Its one or the other. Either Google Play Services will push notifications, or the apps have to have the ability to handle push notifications on their own (which isn’t common).

Google Play Services can be sandboxed in GrapheneOS, but there isn’t an open source Google Play Services since its not included in AOSP. It is very much a proprietary blob.

I think once you give your IP to the satellite, the deapsea cables will start tracking all jellyfin packets

During those rare times that you boot into Windows 11, go ahead and update it.

I wouldn’t go out of your way and boot into it for the sole purpose of keeping it updated tho.

Yeah but playing defense on free eaves AI is going to filter this out frontier civilization quack.

Seeing as RCS with encryption based on the MLS standard hasnt been deployed yet, can you show exactly what metadata is leaking?

Actually RCS has encryption in the new spec now, and we could see encrypted RCS messages implemented on iOS and Android within a year.

But even so, use Signal.

Not entirely true. There is other sandbox software out there (such as firejail, distrobox, docker, chroot, any VM products, etc) although they should also be cautious about claiming to be more secure. Flatpak, however, is not considered a sandbox by some.

Care to explain?

If your distro doesn’t work unless you use Flatpaks, then stick to flatpaks ig. Its your system.

There are quite a few reasons to avoid flatpaks tbh.

• You have no control over the dependencies. A flatpack can include a very old dependency and there is nothing you can do about it. You are at the mercy of the developer.

• Many Flatpak applications available on flathub are not effectively sandboxed by default. Do not rely on the provided process isolation without first reviewing the related flatpak permission manifest for common sandbox escape issues.

• Running untrusted code is never safe; sandboxing cannot change this. It can be a false sense of security.

• It is generally not a good idea to run unattended updates via systemd, as the applications can get new permissions without the user aware of the changes. See this blogpost for examples

• Flatpak does not run on the linux-hardened kernel unless you do additional kernel modifications that could have negative security implications.

What are the benefits of flatpacks? Like why not just install the actual Tor browser on your system? The one that is released and maintained by The Tor Project?

[edit] Looks like the Tor Project does support this flatpack. Im a silly goose.

And technically the key file can just be a plain text password and still work. Just as long as the key file matches the drive’s encryption password.

If its encrypted, you can also decrypt the drive automatically once booted by adding an entry in /etc/crypttab

This will make it so you don’t have to type the password.

You can use their RSS feeds to avoid a lot of their tracking.

GrapheneOS has the profiles that you are asking for. Configure them how you want.

GrapheneOS- Features

Per the Arch Wiki:

The AUR is unsupported, so any packages you install are your responsibility to update, not pacman’s. If packages in the official repositories are updated, you will need to rebuild any AUR packages that depend on those libraries.

Arch Wiki - Arch User Repository

They have a whole wiki for the AUR.

Arch Wiki - Arch User Repository

To update the package, you use git to pull the latest branch code and repeat the process. You should double check if there are dependency changes though.

Like I said, its easier with a pacman wrapper, but not necessary.

No, if they cared for that, they’d say 50,000,000,000 Bps

You definitely do not need to use any pacman wrappers to build a package from the AUR. Those tools make it easy, yes, but are not required.

Building a package can be as simple as

• git clone AURpackagehere
• cd AURpackagehere
• makepkg -si