It breaks their sandboxing model, which limits the impact of malicious/compromised apps.

To be clear, I’m not arguing against root here. I daily a rooted phone, and I believe if it’s impossible to get root on something, it isn’t really yours. You can get root on GrapheneOS; they just discourage it because they’re strongly focused on security.

They’re right. If a bug in AdAway, which needs root to write /etc/hosts caused it to fetch and execute malicious code, the malware could do anything I can do to my device. The scenario is plausible; it routinely fetches blocklists, and I imagine a sophisticated enough attacker could compromise the delivery mechanism.

I don’t worry about that scenario because it’s unlikely that kind of attacker will target me. GrapheneOS is meant for people who do have to worry about that kind of thing.

@Onomatopoeia @Zak@lemmy.world

@prism @Twakyr

It would be great if we had a fine-grained access control mechanism where the user could specify that AccA may write to anything in /sys/class/power\_supply and AdAway may write to /etc/hosts, but neither can access any *other* system files. Apps that use root almost always need a fairly narrow set of elevated privileges.

Android already has everything it needs to support that under the hood with SELinux. A UI for it would allow users full control of their devices with a reduced attack surface area.

@ChaoticNeutralCzech @asklemmy @Zak@lemmy.world

That’s true from Lemmy, but not from Mastodon. Mastodon won’t detect !asklemmy@lemmy.world as a mention.

I’m curious as to how Lemmy handles collisions from external sources. @cat exists as both a user and a community. Since this is a comment, Lemmy shouldn’t post it to the community, but will Lemmy users see a link to the user or the community?

@LibertyLizard @technology It always has. They both speak ActivityPub.

The UX can be awkward though. As an example, I had to add the community tag to this comment manually, as it won’t federate to lemmy.world otherwise. That’s because Mastodon doesn’t push replies to every server with users participating in a thread, which I think is a design flaw.

To post to Lemmy from Mastodon, just tag a community. You can load any of the fediverse links shown in the default Lemmy web UI in a Mastodon search box and reply to them. You can also follow a community and receive every subsequent post and comment as a boost (this is a bad UX and I don’t recommend it), as well as follow Lemmy users, which you can’t do in Lemmy itself. You cannot vote on Lemmy posts/comments from Mastodon.

I find tagging an appropriate Lemmy community from my Mastodon posts to be a good experience. You’ll see a few of those from my @zaktakespictures account in @birding, and from @zakreviews in @flashlight.

I’m pretty sure Lemmy won’t make new toplevel posts out of this in those communities since it’s a reply, but I’m going to check just to be sure.

@Minotaur @henfredemars @technology You are using an account on lemm.ee to reply to someone commenting from an account on infosec.pub in a community hosted on lemmy.world.

Those are all running Lemmy software, but I am replying from an account on social.goodanser.com, which is running Mastodon software.

That’s federation. We’re all using different service providers, sometimes even different software, but we can talk to each other because they speak the same protocol, called ActivityPub. Threads.net has announced plans to support ActivityPub and conducted some limited trials, which they’re in the process of expanding. They claim they intend to support it fully, but only for users who opt in to it.

Servers can block, or “defederate from” other servers, and many have chosen to preemptively defederate from Threads.

@tubaruco It’s from these installation instructions, which say “it might error, but that’s fine”. Usually error messages mean it’s not fine, so I found it fairly amusing.

https://wiki.lineageos.org/devices/sunfish/install/#installing-lineageos-from-recovery

@squid_slime I just thought it was funny. I guess I’m the only one.