this post was submitted on 18 Mar 2024
76 points (100.0% liked)
Privacy
31935 readers
677 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Things like cellebrite and pegasus are rapidly evolving tools based on specific zero day vulns that are known only to (and jealously guarded by) the respective tools devs. No one would have any meaningful way of validating whether Graphene is secure against those specific attack vectors or not unless they did test it, but "trust me bro" on the part of a dev doesn't inspire confidence. I would assume any zero day vuln in AOSP is very likely present in most derivative systems based on it.
I never defend lies. But attacking them would be lying, because I've no idea what you mean by "Cellebrite Kits".
What I am doing though, is riling yoi up because you're evidently constantly angry in every single post I've seen you write.
I tried to appeal to logic in one of them (xenophobia, remember?), and all you did was post an even angrier message. So, since logic and good intentions don't work, trying to increase your anger kay, or may not, do the trick. I just had to give it a shot.
By the way, no, that didn't work either. It seems that nothing short of lithium will help. I'm sorry about that man. You sound exactly oike the GrapheneOS guy.
I found the article (ironically in Graphene's own forum) where they word their explanation in a way that would have us believe their project can counter Cellebrite with little to no effort. And I find that to be deceiving. I don't know if they can, but from the universal knowledge that the 100% secure system does not exist, I find their claim hard to swallow.
I have to say, this is good food for thought. And this is where we could try to start a productive debate.
Within my limited technical knowledge, I have yet to see any mobile OS (ROM or otherwise) that comes close to the level that Graphene allows the user to secure their phones. I am not saying that Graphene is some sort of "fire and forget holy grail" of security, but checking the tracking in the included apps (all 5 of them), and finding absolutely nothing tracking, I have to say, it's a very nice move from what the common folk uses (or used in my case) in their devices. On top of that, I have full control over 99% of my system (what with storage and contact scopes, plus the ability to disable ALL the apps I want, whenever I want, the control over all of the connections to my preference, and the list goes on and on. I have also tried Calyx (I have nothing bad to say about it, it's pretty good and intuitive), which I think is an easier entry level than Graphene to incur into the privacy seeking life (my very personal opinion), but Graphene does take all that to different heights.
You might be wondering why all this long bloglike post. I thought it best to clarify my position towards Graphene as much as possible before i came out with what I'm hoping will spark the productive debate I mentioned before.
Other than GrapheneOS, what other real, potentially competing, options are out there?
Because, even with whatever flaws that GrapheneOS may have, it certainly beats having an iPhone, more so any other Android OS/ROM for that matter.
All previous joking aside, you're evidently better versed on this subject than most of us, from my perspective anyway.
What would you recommend, short of getting a dumb phone with a prepaid sim card?
I'm genuinely curious about what you understand would be a better option.
"Linux phones" are not a viable option in over 90% of use cases (God O wish that wasn't the case).
I'm waiting for the Pixel Fold 2 to launch, to see if I'm going to change my Pixel 7 Pro for that, or if I'm going to wait for the 9 Pro. But since this came up here, I might as well pick other brains and then do some research using the suggestions I find here as a starting point.
That's a pretty pretty good set of suggestions and explanations, and i appreciate you taking the time to express them.
While the storage scopes ability has been there since Android 10, I have never seen the level of granularity by app that GrapheneOS provides anywhere else, which justifies the mention of it on GrapheneOS. I never said that they invented Contacts scope, and I am not aware if this is their doing or someone else's. The ability to choose scoped content by app is super convenient, and IMO more straightforward than using different accounts for this purpose. Now, having segregated profiles for the apps that I know I need and have no way of replacing with a "tracker-less" alternative (such as my Aruba InstantOn app) is a God-sent, no doubt. Using ADB is not for the faint of heart, we all know the capacity of damage it has if used carelessly, and punching a hole with Shizuku does expand the vulnerable attack surface, specially since it enables those holes over WiFi.
If you could share your guide, I'd appreciate it. I am paranoid about using Shizuku or any other type of hole punching method.
I'm 100% in agreement with you in this comment. Any Linux distro will remove almost all risk of telemetry or spyware when we choose to move away from Windows or Mac, unless you opt-in to some telemetry on a few, like Ubuntu for example, and even then, the difference is night and day.
