This Tweet is from a suspended account. Learn more
Conversation
This Tweet is from a suspended account. Learn more
Calyx is the best privacy focused OS in terms of app compatibility. It's not perfect but it's become very stable over the last few months of using it as a daily.
Has some very nice features too like a firewall that completely disables data access to individual apps.
3
2
GrapheneOS now has grapheneos.org/usage#sandboxe providing substantially broader app compatibility. microG only provides a small subset of Play services functionality.
CalyxOS does not add a firewall. AOSP already has one and they're just presenting features in their own firewall UI.
1
1
It's worth noting that their take on network filtering is fundamentally flawed and doesn't work: gitlab.com/CalyxOS/calyxo. It's not something missing but rather the approach is fundamentally incorrect. Solely packet-based filtering can't provide what it's presented as providing.
1
1
Network access via IPC also needs to be blocked, and in a systemic way rather than case-by-case. So, sure, they have a UI for the standard firewall with added features. The plan in their tracker is to fix 1 specific hole caused by a general problem of not blocking IPC networking.
Our approach is adding a Network toggle which removes both direct socket access (like that kind of firewall) and also indirect access. Some apps aren't happy with network access being truly fully revoked so github.com/GrapheneOS/os- is planned to fix some apps handling it poorly.
1
The Network toggle already works for the base OS. Not every app is going to properly enforce INTERNET permission checks for services they provide to other apps though. This is a common issue with permissions: you trust an app not just with that access, but to protect the access.
1
Show replies