*In terms of privacy, customisation, camera quality, and battery time.
For the longest time I have only used either iPhone or Samsung. I plan on switching to Android for the next phone I get, but I find that Samsung phones are often too big for me and put too much energy on camera quality (I don’t take many photos). I have started to look into brands such as Nokia and Motorola, and I would like to know what you guys think of them. Additionally, do you suggest any other phone brands aside from them? My biggest priorities are privacy and long battery time. Bonus if the phone can run LineageOS (I have excluded Graphene as they are only compatible with Pixel phones).
Thank you for any answers. Cheers!
IDK, seems like it. But that still has nothing to do with the product itself. As long as the product is good and is FOSS, I can look past the people behind it.
That’s a good thing IMO. The more an Android ROM deviates from AOSP, the more difficult maintenance becomes and the more problematic a toxic core contributor is.
That doesn’t match with what I’m reading online. This comparison table lists a number of differences between the various projects, and many of those are important to me. That source claims to not be affiliated with any of the projects (I haven’t done much due diligence though).
I don’t really care if these changes were made by GrapheneOS themselves or pulled in from other projects, the end result is a more interesting product that has a fast response to security updates.
Look at Linux distributions, most aren’t anything more than a set of configuration changes, packaging policies, and maybe a home grown package manager. Yet there are interesting differences between Ubuntu, Debian, Fedora, Arch, openSUSE (my preference), and others. It’s all mostly the same code underneath, just packaged differently. That’s what I want from an Android ROM, a secure, privacy-focused configuration.
It’s not snake oil if the difference between ROMs/OSes are tangible.
I never said I liked him, I said the website has valuable information. I don’t really care who makes the recommendation provided the statements are independently verifiable, and they do a way better job of linking sources than PrivacyTools.
At the end of the day, I’m not blindly trusting anyone’s advice and I’m looking at a variety of sites. I actually disagree with some of the recommendations, especially omissions, but I can usually find those when searching “X vs Y” with two recommendations from their site. Privacy Tools includes some odd suggestions, and it seems like they just throw a bunch of stuff that claims to be privacy-focused without doing much research (or at least they don’t link anything).
That’s not my takeaway, in fact it’s the opposite.
I don’t believe in trusting developers, I believe in a mix of security audits, reproducible builds, eyeballs, code signing, and cryptographic hashes. Developers can be bought, accounts can be hacked, etc, but code can’t. For example, I don’t think Linus Torvalds would intentionally break Linux security, but that’s not why I trust Linux, I trust is because it’s the subject of a lot of security researchers, large organizations, and a team of proven-capable subsystem maintainers. If I trust the developers, they could sneak in a malicious Trojan horse like Ken Thompson mentioned and I’d just roll with it.
As the Russian proverb goes, “trust, but verify.”
Well, you certainly talk about it a lot. Maybe you’re genuine, but that’s kind of irrelevant. I trust technical sources, not personal attacks.
I’m not suggesting you create a wiki at all, I’m saying that having a community effort for a wiki could be valuable. The place for a mod, imo, is to police rule violations (ideally mostly responding to reports, not active policing), and those rules should come from the community they operate in. Issues arise when the police make the rules. Maybe it makes sense for a mod to coordinate that effort, but contributions should come from the community with proper sources and whatnot.
And that’s commendable, I prefer transparency when I can get it.
My issue here is that I think you’re letting your distaste for individuals (however well founded) supercede technical discussions. I think it’s reasonable to put a footnote on the technical discussions noting potential conflicts of interest (e.g. Microsoft’s push for TPM is commendable from a security standpoint, but there are concerns about NSA backdoors, chilling effect on alternative OSes, etc), but not reject projects entirely just because of an association with a distasteful entity. For example, most here don’t trust Google, but that doesn’t mean Chromium-based browsers are automatically bad. Doing so is just poisoning the well. Provide 2-3 points of independently verifiable, technical evidence of BS and that makes a pretty strong case to avoid something.
But that’s my 2c. I absolutely thank you for your efforts and intentions, and I appreciate the transparency. However, that doesn’t necessarily mean I agree with your conclusions, though I could be persuaded with technical arguments. Since you seem to believe GOS is all marketing fluff, perhaps we could start a community initiative (I’m willing to help) to verify claims of various projects. At the end of the day, citations and methodologies should carry the day.
