*In terms of privacy, customisation, camera quality, and battery time.
For the longest time I have only used either iPhone or Samsung. I plan on switching to Android for the next phone I get, but I find that Samsung phones are often too big for me and put too much energy on camera quality (I don’t take many photos). I have started to look into brands such as Nokia and Motorola, and I would like to know what you guys think of them. Additionally, do you suggest any other phone brands aside from them? My biggest priorities are privacy and long battery time. Bonus if the phone can run LineageOS (I have excluded Graphene as they are only compatible with Pixel phones).
Thank you for any answers. Cheers!
I don’t get people claiming stock iPhone is private. We literally have very little idea. It’s a closed system. It’s private if you take Apple’s word but all the other manufacturers also have similar claims. Why trust Apple and not them?
On top of that you end up locked into their ecosystem, unable to use most FOSS applications or have cut down versions of them because daddy Apple didn’t like some features.
A friend told me there’s no point in stealing them as it’s impossible to unlock or wipe them, which would give them the edge at least in that respect. Is this accurate?
Yes iPhones are secure but not private. The two are related but different concepts. I’m not sure what exactly your friend is referring to though.
He’s referring to how, if you are signed into an Apple ID and have a passcode, there really is no way to use the phone if you steal it (to my knowledge). The device is a complete brick if you don’t have the Apple ID credentials.
This is accurate, it is also accurate for (at least some part of) android though… Going into recovery boot requires the phone pin for my mid-range phone. Hell even turning off the phone can be set to require pin or biometric.
The turning off part is completely stupid though, nearly every phone has a button combo to hard power off (usually power + either vol up or vol down).
Why not Apple devices?
iPhone does not allow you to have privacy due to its blackbox nature, and is simply a false marketing assurance by Apple to you. Recently, an unpatchable hardware flaw was discovered in Apple’s T1 and T2 “security” chips, rendering Apple devices critically vulnerable.
Also, they recently dropped plan for encrypting iCloud backups after FBI complained. They also collect and sell data quite a lot. Siri still records conversations 9 months after Apple promised not to do it. Apple Mail app is vulnerable, yet Apple stays in denial.
Also, Apple sells certificates to third-party developers that allow them to track users, The San Ferdandino shooter publicity stunt was completely fraudulent, and Louis Rossmann dismantled Apple’s PR stunt “repair program”.
Apple’s authorised repair leaked a customer’s sex tape during iPhone repair. This is how much they respect your privacy. You want to know how much more they respect your privacy? Apple’s Big Sur(veillance) fiasco seemed not enough, it seems. Still not enough to make your eyes pop wide open?
Apple’s CSAM mandatory scanning of your local storage is a fiasco that will echo forever. This blog article should be of help. But they lied how their system was never hacked. I doubt. They even removed CSAM protection references off of their website for some reason.
Pretty sure atleast the most coveted privacy innovation of App Tracking protection with one button tracking denial would work, right? Pure. Privacy. Theater.
Surely this benevolent company blocked and destroyed Facebook and Google’s ad network ecosystem by blocking all those bad trackers and ads. Sigh. Nope. Now it is just Apple having monopoly over your monetised data.
Also, Android’s open source nature is starting to pay off in the long run. Apple 0-day exploits are far cheaper to do than Android.
Here is an alternative Piped link(s):
Apple’s authorised repair leaked a customer’s sex tape during iPhone repair.
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
Here is an alternative Piped link(s):
Apple’s authorised repair leaked a customer’s sex tape during iPhone repair.
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
deleted by creator
Removed by mod
I don’t recall it was hard to install IodéOS on a Fairphone 4.
It isn’t, but it isn’t also secure. Your bootloader is easily compromised and people can get to your data in no time.
True, since Fairphone’s focus seems to be on fairness in the hardware. I wish they were better on the software side as well.
Me too.
I think if Fairphones get GrapheneOS support, it would be a no brainer for many. A phone you can repair yourself, which is fairly produced, with the safety and the absence of Google from GrapheneOS would be a good combo
I think if Fairphones get GrapheneOS support…
Then Fairphone needs to up their hardware security and software support. GrapheneOS has minimum requirements that vendors must meet for GrapheneOS to support them, and Fairphone doesn’t measure up. Only Pixels do, at the moment.
Fairphone should also work on the fairness side of things, because they dropped the headphone jack and, with a heavy heart I’m sure, started selling unfair Lithium Earbuds…
Their reasoning was, in part, people who bought their modular repairable phone said it was too big.
In that case, would you not recommend Motorola? I’m not very well versed on their terms of privacy, and I really like the way they look and how seemingly good the battery is, but if it’s considered unsafe or full of malware then I might need to look other ways.
Removed by mod
I will read more into this, but it sounds reasonable. If I were to get a Pixel, is there any particular model I should get or does it not matter? Does Graphene support all models?
Removed by mod
Calyx does a lot of snitching on you
That is certainly over dramatic for what is in that article. All they do with Google is trivial things like updating your systems internal clock. A large portion of what is in that article is able to be disabled and prevented by not using Micro-G.
