*In terms of privacy, customisation, camera quality, and battery time.
For the longest time I have only used either iPhone or Samsung. I plan on switching to Android for the next phone I get, but I find that Samsung phones are often too big for me and put too much energy on camera quality (I don’t take many photos). I have started to look into brands such as Nokia and Motorola, and I would like to know what you guys think of them. Additionally, do you suggest any other phone brands aside from them? My biggest priorities are privacy and long battery time. Bonus if the phone can run LineageOS (I have excluded Graphene as they are only compatible with Pixel phones).
Thank you for any answers. Cheers!
The mod on this post is on such a humongous power trip lmao. Someone needs a reality check and a few slaps.
So you really believe that Graphene thing is the only single solution that works to attain mobile privacy and security? You believe that braindead fearmongering propagandistic bullshit? ADB developer commands, firewalls and app permissions are all worthless?
What do you think is a good idea to counter endless stream of years of people parroting the same unverified nonsense, and making privacy seekers feel hopeless, just because Pixel is sold in less than a dozen countries, is made by Google of all companies, and that developer believes in being a crybully and a harasser? Because this is extremely vitriolic for everyone, and this script has played out enough on Telegram, 4chan and Reddit. The same witch hunting antics and Big Tech security propaganda should not make its way onto Lemmy.
Instead of removing comments like that, perhaps correct them by providing more accurate information. I read the original comments, and they really weren’t toxic in any way (in my opinion), they were just strongly worded opinions.
The stated reason in the mod log was (just pulling one, the rest were very similar):
Nothing in the post violated instance or community rules, at least according to my read. Here are the community rules as of this writing:
And instance rules:
If there’s a rule that’s being enforced, ideally it would be posted in the sidebar.
As for the original claim, the Pixel is the only phone listed on privateguides.org (GrapheneOS and DivestOS are the only listed ROMs), which I think is a pretty well-respected and well-run privacy recommendation website. If those recommendations are not available in your area or doesn’t meet your needs, yeah, by all means use whatever is available and meets your needs.
Perhaps there should be a no-dogma rule or something, my point is just that removing stuff without apparent rule violations is not great from a user’s perspective.
“So you really believe that Graphene thing is the only single solution that works to attain mobile privacy and security? You believe that braindead fearmongering propagandistic bullshit? ADB developer commands, firewalls and app permissions are all worthless?”
What are you talking about? We can’t see those arguments because a mod removed them. Are you that mod? All I can see now is a one sided discussion and assume someone’s feelings got hurt. Silencing opposition by stomping ideas out doesn’t convince anyone of anything.
If you believe in Lemmy, let the comments and voting do the work. We don’t need the thought police enforcing their views.
Pinging @sugar_in_your_tea@sh.itjust.works to club responses.
This “let the voters decide” vibes based experiment has happened on 4chan and Reddit for years, leading to this. https://i.imgur.com/G6P1c9n.jpg and https://i.imgur.com/Q1wIIfS.jpg
Lemmy is not a trash platform like Reddit or 4chan, where loud and repeated nonsense is allowed to make the platform garbage. This is not “censorship”, but arguably the only effective way against these parrots and trolls to shut down baseless propaganda like Graphene being the singular method to get mobile privacy and security, because apparently nothing else works at all, and Micay has some secret sauce code in there that magically defeats NSA and CIA. This is the same person who hates Firefox because Tor Project devs trashed his drivel in a mailing list in August 2019, so he seeks revenge by telling people to use Google’s Chromium based browsers, and the same person who thinks it is a great idea to teach people to put faith in all things Google and Google’s proprietary Titan security chip, even though security chips keep becoming permanent backdoors.
Can anyone exactly tell me what works there, that does not work with a combination of AOSP killswitch lockdown firewalls, setting app permissions, HOSTS ruleset modifications, DNS changing, debloating/uninstalling via ADB and making lots of changes via Shizuku, all being open source and transparent methods for Android? This is an oversimplification, but these fancy custom Android builds do pretty much nothing better than all you need to live a private life, without even needing to root or seek a specific Google made phone somebody told you on internet.
