this post was submitted on 21 May 2021
22 points (100.0% liked)
Privacy
33192 readers
244 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The GrapheneOS is the only good security solution on phones right now, so check their website for supported models.
Some time ago I bought Pixel 3XL (used, not new) for pretty good price, so I suppose your budget is OK for that
For what its worth, been using graphene for two months now on a pixel 5 and I'm still amazed by how well it works. Can only second this path as someone who is really focused on privacy and security. There are a few inconveniences (updates, app availability, gpush services etc) but those are all very worth it for me to sacrifice in order to be secure and private. I don't think you'll regret. Tons of second hand (new) phones on the market where I come from so should be easy to get going
security? well, do you know if there is any spyware or such like that in that phone? I don't use gapps
You can say that for absolutely any phone/device in existence. As for Graphene, I've ran
tcpdumpon my router for a week against the device's IP and confirmed that it only talks to the documented default connections on their site.cool. also a pixel?
Yes, Graphene is only officially supported on Pixels at this time.
I think I'll buy a pixel then, I'm a bit too cautious so can I ask which model pixel do you own?
I run GrapheneOS on a Google Pixel 3 (secondhand). It's a nice phone - made sure to extract the GCamera app in order to keep the camera app that actually works to the cameras full potential.
Other than that I just want to express my red hot hatred for all established mobile OSes. Its all crapware.
I have a 4a, which is supported until fall 2023. The newer 5 model doesn't give you much more time.
alright, thanks for the suggestion. It's decided.
edit; nvm
It's not an easy solution. GrapheneOS is really good, but you need to be sure you will not need Google service and NEITHER MicroG, because those aren't supported by GrapheneOS
Do you reaaally need google apps? It's good that I don't even have to option to use crapware like whatsapp. forcing people to talk to me through matrix
I don't need any Google apps, and luckily I don't need WhatsApp either, but some apps I use (like my goddamn bank) need Google services, and for this I rely on MicroG
That is bollocks. Security!= privacy
And you have to deal with Google's extra proprietary security hardware, unaudited and unverifiable. Having faith in Google’s promise of their proprietary closed source chip being clean is like having faith in cyanide not killing a person.
If it is conspiracy to believe in Google being an evil company with backdooring intent, then it is a worse conspiracy to promote Google as a safe company for privacy and anonymity, by conflating those terms with security.
what do you recommend then?
Fairphone, Xiaomi, Asus, Motorola (if in USA). Xiaomi has the best community support if you pick a popular model, Fairphone provides 5 or so years of Android version upgrades with high repairability and some modularity. Asus and Moto are clean slates, although Asus is the least desirable of the above now.
Do not fall for the GrapheneOS meme. The developers and its community is made up of absolutely garbage people (not even going into the racist aspects), but if you asked them the simplest of questions that would come off as criticism, or requires hard effort to solve problem, they will kick you out of their Matrix rooms immediately. The post installation support sucks balls. And of course if you wanted to use apps that need Google Services Framework (NOT Google Play Services), good luck because they do not work.
Maybe you could use CalyxOS, or LineageOS, way better choices with way more humble and supportive people.
I can agree on Fairphone, but all other vendors... Are you joking?
No, and I would not trust GrapheneOS solely because its dev somehow only trusts Google. Ask him why (I did) and https://teddit.net/r/privacytoolsIO/comments/gs4uv7/i_dont_fully_trust_grapheneos/fs82fdv/
Also, if technical support for a custom firmware does not exist post installation, it ID abandonware. GrapheneOS for most people is usually abandonware, considering the kind of nut Daniel Micay is.
The Graphene group account actually gave some good replies to that thread - you just don't have a clue what you are talking about. The dev doesn't solely trust Google just because - as they've stated many times - there just aren't good alternative phones with decent security baselines.
I'm not even sure what you mean by "technical support for custom firmware" - Graphene pushes firmware updates with their OTAs.
Well, one of my friends owns a Fairphone, and they told me that the worst thing about it is that Android updates take a age to be released: https://forum.fairphone.com/t/android-11-has-arrived-when-will-we-see-it-on-our-3s-and-3-s/64273/6
Whereas I had Android 11 on my graphene phone a few weeks after it was released by Google.
IMHO, until the actual version is supported and security updates are on par, there is absolutely no reasons to rush a major update (or even release it, actually). I will be more than happy to stay on a stable version for a longer time and having a phone actually supported for more than a blink, instead of a phone who bring one major update and kill support after 2 weeks.
Almost every single phone recommendation or custom ROM thread on just about all privacy communities on the internet is derailed like this by GrapheneOS users and sockpuppets. They have a very clear, defined way of spreading propaganda from their Matrix, IRC and Telegram groups. And they are slowly, gradually going private so it becomes hard for people to notice the stuff they do.
spoiler
It does not deal with it. There is only memory hardening, majorly. And while I can agree that GrapheneOS is secure and even private as a ROM, its controversial single device lineup support as well as the toxic and unhelpful community behind it is quite bad for most users who obviously do not know the issues and quirks with the no microG or GSF apps working, and the lack of OPSEC and misleading 101 teachings in their community for new users.
CalyxOS is way better for a "security" ROM, although I still stand with best security practices coming from firewalling, app permissions that can also inhibit the intent issues with apps, and basic strong user security practices applied in daily life. So LineageOS will work just as well.
There exists no evidence that somehow LineageOS or CalyxOS or Resurrection Remix users get hacked more than GrapheneOS users.
