This post is long and kind of a rant. I don't expect many to read the whole thing, but there's a conclusion at the bottom.

On the surface, recommended security practices are simple:

• Store all your credentials in a password manager
• Use two factor authentication on all accounts

However, it raises a few questions.

• Should you access your 2FA codes on the same device as the password manager?
• Should you store them in the password manager itself?

This is the beginning of where a threat model is needed. If your threat model does not include protections against unwanted access to your device, it is safe for you to store access your 2FA codes on the same device as your password manager, or even in the password manager itself.

So, to keep it simple, say you store your 2FA in your password manager. There's a few more questions:

• Where do you store the master password for the password manager?
• Where do you store 2FA recovery codes?

The master password for the password manager could be written down on a piece of paper and stored in a safe, but that would be inconvenient when you want to access your passwords. So, a better solution is to just remember your password. Passphrases are easier to remember than passwords, so we'll use one of those.

Your 2FA recovery codes are something that are needed if you lose access to your real 2FA codes. Most websites just say "Store this in a secure place". This isn't something you want to store in the same place as those (in this case our password manager), and it's not something you will access often, so it's safe to write it down on a piece of paper and lock it in a safe.

Good so far, you have a fairly simple system to keep your accounts safe from some threats. But, new problems arise:

• What happens if you forget your master passphrase?
• What happens if others need access to your password manager?

The problem with remembering your passphrase is that it's possible to forget it, no matter how many times you repeat it to yourself. Besides naturally forgetting it, things like injuries can arise which can cause you to forget the passphrase. Easy enough to fix, though. We can just keep a copy of the passphrase in the safe, just in case we forget it.

If someone else needs to access certain credentials in your password manager, for example a wife that needs to verify bank information using your account, storing a copy of the password is a good idea here too. Since she is a trusted party, you can give her access to the safe in case of emergencies.

The system we have is good. If the safe is stolen or destroyed, you still have the master passphrase memorized to change the master passphrase and regenerate the 2FA security codes. The thief who stole the safe doesn't have your password manager's data, so the master passphrase is useless. However, our troubles aren't over yet:

• How do you store device credentials?
• How do you keep the password manager backed up?

Your password manager has to have some device in order to access it. Whether it's a phone, computer, tablet, laptop, or website, there needs to be some device used to access it. That device needs to be as secure as your password manager, otherwise accessing the password manager becomes a risk. This means using full disk encryption for the device, and a strong login passphrase. However, that means we have 2 more passwords to take care of that can't be stored in the password manager. We access those often, so we can't write them down and store them in the safe, Remembering two more passphrases complicates things and makes forgetting much more likely. Where do we store those passphrases?

One solution is removing the passwords altogether. Using a hardware security key, you can authenticate your disk encryption and user login using it. If you keep a spare copy of the security key stored in the safe, you make sure you aren't locked out if you lose access to your main security key.

Now to keep the password manager backed up. Using the 3-2-1 Backup Strategy. It states that there should be at least 3 copies of the data, stored on 2 different types of storage media, and one copy should be kept offsite, in a remote location (this can include cloud storage). 2 or more different media should be used to eliminate data loss due to similar reasons (for example, optical discs may tolerate being underwater while LTO tapes may not, and SSDs cannot fail due to head crashes or damaged spindle motors since they do not have any moving parts, unlike hard drives). An offsite copy protects against fire, theft of physical media (such as tapes or discs) and natural disasters like floods and earthquakes. Physically protected hard drives are an alternative to an offsite copy, but they have limitations like only being able to resist fire for a limited period of time, so an offsite copy still remains as the ideal choice.

So, our first copy will be on our secure device. It's the copy we access the most. The next copy could be an encrypted hard drive. The encryption passphrase could be stored in our safe. The last copy could be a cloud storage service. Easy, right? Well, more problems arise:

• Where do you store the credentials for the cloud storage service?
• Where do you store the LUKS backup file and password?

Storing the credentials for the cloud storage service isn't as simple as putting it in the safe. If we did that, then anyone with the safe could login to the cloud storage service and decrypt the password manager backup using the passphrase also stored in the safe. If we protected the cloud storage service with our security key, a copy of that is still in the safe. Maybe we protect it with a 2FA code, and instead of storing the 2FA codes in the password manager, we store it on another device. That solves the problem for now, but there are still problems, such as storing the credentials for that new device.