You mean the same thieves who stole PrivacyTools website, GitHub and to this day squat on PTIO subreddit, and money laundered $17,500 of public donations into private accounts? The ones who run lemmy.one instance today, and banned me the very first day lemmy.one instance was opened, just to ensure no critics exist?
I have singlehandedly covered these security charlatans in FOSS and privacy communities for about 5 years, and GrapheneOS emanates from the same sewer that “security” clowns like Brad Spengler and madaidan do in Linux community. All they do is either push their bullshit solutions or push corporate Big Tech propaganda and hate any FOSS project they think will not worship them. It might be a good idea to read instead of decide the fate of Lemmy based on “freedom murica heckin yeah” vibes.
https://old.reddit.com/r/privatelife/comments/ug9qnc/writeup_criticism_of_rprivacyguides_grapheneos/
https://old.reddit.com/r/privatelife/comments/13teoo9/grapheneos_corporate_foss_loving_witch_hunting/
Correct, those rules will be formed and established as of today. I have been on this for months looking what to do about this nonsense making its way on from Reddit/4chan onto Lemmy.
This sounds like some kind of personal beef with Micay. That’s understandable, and here’s a Louis Rossmann video showing how toxic that individual can be (you go over some of that in your links as well). So I absolutely get it.
That said, the project itself is fantastic. Here’s the Privacy Guides page on why GrapheneOS is preferred. It also goes into why it’s preferred over CalyxOS and other alternatives, and offers DivestOS as a good alternative (here’s the supported device list if you’re interested).
I’ll provide the two sides I have:
To me, the Privacy Guides version of the story seems more believable, at least in terms of where the contributors went. I think both sides absolutely have a point, but this archived page has some pretty serious allegations about Privacy Tools being biased by their affiliate partners (to be fair, the way Jonah handled this is distasteful, he should have just started his own project).
That said, I think the content at Privacy Guides is currently better than at Privacy Tools, and I like that discussion happens in the open.
I hope you’re sensing a trend here: we should restrict discussions to technical merits, not discussions about individuals. I dislike both Daniel Micay and Jonah Aragon as people, at least from the limited information I have, but I think both run solid projects. The same is true for other FOSS projects, like GNU/FSF and Richard Stallman, OpenBSD and Theo de Raadt, etc. However, I think each heads a solid project, so I’ll continue recommending them based on their technical merits. I hope each survives their founders once they inevitably leave the project.
May I suggest a pinned post so decisions like this can be made in the open? Clearly state the problem (ideally more concise than what you’ve linked from Reddit), and why you think the solutions are valuable.
My recommendation is some kind of “no-dogmatism” rule, which makes it clear that privacy is a process, not an end goal. Likewise, we should be careful to elucidate the process for choosing products, not the products themselves (i.e. see Louis Rossmann walk back his support for Lenovo here over warranty BS when you install an alternative ROM). I think it’s reasonable that for every product recommendation here, users are expected to give reasons (or a link to reasons) why that product is worth looking into, with a strong nudge to compare to other projects (e.g. why GrapheneOS over Calyx or DivestOS).
Ideally, there would be some kind of wiki the community could keep that links to sites along with notes about caveats and whatnot (e.g. Privacy Tools’ conflict of interest allegations, GrapheneOS’ toxic leader, etc), with the intent of being a resource of where to get more information instead of a definitive guide.
That’s my take at least. I also don’t want this community to fall into group thing, but that also includes group thing against projects just because their leaders aren’t ideal.
