Instead of completely moving to 1 service, I would try to compartmentalize the digital life better. For me I tried:

• all banks and very sensitive stuff => Proton Mail

• every other emails => Gmail.

• Password Manager: yes Proton Pass is nice but i like things to work offline and access whenever i can => KeePass. I secure my database with a password and a keyfile. I transfer and uodate my database with Syncthing.

• 2 FA stuff: i had Authy but it is a piece of shit app now. So I am moving to Keepass. Yes, you can add TOTP to anything in Keepass. The only thing i still need Authy for is Steam.

holy shit how many subpackages/libraries of texlive did you have?

Sentinel Prime lurking

Name: Biggus Dickus DOB: 06/09/1969

spez has a very punchable face. After that API fiasco that forced many devs out of business, i didnt think i can hate him more till now

I’m a noob when it comes to deep linux stuff.

So how does this affect end users and are we at risk of leaking personal info? It looks to me they are adding a birthDate field along with other meta data. Will these metadata be sent to whatever local authorities or whatever data hoarder on the web (like Google) without user consent?

I meant what stops me from listing false info like: Name: Biggus Dickus DOB: 06/09/1969 Nationality: Spartan …etc. ?

I usually use systemd for stuff like hibernate/suspend, e.g.

systemd suspend

and if on i3wm, I edit configs for sleep and lid close in /etc/systemd/sleep.conf

Are these affected too?.

HolyC is the real C

Suspend , hibernation and resume

yes laptops may seem like they suspend and hibernate and resume properly on Linux. But they do not work reliably. Back in 2010, you could have laptop running hot inside your backpack just because it failed to suspend on lid close. Fast forwars to 2026, the lid close action works but for me, there are still small chances that it doesnt suspend properly or slow to suspend. I blame Intel and Micro$oft for the new standby mode.

As much as I hate Macs, those fucking money grabbers suspend 200% well. I dont care if you’re alert or drunk or 30,000 ft in the air, if you close on the lids on these laptops, they suspend quickly.

another solution for you is no profiles, just the main + Private Space. In main you dont use any Google stuff. In your private space (setup with a different unlock method from your screenlock), you sign in and get your Google stuff. I havent tried it but it sounds ok…Not sure about transferring files though. E.g. what if I have a news article in Vanadium in mainland and want to share it to my contacts in Private Spac? Or the reverse: I got a pdf from whatsapp in Private Space and want to store it in my main’s folder?

@pinball_wizard@lemmy.zip was correct: Even a single GOS profile is already much better than normal Android. You can read up all the security stuff GOS offers in Settings/Security and Privacy. A lot of those features are already much better than stock Android, e.g. strict control over USB c, spawn app securely, wifi/BT auto off…etc.

As to your question about logic in using diff securities, GOS is the only OS that allows you to have many profiles. These profiles are completely isolated from each other. You have your own keylock, user for each profile. That is much more powerful that stuff like Peivate Space (stock Android has) or even Samsung Secure Folder. So I want to make the best use for these features…

That and we have too much personal and sensitive stuff on our phones nowdays. I’m not talking about normal stuff like emails and photos. I meant online banking apps, identity card app that each country for some reasons force citizens to install…And everything else, literally everything has an app.

Anyway…

Initially i went with: 1 owner profile (the one you started originally), 1 media profile, 1 bank profile and 1 daily profile. You know like completely compartmentalize your life.

This works BUT there is a lot of inconvenience. .E.g. if i see an article in Vanadium in daily and want to share it to whatsapp/viber/signal which live in media, i cant.

So I then went with: 1 owner profile and 1 sensitive profile…So all the things that are very important to me like banks, IC app I put in sensitive. .Everything else I put in owner. Note: in sensitive profile, I do not user fingerprint; I set a long password for that.

Hope that helps.

Just go for it. You can always go back to stock if you dont like it.

My advice: dont make it too complicate. GOS has a lot of different securities and you can choose whatever you want to do with your phone. Some examples::

• you can run the whole thing on 1 profile

• 1 main profile and 1 secondary for Google

• 1 main profile for admin and several secondary profiles each with their own private space… .

and so on and on. I like to think of GOS similar to Archlinux. You can choose your way, but if things go south , a extremely complicate setup will make it very difficult to diagnose and maintain.

yes some Play store apps are country specific so instead of switching my default country, which stupid Google only allows 1 per year btw, I want to create different profiles with different Google accounts. You cannot do that without showing that these accounts belong to whichever phone number you have

its been 4 months and I am not regret about my switch to GrapheneOS. The only thing that can make this 100% perfect is creating a Google account that does not tie to your phone number.

alias sudo=‘Please’ alias rm -rf =‘thank you’

Please thank you

GOS is great. Funny, I used to rom hop and distro hop a lot; but on GOS, I installed it once and so far so good (5+ months in).

Just some tips for new users: Just install it and dont be afraid to try things out (Google Store, profiles, Aurora…etc). Oh and dont make it tooooo complicate with many profiles and private space. You can test first but dont over do it if you’re not experienced.

And no, I am not a dev from GOS lol. I’m an ordinary user who wants to take control of my phone.

i guess another way is to use those shitty privacy screen protectors that do not work with fingerprints at all. They can try all they want, its not gonna work.

Or grapheneos but compartmentalize sensitive data to a profile where you use no fingerprints, only pins. Duress can be entered anywhere right? So if you’re being compromised , enter the duress pin.

any ideas how to add that engine to Vanadium on GrapheneOS?

Yes it is very much doable and you can get a functional system. But there can be 2 main problems for your case:

1. you would literally install Debian and choose nothing (no DE just a bare minimum). On Arch, this is easy because it came with some packages or you can install during live to get wifi working. On Debian , last I heard you need to do some dhcp wizardry.

2. cross apps compatibility. This is very serious. Even “lightweight” DE like xfce has a lot of hidden stuff that helps to run your notifications , powers and brightness/volume. And that does not count it you want stuff from Gnome or KDE: they even have more special libraries. In your case, the worst scenario would be to have multiple libraries/configs from different DE and they try to do the same thing. This is very hard to debug and maintain.

Point 1) is not as bad, if you use an Ethernet or somehow connects to the internet. It is only for the 1st phase where you install stuff though. After that you can just use the DE’s network manager.

Point 2) should not be a problem IF you are running a window manager. The reason is that in these setups you can choose exactly what you want without messing up…On DE you can too, but you migght break things. For eg, choose dunst for notitication or xfce4-notifyd. On a mixed DE setup? Bad idea imo.

anything that ties to Micro$oft is shady