That eylenburg blog that seems to get cited sometimes I suspect is not a very qualified person, but instead seems to get pressured by Daniel Micay (thestinger) himself and his minion/mod mbananasynergy in GitHub issues all the time (https://github.com/eylenburg/eylenburg.github.io/issues?q=is%3Aissue+is%3Aclosed) along with DivestOS developer. And a lot of people fear Micay’s witch hunting and social media army harassment, so they either shut their mouths (hence barely any critics) or cave in to his influence/threats. Even DivestOS developer is a victim of it, since at the behest of Micay’s threat, he banned me off XMPP chatroom. I mentioned that as a section with chat screenshots in my long post. (https://old.reddit.com/r/privatelife/comments/13teoo9 /)
There is a weird pattern there, where everything is green for Graphene, half of it is green for Divest, but all others have NO or red markings, making it look like a very obvious advertisement, even though this is not how privacy and security works. This is in line with what Micay told Mr. Eylenburg how to structure the table (put this at “high”, put that at “medium” et al).
Micay and GrapheneOS propaganda has a very obvious pattern. Check this out. https://imgur.com/a/fpcsIL2 This will open your eyes. Also, those massive paragraphs wherever he explains or his fans/minions parrot features and stuff upon reading keep looking like GPT generated fluff but instead done by a human (himself).
That is because GrapheneOS is an embargo Google security partner for patches. It is either impossible for one person to keep building so many of these patches alone, or the work does not amount to the propaganda invented. This is partly why the claim I make about mostly rebranding, which seems apparent upon one close look. https://web.archive.org/web/20220829223401/https://twitter.com/GrapheneOS/status/1564322206414524420#m
Code can be bought. Developers can be bought. What cannot be bought is a developer’s moral integrity and professional behaviour towards people, hence Thompson’s paper is correct, and not what you took away from it. All the terms you said are code that comes from the developer(s), and do not get created out of thin air. This is not a “he said she said” behaviour, but fearmongering cultist propaganda full of dogmas.
Do you not see the coincidence that Micay wants to steer everyone away from Firefox towards Chrome, towards everything Google, believing in Micay’s vision, believing in closed source security and so on? He also used to shit on Android and believed and propagated the claim that Fuchsia is the future, where Google’s microkernel would rule the mobile world. I think he is a Google fanboy more than anything else, and we have many such Big Tech fanboy specimens in this world.
One reddit comment on my post explained this cult well.
If this whole project is basically feature rebranding plus firewalls, app permission modifications and stuff you can do without rooting, I see absolutely no reason how it claims to be better than anything else, and the ONLY solution to mobile privacy and security. As I shared the GrapheneOS official instructions for propaganda posters in that screenshot above, it should be evident.
Also, I have a whole bullet list for why Google Pixels are not trustworthy in my non root smartphone guide. I do not think we need to elaborate on why Google hardware is backdoored by NSA. Snowden lives in Russia to stay alive, and Assange is being drugged and tortured in West “free democracies” today for it.
Apple’s security chips have all been pwned, and their latest one also got pwned recently. Qualcomm Snapdragons have the same history, and Google will be no different. Closed source Big Tech security is a fool’s dream. Better to have transparency and known consequences, than “security by obscurity” circus, something security charlatans like these advocate for in FOSS/privacy circles.
I read a few of those, and I didn’t see any kind of pressure, just clarifications. And they provided information on not just GrapheneOS, but LineageOS and AOSP.
That’s exactly how I would handle things as well if I was working on a project and someone publishes a comparison table that gets posted a few places.
As for why GrapheneOS is mostly green, I guess there are three explanations:
But it’s also not all green, GrapheneOS gets red for Google Pay compatibility and device support, which are two pretty important categories for many people.
If you know of categories where GrapheneOS doesn’t do well, by all means, suggest them in an issue or open a PR. It’s the best comparison I’ve seen, and seems worthwhile to contribute to.
Well yeah, Linus Torvalds does almost no actual development, but he’s involved in merging patches. That job has value, and the end result is that people trust his branch.