Here is an alternative Piped link(s):
and here’s a Louis Rossmann video showing how toxic that individual can be
see Louis Rossmann walk back his support for Lenovo here
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
The moment I hear this “personal beef” bullshit, I see dishonesty. Does everybody have a personal beef with this disgusting person? Dozens of YouTubers, hundreds of internet users, privacy guide writers like me, Techlore, Rossmann and others? What the fuck is this “personal beef” thing I always get told, when I have publicly documented 5 years worth of stuff on security charlatans in FOSS, privacy and tech communities?
The project is not fantastic, but closer to snake oil, and almost identical to CalyxOS or other AOSP fork builds. It is mostly a rebranding of AOSP features with app permission controlling and firewalling. I dissected it when a spy was sent by that community to siphon the chatroom discussions of privatelife Matrix room. I did this breakdown last year or so by referring to the GrapheneOS features page.
https://i.imgur.com/pQHoq84.jpg
There are only 3 things they ever did on their own as extras, and even they have basically no value in the grand scheme of things, them being offering:
Now, I will elaborate on these 3.
So out of the 20-30 features GrapheneOS claims they developed, everything is either a modification of app permissions or firewalling or AOSP feature rebranding.
Also, as you may have famously heard about “Sandboxed Play Services”, it is not developed by GrapheneOS, but a project called ProtonAOSP, whose developer is kdrag0n. GrapheneOS copied that off and rebranded it as their own developed thing.
As you can see, GrapheneOS is basically a lot of marketing and in reality, there is negligible or nothing beyond the surface. This is called snake oil, or selling bridges/dreams.
PrivacyGuides are disgusting people that shelter trolls and laundered $17,500 public donation money of PTIO privacy community. The receipts are public and it is a crime. If you excuse that, I do not think you give a shit about genuine privacy endeavours. I still remember them making one person a moderator because he posted a faux libel hitpiece on me, and them (Jonah) stickying a comment by Micay calling me an agent sent by Chinese government to destroy privacy communities. This person is who you seem to like. https://web.archive.org/web/20220502064114/https://old.reddit.com/r/PrivacyGuides/comments/uged1y/is_grapheneos_actually_good_or_just_hype/
I wonder if you have read this. Read the paper by Ken Thompson, co-creator of Unix and C, on why we should be able to trust the developer and NOT the code. https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf
The projects of people ARE attached to the people who create them. They cannot be separated. And yes, the projects MUST be judged based on person’s conduct. Not doing this allows GrapheneOS dev to go around falsely slapping epithets like “neonazis” on Bromite and FlorisBoards devs upon mere disagreements.
https://github.com/bromite/bromite/pull/2102#issuecomment-1155760155
https://github.com/bromite/bromite/issues/2141
http://web.archive.org/web/20220803142758/https://github.com/florisboard/florisboard/issues/1921
I already did it in the form of 2 article length posts chock full of evidence spanning 5 years across internet. Not many people have ever put up this much of a fight to keep privacy community clean and good selflessly. And I do not think I carry the onus of creating such a wiki by myself, when I do not get as much community support as I should, and people choosing to call it “personal beef” and wash hands away selfishly.
I am proudly arrogant for standing for the correct thing – ethics – as I keep doing whatever guide work I do. Yes I recognise I sometimes tend to sound rude and blunt, but I will not lie or sugarcoat things. And I think it is okay and a rare quality.
IDK, seems like it. But that still has nothing to do with the product itself. As long as the product is good and is FOSS, I can look past the people behind it.
That’s a good thing IMO. The more an Android ROM deviates from AOSP, the more difficult maintenance becomes and the more problematic a toxic core contributor is.
That doesn’t match with what I’m reading online. This comparison table lists a number of differences between the various projects, and many of those are important to me. That source claims to not be affiliated with any of the projects (I haven’t done much due diligence though).
I don’t really care if these changes were made by GrapheneOS themselves or pulled in from other projects, the end result is a more interesting product that has a fast response to security updates.