When using a security key to unlock a LUKS partition, you are given a backup file to store as a backup for emergencies. Plus, LUKS encrypted partitions still require you to setup a passphrase, so storing that still becomes an issue.

Conclusion

I'm going to stop here, because this post is getting long. I could keep going fixing problems and causing new ones, but the point is this: Security is a mess! I didn't even cover alternative ways to authenticate the password manager such as a key file, biometrics, etc. Trying to find "perfect" security is almost impossible, and that's why a threat model is important. If you set hard limits such as "No storing passwords digitally" or "No remembering any passwords" then you can build a security system that fits that threat model, but there's currently no security system that fits all threat model.

However, that doesn't let companies that just say "Store this in a secure place" off the hook either. It's a hand wavy response to security that just says "We don't know how to secure this part of our system, so it's your problem now". We need to have comprehensive security practices that aren't just "Use a password manager and 2FA", because that causes people to just store their master passphrase on a sticky note or a text file on the desktop.

The state of security is an absolute mess, and I'm sick of it. It seems that, right now, security, privacy, convenience, and safety (e.g. backups, other things that remove single points of failure) are all at odds with each other. This post mainly focused on how security, convenience, and safety are at odds, but I could write a whole post about how security and privacy are at odds.

Anyways, I've just outlined one possible security system you can have. If you have one that you think works well, I'd like to hear about it. I use a different security system than what I outline here, and I see problems with it.

Thanks for reading!

cross-posted from: https://lemmy.ml/post/26453685

Not many people have heard about secureblue, and I want to spread the word about it. secureblue provides hardened images for Fedora Atomic and CoreOS. It's an operating system "for those whose first priority is using linux, and second priority is security."

secureblue provides exploit mitigations and fixes for multiple security holes. This includes the addition of GrapheneOS's hardened_malloc, their own hardened Chromium-based browser called Trivalent, USBGuard to protect against USB peripheral attacks, and plenty more.

secureblue has definitely matured a lot since I first started using it. Since then, it has become something that could reasonably be used as a daily driver. secureblue recognizes the need for usability alongside security.

If you already have Fedora Atomic (e.g. Secureblue, Kinoite, Sericea, etc.) or CoreOS installed on your system, you can easily rebase to secureblue. The install instructions are really easy to follow, and I had no issues installing it on any of my devices.

I'd love more people to know about secureblue, because it is fantastic if you want a secure desktop OS!

Not many people have heard about secureblue, and I want to spread the word about it. secureblue provides hardened images for Fedora Atomic and CoreOS. It's an operating system "for those whose first priority is using linux, and second priority is security."

secureblue provides exploit mitigations and fixes for multiple security holes. This includes the addition of GrapheneOS's hardened_malloc, their own hardened Chromium-based browser called Trivalent, USBGuard to protect against USB peripheral attacks, and plenty more.

secureblue has definitely matured a lot since I first started using it. Since then, it has become something that could reasonably be used as a daily driver. secureblue recognizes the need for usability alongside security.

If you already have Fedora Atomic (e.g. Secureblue, Kinoite, Sericea, etc.) or CoreOS installed on your system, you can easily rebase to secureblue. The install instructions are really easy to follow, and I had no issues installing it on any of my devices.

I'd love more people to know about secureblue, because it is fantastic if you want a secure desktop OS!

(In honor of Holiday. You know who you are.)

I didn't like Kodi due to the unpleasant controls, especially on Android, so I decided to try out Jellyfin. It was really easy to get working, and I like it a lot more than Kodi, but I started to have problems after the first time restarting my computer.

I store my media on an external LUKS encrypted hard drive. Because of that, for some reason, Jellyfin's permission to access the drive go away after a reboot. That means something like chgrp -R jellyfin /media/username does work, but it stops working after I restart my computer and unlock the disk.

I tried modifying the /etc/fstab file without really knowing what I was doing, and almost bricked the system. Thank goodness I'm running an atomic distro (Fedora Silverblue), I was able to recover pretty quickly.

How do I give Jellyfin permanent access to my hard drive?

