Hi,
I am (very, very early) in the process of degoogling. I am definitely not a high risk as far as needing to be completely locked down. It’s more about trying to have a little more control over how my data is used.
I am looking at Graphene OS, but I am a little confused how certain apps (that rely on Google services) work. I have a Pixel 8 and will have it for the foreseeable future.
The apps I currently use that I would still need (or their equivalents) are:
- Clash Royale (Supercell)
- Notion (Notion Labs)
- Clickup (Mango Technologies)
- Business Calendar 2 (Appgenix)
-
If I installed these exact apps “sandboxed”, what exactly does that mean from a user standpoint? Will I have to use a separate account, reboot my phone, etc, or is it a quick process to use the app?
-
Is there a list of apps that I could browse to find equivalents to the above? Recommendations here are also ok.
-
I saw that Firefox isn’t exactly private(?) and that Vanadium is better in that aspect but I don’t understand why. Can someone ELI5, and help me see if this is a relevant concern for me?
Thank you! 😁
I never defend lies. But attacking them would be lying, because I’ve no idea what you mean by “Cellebrite Kits”.
What I am doing though, is riling yoi up because you’re evidently constantly angry in every single post I’ve seen you write.
I tried to appeal to logic in one of them (xenophobia, remember?), and all you did was post an even angrier message. So, since logic and good intentions don’t work, trying to increase your anger kay, or may not, do the trick. I just had to give it a shot.
By the way, no, that didn’t work either. It seems that nothing short of lithium will help. I’m sorry about that man. You sound exactly oike the GrapheneOS guy.
Cellebrite is an Israeli company, similar to the one selling Pegasus malware, that gives these special phone unlocking kits, and sells them exclusively to governments and “authorities” for a price of roughly $1 million per kit.
What I saw (and screenshotted) was on Luke Smith’s video about AOSP forks, a GrapheneOS propaganda account claimed they got one kit and tested the fork against Evil Maid attacks and the kit failed. Where did they get all this money? This happened few months after I kept arguing everywhere that “security” claims for Graphene and Pixel phones were largely bogus and it is not much different than any AOSP fork, something I still say evidently. Pixels, just like iPhones or Samsungs, get exploited by Cellebrite kits all the time. Pixel security is not otherworldly. The whole hullabaloo by Micay and GOS people seems to be about unlocked bootloader risk with other phones except Pixels, yet there is no guarantee or testing proof that after flashing GOS, it will be immune to bootloader attacks.
And yes, I sometimes am angry, not because I am a moderator, but because I have done years of work to expose this “security” bullshit that keeps plaguing FOSS and privacy communities. Many people including Torvalds himself have called them out in the past. I do my little part to protect FOSS and privacy spaces.
The point of break in 99% of the cases is the carelessness of the user.
Yes, that is true. Every arrest related to cyber matters has resulted from either bad OPSEC or being caught red handed physically.
That is exactly right.
I found the article (ironically in Graphene’s own forum) where they word their explanation in a way that would have us believe their project can counter Cellebrite with little to no effort. And I find that to be deceiving. I don’t know if they can, but from the universal knowledge that the 100% secure system does not exist, I find their claim hard to swallow.
I have to say, this is good food for thought. And this is where we could try to start a productive debate.
Within my limited technical knowledge, I have yet to see any mobile OS (ROM or otherwise) that comes close to the level that Graphene allows the user to secure their phones. I am not saying that Graphene is some sort of “fire and forget holy grail” of security, but checking the tracking in the included apps (all 5 of them), and finding absolutely nothing tracking, I have to say, it’s a very nice move from what the common folk uses (or used in my case) in their devices. On top of that, I have full control over 99% of my system (what with storage and contact scopes, plus the ability to disable ALL the apps I want, whenever I want, the control over all of the connections to my preference, and the list goes on and on. I have also tried Calyx (I have nothing bad to say about it, it’s pretty good and intuitive), which I think is an easier entry level than Graphene to incur into the privacy seeking life (my very personal opinion), but Graphene does take all that to different heights.
You might be wondering why all this long bloglike post. I thought it best to clarify my position towards Graphene as much as possible before i came out with what I’m hoping will spark the productive debate I mentioned before.
Other than GrapheneOS, what other real, potentially competing, options are out there?
Because, even with whatever flaws that GrapheneOS may have, it certainly beats having an iPhone, more so any other Android OS/ROM for that matter.
All previous joking aside, you’re evidently better versed on this subject than most of us, from my perspective anyway.
What would you recommend, short of getting a dumb phone with a prepaid sim card?
I’m genuinely curious about what you understand would be a better option.
“Linux phones” are not a viable option in over 90% of use cases (God O wish that wasn’t the case).
I’m waiting for the Pixel Fold 2 to launch, to see if I’m going to change my Pixel 7 Pro for that, or if I’m going to wait for the 9 Pro. But since this came up here, I might as well pick other brains and then do some research using the suggestions I find here as a starting point.
What is this list, that has no equivalent in Android/AOSP in general? Storage scope existed since Android 10, when GSF was introduced separately from native storage access. I have no clue when they claimed to “invent” contact scope, but a different user account (like work profile) segregates everything from storage to network tunnel to contact storage, and user accounts have existed for 10ish years. Disabling all userspace apps is possible on all Android phones as well, just not system apps, for which you need a computer and ADB/Shizuku API access, all of which can be done without rooting or a special “custom ROM”.
CalyxOS. Even LineageOS is fine. Even not putting one of these things on your phone, and doing things non-rooted (my guide) via ADB/Shizuku on any Android phone in the past 5 years is going to be fine. An exceedingly more important (99% as you say) thing is the user, them forming a proper OPSEC, and not making OPSEC mistakes.
These AOSP forks are tools, and all of these open source tools are uncompromised, that is a common theme. Tools do not really matter at this point if you use any of them. It is like picking any Linux distro. You are pretty much safe from telemetry and spyware immediately compared to a vanilla Windows installation, the moment you pick a distro.
That is impractical if you want to enjoy the benefits of urban society, and function more smoothly in it. You should treat your communicator (smartphone) as a normal device that cannot be made bulletproof, and relegate the utmost private activity to a Linux (or debloated Windows) computer instead, either of which is easier to control than a phone. If you need to have work apps, have them. If you need to have a rental cab app, do not risk your life for that extra bit of privacy, keep it maybe in work profile. If there is a game, it may be fine to enjoy it, unless it requires privacy invasion (no throwaway account possibility).
Understand that your communicator is a pocket computer that is handy in a pinch on the go, not your main computing device. Segregate activity between your phone and computer as needed. If that is too hard with work/job, introduce a second dedicated work phone, for a total of 3 devices.
Also understand your mental health and physical safety is more important than 1% more digital security. If either of those 2 are compromised, your digital privacy or security means nothing. This is the key reason why most “privacy” people get fatigued and say “fuck it” and leave the idea of attaining privacy altogether. Everyone does not need to be a Snowden.