Look at Linux distributions, most aren’t anything more than a set of configuration changes, packaging policies, and maybe a home grown package manager. Yet there are interesting differences between Ubuntu, Debian, Fedora, Arch, openSUSE (my preference), and others. It’s all mostly the same code underneath, just packaged differently. That’s what I want from an Android ROM, a secure, privacy-focused configuration.
It’s not snake oil if the difference between ROMs/OSes are tangible.
I never said I liked him, I said the website has valuable information. I don’t really care who makes the recommendation provided the statements are independently verifiable, and they do a way better job of linking sources than PrivacyTools.
At the end of the day, I’m not blindly trusting anyone’s advice and I’m looking at a variety of sites. I actually disagree with some of the recommendations, especially omissions, but I can usually find those when searching “X vs Y” with two recommendations from their site. Privacy Tools includes some odd suggestions, and it seems like they just throw a bunch of stuff that claims to be privacy-focused without doing much research (or at least they don’t link anything).
That’s not my takeaway, in fact it’s the opposite.
I don’t believe in trusting developers, I believe in a mix of security audits, reproducible builds, eyeballs, code signing, and cryptographic hashes. Developers can be bought, accounts can be hacked, etc, but code can’t. For example, I don’t think Linus Torvalds would intentionally break Linux security, but that’s not why I trust Linux, I trust is because it’s the subject of a lot of security researchers, large organizations, and a team of proven-capable subsystem maintainers. If I trust the developers, they could sneak in a malicious Trojan horse like Ken Thompson mentioned and I’d just roll with it.
As the Russian proverb goes, “trust, but verify.”
Well, you certainly talk about it a lot. Maybe you’re genuine, but that’s kind of irrelevant. I trust technical sources, not personal attacks.
I’m not suggesting you create a wiki at all, I’m saying that having a community effort for a wiki could be valuable. The place for a mod, imo, is to police rule violations (ideally mostly responding to reports, not active policing), and those rules should come from the community they operate in. Issues arise when the police make the rules. Maybe it makes sense for a mod to coordinate that effort, but contributions should come from the community with proper sources and whatnot.
And that’s commendable, I prefer transparency when I can get it.
My issue here is that I think you’re letting your distaste for individuals (however well founded) supercede technical discussions. I think it’s reasonable to put a footnote on the technical discussions noting potential conflicts of interest (e.g. Microsoft’s push for TPM is commendable from a security standpoint, but there are concerns about NSA backdoors, chilling effect on alternative OSes, etc), but not reject projects entirely just because of an association with a distasteful entity. For example, most here don’t trust Google, but that doesn’t mean Chromium-based browsers are automatically bad. Doing so is just poisoning the well. Provide 2-3 points of independently verifiable, technical evidence of BS and that makes a pretty strong case to avoid something.
But that’s my 2c. I absolutely thank you for your efforts and intentions, and I appreciate the transparency. However, that doesn’t necessarily mean I agree with your conclusions, though I could be persuaded with technical arguments. Since you seem to believe GOS is all marketing fluff, perhaps we could start a community initiative (I’m willing to help) to verify claims of various projects. At the end of the day, citations and methodologies should carry the day.
That eylenburg blog that seems to get cited sometimes I suspect is not a very qualified person, but instead seems to get pressured by Daniel Micay (thestinger) himself and his minion/mod mbananasynergy in GitHub issues all the time (https://github.com/eylenburg/eylenburg.github.io/issues?q=is%3Aissue+is%3Aclosed) along with DivestOS developer. And a lot of people fear Micay’s witch hunting and social media army harassment, so they either shut their mouths (hence barely any critics) or cave in to his influence/threats. Even DivestOS developer is a victim of it, since at the behest of Micay’s threat, he banned me off XMPP chatroom. I mentioned that as a section with chat screenshots in my long post. (https://old.reddit.com/r/privatelife/comments/13teoo9 /)
There is a weird pattern there, where everything is green for Graphene, half of it is green for Divest, but all others have NO or red markings, making it look like a very obvious advertisement, even though this is not how privacy and security works. This is in line with what Micay told Mr. Eylenburg how to structure the table (put this at “high”, put that at “medium” et al).