Solution:

1. Install GNOME Disks
2. Open GNOME Disks
3. On the left, click on the drive storing your media
4. Click "Unlock selected encrypted partition" (the padlock icon)
5. Enter your password
6. Click "Unlock"
7. Select the LUKS partition
8. Click "Additional partition options" (the gear icon)
9. Click "Edit Encryption Options..."
10. Enter your admin password
11. Click "Authenticate"
12. Disable "User Session Defaults"
13. Select "Unlock at system startup"
14. Enter the encryption password for your drive in the "Passphrase" field
15. Click "Ok"
16. Select the decrypted Ext4 partition
17. Click "Additional partition options" (the gear icon)
18. Click "Edit Mount Options..."
19. Disable "User Session Defaults"
20. Select "Mount at system startup"
21. Click "Ok"
22. Navigate to your Jellyfin Dashboard
23. Go to "Libraries"
24. Select "Add Media Library"
25. When configuring the folder, navigate to /mnt and then select the UUID that points to your mounted hard drive

A couple years ago when I was first interested in privacy I stumbled across a privacy website that I found very cool. I regret not saving it, but I'm certain it's not lost. I only remember this about the website:

• It had this song as its background music
• The website was for educating about privacy, and you would "unlock" new knowledge as you went
• Some of that knowledge was in a "cave" where some dark stories and articles surfaced
• One of the interactive segments was about "What do you think step counter data could reveal about you?" and the answer was things like religion (if your step count increased on certain days such as Sunday or Tuesday which correlates with some religions), rough location (based on which times you walked), etc.

That's all I remember. Thank you so much to anyone who can help me find it!

Yesterday I decided to start "officially" selfhosting. With almost no experience with Docker, I struggled for eight hours straight, but I finally have it working.

Currently, the two tools I am selfhosting with Docker Compose are LibreTranslate and spotDL. I'm only accessing them over the local network using a direct IP:PORT, so there's no domain name. I don't want to use a custom DNS, since it is fingerprintable online, so I want to keep it the same as my VPN.

With that said, I want to add encryption to the connections. I was able to generate my own self signed certificates with this command:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ./certs/key.key -out ./certs/cert.crt

spotDL was easy to setup with these self signed certs, since it has command flags for --enable-tls, --key-file, and --cert-file. LibreTranslate has an environment variable for - LT_SSL=true, however it gives the following error:

libretranslate  | (URLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)')),)

That led me to this issue which is 2 and a half years old. LibreTranslate doesn't have a way to specify certificates that I know of.

I tried using Nginx Proxy Manager to create a reverse proxy, but I couldn't quite figure it out. (I also didn't understand Docker Compose at the time. I had a few hours to go before I did) NPM also seems to want Let's Encrypt certificates which can't be given without a DNS record. I tried manually providing certificates in the config file, but I don't quite understand NPM enough to be able to set it up properly on my own.

My requirements are:

• No changing the DNS from my VPN's default
• No port forwarding, everything should be accessed by the local network only
• No email required (ability to use a fake email without risk is fine)
• Only free and open source software
• Modern security standards where available

I also would like help adding the self signed certificates as a permanent exception in Brave browser, if possible.

This question has been answered. Please stop trying to repeat information that has already been said many times before. Everything in this thread is in good faith, I am here to learn, so I will make mistakes. Furthermore, if you want to contribute something new, please read the entire post to avoid misunderstanding the purpose of this post.

Selfhosting is useful when you either need a lot of storage or a lot of processing power. For example, Kiwix is useful to selfhost on a server because a lot of its content can take up terabytes of storage, which a phone may not have. LLMs are also useful to selfhost because they require a degree of processing power that, again, a phone may not have.

In both cases, there is also a need for perpetual access. If you simply hosted an LLM on your home computer, it wouldn't be very useful to access from your phone since your computer won't be running all the time. So, a separate always-on server is needed.

However, there are some selfhosted software that I don't see a use for. For example, Immich. Immich requires to be run on a server to function, but a lot of (or even all) of its functions are things that could reasonably done entirely on-device. Aves combined with some automatic backup solution such as Nextcloud gets (from what I can tell) most of the functionality Immich offers. Obviously, some features like AI image tagging are missing, but you get the point. AI image tagging is also something that could be run on-device as well, since it's mostly lightweight (iPhones are capable of it). Having a setup like that also comes with the benefit of automatic backups being completely optional, rather than required.

