this post was submitted on 25 Nov 2024
212 points (97.3% liked)

Privacy

32442 readers
557 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I am a long term GrapheneOS user and would like to talk about it. r/privacy on the redditland blocks custom OS discussions which I think is very bad for user privacy, and I hope this post will be useful to anyone who are in the hunt for better privacy.

Nowadays smartphones are a much bigger threats to our privacy and Desktop systems, and unfortunately manufacturers has designed them to be locked down devices with no user freedom. You can't just "install Linux" on most smartphones and it is horrible. And most preloaded systems spy on us like crazy. That was why I specifically bought a pixel and loaded GOS onto it.

According to https://grapheneos.org/features , they start from base AOSP's latest version, imptoves upon it's security and significantly hardens it. There's hardened_malloc to.prevent against exploitation, disabling lots of debugging features, disabling USB-c data, hardening the Linux kernel and system apps etc. They even block accessing the hardware identifiers of the phone so that apps cannot detect whqt phone you're using. That means with Tor and zero permissions given, apps are anonymous.

Compatibility with apps are best in Custom ROMs but there are still that can't work, especially if they enforce device integrity. Very few apps usually enforce that tho. Also their community isn't the friendliest but you can get help. Just don't try and engage too much or have too many debates.

Anyone else here use GrapheneOS, or any other privacy ROMs? What is your experience? Do you disagree on any point? Let's have a discussion!

(page 2) 50 comments
sorted by: hot top controversial new old
[–] [email protected] 17 points 3 weeks ago (4 children)

I'm pretty sure that every Android Lemmy user has a Custom ROM installed on their device. Currently daily driving GrapheneOS on my Pixel 7 Pro.

load more comments (4 replies)
[–] [email protected] 4 points 3 weeks ago

A simple search will tell you a ton of people here use GrapheneOS and other custom ROMs. Are you karma farming?

[–] [email protected] 3 points 3 weeks ago

I had daily drove it for years, but recently started testing the water with iOS. Still have GOS on my secondary devices though.

[–] [email protected] 8 points 3 weeks ago (1 children)

i really want to make the switch but need to figure out how to steal a pixel phone bc i sure as hell ain’t paying for one

[–] [email protected] 17 points 3 weeks ago
[–] [email protected] 4 points 3 weeks ago (2 children)

I use GrapheneOS but I don't like how Google Play-centric it is. It is geared towards people installing their "normal" apps with the GrapheneOS special sauce sandboxing. No F-Droid by default where all of the FOSS apps are.

[–] [email protected] 2 points 3 weeks ago (8 children)

By default there is nothing, it's a blank slate. It's up to you to decide what apps to use.

load more comments (8 replies)
load more comments (1 replies)
[–] [email protected] 14 points 3 weeks ago

I am. It's good. Don't have any issues just huge compliments to the team.

[–] [email protected] 22 points 3 weeks ago* (last edited 3 weeks ago)

Using it since many years on many Pixels and loving it.

Main pros: zero bloat, efficient, highly secure and highly private (about as private and secure as it can get on any smartphone), and it's an Android without any of Android's typical weaknesses (privacy issues, bloat, etc.). You get to utilize the advantages of Google (its security) and completely avoid the disadvantages (its many privacy issues). You get to use all the advantages of an Android mobile OS while completely avoiding all of its disadvantages. It's like getting your cake and eating it too. You're much better off in terms of security and privacy than almost(?) all other smartphone users. According to leaked documents, Cellebrite for example can't crack GrapheneOS on Pixels at all. They can crack almost any other smartphone if they have physical access to it. Most smartphones are really easy for them to crack. iPhones may pose some trouble depending on model/OS. And Graphene on Pixel is the literal brick wall. And even on top of that it has tons of great security features, like auto-reboot after X hours of inactivity, charge-only-mode for USB-C when locked, distress/duress PIN entry to immediately wipe the phone, many things like that. On the privacy side it's looking great as well: Some folks have analyzed Graphene's network traffic and there's zero privacy issues from the OS or its built-in apps. And the few connections it does make (for updates and so on) are all documented and work exactly like they documented them, and they only transmit the exact least amount of necessary data without anything beyond that (guess what - that's super rare). And on top of that there's even more great privacy features, some of which are invisible but well thought-out, for example any SUPL request goes through a Graphene proxy server first (configurable) which strips all personally-identifiable data from the request and then redirects it to your provider's SUPL server (which is most likely Google's SUPL server in the end). I'm seriously impressed by the quality of the GrapheneOS project. Maybe you don't realize how good and rare such things are nowadays. Also the documentation is very good and actually answers most of your questions and doesn't contain any marketing blurb. The social media feeds and forums are a great source of info as well. On top of all that it's even easy to install GrapheneOS.

Main cons: it's only available on Google Pixel phones, so if you truly despise Google and don't want to buy or use anything from them, it's not the right device/OS for you (or maybe buy it used?). However, the reason GrapheneOS is on Pixel is purely a technical one: Pixels do offer very high hardware based security already (probably the most, although iPhones have good hardware-based security as well. As is known, Apple tends to be produce good quality hardware, not quite so good software) as well as a very high degree of "platform neutrality", i.e. it's supported by Google to flash a different OS on it or use more advanced tools like adb without any sort of tinkering or unnecessary danger involved. Also you don't have to register to unlock your phone or anything, you only need to be online once to enable the OEM unlocking feature (I think this is because Google needs your IMEI to check whether the phone is carrier-locked (cannot ever be OEM unlocked) or can be unlocked, and they will immediately receive some device data including the IMEI as soon as you go online with the preinstalled Android OS once [of course they will receive some more device data than just the IMEI]), so it's best to not insert your SIM yet (and not do anything with the preinstalled OS) before you've installed GrapheneOS on your new Pixel. Do the OEM unlocking step on WiFi only, best on a public WiFi so Google has much less of a chance to identify you based on your IP or related data. Then install Graphene, then insert your SIM and start using your new phone. Other cons exist but they're rare or pretty much irrelevant in daily use. If you have to hear them, read an older post by me about some potential downsides: https://discuss.tchncs.de/post/19867254/12069767