Micay and GrapheneOS propaganda has a very obvious pattern. Check this out. https://imgur.com/a/fpcsIL2 This will open your eyes. Also, those massive paragraphs wherever he explains or his fans/minions parrot features and stuff upon reading keep looking like GPT generated fluff but instead done by a human (himself).
That is because GrapheneOS is an embargo Google security partner for patches. It is either impossible for one person to keep building so many of these patches alone, or the work does not amount to the propaganda invented. This is partly why the claim I make about mostly rebranding, which seems apparent upon one close look. https://web.archive.org/web/20220829223401/https://twitter.com/GrapheneOS/status/1564322206414524420#m
Code can be bought. Developers can be bought. What cannot be bought is a developer’s moral integrity and professional behaviour towards people, hence Thompson’s paper is correct, and not what you took away from it. All the terms you said are code that comes from the developer(s), and do not get created out of thin air. This is not a “he said she said” behaviour, but fearmongering cultist propaganda full of dogmas.
Do you not see the coincidence that Micay wants to steer everyone away from Firefox towards Chrome, towards everything Google, believing in Micay’s vision, believing in closed source security and so on? He also used to shit on Android and believed and propagated the claim that Fuchsia is the future, where Google’s microkernel would rule the mobile world. I think he is a Google fanboy more than anything else, and we have many such Big Tech fanboy specimens in this world.
One reddit comment on my post explained this cult well.
If this whole project is basically feature rebranding plus firewalls, app permission modifications and stuff you can do without rooting, I see absolutely no reason how it claims to be better than anything else, and the ONLY solution to mobile privacy and security. As I shared the GrapheneOS official instructions for propaganda posters in that screenshot above, it should be evident.
Also, I have a whole bullet list for why Google Pixels are not trustworthy in my non root smartphone guide. I do not think we need to elaborate on why Google hardware is backdoored by NSA. Snowden lives in Russia to stay alive, and Assange is being drugged and tortured in West “free democracies” today for it.
Apple’s security chips have all been pwned, and their latest one also got pwned recently. Qualcomm Snapdragons have the same history, and Google will be no different. Closed source Big Tech security is a fool’s dream. Better to have transparency and known consequences, than “security by obscurity” circus, something security charlatans like these advocate for in FOSS/privacy circles.
I read a few of those, and I didn’t see any kind of pressure, just clarifications. And they provided information on not just GrapheneOS, but LineageOS and AOSP.
That’s exactly how I would handle things as well if I was working on a project and someone publishes a comparison table that gets posted a few places.
As for why GrapheneOS is mostly green, I guess there are three explanations:
But it’s also not all green, GrapheneOS gets red for Google Pay compatibility and device support, which are two pretty important categories for many people.
If you know of categories where GrapheneOS doesn’t do well, by all means, suggest them in an issue or open a PR. It’s the best comparison I’ve seen, and seems worthwhile to contribute to.
Well yeah, Linus Torvalds does almost no actual development, but he’s involved in merging patches. That job has value, and the end result is that people trust his branch.
That’s the same way I see GrapheneOS or any Linux distro, it’s just a handful of patches and configurations on top of a common core. AOSP is a high quality OS and there are lots of independent researchers looking at it, so it’s a good base to build on, with the main problem being integration with Google services. Forking it is a huge task, so they should stay as close to AOSP as they can while achieving their goals.
And yeah, if GrapheneOS is an embargo partner, that’s has a lot of value, and I hope other ROMs are able to get that as well. Faster access to patches is a good thing.
Sure, and that would likely be pretty obvious, and can happen to pretty much any project. But the community could easily fork it and move on if that happens. That’s what GrapheneOS did when they split from CopperheadOS, and that’s what’ll happen if GrapheneOS is bought or compromised.
