Clean Slate

You get a brand new android out of the box. What’s your prep/ ideal set up before you start using for a fresh start privacy wise?

  • Install GrapheneOS
  • Install the apps I use, namely, for privacy:
    • Aegis for 2FA
    • Aurora Store
    • Matrix
    • F-Droid
    • Fennec
    • K-9 Mail
    • KPassNotes
    • Organic Maps
    • The Proton suite
    • Signal-FOSS
4 Likes

GrapheneOS without sandboxed Google services:

-Aurora store for Brave, Signal
-Obtainium for all other apps (known FOSS apps only)
-PWAs whenever possible

-RethinkDNS for more granular firewall/local content filtering (only using uBlock’s default filter lists to mitigate that fingerprinting vector)

-Brave for general browsing
-Mulch for a specific use case with a set of accounts
-Vanadium for personal accounts (isolated in Rethink so that only explicitly approved domains can connect)

I don’t think I need a VPN here because I compartmentalize across my devices and the benefit would be marginal.

Why do you install Brave and Signal from Aurora, but all other FOSS apps from Obtanium? You could also install both Brave and Signal from Obtanium (by using Brave’s GitHub releases and Signal’s APK.

Any of the well known security/privacy oriented custom ROMs.
Not only gos…
All are better then stock

1 Like

That’s debatable

1 Like

I was looking into getting both as apks, but there’s a few other apps like Musicolet that I can only get from the play store and I thought I might as well get them there too.

As long as you’re verifying signatures, using apks should be as secure as Google Play I guess, but there might be other considerations I haven’t thought of. Should I be getting everything with Obtainium?

not on the privacy aspect

What should speak against Aurora?
Aurora gets directly from Google Playstore, so security is (usually) guaranteed that no malware is injected with the apk.
And if Aurora is used with an anonymous login, Google doesn’t know anything about you. You are one of the flock.
I also always had the problem of getting the right versions with Obtainium, especially with Brave.
But not only with Brave, other apps have also repeatedly caused problems with Obtainium.
The effort was too high for me compared to the benefit.
I then discarded Obtainium again.

My 2 cents.
Many others will certainly see it differently and pillory me for it.
For me, a balance between benefit and effort is important. I take the pragmatic approach

Aurora has these problems:

  • No unattended updates. Obtainium recently added the feature. There’s no plan for Aurora to support it, and it’s unlikely they ever will.

  • Service disruptions. While Aurora’s anonymous login system has worked reliably recently, back in June there was major downtime after Google had made changes.

  • Questionable future: Aurora Store relies on Google’s infrastructure and violates Google’s TOS. If Google wanted to, they could completely kill Aurora.

I say this as someone who appreciates Aurora, but wishes I didn’t need it. I prefer F-Droid, then Obtainium, and only use Aurora as a last resort.

1 Like