I think your logic for this comment is inherently flawed based on your personal use case and experience. In my very personal case, it is practical, because, while I do want to enjoy some of the benefits of what you call urban society, I am not willing to trade privacy for convenience, much less security. No device is bulletproof, we agree on that, but wee can make it harder for others to invade our privacy, and I believe that, the more of us put in the effort to doing just that, the more likely these privacy nightmare companies are to rethink their business practices, whereas if everyone is just following the path of least resistance, which is the case with the vast majority of the users out there, they have no incentive to even try to change their ways. Practicality will always boil down to how far any 1 individual is willing to go to achieve something without dramatically breaking their way of life. That's why it's important to voice all these concerns and provide potential solutions to replace mainstream software (OSs, ROMs, apps, etc.) with alternatives with which we may have more control on what we share. There's no one-size-fits-all solution, proprietary or open source, it just does not exist, simply because we're all different to at least one minimum degree, which is what makes this subject as open for debate as it is. I do just that, with GrapheneOS, keep my "trusted" apps in my main profile, and all the crap I don't trust in a separate profile. But just keeping profiles separate is what I think counts ass following the path of least resistance, when there are so many other options to add to just that 1 action. It is exactly as you say, if I didn't have my car, I would probably have Lift or Uber on my phone, because I'm a privacy and security freak, but I'm not stupid enough to put myself in danger over that alone. What's more, I do keep an Uber account that I have, however, I don't have it in my phone. If I ever need it, I'll download it, use it, and remove it thee moment I don't need it anymore. In my personal case, I do most of everything in my PC or laptop, both running Linux (the distro is irrelevant, as we seem to agree on that. But that does not mean that I will be away from my computers, and if I need to do something urgently I have to blast out like a rocket to do it instead of just doing it right there on my phone because I can do it without worrying about spyware or surveillance, or even a potential hack of any kind, because I trust my phone more than if it was using the software the manufacturer wants me to use for their sake, not mine.
This is unrealistic for most people. I'm inn a privileged position where I can get as many devices as I want without missing a house payment or going hungry, but that's not the case for everyone. But not having the means to have more devices, for example, does not have to forcibly render you unable to do something about achieving a higher level of privacy and a higher level of security, together with more control over your device and data. This is why these projects exist, they give us options.
This is yet another matter of perspective comment. We agree 100% on the health subject. Nothing should come first. Chasing more privacy and security can be pretty exhausting, I should know. But once I started seeing it ass a hobby that brings with it benefits, as opposed to "something I need to do so I don't loose as much sleep over who's racking me", it's turned into a game for me, in which I will either win, or loose, and even that will vary as time moves forward. Since I started moving towards a less invasive lifestyle regarding technology, that's all it is for me, a game. True, it's a souls-like game, where the enemies will probably kill you a few times before you level up and finally pass them to move on to harder enemies, but a game nonetheless.
I want to make this abundantly clear. While I am passionate about privacy and security, the pursue of this is not something that drives my daily life, but something else in which I can achieve more knowledge and potentially help others with along the way. This also provides me with the possibility of having meaningful (and sometimes just silly) conversations form people of all walks of life, cultures, philosophies, etc.
Please, if you would, remember to send me your guide, the one you mentioned on your second paragraph. I'd genuinely like to see what your process looks like and compare it to what I currently have.
This is the type of conversations I like to have, somewhat different points of view with logical ways to back them up.
Dude, your guide is amazing. Many apps you suggest intersect with my preferred apps (for example Joplin. Best Notes app I've ever used, on any device).
I'm going to he playing with Invizible Pro once I go back to Calyx (I plan on doing it this weekend because this werk has proven to be insane at work, and I dont want to do ANYTHING after I turn off my PC).
The double-VPN option, insanity, I jad no idea that was even possible.
Granted, the guide is 2 years old, but most of those still work today, even on Android 14.
And big Kudos on all the links providedbto shed light on Apple's bullshit "it's for your security" politically correct discourse. This shows how little people are willing to reseach before choosing a device.
In any case, I for one still think that degoogling a Pixel device is the best option for my use, since I'm very happy just stripping them out of their original software (system and apps), and runninf over to Calyx or Graphene. I can't say why, I just like to do it. Plus, in my experience, pretty buttery smooth for what I do.
Thanks a lot man. That's a fair point. Not many people have the know-how and the drive to dig 30 pages down search engines looking for that 1 person with their exact same issue and how to solve it, having to go down the road of asking in the official communities. And if they're going to be faced with vexation over even considering a different option, that's toxicity at it's highest level. That's Nazi behavior right there.
In any case, remember i said I was going to go back to Calyx, because "why not"? Well, I saw myself with some spare time yesterday, and here we are π€£.
And you're right, my main drive is just that: "FUCK Google, Crapple, Microshot, EA, Meta, the governments (all of them), and everyone else that wants my information without my consent". It's not my only drive, but certainly the top one, followed closely by "if I can do it, why not?".
I'll change those settings too, and will be test-driving some of the apps and tricks in your guide that don't intersect with mine, as well as the ones that are completely news to me.
Thanks again man.
Edit: Just changed the settings:
Most of what you mention here I had no idea existed, and I appreciate you sharing it.
As for the scope granularity, this is a simple example for both, Telegram (Nekogram in my case):
Access to 1 contact (added as an example, because in reality i don't give it access to any of my contacts).
And access to 1 PNG image.
Also, thanks for sharing your guide. I'll go over it as soon as I'm off work.
On how the GrapheneOS team chooses to use fearmongering to make people believe there are no other options, I don't follow people or waste my time going into those threads and conversations. Doing thqt would be like asking people over at Google why I should avoid Google. That's yet another reason why I like to have these types of discussions with open communities, the chances of a fully biased point of view decreases dramatically (although it's never fully eliminated).
Here is an alternative Piped link(s):
https://www.piped.video/watch?v=NJZ5YNrXMpE
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source; check me out at GitHub.
The point of break in 99% of the cases is the carelessness of the user.
That is exactly right.