So the real concern isn’t with copyright, but with Trojan Horse inclusions, which is where security researchers come in. GrapheneOS has documented how to audit their changes vs AOSP, and they share code with other projects, which apparently has uncovered more bugs. That sounds pretty responsible to me.
But Chrome is superior to Firefox on mobile in terms of security because Mozilla hasn’t ported many of the security features from the desktop browser. That’s a fact. There’s also an argument that Chrome is more secure on desktop as well, but there are tradeoffs to that.
I don’t see any evidence that Micay prefers closed source code (most of Chrome is open source btw), so I’m not sure where this is coming from.
Well yeah, Fuchsia is incredibly interesting and mikrokernels have fantastic security and isolation properties. If Google can pull it off, it’ll be a really interesting kernel to use.
However, there’s a reason mikrokernels aren’t very popular: they’re kind of difficult to work with. It just so happens that having your drivers in kernel space is incredibly convenient and performant. RedoxOS is another interesting mikrokernels project, and both Windows and macOS’ kernels are moving that direction (both are hybrid kernels).
So it’s only natural for him to be excited by it, I’m excited too. I don’t like Google much, but their FOSS R&D side is really interesting. I don’t know if he’s a “fanboy” (I haven’t bothered to do more than a cursory read of the links you’ve provided), but that’s only relevant if it impacts his security choices (e.g. trusts Google with user data “for security”).
Sane defaults has a ton of value. Most people don’t know how to configure an OS to be secure.
It’s not the only option obviously, that’s just stupid dogmatism, but it is a good option, and perhaps the best option out of the box. There are also security features that Pixels have that other phones either don’t or lock away from users, so GrapheneOS can have even better defaults than others due to the hardware it’s limited to (e.g. the open bootloader). Whether that matters to you depends on what you’re looking for.
So I’ll agree that dogmatism should be policed, but ideally with reminders and not comment removals. Maybe have a three strikes policy or something if you’re worried about repeat, intentional offenders.
I’m guessing most phones are, or at least compromised by the NSA. The NSA’s job is to maintain backdoors to go after national security threats, so there’s no reason to expect any default configuration to protect you.
Projects like GrapheneOS try to protect you as much as they can, but at the end of the day, anything that touches a network is going to risk.
That’s why I’m so excited about Linux phones, the Pinephone and Librem 5 both have hardware kill switches for times when you’re worried about surveillance.
Yet Snowing allegedly recommends GrapheneOS. Unless you think Micay is bullying Snowdon as well…
That said, I don’t put a ton of stock into what Snowdon has to say. He’s not a security expert, he’s just a contractor who got away with government documents. He’s careful, but fairly average.
Sure, that’s going to happen because they’re a big target. That said, it’s unlikely to impact regular users because those attacks are quite sophisticated and often caught by security researchers pretty quickly. The Android market is more sketchy because there’s so much more diversity to the point where security researchers are going to miss a lot.
Regardless, staying up to date on security patches is the best line of defense, and sandboxing everything is the next line. GrapheneOS provides both.
Ok, you lost me here. What they’re providing is security by layers (sandboxing, reducing attack surface by having less stuff running, etc) and rapid security updates from upstream.
The proper solution is to completely open source the telephony stack, but that’s not happening for any phone (though the Pinephone community is reverse-engineering theirs, so that’s cool).
Here is an alternative Piped link(s):
and here’s a Louis Rossmann video showing how toxic that individual can be
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
Ethics? You’re not ethical, you just got a mod position, let it get to your head à la Stanford experiment, and now no matter what others say if you dislike it you can silence them at no consequences to yourself.
You’re the furthest thing from ethical. You’re delusional, and still on that power trip high.
I actually didn’t give a damn about GrapheneOS, until you banned all mentions of it. Look up the Streisand effect, it’ll do you good. Instead of perpetuating a fascist censor of someone else’s free speech.