There seems to be massive beef and drama between Calyx and Graphene communities, I have no idea what any of that is about, but this dramatization doesn’t help.
GrapheneOS supports recent Pixels. I think right now they are supporting the 5a and later, with legacy and extended support back to the 4.
In general, they stop providing updates when Google does. Check both to be sure, but newer is better if you want longer support.
I’m going Google will launch a Pixel 8a in a couple months so I can either get it or the 8 at a discount.
For posterity and nuance, here’s the answer from their site: Which devices are supported? but you’re right for the most part.
Grapehene has historically offered extended support, but for the longest support time the pixel 8 isnt a bad option. The 7a is also I think the king of budget phones right now but the 8 is on sale for a few hundred off the last I checked :)
And the unfortunate part, is that only Pixels are supported by this.
Because unlike the Fairphone guys google actually plays fairly and builds a decent phone with security in mind.
The problem is that GrapheneOS really, truly, actually is the only way to get even reasonable levels of privacy on a mobile device right now.
Yes, you indeed are shilling bogus things. This belongs to somewhere like reddit or 4chan.
Removed by mod
GrapheneOS + Pixel phone is the only true option if you want any kind of ensure that even of the device is lost your data won’t be accessed.
I think that’s an exaggeration. You don’t need secure boot for your data to be encrypted. What secure boot prevents is someone modifying the device without your knowledge (e.g. to capture your keys).
Removed by mod
I can’t speak for privacy interworkings but Motorola makes it very easy to unlock the bootloader. I’m a fan of Xiaomi as well but my current Motorola is doing everything I need it to do and wasn’t expensive at all.
This irony shows the superiority of Google.
They monopolize without having intention of monopoly.
It’s admirable
Why is this a problem? Buy one used if buying from Google is a problem. Then flash.
casts protect
iPhone
In regards to stock systems, I agree.
Been stuck in the convenient ecosystem for a while, and I cope by telling myself Apple makes the bulk of its money with hardware and services. Not ads like Google. But if I would start over from zero, I think Graphene OS and Linux would be the way. But migrating the whole family away from our current Apple line up - I dread that challenge.
Eh, you can always start with yourself. Let the rest make their own decisions.
The thing about the Apple experience is that it doesn’t only integrate well among your own devices, but also others. Being isolated from that can be pretty challenging, especially if you are the only one in the family. Unless you come up with a whole marketing concept to make the change seem attractive to other (not techy) family members, you’d be cycling uphill.
Can you be more specific?
I’ve heard this argument, but AFAIK the main things are iMessage and FaceTime. I don’t know about your family, but I generally don’t want FaceTime most of the time. I haven’t used iMessage, but it seems like Signal is a drop in replacement, and the benefits are compatibility with Android and desktop apps for Windows and Linux.
Perhaps the play is to switch one app at a time. That’s what I’m going to try to get ready to leave Android for Linux phones (assuming they’ll be daily-driveable at some point).
iMessage and FaceTime are really not that relevant outside the US and, as you said, can be relatively easily replaced by Signal. As another commenter pointed out, it’s more about little things like Airdrop or iCloud’s all around seamlessness that cannot be matched by anything else I’ve tried. Family sharing alone would be a major loss if I were to switch. What Google or Microsoft have to offer in that regard is laughable in comparison (not that they’re any more “private”), and AFAIK, there is no FOSS alternative all of the iCloud family sharing functionality.
Makes sense, thanks for elaborating.
I’ll have to look into the FOSS tools to see what could be a reasonable set of alternatives. Some initial thoughts:
- KDE Connect - connects phone to Linux computer in an interesting way - easy to send files, see SMS, and a couple other things; it’s a bit chunky, but maybe something I could help with
- restic - automatic backup for desktop; pair with Syncthing to automatically keep stuff on your phone synced with your desktop
- Steam now has better family sharing, and you could set something like Plex up to handle video streaming for owned content
But each of these are a bit inconvenient compared to what Apple offers. I’ll think about it some more, and maybe I’ll try building something. My kids will be getting old enough to have phones in a couple years, and I’d really rather avoid Apple’s ecosystem, but their friends will likely all have iPhones so I’ll want a reason for them to prefer something else.
I already use KDE Connect to exchange files with my Linux laptop and it’s not the best, but it’s good enough for the occasional thing.
Steam is not a solution IMO because it locks you in just as much as Apple while being clunky and giving you the illusion of choice. And it’s only for games. Family sharing on Apple products is more than games. If you’ve bought apps or subscriptions, you can share them with family members at no additional cost (if the app opts into that which is disclosed to you very clearly in the App Store). Screen Time is great to block apps above a certain age rating and to restrict or outright block purchases for children. Another thing is location sharing in the Find My app. I know there are many solutions for that, but I just like the UX in the Find My app a lot more.
About the Plex server, I’ve heard they’ve changed their TOS and are now pretty shady or something. Also, if I were to make a server like that, I’d be pirating stuff anyway which I already do through my go-to pseudo-streaming piracy sites.
