Privacy

38448 readers

665 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

Is F-droid insecure? (sh.itjust.works)

submitted 3 days ago* (last edited 3 days ago) by [email protected] to c/[email protected]

31 comments fedilink hide all child comments

In the GrapheneOS forum, I encountered a claim that F-droid is insecure (and not good at privacy as well). These links (and more) were given as an evidence:

While there are some attitude against FOSS app, I think the arguments are generally sound and in good-faith. Which makes me confused, as I've been hearing good words about F-droid in lemmyverse.

I am not good at assessing arguments, so I want to ask you guys for more aspects and information.

Also, if not F-droid, what should I use? Is Aurora store, a frontend of play store, not fine to use as well?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 38 points 2 days ago

I think F-droid is woefully misunderstood especially in privacy circles.

The main benefit of F-Droid is that it works (as best it can) to guarantee software freedom. This means, for each app, you can be assured it is under a free software license, built from corresponding source code, and contains no proprietary components. F-droid has an inclusion policy that forbids proprietary blobs and they have to build everything from source in order to ensure that - however, if the app is reproducible, F-droid can actually verify that the already built app from the developer satisfies the inclusion policy without needing to sign its own builds, which is ideal. It's important to note that without building from source, there is no way to guarantee that the source corresponds to the binary, which is important for exercising the four freedoms.

I don't agree with everything F-droid does and I don't think F-droid is perfect. The security folks have a few valid points, I think, but they fail to offer a solution that solves the same problem that F-droid does, either because they misunderstand what problem that is, or simply do not care about it. F-droid is not an app store, it's a community-maintained distribution like a GNU/Linux distribution. App stores are not alternatives to F-droid and serve different problems. There is, as far as I know, no other project that attempts to serve the same purpose as F-droid.