There's no reasonable need for extra storage or extra processing power needed for that use case, from what I can tell. (Disclaimer: I haven't actually used Immich before, so this is speculation. I apologize if I'm missing something obvious) There's a lot of other selfhosted tools like spotDL which have a selfhosted web UI, but no GUI that can be installed outside of a web browser.

I guess my question is why there are so many selfhosted tools that unnecessarily require being run on a separate device. I do understand the legitimate use cases some of them have, but others seem better off on-device airgapped. This especially became an issue trying to find a notes app for Android that requires no account and runs fully locally, or an RSS reader that loads from the device itself. I found Joplin and Feeder or Read You as the software for each of those. I don't like "server-based" selfhosting for things that could be done from the device itself.

I'm sorry if this turned into a rant. If someone could help me understand, I would appreciate that very much.

Cheers!

Edit: The comparison here isn't between selfhosting and using a cloud provider. The comparison here is between selfhosting on a server and running explicitly on-device (besides where extra storage or processing power is required)

Answer

So that nobody has to dig through the comments for answers, this is what I've learned: In the case of Immich, its purpose isn't designed to be a photo gallery. It's designed to be a more polished backup solution, designed explicitly for photos and not general files. While Nextcloud could be used to backup photos, it's not as focused on photos as Immich, and so it isn't as nice to use for that purpose. Immich also allows you to share photos with a link, rather than relying on a cloud provider to do that for you. There's also another benefit to selfhosting that I hadn't entirely realized, which is availability across devices. Some things like an eBook library may not take up much space, but it's convenient to not have to sync manually (or automatically) across devices, and instead access it from a central server. That same logic is true for RSS readers as well, since it's inconvenient to manually add and sync feeds across devices. Syncing across devices can be done with something like Syncthing in some cases, but not all, and so that's where selfhosting can be useful.

After about 2 and a half years of battling for my privacy, I'm finally at a place where I can step back and be happy. Technically the seed of privacy was planted 5 years ago, but it hadn't become a goal yet.

I used to use Windows 7 (even 10 and 11, eventually), an iPhone 6, Gmail, Google Hangouts (anyone else remember when it was called that?) and Discord as my main messengers, Snapchat, Instagram, Spotify, Netflix, Reddit, ChatGPT, Chrome, Google, Avast and Avast VPN, YouTube, Authy, and so, so much more.

I am so fortunate to be able to be where I'm at now. I use Fedora (Silverblue. I tried secureblue but it was too strict for my taste), a Pixel 8 running GrapheneOS, Proton Mail + addy.io (although I try to use email as little as possible), Signal and SimpleX Chat, a "self-hosted" music library, some cheaper ways to stream movies, Lemmy (duh), HuggingChat (because I don't have the hardware to run my own model quite yet), Tor Browser and another (I want to avoid arguments about my browser choice), SearXNG, Proton VPN (until I can get Mullvad VPN paid for), FreeTube, Aegis Authenticator, and a plethora of other software.

I got quite lucky with device compatibility. My computer and laptop just so happen to be compatible with every distro I've tried, and I've sure dragged them through hell to find the one I want. I'm blessed to have been able to snag a decent phone for GrapheneOS, and so glad to have automated the transition from Spotify.

It's been a good run. I'm glad to finally be satisfied with where I'm at. I started to see the fruit of my labor months ago. Now I can rest easy and do my part to help others become more privacy aware. I'd love to hear your story too, maybe mine isn't far off!

Bonus story: The straw that broke the camel's back that caused me to fully switch to Linux was Windows 11's Efficiency Mode. It's a cute feature that throttles the performance of programs to save on carbon emissions... and (at the time) you couldn't disable it. You could disable it per-process, but it would re-enable itself shortly after. ChatGPT was becoming quite popular at the time, but Efficiency Mode slowing down the browser made it nearly unusable. I did look for ways to permanently disable it, but either I wasn't experienced enough or it didn't exist yet. Well, no way except to replace Windows altogether!

Hello Lemmy!

I'm excited to celebrate the 100th release of my project, Open Source Everything! Open Source Everything is my own curated list of open source (or at least source-available) software. It started out with a bit of a bumpy start, even being deleted at one point, but the project is still going strong!