That’s the same way I see GrapheneOS or any Linux distro, it’s just a handful of patches and configurations on top of a common core. AOSP is a high quality OS and there are lots of independent researchers looking at it, so it’s a good base to build on, with the main problem being integration with Google services. Forking it is a huge task, so they should stay as close to AOSP as they can while achieving their goals.
And yeah, if GrapheneOS is an embargo partner, that’s has a lot of value, and I hope other ROMs are able to get that as well. Faster access to patches is a good thing.
Sure, and that would likely be pretty obvious, and can happen to pretty much any project. But the community could easily fork it and move on if that happens. That’s what GrapheneOS did when they split from CopperheadOS, and that’s what’ll happen if GrapheneOS is bought or compromised.
So the real concern isn’t with copyright, but with Trojan Horse inclusions, which is where security researchers come in. GrapheneOS has documented how to audit their changes vs AOSP, and they share code with other projects, which apparently has uncovered more bugs. That sounds pretty responsible to me.
But Chrome is superior to Firefox on mobile in terms of security because Mozilla hasn’t ported many of the security features from the desktop browser. That’s a fact. There’s also an argument that Chrome is more secure on desktop as well, but there are tradeoffs to that.
I don’t see any evidence that Micay prefers closed source code (most of Chrome is open source btw), so I’m not sure where this is coming from.
Well yeah, Fuchsia is incredibly interesting and mikrokernels have fantastic security and isolation properties. If Google can pull it off, it’ll be a really interesting kernel to use.
However, there’s a reason mikrokernels aren’t very popular: they’re kind of difficult to work with. It just so happens that having your drivers in kernel space is incredibly convenient and performant. RedoxOS is another interesting mikrokernels project, and both Windows and macOS’ kernels are moving that direction (both are hybrid kernels).
So it’s only natural for him to be excited by it, I’m excited too. I don’t like Google much, but their FOSS R&D side is really interesting. I don’t know if he’s a “fanboy” (I haven’t bothered to do more than a cursory read of the links you’ve provided), but that’s only relevant if it impacts his security choices (e.g. trusts Google with user data “for security”).
Sane defaults has a ton of value. Most people don’t know how to configure an OS to be secure.
It’s not the only option obviously, that’s just stupid dogmatism, but it is a good option, and perhaps the best option out of the box. There are also security features that Pixels have that other phones either don’t or lock away from users, so GrapheneOS can have even better defaults than others due to the hardware it’s limited to (e.g. the open bootloader). Whether that matters to you depends on what you’re looking for.
So I’ll agree that dogmatism should be policed, but ideally with reminders and not comment removals. Maybe have a three strikes policy or something if you’re worried about repeat, intentional offenders.
I’m guessing most phones are, or at least compromised by the NSA. The NSA’s job is to maintain backdoors to go after national security threats, so there’s no reason to expect any default configuration to protect you.
Projects like GrapheneOS try to protect you as much as they can, but at the end of the day, anything that touches a network is going to risk.
That’s why I’m so excited about Linux phones, the Pinephone and Librem 5 both have hardware kill switches for times when you’re worried about surveillance.
Yet Snowing allegedly recommends GrapheneOS. Unless you think Micay is bullying Snowdon as well…
That said, I don’t put a ton of stock into what Snowdon has to say. He’s not a security expert, he’s just a contractor who got away with government documents. He’s careful, but fairly average.
Sure, that’s going to happen because they’re a big target. That said, it’s unlikely to impact regular users because those attacks are quite sophisticated and often caught by security researchers pretty quickly. The Android market is more sketchy because there’s so much more diversity to the point where security researchers are going to miss a lot.
Regardless, staying up to date on security patches is the best line of defense, and sandboxing everything is the next line. GrapheneOS provides both.
Ok, you lost me here. What they’re providing is security by layers (sandboxing, reducing attack surface by having less stuff running, etc) and rapid security updates from upstream.
The proper solution is to completely open source the telephony stack, but that’s not happening for any phone (though the Pinephone community is reverse-engineering theirs, so that’s cool).
No, it clearly is not. If it provides nothing over AOSP forks, there is no reason why it is better. Maybe you did not read the propaganda dissemination they do, which I sent as a screenshot of their Telegram chats.