I could see myself hosting a Synology NAS in the future, but that is still not as convenient or well thought out as the iCloud services tbh.
There’s the little things like airdrop as well
I guess there’s not a super convenient alternative, but maybe something like Syncthing would be close enough?
But yeah, any kind of data synchronization or resource sharing is a little awkward.
This made me laugh
The downside of Google Pixels is that they don’t have jack connector and sd slot.
But I accepted the deal just to use GrapheneOS (I bought one used on ebay). Sometimes the battery lasts 3 days without being recharged.
People at GrapheneOS should really focus on some brand that cares about users on the hardware side.
Yup, I honestly don’t care about the special features on the Pixel (esp camera), I literally only want it because of GrapheneOS and longer term software support.
I would love it if the GrapheneOS project made their own phone and supported it for a really long time. Maybe coordinate with Fairphone or something, IDK.
Same
another good place to buy a used one is https://swappa.com
Unfortunately, buying from outside US, although possible, is a pain in the neck. You need agreement with the seller AND use a freight forwarder.
Swappa is a US-based marketplace. Sellers located outside the United States cannot create listings on Swappa. International buyers can buy on Swappa if they provide a US shipping address and use a US-based payment source.
Which pixel is getting you that battery life? My 6 has been struggling to make it through a day on GrapheneOS recently.
6a. Though I don’t use the phone that much, most of the battery is drained by Telegram FOSS.
Here are two old screenshots
Do you use the google play services and/or the alternate user accounts?
No, I’m Google free for at least 5 years now. I only have Aurora Store for the PS App.
I really only use FOSS apps.If you need advices to breaking free, feel free to ask.
Ooh that might be why your battery is so good. The Google services do eat up a lot of charge it seems.
On the google free, I’m not perfect but I’m def conscious, and already am using mostly foss apps. The rest is just social media I can’t really avoid. Thanks for the proposition though!
Have 6a and I actually got the same battery results as you
OnePlus.
I’d never buy Samsung again, they are full of bloat and make it excessively hard to unlock the bootloader and get root access or install an alternative OS.
@viking@infosec.pub @clark@midwest.social
I had multiple OnePlus phones and I still think it’s the best Android phone on the market with great CP. But I am currently using Moto X40, great experience too.Oh that’s good to know, thanks! I’ve read that from the OnePlus 12 onwards there won’t be a localized OxygenOS anymore, only ColorOS, which is full of China-bloat. I’m still happy with the 10 Pro, but when the time comes and this holds true, I’ll be looking for alternatives.
Samsung support is also a straight up scam. They’ll lie to your face about how they’re getting ready to send you a replacement, and then ghost you. I hope the feds sue them too but I’m not holding my breath. We filed a complaint with our state’s AG and fuck all came of it.
For me it has to be Fairphone. They are more expensive than the others to buy new but they are more aligned with openness and free software. They receive updates for a long time, are well supported by CalyxOS, /e/os, Linux mobile OSs etc, are repairable, you can carry extra batteries, usually have an SD card slot and two SIM slots and are more environmentally-friendly than others.
i second getting a fairphone, but look into a second battery or a power bank for heavy use.
Don’t exclude Pixel phones so quickly. They are one of the most versatile for custom ROMs, and they check all of your checkboxes. I love my CalxyOS Pixel 6.
But no SD card slot. ☹
Or headphone jack
The pixel 6 is a heavy POS. I like the 4a. Its refreshingly & reasonably sized
What phone brand do you like the best?
(I have excluded Graphene as they are only compatible with Pixel phones).
You’re asking this on the privacy mag and intentionally/explicitly exclude the best privacy option with no explanation.
Wtf.
GrapheneOS isn’t a phone brand.
It might as well be since it only works on Google Pixels.
best privacy option
Who declared this? You? Daniel Micay? His sockpuppet troll army?
If privacy is important, a custom ROM is highly recommended or rather mandatory. Most brands have locked boot loader which can’t be unlocked immediately without voiding warranty. Some let you to using some bs proprietary software but only after few months. That was the only reason I had to resort to getting a pixel. So look into all the brands available to you and check their policy on custom rooms before looking into the mobile themselves.
adb debloating is adequate.
there may be additional steps for LOS privacy.If you don’t remove play service and shit without being unable to use payment apps and other shut, it’s not gonna work for majority. Those are worst offenders that have to be removed for privacy.
Sony. They still have a headphone jack.
Also asus (at least zenphone)
Headphone Jack club
Why exclude GrapheneOS? It’s a really good mobile OS, and the creator has given his reasons for only supporting Pixels.
His reasons are – I fantasise Google, I love Big Tech security chips, I believe in West, China is evil, I did not get a billion dollar career out of making a Linux kernel patch so I will whine and harass internet people into liking my worthless custom Android build, hide behind my troll army and scare people into thinking my solution is the only solution to get mobile security.
GrapheneOS is pure snake oil with a disgusting sole developer that believes in pushing corporate Big Tech propaganda, harassing and witch hunting any critics, having a little social media army with sockpuppets to do this, abuses mentally challenged by hiding behind “autism” label (Louis Rossmann has a nice video), falsely claims he was swatted without giving evidence or coverage in local Canadian media and blames everyone from redditors to community mods to YouTubers and so on. It has been 10 months at this point since the claim.