Over the past 4 months, the project has seen releases, both big and small, but it has grown so much since its initial release. It started out with a small list of 128 software I'd kept on my phone for months, but since then it has over doubled, and now has almost 300 pieces of software listed! It's truly inspiring to see the community come together and help the list out, so thank you very much to everyone who suggested software and contributed to the list!

With that said, the list has a long way to go. There are many sections that need improvement, and many mistakes to be fixed. I try to focus on quality over quantity, which means a lot of the software needs to be personally tested before I can definitively make sure that it belongs on the list. Of course, that's difficult for one person to achieve. I kindly ask for community feedback on software listed there, and if you feel there is a better alternative, please let me know!

I'm also considering moving Open Source Everything to a website structure, since I'm currently limited by the functionality of a markdown file. If there's some way to do inline tables and rounded images in a markdown file, let me know. Otherwise, I'll start working on creating a website for it.

Finally, if you're a good SVG artist, many of the software logos don't have high quality svg options available (or some SVGs, like Wikipedia, are broken for whatever reason). I would appreciate anyone with the skills available to help replace all PNG images with SVG counterparts, especially projects that are missing logos.

Thank you so much all of you, and I hope to make 2025 a great year for Open Source Everything!

P.S. Open Source Everything is hosted on GitLab, and mirrored on GitHub. I'm linking to the GitHub version because it supports slightly better formatting and header links are broken on GitLab due to a bug.

I've gotten to a point in my privacy journey where it's less about moving towards private options, and more about relaxing and having some fun with what I can do.

I put off messing around with RSS for a while. I simply didn't have a significant need for it. However, after finding no good options to monitor various Lemmy communities without logging in, I decided to try out an RSS reader.

I settled on Feeder as my RSS reader, despite a few missing features I would like. I added my first Lemmy community as a feed, to try it out. I was immediately surprised how well it worked.

I also added other feeds, such as Tails News, and I was happy with that. I could monitor all the communities I needed to.

Then, I noticed one day, there was an RSS button for my Lemmy inbox. This is where I was really pleased: I can view my notifications without the need to log in, all in the same place.

Lemmy and RSS are both incredible, and I truly believe RSS is the hidden backbone of the internet. I love it, and maybe you should give it a try too!

(Ahem P.S. if anyone has an RSS reader as good as Feeder for Android that fixes this issue, please let me know)

If you're just here for the results, the best ones are listed in my list of software, Open Source Everything under the "Sports & Health" section.

For the rest of you, thanks for staying! 2 days ago I made this post asking you all about which health apps for Android you recommend. I appreciate everyone who took the time to give their recommendations, however, I didn't get as many responses as I had hoped for. So I took inspiration from Thanos and tested out 81 different health apps for Android.

Wait, 81? Doesn't the title say 49? Yes, I tested 81 apps, but a good bit of them were either unavailable, required an account to use, not open source, or not a health app at all. So, those have been omitted from this list.

I should also mention that I didn't try every app, so you may have one I didn't try! I tried to test the major ones I could find from a massive list, but obviously we are all human and make mistakes. With that, here are my opinions for each software I tried.

Beauty Product Information

The only one that fits in this category is Open Beauty Facts. It requires the Network permission to function, and it's used to look up information about different beauty products. You can add these products to a list, scan barcodes (if you grant it camera permissions), and more. It's fully featured, still active, and the best app for this so far. However, the UI is fairly basic and it contains optional telemetry.

Breathing Exercises

Inner Breeze

Inner Breeze is a somewhat basic app to help you with breathing exercises. The app has a nice UI, and a few settings. It allows you to also keep a history of your breathing sessions which can be viewed in a graph. It requires no permissions at all.

Breathly

Breathly actually would have been the top app in this category, but unfortunately there hasn't been a commit in over a year. It has a better UX than Inner Breeze, and includes calming(?) voice instructions to guide your breathing. It does require DCL via memory permissions, which is unfortunate. It also does not have a graph functionality, but it does have different types of breathing exercises.

Brethap

Brethap (which I keep accidentally calling "Brethrap") has a basic UI, but it includes plotting your breathing sessions on a calendar. It also includes a web interface. It requires no permissions. It has decent customization, and includes support for Text to Speech.

Diabetic Trackers

Glucosio

Glucosio is an app for tracking different things within the body, such as glucose level, cholesterol, etc. It allows you to add custom data, graph it, import and export data, etc. Unfortunately, there aren't many settings and the app has been abandoned. The UI is very basic, but it's functional. It requires no permissions.