Here, I provide it again. https://imgur.com/a/fpcsIL2
If feature rebranding does anything other than cosmetic or placebo changes, do tell me. Anyone can do it. It improves nothing functionally. Modifying app permissions and using a strong firewall can be done without root and is far more risk free and incomparably easier than flashing a custom Android fork. There is nothing “out of the box” about flashing a custom ROM on any phone for most people in the world, including tech users.
He also happened to create the Linux kernel by himself and developed it himself for a very long time, until it started getting more contributors. He did all the development needed to be done.
That is very shady. A Google partnership is avoided by other custom build makers like LineageOS for a reason. That is enough reason to stay away from Graphene.
Who decided this fact? Micay’s propaganda? Because Tor Project avoids Chromium base for both desktop and mobile browsers for multiple reasons, one of them being security. Chromium is incredibly leaky, insecure and anti-anonymity.
https://trac.torproject.org/projects/tor/wiki/doc/ImportantGoogleChromeBugs
You think Micay and his GPT tier filler has even 1% credibility compared to TailsOS professionals who maintain supremacy over state actors?
There is nothing OOTB about flashing a custom Android build on a specific phone brand/model people buy with a lot of money. It risks bricking, alongside the obvious thing about Graphene community being insanely vitriolic as far as tech support questions go. Non root hardening is risk free, easy, achieves same goals and is a transparent process.
Huawei was sanctioned by USA partly because they refused to put NSA backdoors in it, and western agencies failed to find any Chinese backdooring in it, since they were provided source code to analyse. The ban eventually happened due to market protectionist reasons similar to what is happening to Tiktok now, or Alstom, Toshiba, IPTN and others.
Snowden is not a security expert, but an OPSEC expert. Wildly different things. He was a spy. He was able to practice his OPSEC without fail and modify it on the go. His advice is not meaningful, and this tweet is irrelevant because too many things happened since 2019. He acts more like the “Symbol of Peace” like All Might in Boku no Hero Academia anime show, like some sort of symbolic “hero” figure.
Few years ago, in 2021, without any community consensus, Micay added a shutter sound for camera which could not be muted, putting the target audience of this tool/product at risk of jail or even death – privacy users, journalists and activists. https://old.reddit.com/r/privacytoolsIO/comments/pjl4bh/what_is_your_opinion_of_grapheneos_conforming_to/ So, how is Snowden’s 2019 tweet relevant? How can anyone seriously trust Graphene one bit?
It was established by Zerodium few years ago that Android’s zero days cost more than iOS’ zero days, and that Android’s open source security model has surpassed whatever obscure security Apple has. That gap has continued to widen.
If there is a permanent hardware vulnerability, it will impact security just like Spectre, Meltdown and others affect Intel chips. Apple’s phones and devices with “security enclave” chips are all permanently vulnerable. Androids as a whole are far more secure, and it is Apple that is sketchy, not Android.
…on Google hardware with proprietary “security” chips that it refuses to open up. And Graphene’s embargo patch Google partnership is shady. Why is it the only custom Android build to get this? Any unrevealed links to Google hidden from all of us? Because Micay loves creating toxic social media army, using sockpuppet trolling tactics evidently and obscuring or hiding conflict of interest.
Google has one extra proprietary “security” hardware layer than every other Android phone in existence. This makes Google much more proprietary and unpredictable, which makes it logically unfit for adopting for privacy, security and anonymity purposes.
Removed by mod
I am not liking this level of engagement you are doing. It feels suspicious and agenda based.
I think you are the one favouring Graphene propaganda here, and attacking me on their behalf. This debatebro pervert behaviour of yours is not looking very good to me.
Getting those defaults aka flashing a custom ROM is too risky, can brick hundreds of dollars for people, and is not easy to do compared to basic ADB instructions.
Those points you said here are incorrect. Performing those actions without root provide everything these fancy custom ROMs provide, except without bricking and other unverifiable risks. Not everyone can read source code. Moreover, you claiming Pareto’s principle here is so far from reality, it almost feels dishonest and a dig at how I tend to utilise this principle. Non root hardening methods objectively net a user 99-100% benefits of a custom ROM, and that 1% differs for builds like LineageOS that allow rooting and further control, not locked user hostile builds like Graphene.
