Not sure how it hasn’t been said yet, but I really like Helium314’s OpenBoard fork. Can’t recommend enough.

This list is a must.

They’re mods of the proprietary Discord client, so yeah they don’t meet the criteria. But the mods themselves are open source which is nice.

I 100% agree, its best to just stick to upstream Fedora imo. Glad you made this comment. The security issues of Nobara always put me off, especially since basically everything it does can just be applied to regular Fedora. I think Nobara would much better serve as a script or toolkit, similar to Brace, or something along those lines instead of an entire separate OS with the security issues it brings.

Didn’t realize they had one, appears a lot of functionality requires an account to use. I’d be cautious overall based on the privacy practices they use in their mobile app, doesn’t seem to be a big concern for them and I’d be careful giving them any trust. But if you do wish to use them, their mobile site with a good content blocker would definitely be the best option (preferably without an account if possible).

I like the concept of Ground News, but about the privacy…

According to Exodus, their mobile app contains 9 trackers:

• Amplitude
• AppsFlyer
• Facebook Analytics
• Facebook Login
• Facebook Share
• Google Analytics
• Google Crashlytics
• Google Firebase Analytics
• Google Tag Manager

Also wants location, camera, phone state, and advertising ID access?!

No thanks.

The problem with graphene is that is shamelessly promotes proprietary software.

How does GrapheneOS “shamelessly promote” proprietary software? I don’t think I’ve ever seen them do this. Maybe you’re referring to Sandboxed Play Services? But that isn’t “shamelessly promoted” or recommended, it isn’t even included in the OS, its just an optional app that can be installed for those who need it.

They have build tools to try to make it safe to run non-free programs (proprietary software) but that entirely misses the point.

I assume you mean Sandboxed Play Services again? That’s far from the only feature or benefit that GrapheneOS gives. They do much more work than just Sandboxed Play Services or making it safe to run “non-free” programs. They make it safe to run ANY program, regardless of license.

Not all of it is carrier related. I had an S21 unlocked (from US) and it still included Facebook and their garbage services, Netflix, OneDrive, etc. Also all of Samsung’s first party bloatware and nonsense is prevalent regardless. Not to mention Samsung selling data and their tracking, crippling your phone if you root it or install a custom OS (and in the US outright preventing it entirely), etc. Can’t recommend them or their phones at all, but its unfortunate because they have great hardware, just terrible software.

Yeah, Shizuku opens up a massive attack surface through ADB. ADB can do a lot to your device without you even realizing it in a lot of cases, and you’re basically giving ADB access to Shizuku itself and any apps that use it (which could be exploited) at all times, so its very risky. Its pretty dangerous and definitely best to avoid an app like this.

deleted by creator

Thorium isn’t good at all imo. They don’t really do much to enhance privacy/security, and have constantly delayed updates. It seems to be ran entirely by 1 college kid in his free time.

I like Chris Titus, but I wouldn’t really use him as a source for privacy/security advice.

Is the culprit “firebaseinstallations.googleapis.com”?

Yeah, anticheats are a privacy and security nightmare that most people don’t even think about. You’re effectively giving their proprietary software extremely invasive kernel level access to your system. They can access and do pretty much anything they want on your device with really nothing stopping them. Anticheats like this are extremely dangerous and should certainly be avoided where possible.

I understand the problem of cheating in games, but I feel like there has to be a better solution to this problem, as making users install an extremely invasive rootkit isn’t acceptable at all imo. I’d recommend avoiding games that include invasive anticheat or DRM like this. Best way to get across that this isn’t okay is through the wallet.

Sensors and Network access aren’t on Stock Android unfortunately (though they should be!), only on other OSes like GrapheneOS and DivestOS atm. Everything else besides those 2 however is present on Stock.

Google is actually right here for once. Signal is not offered on F-Droid, and its package name is org.thoughtcrime.securesms, not org.thoughtcrimes.securesms.

Only official places to download Signal are through the Google Play Store or their website (which self-updates).

Yeah, that’s what bothers me. Feels like people romanticize pre-Musk Twitter, when in reality, its always just been complete garbage. Musk’s Twitter is certainly worse in some ways, though that isn’t saying a lot.

Overall, Twitter just sucks. Use other platforms where possible.

The Hated One is my favorite. I also like Mental Outlaw.

Could you please provide and example or two? I wish to verify it, since I didn’t notice any last time I checked the site.

Sure, let’s look at the page for Firefox. They claim that there are “Automatic connections to some websites you’ve visited, including their trackers” with the new tab page, and that they “couldn’t find a way to disable it.” Whoever made this website couldn’t take 2 seconds to go to about:preferences and see the option to display recently visited sites?

They also have a section titled “Firefox tracks users with Google Analytics”, which they’re very misleading about. Instead of explaining that GA is only present in about:addons and that it can easily be disabled, they’re extremely vague about it and just blindly say it “sends analytics to Google”, which would lead people to believe its much worse than it actually is (i.e. Chrome level). There’s an important distinction between: “Google Analytics is present on 1 page in the browser and can be disabled” vs. vaguely stating “Firefox send analytics to Google” without full info or context. Hopefully I’m explaining that well enough.

Its also disingenuous to consider Firefox’s Captive Portal as “phoning home” without, again, providing full info or context. It has a legitimate purpose, to allow users to connect to public networks, and can be disabled for those who wish to do so. It doesn’t give any data to Mozilla, all it does is detect if a captive portal is present. I think this is another instance of the context being important to have, which the website just simply doesn’t give.

Another instance, look at their page on Tor Browser, where they just flat out lie and accuse Tor Browser of “sending telemetry”.

I could go through more, but these are a few I notice immediately that I take issue with.

They’re very clear that this is their approach (bold text on the home page). Even if you disagree with their definition, that doesn’t make the site bad.

Categorizing something as spyware solely based on the number of connections it makes is horribly irresponsible at best and dangerous at worst. Whoever made this couldn’t even be bothered to find what data is actually being exchanged for most of these connections. There’s a lot more to determine how privacy invasive something is then just sitting and counting the number of connections it makes, and treating them all as malicious and for “tracking”.

And there are many valid situations where a threat model should be this strict, consider anti-government activists in any country.

That’s why this website is so dangerous. Calling Tor Browser spyware and saying it sends telemetry could trick people who don’t know better to use worse alternatives. This even moreso extends to casual users too, who could also be misled into using a less private browser as a result of this website’s insane claims.

It says “Not Spyware”. https://spyware.neocities.org/articles/tor

They have a separate article up calling it spyware as well, see here. Weird contradiction from them and just shows this site isn’t very well designed or thought out.

The neocities link calling Brave and other browsers spyware.

That website is very bad and full of verifiably false information, they act as if any and all connections a browser makes are automatically bad and “spying”. They even claim that Tor Browser is a “spyware”.