[–] [email protected] -2 points 3 weeks ago (1 children)
[–] [email protected] 8 points 3 weeks ago

I have the pleasure of using GrapheneOS. I can't imagine using anything else. It was also the first (widely used) custom Android distribution to adopt Android 15. As far as I can tell, almost no others support Android 15 yet.

[–] [email protected] 1 points 3 weeks ago (1 children)

I've been using a Fairphone with /e/os. No Google at all. Rooted with Magisk. MicroG to run apps that need Google services. Everything I need works.

[–] [email protected] 1 points 3 weeks ago (1 children)

Did it come installed or did you need to complete a 27-step process involving cables and obscure commands and fiddly key combinations and the risk of bricking the thing?

[–] [email protected] 2 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

Do Google Pixel phones come installed with GrapheneOS? We're talking about custom setups with more privacy here.

I did have to follow the installation instructions, which included unlocking my bootloader, installing adb on my PC, and entering a few command lines.

There is the possibility to buy it preinstalled though, but from a third-party company.

[–] [email protected] 3 points 3 weeks ago* (last edited 3 weeks ago)

So the answer to the 27-step question is Yes. Alas. Still nowhere near as easy as installing Linux on an Intel laptop. Which of course is already way too hard for most folks.

Still, well done for doing it.

U: downvoting facts does not make them go away. This was not a personal attack. I want this solution to to be more viable than it is, that is all.

[–] [email protected] 4 points 3 weeks ago (1 children)

Is the camera still good on Graphene? It is pretty much the only thing that holds my Oneplus 6T back.

[–] [email protected] 9 points 3 weeks ago (2 children)

The camera is fine but I prefer to use googles camera app. Both work.

[–] [email protected] 3 points 3 weeks ago

I use the Google camera app as well, it's just better

[–] [email protected] 11 points 3 weeks ago

You can even install Google Camera app without google play services and deny it Internet access. All works fine.

[–] [email protected] 7 points 3 weeks ago

I've been on GrapheneOS for 4 years or so. I've tried CalyxOS every now and then, but always end up coming back to GrapheneOS. I find it simple, private, secure and free of BS. CalyxOS does come with some stuff preinstalled, which doesn't really appeal to me, and I trust the sandboxes Google Play model much more that MicroG.

About the devs, I really haven't had any issues that I have not been able to resolve myself, so my interaction with the is non-existing. I have read some posts with interactions with them, and they do seem to be hostile towards anything that is not 100% aligned with their train of thought, which I find stupid, to say the least. But regardless of how rude they may be, I feel GOS literally has no competition in the Android landscape in terms of privacy and security.

[–] [email protected] 3 points 3 weeks ago (2 children)

I would absolutely buy a Pixel, if only they supported sd-cards. I get that Google is pushing cloud-storage. If I smash my phone on the sidewalk, I still want to have a local storage, I can take out and thus make live backups to. There are just some features Pixels lack and privacy shouldn't lock you out of them.

load more comments (2 replies)
[–] [email protected] 6 points 3 weeks ago

My recommendation is GOS if you care about out of box experience and using gapps, DivestOS if you care about degoogling and removal of proprietary code. Both are hardened.

[–] [email protected] 4 points 3 weeks ago

I would but my Pixel 6's USB connection is entirely useless. It hasn't successfully connected to a cable in over a year.

I was considering it for my next one, though, whenever that is. Don't really feel the need for an upgrade atm.

[–] [email protected] 2 points 3 weeks ago

Yea I did the same thing as you about 2 years ago. Gonna maintain and use this phone for as long as I possibly can before either betting another one or find a equally good or better solution that doesn't give money to google(and hopefully one with a replaceable battery)

[–] [email protected] 3 points 3 weeks ago

Been using it for about five years now. I absolutely love it. But I will say some of these comments make it sound like it's a little easier than it is. I'd say about 80% of your knowledge from Android will transfer over and just work. But the last 20% is a bit of a learning curve, and will take at least a few weeks to get the hang of.

What I recommended to some of my friends that switched is to get the phone and mess around with it for a few weeks before you switch your sim. Then you'll get the hang of things like alternative app stores and sandboxed play services, and you'll figure out what you can and can't do.

I will say the vast majority of things do work easily because of protection compatibility mode and sandboxed play services. But there will be some things that are just more hassle then they're worth. I find keeping a second device, like a tablet, without a custom ROM makes that stuff easier.

And there are some things that seem impossible to get working properly, at least for me. For example, casting to a TV is basically impossible from what I can tell. Also, tap to pay, even for things like tickets doesn't work (although if you have play services, you can use Google wallet for things with barcodes).

Overall, it's totally worth trying out. Just don't set your expectations too high. You're not getting a completely "just works" experience.

As for other custom ROMs, I've tried CalyxOS and LineageOS for MicroG. I didn't find either of them quite as good, but that was many years ago. Maybe they've gotten better.

[–] [email protected] 2 points 3 weeks ago

I've been wanting to try it for a while now, but I'm too cheap to buy a phone that can run it.

load more comments
view more: ‹ prev next ›