Diaguard

Diaguard is a German diabetic tracker that also has full English support. It is similar to Glucosio in functionality, but it has many more settings and a better UX. The UI is still basic, but it requires no permissions to function. It can plot graphs and pie charts, as well as many more functions. It is the best in this category.

xDrip+

xDrip+ has a horrible UI, confusing elements, I'm not even sure which permissions it needs, but it (supposedly) can connect directly to physical glucose meters. I don't recommend this app, but this isn't as bad as it gets.

Juggluco

Juggluco has the absolute worst UI I have ever seen, not just on this list. It forces you to use it in landscape, the clock does not hide itself, it seems to be badly translated, it has no settings, it barely has controls, but for some reason the app is still being updated.

Diet Creation Tools

The only app for this that I could find is Daily Dozen. By default it uses a scientifically recommended diet for your day, with no customization. It has a very basic UI with no settings, but it allows you to check off which foods you ate that day. It requires no permissions to run. If anyone is willing to make health software, this would be a good section to make it for.

Fitness Trackers

This section is weirdly named. Gadgetbridge is a replacement software for proprietary apps for your wearable gadgets. I've never used it, but it seems to have good support. It asked for so many permissions it might as well have the root permission itself, and the themes are slightly broken. The UI is fairly basic, but there are plenty of settings.

Gym Exercise Trackers

This section was really difficult to pick a best for.

Massive

Massive is a material exercise tracker. It requires no permissions. You can view your data on graphs, import and export, create custom exercises, and more. However, the experience is a bit confusing, there's little customization for which exercises you do, and there are a few bugs. Overall, it's the best in this category, but not by much.

Fast N Fitness

Fast N Fitness has a really bad UI. It requires no permissions to run, you can customize the exercise types, graph your data, create profiles, and more. It isn't really special, but it does have a worse UI than the alternatives.

GymRoutines

Also a material fitness tracker, GymRoutines requires no permissions to run. You can create custom workouts, graph them, backup and restore, and... That's it. That is about all the app can do. It has only 3 settings. It's very basic, and the last commit was 9 months ago.

Verifit

Verifit was someone's passion project, with a surprising number of features. It has pretty much every exercise you can imagine, as well as custom exercises. You can view the data on pie charts, import and export data, log workouts, and more. Sadly, the project was abandoned. It has a basic UI and few settings. It requires no permissions.

Lift

Lift was abandoned 4 years ago. It allows you to put workouts on the calendar. The (two) settings don't work, it has a basic UI, and does not have custom workouts. It requires no permissions.

Habit Trackers

Table Habit

Table Habit is a material habit tracker. It has a setting for "positive" and "negative" habits, however the goal of the app is to enforce habits and not break them, so... if you have a negative habit of murder, and need some encouragement, Table Habit is the app for you! It's essentially fully featured, so it has way to many functions for me to list. It requires no permissions to run.

Loop Habit Tracker

Loop Habit Tracker is tied with Table Habit on which one is better. LHT has a more basic UI, but it has a lot more streamlined experience with habits. It does not allow for negative habits. It is simple but powerful. It also hasn't had a commit in 6 months, but it is still great software. It requires no permissions to run. If I had to pick though, I would probably choose Table Habit.

Medicine Reminder Tools

I only tested Simpill, but people did suggest others to me. Simpill has probably the best UI out of all of these apps. It requires notification and background usage permissions. It has few settings, but it doesn't really need many. It is a bit buggy with 24 hour time disabled, and you need to make sure you enable background usage, but it works well. I may eventually try out other apps in this category.

Meditation Tools

Medito

Medito requires a network connection initially, but you can download meditation audio offline. The purpose is to play audio to guide you through meditation for different purposes (sleep, relaxation, etc.). It has a lovely UI. However, there are no settings, and it does not allow importing meditation audio.

Om

Om was abandoned 5 years ago. You open the app, and you either have a voice guided meditation, or a self-guided meditation (an annoying bell). That is the entire functionality. It requires no permissions, and has absolutely no other features.

Meditation

Meditation, also known as Essential Meditation, is a weirdly popular meditation app. It requires notification and background permissions to function, except it shouldn't need those. You can change some settings for the sound you hear, etc. It has a basic UI. It also gives me a headache. Maybe I should log that in the...

