The debate about F-Droid security and trustworthiness has been ongoing for a while ...

npub1f6u…zcka

2024-11-23 00:39:53

in reply to nevent1q…60g5

The debate about F-Droid security and trustworthiness has been ongoing for a while now with passionate arguments on both sides, so I will let you go down that rabbit hole for yourself.

The main issue for me with F-Droid is having to trust not only the dev but also F-Droid. This is basic OPSEC. If you can get it from the source (GitHub usually) without also having to trust a 3rd party, then that is basic security practice. If the release is on GitHub, the Obtanium is just pulling from the repo.

If the dev releases the apk on F-Droid only, then that is the release repo (not GitHub/GitLab, Codeberg), straight from the dev. Using Obtanium, in this case, now introduces a third party, so while the risk is minimal compared to an alternative client like Neo Store, I still recommend following best OPSEC practices and just getting the apk from the source, which in this particular case is not Codeberg, or GitHub, or GitLab, but F-Droid. I already spoke about why I recommend F-Droid Basic in the post.

Here is more info on the subject: https://discuss.privacyguides.net/t/remove-note-about-getting-f-droid-apps-from-obtanium/14440

Author Public Key

npub1f6ugxyxkknket3kkdgu4k0fu74vmshawermkj8d06sz6jts9t4kslazcka

Show more details

Published at

2024-11-23 00:39:53

Kind type

1 Short Text Note

Event JSON

{ "id": "7edff99c59536d95a7ffbdf117a52dabce716b9adf4244d8391296a9d90fcbe1", "pubkey": "4eb88310d6b4ed95c6d66a395b3d3cf559b85faec8f7691dafd405a92e055d6d", "created_at": 1732322393, "kind": 1, "tags": [ [ "e", "d18ad294888618ca56eaa50495da25c9cd49e4d9474b17454d7eecf8120a64fe", "", "root" ], [ "e", "a854bc814a2fa0a46ab5e1e39b2e94f7764a84bb126fe60ad1fd446719d0b20e", "", "reply" ], [ "p", "4eb88310d6b4ed95c6d66a395b3d3cf559b85faec8f7691dafd405a92e055d6d" ], [ "p", "93eb23ad1d9274e3e284babe1d507f2c80d1eac2f3ef54969361a8a1f926cdaf" ], [ "r", "https://discuss.privacyguides.net/t/remove-note-about-getting-f-droid-apps-from-obtanium/14440" ] ], "content": "The debate about F-Droid security and trustworthiness has been ongoing for a while now with passionate arguments on both sides, so I will let you go down that rabbit hole for yourself.\n\nThe main issue for me with F-Droid is having to trust not only the dev but also F-Droid. This is basic OPSEC. If you can get it from the source (GitHub usually) without also having to trust a 3rd party, then that is basic security practice. If the release is on GitHub, the Obtanium is just pulling from the repo.\n\nIf the dev releases the apk on F-Droid only, then that is the release repo (not GitHub/GitLab, Codeberg), straight from the dev. Using Obtanium, in this case, now introduces a third party, so while the risk is minimal compared to an alternative client like Neo Store, I still recommend following best OPSEC practices and just getting the apk from the source, which in this particular case is not Codeberg, or GitHub, or GitLab, but F-Droid. I already spoke about why I recommend F-Droid Basic in the post.\n\nHere is more info on the subject: https://discuss.privacyguides.net/t/remove-note-about-getting-f-droid-apps-from-obtanium/14440", "sig": "88b12ea226bad1ecc8d91017cfc3f9aa8b17c92163af0005a44b80125c36c1ebb216c0bea41aa2a58a6925c5e0e73977a155218be37fc5183afc2a9d2510323a" }