The other ROM is Copperhead. Honestly, avoiding it is better since Daniel Micay destroyed the verification keys for the ROM before he left Copperhead company.
spoiler for GrapheneOS lovers
Copperhead CEO Donaldson once contacted me to "team up" against Micay, an offer which I stalled and ghosted him because I do not like to do such nasty things, even though Micay has called me a concern troll like the idiot he is.Technical support also means if somebody asks questions on their subreddit, Matrix rooms or Telegram groups, they do not get bashed or banned for "targeted harassment" and "concern trolling". https://invidious.snopyta.org/watch?v=Dx7CZ-2Bajg
You are the one trolling people with GrapheneOS security theater here.
Funny how you instantly recognised the "group account", when it is run by Micay himself. It has been very evident between u/DanielMicay, u/GrapheneOS, u/madaidan and all such accounts how they operate.
I think it's reasonable to presume that the founder of GrapheneOS would own the official GrapheneOS account on reddit. You're the one that literally linked us to the discussion, so I'm not sure what point you're trying to make with this.
Are you Daniel Micay or his friend? Are you on GrapheneOS team?
Nope, just a Graphene user, and in case it wasn't clear to you; I meant "linked us" as in you put a hyperlink into this Lemmy thread to give to us.
That is fine, I guess. I am often skeptical of that community considering the things that have been attempted at me and many people.
What should I use?
Pick a Fairphone, Xiaomi or Moto (check popular models on XDA for latter two). You can manage permissions, firewall apps off internet and install suspicious apps less, and you will have plenty security.
If you want to increase your security further, make use of the Private Lock app on F-Droid, which instantly locks your phone based on accelerometer sensitivity you set, in case of someone snatching your phone.
If you want to increase further security, learn OPSEC. https://lemmy.ml/post/34223 Do not get memed thinking this ROM with negligible post installation support can magically solve your privacy, security and anonymity woes.
Security does not work like GrapheneOS maker thinks. Memory hardening and forced no GAPPS/microG sounds good from afar but what these people get memed into is called security theater, often an insecurity GrapheneOS users project onto others. There are multiple facets to privacy and anonymity as well, but I am not sure most of their userbase can even differentiate between the 3 terms now.
I thought xiaomi is a chinese phone. is it safe?
Ignore them, they don't have a clue what they're talking about.
Chinese phone has American hardware and Chinese software, the latter which you will remove. Will you be able to get rid of the greater hardware threat? This is a game these people will trap you into.
I suggest getting familiar with OPSEC and educating yourselves with 101 security and privacy instead of playing into this geopolitics, contemporary xenophobia and security theater.
hmm. what phone do you use personally then? I haven't dipped much into privacy on phones. but I think you know more than I do. I'll read your article later, I just want a good answer for now.
My personal threat model is avoiding 14 Eyes surveillance, so I use Huawei P30 Lite, as I noted in my smartphone guide (link I shared in a parent comment).
Huawei's hardware according to BlackHat Pwn2Own 2017-2020, has been largely safe on par with "secure" Pixels. See page 5 of PDF for phonemaker brands. https://github.com/secmob/TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices/raw/master/us-20-Gong-TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices.pdf
I have de-corporation-ified it and the closed source apps WhatsApp and Discord are sandboxed into Work Profile. All other apps I use are FOSS, and the whole phone is tunneled through NetGuard with 1.3M HOSTS rules blocking. Android/AOSP's VPN Lockdown feature stays on to prevent any traffic leakage.
For VPN, I am part of Riseup Collective so I use that.
This is not a comment to tell you that you should use Huawei, just an answer to your first question. As for your query here...
I suggest going through my OPSEC and smartphone guides so that you can formulate your own threat model and enjoy a secure, private life without falling for FUD.
Privacy can be controlled on application level, but there are a lot of system stuff that user can't change and the best solution for system is GrapheneOS in terms of security, as I said in first comment.
Google is evil, no question about that, but Google is just a brand / label on the phone. Ironically, but most secure and privacy-friendly phone is Google Pixel without Google
As for privacy, any phone capable of running lineageos is fine, but lacks security
I am sure you make sense. And yeah security does not work that way. Has GrapheneOS been audited by anyone yet? Pwn2Own? Any other BlackHat event?
OK, has any xiaomi phone audited by anybody?
What about proprietary hardware of all other vendors?
I'm not trying to say that pixel is perfect or something, I think whole mobile market is a proprietary shit, tbh. But you need phone anyway, so IMT just trying to tell that pixel smells less that xiaomi, Asus or anything else
Are you implying that American brands are somehow better than Taiwanese or Chinese or rest of world brands? Is this some kind of blind USA cultism? Despite the fact that Google AI was directly involved in bombings in Yemen, it smells less bad than Xiaomi or other brands?
Forgot to address your "muh all phones have proprietary hardware" argument. All phones have one less proprietary hardware layer to deal with. Google adds that compared to other OEMs. Lesser the proprietary "security" components, lesser the attack surface, more the security.
I'm not from USA and "cultism" is not for me, I'm enthusiast of open source and don't trust proprietary software and hardware. Sadly, but there is no 100% hardware ready for end-users, so I'm just trying to find a balance.
Btw, any device has proprietary "security" components, so it's all about "smells less", not " trusted one".
My own opinion - GrapheneOS is good one, using it on Pixel devices is a trade-off.
Anyway, that thread comes to holywar and I don't want to take part in it, my arguments and thoughts you can find in comments above, if you disagree with them - OK, I'm fine with it. Just shared my thoughts
It is a fundamentally wrong argument when it is said that other device hardware has not been audited, because if one were to avoid proprietary components, the lesser of them existed in the memory and security domains, the better it would be for reduxing attack surface.
Look at Intel ME, Apple T2 or Qualcomm Snapdragon's Hexagon DSP flaws.