| > CalyxOS has a leaky firewall which apps can bypass and a leaky VPN tethering implementation. We're working on fixing the one bypass. I don't know what you mean by leaky VPN tethering implementation. We have a patch (from LineageOS) that allows tethered devices to connect over the VPN. By default in AOSP a tethered device ignores the VPN. Wouldn't this be the opposite of leaky? It prevents leaks, especially when you have always-on VPN enabled. > GrapheneOS has a Network toggle without those leaks and prefers the approach of fine-grained VPNs rather than using the same tunnel for everything. We evaluated the network toggle and found it to cause crashes in apps when the permission got taken away from them unexpectedly, which is why we've gone with the solely network-level implementation. We also do not have anything that'd make you think 'use the same tunnel for everything'. Multiple users work just fine, and in fact we now have a built-in work profile feature which lets you run another VPN in that (since that's how Android works) out of the box. > CalyxOS includes a lot more proprietary services (Google, WhatsApp, etc.) We do not include any proprietary services. We have microG which is open source, and the WhatsApp integration is done in open source code in the Dialer, it does not rely on anything proprietary. In fact, you're the one who's brought up your play services approach which involves running the proprietary binary. Don't you see the irony? |