Either you ate up propaganda about privacy and security, or you have some fishy intentions here. Let’s assume benefit of doubt. All your arguments are inclined in a particular direction, and first 3 of 4 points have zero logic in them.
Torvalds knows enough about security, among other elements, to create Linux kernel. Nobody will take you seriously with such arguments. Torvalds already has called “security” zealots “masturbating monkeys” aptly, which included Brad Spengler, madaidan and others. Micay and his minions love to shill grsecurity crap, and it sounds like the infatuation of a fresher CS university student. You sound infatuated towards Graphene.
There is zero cost paid by Micay, firstly, as far as money goes. Secondly, the requirements of getting embargo beta patches are not as simple as you think. You need some kind of affiliation with Google, or soul selling, to have that.
Are you claiming LineageOS team has less brain and power than Graphene, which is relatively barely any work of Micay? Or did LineageOS and other projects refuse to sell soul to Google?
Tor Project cares enough about security to make stuff like Graphene look like a meaningless joke. The Snowden guy you talked about himself used TailsOS during his work and while fleeing from US friendly extrajudicial countries.
I think I cannot take you seriously due to this point, and want to end this pervert debating. But let me see… I will tolerate this a bit more.
DivestOS developer banned me on behest of Micay’s threat, that if I was not banned, Tad would have to remove Graphene patches and code from DivestOS, and Tad would be the target of Graphene social media army harassment. I think that level of soul selling does not allow me to take Tad’s work seriously. It also proves Graphene is not openly licensed, but rather licensed based on Micay’s personal whims, but that is another point.
There is legitimacy in his stuff like browser table, but the conclusion is outright wrong that Chromium is better. Firefox is much better than Chromium in that it has no leaks and works as intended, both on desktop and mobile. And his research concerns exclusively Android.
It is, when a bricked phone does not even allow user to do anything, waste money and have privacy and security crippled anyway. When there is no phone, enjoy all that loads of privacy with no communication device. It sounds like a joke to me.
This is not upstream but a Graphene only risk. It was inserted without community consensus. And this weird thing works everywhere. It was probably made to make Pixel+Graphene users have a target on their back and out themselves, but I refrain from claiming that since it feels too far fetched to me.
https://www.wired.com/story/android-zero-day-more-than-ios-zerodium/
Zerodium is a big security firm. And Android’s zero days should cost lesser since there should be many of them, but it is the opposite. Android open model surpassed iOS obscurity model long ago.
Disable GMS related packages. GSF seems to push messages locally, and only ping servers when there is some push notification. Probably this allows metadata leaking, so it is a concern for those paranoid about metadata. Android allows everything with or without root.
Google/Apple have one extra “security” proprietary chip, which processes your data. Also, Google is not an enemy in your threat model, it seems, if that is your question. Questions like this is the process called threat modelling, which I nudge people to work on first.
This was from 2020. Huawei’s hardware according to BlackHat Pwn2Own 2017-2020, has been largely safe on par with “secure” Pixels. See page 5 of PDF for phonemaker brands. https://github.com/secmob/TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices/raw/master/us-20-Gong-TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices.pdf
You may ask what is Pwn2Own? This is an annual event in Black Hat annual hacker event. I am unsure if there is a newer one that happened since COVID. Pixel fares better than most Androids, admittedly, but is not bulletproof, and has NSA backdooring risk. I prefer Huawei phones without preloaded Google services, since Western intelligence agencies are in my threat model as hostile actors.
Nevermind, I looked 2023 Toronto Pwn2Own. Since Huawei does not have Google services, it probably was not tried by hackers as many western people would not use it over Pixel, Samsung, Xiaomi or iPhone. Pixel and iPhone fared decently, while Samsung fared the worst. Xiaomi was a bit better than Samsung at security, but behind the former two. https://www.androidauthority.com/galaxy-s23-hacked-pwn2own-3379226/
I do not yet assume you have bad intentions, but the debating is getting too rubberbandy for me, considering this is way too usual stuff for me that I keep tabs on.