I covered this disease for about 5 years, and it emanates from the same sewer that “security” clowns like Brad Spengler and madaidan do in Linux community. All they do is either push their bullshit solutions or push corporate Big Tech propaganda and hate any FOSS project they think will not worship them.
https://old.reddit.com/r/privatelife/comments/ug9qnc/writeup_criticism_of_rprivacyguides_grapheneos/
One thing GrapheneOS propaganda posters also do is sell you the lie that it is the only thing that can give you any mobile privacy and security. Everything else is a failed joke and this thing is the only thing that works. They go to lengths of telling people to fly to other countries to get a Pixel. https://i.imgur.com/Yv9nvxy.jpg And they make fake claims about buying $1 million Israeli Cellebrite kits and them not working against GrapheneOS’ “Titan” security for bootloader and other kinds of attacks. https://i.imgur.com/woNxPhx.jpg
Are you good bro? You’re putting a LOT of words in somebody else’s mouth and your sources here don’t really back up your argument
If you mention Graph<nospam>eneOS, you summon him. Check his history
Dismissing years of evidence with pseudo intellectual trolling is disgusting. All the evidence is objective and mostly directly quotes the discussed parties. Are you sure you are not smoking stuff?
xiaomi has awesome hardware, audio jack, sd slot, even ir blaster.
their privacy policy is bad, but a lot of them have official lineageos (and microg-patched lineage) and it works really really well.
Currently in the process of installing Lineageos on my brothers redmi note 10 pro.
Its a huge pain compared to my phone, mainly because unlocking the bootloader requires an account with his number connected. Then I had to install Windows to use their shitty unlock app, which the requires you to wait up to 30 days for seemingly no reason. Luckily “just” a week for us.
But yeah the hardware is amazing.
yes the unlock process is obtuse as fuck! they do something similar to samsung and their RMM bullshit of having to wait.
luckily, unlike samsung, after its done they wont bother you again.
Until their cheap manufacturing quality makes them stop working because of a motherboard failure
chinese electronics have come a long way, if you dont get them from the dollar store that is
Check out the Poco X3 Pro motherboard failure, and this is a common issue in a lot of Poco and Redmi phones, the only one that are worth it are the high ends Mi devices, and at that price point you can just buy a Pixel phone
a poster is indicating its a software issue, caused by an update. im not using stock firmware and there aint more official updates to my phone. this seems to contradict what you are saying a little bit, you just looking this up?
i also had a motorola motherboard die on me, faulty nand, doesnt mean all motorolas have bad motherboards.
Its actually so good that the redmi note 8 (with lineageos-mucrog) I had before performed basically the same as my pixel 6a
also their subbrand Poco.
The mod on this post is on such a humongous power trip lmao. Someone needs a reality check and a few slaps.
So you really believe that Graphene thing is the only single solution that works to attain mobile privacy and security? You believe that braindead fearmongering propagandistic bullshit? ADB developer commands, firewalls and app permissions are all worthless?
What do you think is a good idea to counter endless stream of years of people parroting the same unverified nonsense, and making privacy seekers feel hopeless, just because Pixel is sold in less than a dozen countries, is made by Google of all companies, and that developer believes in being a crybully and a harasser? Because this is extremely vitriolic for everyone, and this script has played out enough on Telegram, 4chan and Reddit. The same witch hunting antics and Big Tech security propaganda should not make its way onto Lemmy.
Instead of removing comments like that, perhaps correct them by providing more accurate information. I read the original comments, and they really weren’t toxic in any way (in my opinion), they were just strongly worded opinions.
The stated reason in the mod log was (just pulling one, the rest were very similar):
reason: GrapheneOS propaganda posting (fearmongering that it is the only mobile privacy/security solution)
Nothing in the post violated instance or community rules, at least according to my read. Here are the community rules as of this writing:
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
And instance rules:
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia. Code of Conduct.
- Be respectful, especially when disagreeing. Everyone should feel welcome here.
- No porn.
- No Ads / Spamming.
If there’s a rule that’s being enforced, ideally it would be posted in the sidebar.
As for the original claim, the Pixel is the only phone listed on privateguides.org (GrapheneOS and DivestOS are the only listed ROMs), which I think is a pretty well-respected and well-run privacy recommendation website. If those recommendations are not available in your area or doesn’t meet your needs, yeah, by all means use whatever is available and meets your needs.
Perhaps there should be a no-dogma rule or something, my point is just that removing stuff without apparent rule violations is not great from a user’s perspective.
“So you really believe that Graphene thing is the only single solution that works to attain mobile privacy and security? You believe that braindead fearmongering propagandistic bullshit? ADB developer commands, firewalls and app permissions are all worthless?”
What are you talking about? We can’t see those arguments because a mod removed them. Are you that mod? All I can see now is a one sided discussion and assume someone’s feelings got hurt. Silencing opposition by stomping ideas out doesn’t convince anyone of anything.
