nostr:nprofile1qythwumn8ghj7enfd36x2u3wdehhxarj9emkjmn9qyg8wumn8ghj7mn0wd68ytnhd9hx2qfrwaehxw309anxjmr5v4ezumn0wd68ytnhd9hx2telvakx7cnpds7kzmrvqyd8wumn8ghj7un9d3shjtnwdaehgunsd3jkyuewvdhk6qgewaehxw309ac8junpd45kgtnxd9shg6npvchxxmmdqy2hwumn8ghj7mn0wd68yetvd96x2uewdaexwqpqf6ugxyxkknket3kkdgu4k0fu74vmshawermkj8d06sz6jts9t4kse8ea4k, instead of imposing this as an app policy, can't you disable it on your own device? https://accioly.social/@anthony/113962861478965769 . I've restricted Circle to Search access on Amethyst and this is working well for me with a Samsung device: https://accioly.social/@anthony/113962861478965769
Discussion
I've sent a Fediverse link because I recently lost the images at my Blossom server.
(🪦)
GrapheneOS is popular because it’s privacy-ready out of the box—sane defaults mean users don’t have to harden everything themselves.
Yes, the process you linked to is a stop-gap solution, and thank you for sharing, but having a default toggle in Amethyst to block screenshots, Circle to Search, and similar features (like Apple’s) would prevent accidental data leaks.
You would be surprised how many people still screenshot their keys/seed phrases etc. because they don’t realize Google/Apple scan photos, much less build-in AI screen scanning technology. Not everyone is technically literate, or know much about good OPSEC.
When dealing with sensitive information, basic privacy features should be a default, not a bonus feature that needs the user to enable it—that is the kind of thinking that doxxed so many users messages on Telegram (they didn't know they had to manually enable E2EE and that it wasn't enabled by default).
A built-in toggle (enabled by default) preventing screen access would boost privacy, just like Amethyst’s Tor integration avoids IP leaks when users forget to reenable VPN/Orbot.
To me, this would be a sane default—the same way this app screen privacy protection is enabled by default in Banking apps and privacy messengers. If they user wants to take a screenshot, then they can temporarily disable it, or disable it for good, but in my opinion it should be enabled by default.
Privacy in the age of AI should not be an afterthought or a bonus feature hidden in settings—or worse, non-existent as an in-app setting, or something one has to dig into Google/Apple settings to restrict.
#Amethyst has always put user privacy at the forefront. This feature would not permanently affect UX, it would simply allow users greater control over who and what has access to their data out of the box.
Got it. I fully understand where you’re coming from and support your point of view with my own habits (as per my post above).
On the other hand… the same normies you’re talking about would very likely bother Vitor and other Amethyst mantainers about why they can't take screenshots of their social media app by default... Seriously, I've been there, it's hard enough to get family members to use a password manager; it took me ages to get them onto Signal, etc. I know this sounds awful to anyone into tech and privacy, but the default response from most people is: they don’t care because "they have nothing to hide". The average user picks convenience every time.
My take on this is: maybe always enable FLAG_SECURE for windows dealing with nsecs, payment-related stuff, etc. The toggle is also a great idea, it can be displayed on first login as well as at the very top of the configuration settings.
But IMO, and I understand this might be disappointing, I fully expect most people to disable FLAG_SECURE if it was the default for regular Amethyst windows. And from a usability angle, we'd circle back to imposing defaults that users don’t want but are good for them (the "Eat your broccoli" toggle). I hope this makes sense.
Thank you for contributing to the discussion. I appreciate your perspective, and I am inclined to agree with you.
The social media component lends itself to screenshots. At the very least, disabling screen access to the most sensitive areas (nsec, payment-related features, DMs, etc.) by default would be a viable solution.
This could be paired with a toggle or slider in settings, where users could set one of three options:
- least private (allows access to all screens)
- default privacy (denies access to screens with sensitive data)
- maximum privacy (denies access to all screens)
...allowing users to screenshot freely while maintaining privacy for sensitive data, keeping everyone happy.
Either way, it’s clear that we need something. The average end user is not going to dig into Google/Apple settings an harden AI access to apps individually.
This is why I opened the discussion.
The current default of allowing unrestricted AI access to all app screens has become an unnecessary liability—and one that could be easily rectified in the same way Amethyst increased user privacy and security by baking-in Tor, giving users control over the auto-loading of media etc.
That said, I've said my peace. I hope Vitor considers this feedback and decides to incorporate it in a future Amethyst release.
You are right, I was thinking that FLAG_SECURE can't be changed by user input and it is something "compiled" into the app, but that is not true. So yes, Amber should have this option 100% and it would be nice to have in Amethyst as well.