Menstrual Cycle Trackers

Something something disclaimer about "mature topics" so this post doesn't get nuked by lemmy.ml.

drip.

drip. allows you to track menstrual cycles and symptoms. It has plenty of default symptoms, allows you to encrypt the app with a password, import and export data, and more. You can view this data on a calendar or a graph. It has a basic UI, few settings besides the ones listed previously. The UI is also slightly laggy.

log28

log28 would have made it alongside drip., but unfortunately the app was abandoned 2 years ago. It has a basic UI, some bugs, but requires no permissions. It has plenty of default symptoms. You can view data on a calendar, but not a graph.

Mensinator

Finally a material design app, Mensinator allows you to track menstrual data and symptoms. It does not come with many default symptoms, but you can add your own. It offers some customization, statistics, import and export, and more. It allows you to view data on a calendar, but not a graph. It requires no permissions, but does have a few minor bugs.

Mood Trackers

I've been writing for an hour straight, so let me log my fatigue in Pixy. Pixy has a lovely UI, although slightly laggy, and allows you to log your mood for each day. You can view the data on a calendar, graph, bar chart, and lots more. You can also log what you did that day, import and export data, change colors, etc. It is probably fully featured. However, it is sadly abandoned, requires DCL via memory permissions, and tracks your data if you give it network permissions.

Nutrition Information Tools

Let me speedrun this one: Open Food Facts, which also has a web interface, lets you scan bar codes or search products to view information such as ingredients or how humane it is. It has opt-in telemetry, requires network permissions, also requires DCL via memory, does not have a local database, and has a mediocre UI. It has plenty of customization, and you can add products to a list.

Pedometers

Pedometer (PFA)

This app is abandoned, which is unfortunate since the team behind it also makes so many other fantastic apps. It allows you to track your steps, view it on a graph, and more. It has a basic UI, few settings, and requires the physical activity permission.

Paseo

Paseo has many more features than the previous app. It has a basic UI, and requires the physical activity permission. It shows much more data in graph and circle form, such as current steps and expected steps. It has lots of customization, you can set step goals, it's overall great. It is, unfortunately, abandoned as well.

If you want to make a health app, this is another good section for it.

Physical Activity Trackers

This section was extremely difficult to decide best software for. Let me break my default style and tell you a little story. The first app I tried was OpenTracks (actually that's a lie). It is unique because you can use it fully on its own, but it does not have map capabilities. To get map capabilities, you need to install either "OSM Dashboard" or "OSM Dashboard (Offline)".

OSM Dashboard will allow you to use OpenStreetMaps directly, or download other maps for local storage, etc. OpenTracks will then display your physical activity path on that map (or without, if you really want just the shape). OSM Dashboard (Offline) does not connect to the internet ever, at all, for any reason. You have to download maps yourself and import them yourself. OpenTracks for real made 3 separate apps so you can be as private as you want by installing only what you want, and I applaud that massively.

However, it came between OpenTracks and FitoTrack. FitoTrack essentially packages the map capabilities within the app itself. You can load from OpenStreetMaps directly or import downloaded maps. What made FitoTrack better is the ability to view your data on a graph, bar chart, etc. Also, OpenTracks requires notification and nearby devices permissions, whereas FitoTrack does not. OpenTracks has a slightly broken UI, FitoTrack has a basic UI and fewer settings. While I massively applaud OpenTracks for their work so far, FitoTrack is my current preferred option.

There is also RunnerUp, which just has a bad UI. It allows graphs and connected devices.

Seasonal Food Information Tools

Speedrun time: Seasonal Foods Calendar is an abandoned app that simply tells you which foods are in-season for your location, as well as basic information. The app lacks in data and customization, has a basic UI, but allows you to search for foods. It requires no permissions.

Relaxation Tools

Noice allows you to play relaxing background noise sounds. It requires network permissions, but you can download audio for offline listening. It is material design, has plenty of settings, and I would say it is fully featured. However, it does have optional telemetry.

Weed Trackers

Something something disclaimer don't do drugs please don't nuke this post.

Petals helps you track your weed usage to help you see how much you're using, if it's dangerous, and educate you on everything it can. It requires no permissions, you can import and export data, it has an app lock, and plenty of settings. It has a mediocre UI, but it includes many graphs. For some reason it added icons on the home screen for me, YMMV.