If you believe in Lemmy, let the comments and voting do the work. We don’t need the thought police enforcing their views.
Pinging @sugar_in_your_tea@sh.itjust.works to club responses.
All I can see now is a one sided discussion and assume someone’s feelings got hurt. Silencing opposition by stomping ideas out doesn’t convince anyone of anything. If you believe in Lemmy, let the comments and voting do the work. We don’t need the thought police enforcing their views.
Instead of removing comments like that, perhaps correct them by providing more accurate information. I read the original comments, and they really weren’t toxic in any way (in my opinion), they were just strongly worded opinions.
This “let the voters decide” vibes based experiment has happened on 4chan and Reddit for years, leading to this. https://i.imgur.com/G6P1c9n.jpg and https://i.imgur.com/Q1wIIfS.jpg
Lemmy is not a trash platform like Reddit or 4chan, where loud and repeated nonsense is allowed to make the platform garbage. This is not “censorship”, but arguably the only effective way against these parrots and trolls to shut down baseless propaganda like Graphene being the singular method to get mobile privacy and security, because apparently nothing else works at all, and Micay has some secret sauce code in there that magically defeats NSA and CIA. This is the same person who hates Firefox because Tor Project devs trashed his drivel in a mailing list in August 2019, so he seeks revenge by telling people to use Google’s Chromium based browsers, and the same person who thinks it is a great idea to teach people to put faith in all things Google and Google’s proprietary Titan security chip, even though security chips keep becoming permanent backdoors.
Can anyone exactly tell me what works there, that does not work with a combination of AOSP killswitch lockdown firewalls, setting app permissions, HOSTS ruleset modifications, DNS changing, debloating/uninstalling via ADB and making lots of changes via Shizuku, all being open source and transparent methods for Android? This is an oversimplification, but these fancy custom Android builds do pretty much nothing better than all you need to live a private life, without even needing to root or seek a specific Google made phone somebody told you on internet.
As for the original claim, the Pixel is the only phone listed on privateguides.org (GrapheneOS and DivestOS are the only listed ROMs), which I think is a pretty well-respected and well-run privacy recommendation website.
You mean the same thieves who stole PrivacyTools website, GitHub and to this day squat on PTIO subreddit, and money laundered $17,500 of public donations into private accounts? The ones who run lemmy.one instance today, and banned me the very first day lemmy.one instance was opened, just to ensure no critics exist?
I have singlehandedly covered these security charlatans in FOSS and privacy communities for about 5 years, and GrapheneOS emanates from the same sewer that “security” clowns like Brad Spengler and madaidan do in Linux community. All they do is either push their bullshit solutions or push corporate Big Tech propaganda and hate any FOSS project they think will not worship them. It might be a good idea to read instead of decide the fate of Lemmy based on “freedom murica heckin yeah” vibes.
https://old.reddit.com/r/privatelife/comments/ug9qnc/writeup_criticism_of_rprivacyguides_grapheneos/
Perhaps there should be a no-dogma rule or something, my point is just that removing stuff without apparent rule violations is not great from a user’s perspective.
Correct, those rules will be formed and established as of today. I have been on this for months looking what to do about this nonsense making its way on from Reddit/4chan onto Lemmy.
Micay
This sounds like some kind of personal beef with Micay. That’s understandable, and here’s a Louis Rossmann video showing how toxic that individual can be (you go over some of that in your links as well). So I absolutely get it.
That said, the project itself is fantastic. Here’s the Privacy Guides page on why GrapheneOS is preferred. It also goes into why it’s preferred over CalyxOS and other alternatives, and offers DivestOS as a good alternative (here’s the supported device list if you’re interested).
You mean the same thieves who stole PrivacyTools website
I’ll provide the two sides I have:
To me, the Privacy Guides version of the story seems more believable, at least in terms of where the contributors went. I think both sides absolutely have a point, but this archived page has some pretty serious allegations about Privacy Tools being biased by their affiliate partners (to be fair, the way Jonah handled this is distasteful, he should have just started his own project).
That said, I think the content at Privacy Guides is currently better than at Privacy Tools, and I like that discussion happens in the open.
I hope you’re sensing a trend here: we should restrict discussions to technical merits, not discussions about individuals. I dislike both Daniel Micay and Jonah Aragon as people, at least from the limited information I have, but I think both run solid projects. The same is true for other FOSS projects, like GNU/FSF and Richard Stallman, OpenBSD and Theo de Raadt, etc. However, I think each heads a solid project, so I’ll continue recommending them based on their technical merits. I hope each survives their founders once they inevitably leave the project.
I have been on this for months looking what to do about this nonsense making its way on from Reddit/4chan onto Lemmy.
May I suggest a pinned post so decisions like this can be made in the open? Clearly state the problem (ideally more concise than what you’ve linked from Reddit), and why you think the solutions are valuable.
