Comment by codethief
9 days ago
I've used GrapheneOS on a Pixel 3a, 5, 8 and 10 Pro so far and it's worked really well. I couldn't imagine going back.
The only things I'm missing (which don't exist in other OS'es either):
- Being able to configure contact scopes in such a way that the app in question only gets access to the phone numbers of the contacts belonging to the label I specified, e.g. "WhatsApp", nothing more. Yes, one can of course add contacts' phone numbers to the contact scopes "by hand" but 1) there is a limit on the number of contacts/phone numbers configured this way, and 2) AFAIK there is no way to back up that list.
- Being able to install browser extensions in Vanadium.
- Being able to configure multiple VPNs at once, e.g. for Tailscale, ad filtering, blocking HackerNews during times when I should be doing something more productive :) etc., especially since the Vanadium browser doesn't support extensions (see above). I was hoping that the Rethink app might implement something like this (https://github.com/celzero/rethink-app/issues/1047) but it doesn't look like it's coming and it'd probably be much better to do this at the OS level.
> Being able to configure multiple VPNs at once, e.g. for Tailscale, ad filtering, blocking HackerNews during times when I should be doing something more productive
AdAway (in F-Droid) can block with /etc/hosts (no VPN involved) if you have root. The hosts blocking still works even when connected to a VPN. Aside from loading ad domain lists into /etc/hosts, it also allows you to specify custom domains to block - I personally have Reddit and HN in there :)
> AdAway (in F-Droid) can block with /etc/hosts (no VPN involved)
lifts head
> if you have root
Sigh. :)
Sure, on LineageOS back in the day I used to edit /etc/hosts by hand. On GrapheneOS I no longer have root, though (unless I compile it myself), which generally I think is a good idea, weren't it for Linux's absolutely abysmal access control system that requires you to be root for almost everything.
> Being able to install browser extensions in Vanadium.
You can use IronFox - available in Accrescent store that comes with GrapheneOS, and install firefox extensions
So uh… why not just use Firefox directly?
Yes, I already do that but: - Vanadium is said to be safer. - The reality is that websites often don't work in Firefox anymore. - I want to be able to block social media at certain times. (Today I often circumvent such blocking in FF by just opening Vanadium…)
IronFox is Firefox with different settings. IronFox is security focused and hardens gecko preferences - https://ironfoxoss.org/docs/features/
Using a Chrome based browser (i.e. Vanadium) is not an option for me because I need my extensions and generally prefer using firefox everywhere.
You can use labels for contact scope.
You might want to read my comment again. :) If you use labels, the app will have full access to the associated contacts, not just to their names & phone numbers.
So it's not about labels, but you want the ability to restrict the fields an app has access to rather than an all or nothing – full access to a contact or none at all?
1 reply →
I'm annoyed at everyone who shares my name, phone number and any other details with Meta. I never consented to it. The behavior of their app slurping up your contacts database is despicable.
This doesn't answer your question, but in case it helps for others out there: it's possible to use WhatsApp with no access whatsoever to your contacts and I used it that way for years. Connecting with people is slightly jankier but it still works.
1 reply →
You can have a second or third VPN active if you use a work profile and private space
Note to self: look for second hand unlocked Pixel 10 pro!