They are convenient, but there's only a couple sites that support full login with passkeys. I'm reading between the lines of your comments none of them are sites you'd use (Microsoft, Github, Google, etc...)

Someone else commented KeepassXC has an open issue about passkeys, perhaps they'll add support sometimes too.

You're not really missing anything yet, to be honest. I've mostly tried them out just out of interest, and it's still very much aimed at people using Google or Apple...

With Bitwarden, you can use passkeys on chromium browsers. Vanadium actually enabled support in advance.

You need to have Play Services installed, though. This is due to Chromium, nothing GOS can do about that. No need for even network permission for Play Services, luckily.

Firefox is supposedly adding a standalone implemetation, which won't require Play Services, any year now...

Don't have Proton Pass, so don't know what's the situation there. With BW+Vanadium, they work well. I just wish Play Services weren't required. With Google Passwords they probably just work.

I don't think most apps even access sensors. I also think disabling it is not necessary, more so if you don't allow network for an app. Though some (google) apps may still send data to Google via Play Services, supposedly.

I wouldn't worry about it, but you need to decide for yourself. Usablilty is also an important factor, pixels aren't cheap at least where I live.

Not a stupid question at all.

Location is for, well, location specifically. Sensors is a GOS thing, it blocks access to all sensors, like gyro, proximity, ambient light, etc.

Since it's not part of AOSP, apps will very likely misbehave if you turn the sensors permission off. That's why I left it enabled for Play Svcs and GSF, not sure if it's actually necessary.

From https://grapheneos.org/usage#bugs-uncovered-by-security-features :

Similarly, some of the other privacy and security improvements reduce the access available to applications and they may crash. Some of these features are always enabled under the hood, while others like the Network and Sensors toggles are controlled by users via opt-in or opt-out toggles. Apps may not handle having access taken away like this, although it generally doesn't cause any issues as it's all designed to be friendly to apps and fully compatible rather than killing the application when it violates the rules.

IMO, just the options to automatically turn off WiFi and Bluetooth after being disconnected for a while are enough to make it worth it. Not to mention all the other privacy benefits, like others have stated.

Oh, and network permission toggle is also really useful. If only passkey APIs were part of AOSP instead of Play Services / GSF, I've got them installed just for that (with only sensors permission)

In that case it's definetly worth it to try this out, just so you have one more notification to disable

In that case hydroxide-push will work too, which is good news!

Just note that the IMAP, SMTP and CardDav functions have been stripped out from this push version. If there's interest to have those too, a different version with the push stuff added on top of full Hydroxide could be made. It will require a bit of time to develop.

The scope of hydroxide-push is only push notifications for now.

I think it does require a paid account, Hydroxide basically acts like the official Proton bridge.

I haven't actually tested with a free account, so there's a chance it does work. When you run the auth command (which is the same as upstream Hydroxide), it will probably throw an error.

If you have a free account and try this out (or Hydroxide), please report how it goes back here, I'll add a note to the readme. Upstream doesn't seem to mention this in their repo either.

Lemmy is still a bit too hard core to get sarcasm in things like these

Great way to keep in touch with the the in-laws

Not much to comment on the technical side, but quite a bit of things get upstreamed or reported from GrapheneOS. I believe they really know what they're doing. You can ignore the rest if you don't care for the general opinion.

Yes, there's probably Google code in the sandbox feature, it's basically the stock Android userland app sandbox. The magic is the compatibility layer that allows Google apps to run as regular userland apps.

I stripped down Hydroxide, the OSS version of the Protonmail Bridge, to only send push notifications of new mail via a ntfy.sh server of your choice. Needs a Linux box to run on still, so not for everyone.

Main advantage over the otherwise good You Have Mail android app is that if you already use ntfy for other notifications, there's no need for a separate app for just mail notifications.

https://github.com/0ranki/hydroxide-push