My recommendation is some kind of “no-dogmatism” rule, which makes it clear that privacy is a process, not an end goal. Likewise, we should be careful to elucidate the process for choosing products, not the products themselves (i.e. see Louis Rossmann walk back his support for Lenovo here over warranty BS when you install an alternative ROM). I think it’s reasonable that for every product recommendation here, users are expected to give reasons (or a link to reasons) why that product is worth looking into, with a strong nudge to compare to other projects (e.g. why GrapheneOS over Calyx or DivestOS).
Ideally, there would be some kind of wiki the community could keep that links to sites along with notes about caveats and whatnot (e.g. Privacy Tools’ conflict of interest allegations, GrapheneOS’ toxic leader, etc), with the intent of being a resource of where to get more information instead of a definitive guide.
That’s my take at least. I also don’t want this community to fall into group thing, but that also includes group thing against projects just because their leaders aren’t ideal.
Here is an alternative Piped link(s):
and here’s a Louis Rossmann video showing how toxic that individual can be
see Louis Rossmann walk back his support for Lenovo here
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
This sounds like some kind of personal beef with Micay. That’s understandable, and here’s a Louis Rossmann video showing how toxic that individual can be (you go over some of that in your links as well). So I absolutely get it.
That said, the project itself is fantastic. [Here’s the Privacy Guides page on why GrapheneOS is preferred]
The moment I hear this “personal beef” bullshit, I see dishonesty. Does everybody have a personal beef with this disgusting person? Dozens of YouTubers, hundreds of internet users, privacy guide writers like me, Techlore, Rossmann and others? What the fuck is this “personal beef” thing I always get told, when I have publicly documented 5 years worth of stuff on security charlatans in FOSS, privacy and tech communities?
The project is not fantastic, but closer to snake oil, and almost identical to CalyxOS or other AOSP fork builds. It is mostly a rebranding of AOSP features with app permission controlling and firewalling. I dissected it when a spy was sent by that community to siphon the chatroom discussions of privatelife Matrix room. I did this breakdown last year or so by referring to the GrapheneOS features page.
https://i.imgur.com/pQHoq84.jpg
There are only 3 things they ever did on their own as extras, and even they have basically no value in the grand scheme of things, them being offering:
instead of 16 character, 64 character password limit on lockscreen PIN scrambling Morula method of exec spawning instead of Zygote method used in most AOSP projectsNow, I will elaborate on these 3.
Elaborating on first one, it is kind of useless as you can see for obvious reasons. For second one, you already understand why fingerprint avoids the issue of someone peeping at your PIN/password entered across your shoulder. Fingerprint is infinitely superior. Even more so with Android and iOS both offering biometric Lockdown features. This one is somewhat half credible, but the goal is to destroy the memory blocks used by an app after it is exited, so that memory blocks do not retain essential text strings of data to exploit. For this, you can just go to Developer Options and enable “Don’t keep activities” and it will achieve the same effect as Morula method of exec spawning implemented by GrapheneOS.So out of the 20-30 features GrapheneOS claims they developed, everything is either a modification of app permissions or firewalling or AOSP feature rebranding.
Also, as you may have famously heard about “Sandboxed Play Services”, it is not developed by GrapheneOS, but a project called ProtonAOSP, whose developer is kdrag0n. GrapheneOS copied that off and rebranded it as their own developed thing.
As you can see, GrapheneOS is basically a lot of marketing and in reality, there is negligible or nothing beyond the surface. This is called snake oil, or selling bridges/dreams.
To me, the Privacy Guides version of the story seems more believable, at least in terms of where the contributors went.
PrivacyGuides are disgusting people that shelter trolls and laundered $17,500 public donation money of PTIO privacy community. The receipts are public and it is a crime. If you excuse that, I do not think you give a shit about genuine privacy endeavours. I still remember them making one person a moderator because he posted a faux libel hitpiece on me, and them (Jonah) stickying a comment by Micay calling me an agent sent by Chinese government to destroy privacy communities. This person is who you seem to like. https://web.archive.org/web/20220502064114/https://old.reddit.com/r/PrivacyGuides/comments/uged1y/is_grapheneos_actually_good_or_just_hype/
I hope you’re sensing a trend here: we should restrict discussions to technical merits, not discussions about individuals.
I wonder if you have read this. Read the paper by Ken Thompson, co-creator of Unix and C, on why we should be able to trust the developer and NOT the code. https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf
The projects of people ARE attached to the people who create them. They cannot be separated. And yes, the projects MUST be judged based on person’s conduct. Not doing this allows GrapheneOS dev to go around falsely slapping epithets like “neonazis” on Bromite and FlorisBoards devs upon mere disagreements.
https://github.com/bromite/bromite/pull/2102#issuecomment-1155760155
https://github.com/bromite/bromite/issues/2141
http://web.archive.org/web/20220803142758/https://github.com/florisboard/florisboard/issues/1921
Ideally, there would be some kind of wiki the community could keep that links to sites along with notes about caveats and whatnot (e.g. Privacy Tools’ conflict of interest allegations, GrapheneOS’ toxic leader, etc), with the intent of being a resource of where to get more information instead of a definitive guide.