Weight & Diet Trackers

I'm not going to be detailed with this section because it was honestly the worst one to gather info on. trale is as minimal as it gets, but it's available for Accrescent if that's your thing. openScale can connect to Bluetooth scales and track lots of data. Energize has integration with OpenFoodFacts. OpenNutriTracker forces you to agree to a privacy policy and EULA. Waistline is laggy and requires a network connection for some integrations. All these apps basically do the same stuff, except for trale which does very few stuff. You can track what you eat, your weight, and set goals. I couldn't decide on a "best" for this section.

Workout Routine Tools

I've been testing all of these apps for the past 3 days as well as writing for the past 2 hours, so you can start to see my slow descent into insanity. I really need an editor.

Workout Time

This was abandoned, is slightly laggy, and straight up does not work.

Liftosaur

This app requires network permissions because the entire app is just a website. That means it's super laggy, and has no settings.

openWorkout

This app has ads for some reason, but it doesn't need network permissions so it doesn't matter. It has a basic UI, and lacks in settings and features.

Those 3 are pretty terrible, but these last 2 apps were pretty much tied.

Feeel

Feeel is great for creating custom workout routines. It not only lets you pick which exercises to do and for how long, but it also teaches you how to do those exercises, which pictures. The design is great, it has few settings, and has its own polygon style. It requires no permissions.

LiftLog

Liftlog is a material design app to create workout routines. It lets you create your own exercises, view stats, and more. The app is kind of laggy, but it provides plenty of good settings. It does, however, have premium features such as AI. It also requires DCL via memory permissions.

Workout Timers

Finally, the last section, I'm going to break my style again to save my sanity. HIIT was abandoned 3 years ago. OpenHIIT lacks in settings, has a material design, and only allows up to 9 exercises.

Just Another Workout Timer and TimeR Machine almost tied. JAAT is material design, fairly fully featured, but the UI is confusing, button positions are weird, and icons can be unclear. It makes it very difficult to use. However, it has plenty of settings, including import and export.

TimeR is a more basic UI, but it is much more clear what is going on. It even puts you through a tutorial in the beginning. You can view data on graphs, etc. It's my preferred option. It requires no permissions, has plenty of settings, it's great.

Conclusion or something

People get mad at me for not adding summaries or conclusions, so... Hello, I've lost all personality and soul after writing this. I hope this helps someone in the future find some good Android health apps. Please make more health apps, since the open source community really needs it. Please check out Open Source Everything, which is my own curated list of open source software that I've been working on for years.

Anyways, thanks for reading!

- The 8232 Project

Oh yeah, P.S., I didn't actually double check that I listed 49 software here. If it's 48 or something it's because I was going to add Quit Smoking but it's abandoned and the source code no longer exists besides archives.

I maintain my own list of open source software, but one of the biggest struggles has been finding open source health apps to add to the list. It seems like the open source community is lacking in this area, compared to proprietary counterparts.

I'm beginning to flesh out some of the health apps on my list, and I am looking for recommendations on which apps are generally used. This is an extremely rare circumstance in which I am asking for community feedback to add software to the list.

My preferred criteria is as follows:

Available for Android

It can be available for other platforms, but I tend to prioritize open source operating systems such as Android or Linux. In this case, a health app for Linux would rarely be useful. If available, please note whether or not the app works well with strict permissions on GrapheneOS.

Has a clear, distinct purpose

I prefer not to categorize the same app in multiple places. I am a believer of software being the best at one thing, rather than trying to be the best at everything. So, I would like to categorize different apps for each purpose (calorie tracking, nutritional information, fitness tracking, etc.)

Works entirely offline

Ideally, apps should work without ever requiring an internet connection. Having the ability to download data for offline use later is fine, if the data is large enough to warrant not being packaged with the app itself.

Still actively maintained

It's rare that I add outdated or abandoned apps to my list, but there will always be exceptions. The apps should be actively maintained, and have modern usability and appearance.

Those are best case-scenario criteria, your recommended app may not follow that. All apps should, of course, be open source. I am leaving the definition of "health apps" without elaboration on purpose, because I am looking for all health-related and physical wellbeing apps.

Thank you for your suggestions! :)