m still using their email somewhat, but am transitioning away from it. I do lean on protonvpn as well, haven’t found another trustworthy free service that I can use for those few times a month I need to be on some public WiFi.

Yeah 🥲. I used proton calendar for some time but ended up going in on WebDAV nextcloud centric calendaring. It’s been more complicated, but at least it is very open (while still being private enough for me)

Sounds like you’re ready for a different email service 😉

That’s a no on Proton calendar working with third party clients. The encryption makes secure syncing difficult, either decrypt it before transit and have it be insecurely sent, or share the decryption key with the third party app so that it can decrypt the data once it is received, which has its own concerns.

deleted by creator

I’m on KDE 🥲 That Gnome app has been almost enough to get me to switch though. There’s a few Gnome apps that KDE doesn’t have a comparable parallel to.

I haven’t heard of 2fas before, they seem pretty interesting. I’m inclined to keep my password and 2fa vaults out of the cloud (thus Aegis and Keepass) so I’m interested in how the browser extension syncs data with a phone. If it uses a shared network or ephemeral data transfers that would be pretty nice.

I have a few codes duplicated in my keepass vault for the services I log in to often on desktop. The autotype is super nice in those cases. Other than that I do generally prefer having a separation between password manager and 2fa data though. Probably only a theoretical safeguard in my case, but simple enough to keep in place for the time being.