I already did it in the form of 2 article length posts chock full of evidence spanning 5 years across internet. Not many people have ever put up this much of a fight to keep privacy community clean and good selflessly. And I do not think I carry the onus of creating such a wiki by myself, when I do not get as much community support as I should, and people choosing to call it “personal beef” and wash hands away selfishly.
I am proudly arrogant for standing for the correct thing – ethics – as I keep doing whatever guide work I do. Yes I recognise I sometimes tend to sound rude and blunt, but I will not lie or sugarcoat things. And I think it is okay and a rare quality.
Here is an alternative Piped link(s):
and here’s a Louis Rossmann video showing how toxic that individual can be
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
Does everybody have a personal beef with this disgusting person?
IDK, seems like it. But that still has nothing to do with the product itself. As long as the product is good and is FOSS, I can look past the people behind it.
It is mostly a rebranding of AOSP features with app permission controlling and firewalling.
That’s a good thing IMO. The more an Android ROM deviates from AOSP, the more difficult maintenance becomes and the more problematic a toxic core contributor is.
There are only 3 things they ever did on their own as extras, and even they have basically no value in the grand scheme of things
That doesn’t match with what I’m reading online. This comparison table lists a number of differences between the various projects, and many of those are important to me. That source claims to not be affiliated with any of the projects (I haven’t done much due diligence though).
I don’t really care if these changes were made by GrapheneOS themselves or pulled in from other projects, the end result is a more interesting product that has a fast response to security updates.
Look at Linux distributions, most aren’t anything more than a set of configuration changes, packaging policies, and maybe a home grown package manager. Yet there are interesting differences between Ubuntu, Debian, Fedora, Arch, openSUSE (my preference), and others. It’s all mostly the same code underneath, just packaged differently. That’s what I want from an Android ROM, a secure, privacy-focused configuration.
It’s not snake oil if the difference between ROMs/OSes are tangible.
This person is who you seem to like.
I never said I liked him, I said the website has valuable information. I don’t really care who makes the recommendation provided the statements are independently verifiable, and they do a way better job of linking sources than PrivacyTools.
At the end of the day, I’m not blindly trusting anyone’s advice and I’m looking at a variety of sites. I actually disagree with some of the recommendations, especially omissions, but I can usually find those when searching “X vs Y” with two recommendations from their site. Privacy Tools includes some odd suggestions, and it seems like they just throw a bunch of stuff that claims to be privacy-focused without doing much research (or at least they don’t link anything).
Ken Thompson, co-creator of Unix and C, on why we should be able to trust the developer and NOT the code.
That’s not my takeaway, in fact it’s the opposite.
I don’t believe in trusting developers, I believe in a mix of security audits, reproducible builds, eyeballs, code signing, and cryptographic hashes. Developers can be bought, accounts can be hacked, etc, but code can’t. For example, I don’t think Linus Torvalds would intentionally break Linux security, but that’s not why I trust Linux, I trust is because it’s the subject of a lot of security researchers, large organizations, and a team of proven-capable subsystem maintainers. If I trust the developers, they could sneak in a malicious Trojan horse like Ken Thompson mentioned and I’d just roll with it.
As the Russian proverb goes, “trust, but verify.”
selflessly
Well, you certainly talk about it a lot. Maybe you’re genuine, but that’s kind of irrelevant. I trust technical sources, not personal attacks.
I’m not suggesting you create a wiki at all, I’m saying that having a community effort for a wiki could be valuable. The place for a mod, imo, is to police rule violations (ideally mostly responding to reports, not active policing), and those rules should come from the community they operate in. Issues arise when the police make the rules. Maybe it makes sense for a mod to coordinate that effort, but contributions should come from the community with proper sources and whatnot.
I will not lie or sugarcoat things
And that’s commendable, I prefer transparency when I can get it.
My issue here is that I think you’re letting your distaste for individuals (however well founded) supercede technical discussions. I think it’s reasonable to put a footnote on the technical discussions noting potential conflicts of interest (e.g. Microsoft’s push for TPM is commendable from a security standpoint, but there are concerns about NSA backdoors, chilling effect on alternative OSes, etc), but not reject projects entirely just because of an association with a distasteful entity. For example, most here don’t trust Google, but that doesn’t mean Chromium-based browsers are automatically bad. Doing so is just poisoning the well. Provide 2-3 points of independently verifiable, technical evidence of BS and that makes a pretty strong case to avoid something.
But that’s my 2c. I absolutely thank you for your efforts and intentions, and I appreciate the transparency. However, that doesn’t necessarily mean I agree with your conclusions, though I could be persuaded with technical arguments. Since you seem to believe GOS is all marketing fluff, perhaps we could start a community initiative (I’m willing to help) to verify claims of various projects. At the end of the day, citations and methodologies should carry the day.
That eylenburg blog that seems to get cited sometimes I suspect is not a very qualified person, but instead seems to get pressured by Daniel Micay (thestinger) himself and his minion/mod mbananasynergy in GitHub issues all the time (https://github.com/eylenburg/eylenburg.github.io/issues?q=is%3Aissue+is%3Aclosed) along with DivestOS developer. And a lot of people fear Micay’s witch hunting and social media army harassment, so they either shut their mouths (hence barely any critics) or cave in to his influence/threats. Even DivestOS developer is a victim of it, since at the behest of Micay’s threat, he banned me off XMPP chatroom. I mentioned that as a section with chat screenshots in my long post. (https://old.reddit.com/r/privatelife/comments/13teoo9 /)
There is a weird pattern there, where everything is green for Graphene, half of it is green for Divest, but all others have NO or red markings, making it look like a very obvious advertisement, even though this is not how privacy and security works. This is in line with what Micay told Mr. Eylenburg how to structure the table (put this at “high”, put that at “medium” et al).
Micay and GrapheneOS propaganda has a very obvious pattern. Check this out. https://imgur.com/a/fpcsIL2 This will open your eyes. Also, those massive paragraphs wherever he explains or his fans/minions parrot features and stuff upon reading keep looking like GPT generated fluff but instead done by a human (himself).
I don’t really care if these changes were made by GrapheneOS themselves or pulled in from other projects, the end result is a more interesting product that has a fast response to security updates.
That is because GrapheneOS is an embargo Google security partner for patches. It is either impossible for one person to keep building so many of these patches alone, or the work does not amount to the propaganda invented. This is partly why the claim I make about mostly rebranding, which seems apparent upon one close look. https://web.archive.org/web/20220829223401/https://twitter.com/GrapheneOS/status/1564322206414524420#m
Ken Thompson, co-creator of Unix and C, on why we should be able to trust the developer and NOT the code.
That’s not my takeaway, in fact it’s the opposite.
I don’t believe in trusting developers, I believe in a mix of security audits, reproducible builds, eyeballs, code signing, and cryptographic hashes. Developers can be bought, accounts can be hacked, etc, but code can’t.
Code can be bought. Developers can be bought. What cannot be bought is a developer’s moral integrity and professional behaviour towards people, hence Thompson’s paper is correct, and not what you took away from it. All the terms you said are code that comes from the developer(s), and do not get created out of thin air. This is not a “he said she said” behaviour, but fearmongering cultist propaganda full of dogmas.
Do you not see the coincidence that Micay wants to steer everyone away from Firefox towards Chrome, towards everything Google, believing in Micay’s vision, believing in closed source security and so on? He also used to shit on Android and believed and propagated the claim that Fuchsia is the future, where Google’s microkernel would rule the mobile world. I think he is a Google fanboy more than anything else, and we have many such Big Tech fanboy specimens in this world.
One reddit comment on my post explained this cult well.
My issue here is that I think you’re letting your distaste for individuals (however well founded) supercede technical discussions.
If this whole project is basically feature rebranding plus firewalls, app permission modifications and stuff you can do without rooting, I see absolutely no reason how it claims to be better than anything else, and the ONLY solution to mobile privacy and security. As I shared the GrapheneOS official instructions for propaganda posters in that screenshot above, it should be evident.
Also, I have a whole bullet list for why Google Pixels are not trustworthy in my non root smartphone guide. I do not think we need to elaborate on why Google hardware is backdoored by NSA. Snowden lives in Russia to stay alive, and Assange is being drugged and tortured in West “free democracies” today for it.
Apple’s security chips have all been pwned, and their latest one also got pwned recently. Qualcomm Snapdragons have the same history, and Google will be no different. Closed source Big Tech security is a fool’s dream. Better to have transparency and known consequences, than “security by obscurity” circus, something security charlatans like these advocate for in FOSS/privacy circles.
Ethics? You’re not ethical, you just got a mod position, let it get to your head à la Stanford experiment, and now no matter what others say if you dislike it you can silence them at no consequences to yourself.
You’re the furthest thing from ethical. You’re delusional, and still on that power trip high.
I actually didn’t give a damn about GrapheneOS, until you banned all mentions of it. Look up the Streisand effect, it’ll do you good. Instead of perpetuating a fascist censor of someone else’s free speech.
If you like, you can try my non root smartphone guide which works with any Android phone from the last 5 years, and even upto phones as old as Android 7 Nougat. (NOTE: Please do not use phones that old for daily driver, they have security risks.)
You can do 99% of the stuff fancy custom Android builds claim to provide without needing to root or unlock bootloader (this one prevents lots of risks alone), as far as privacy or security goes. Sure you may not be able to change your boot screen or use some fancy Xposed mod, but that is the cost of extra security. You can use Wavelet or RootlessJamesDSP without root instead of Viper4Android for sound improvements.
I do have a ranking of phone brands in there that is a bit old, but free of political biases, and still relevant. Your options for a LineageOS compatible phone might be low. Xiaomi and Motorola are good options. Avoid OnePlus if you want to use full 48/64 MP camera resolution, they lock it to their own app intentionally. https://www.celsoazevedo.com/files/android/google-camera/f/post-05/
Not sure what else I could tell, depends on whatever roadblocks you encounter upon research.
If you want a great cameraphone with bootloader unlocking, maybe buy a second hand Xiaomi 14 Ultra in few months?
