Oddbean new post about | logout
hh | 13 hours ago (raw) | export | reply | flag +6 
 OK, so this afternoon I went and grabbed one of these. I needed a new phone anyway, and I make them last, so no regrets.

Brought it home, turned it on and immediately went through the GrapheneOS web installer. Super easy, super smooth, very impressive set up these people have.

Now I've spent the last few hours wrestling with the apparently very common philosophical question among GOS users of whether to (Sandbox) Google Play or not, and if so, when and how.

Some people say the sandboxing is enough and provides an acceptable degree of nerfing ("Google apps become normal apps with no privileges"), so there is no further need for separate users and everything can run under the Owner. Personally that feels a bit iffy, and even if I accepted the idea and ran everything together, I'd rather make a non-owner user and simply leave Owner alone, with the bare-bones original installation apps.

Then again, other people say that the right way to go about it is to install everything, including Google-dependent apps, as Owner - just logged off everything. Then you push apps onto the various ad hoc users. But how does that compute with Google Play, which requires you to log on in the first place? Doesn't that leave Owner permanently plugged on to Google, defeating the purpose?

This seems to make yet another group of people say that the right way to go about this is actually to make a user for the Google trash, and keep the Owner clean.

What is your set-up, people? I have RTFF extensively (discuss.grapheneos.org mainly, articles on other places, and watched several hours of YT videos), but this seems to be a very divisive matter. 

nostr:nevent1qvzqqqqqqypzqvw6yg2djsakmv5cfzl70c703mqrsqq5g98sdnwmpm4vexhj2z8zqythwumn8ghj7cnfw33k76twv4ezuum0vd5kzmp0qy2hwumn8ghj7erfw36x7tnsw43z7un9d3shjqgwwaehxw309ahx7uewd3hkctcpz9mhxue69uhkummnw3ezuamfdejj7qg4waehxw309aex2mrp0yhxgctdw4eju6t09uq3kamnwvaz7tmjv4kxz7fwdehhxarjwpkx2cnn9e3k7mf0qythwumn8ghj7un9d3shjtnswf5k6ctv9ehx2ap0qythwumn8ghj7un9d3shjtnwdaehgu3wvfskuep0qyfhwumn8ghj7ur4wfcxcetsv9njuetn9uq36amnwvaz7tmwdaehgu3wd46hg6tw09mkzmrvv46zucm0d5hszynhwden5te0xyhxumm6w3ezucm0d5hszxrhwden5te0vdex2ct5wghxummnw3ezuamfdejj7qg6waehxw309ashyapwdehhxarjveex2cttwvhxxmmd9uq3gamnwvaz7tmpd3nk7tn4w3ux7tn0dejj7qgswaehxw309asjumn0wvhxcmmv9uq3samnwvaz7tmxd9k8getj9ehx7um5wgh8w6twv5hszgmhwden5te0ve5kcar9wghxummnw3ezuamfdejj70m8d3hkyctv84skcmqprpmhxue69uhkzapwdehhxarjwahhy6mn9e3k7mf0qyg8wumn8ghj7efwdehhxtnvdakz7qfqwaehxw309a3xjarrda5kumtp0p5k6ctvd9ehguewdahxc6twv5hszxnhwden5te0veex2etvv9ujuum0we3xjapwdphhxap0qythwumn8ghj7ct5d3shxtnwdaehgu3wd3skuep0qyt8wumn8ghj7etyv4hzumn0wd68ytnvv9hxgtcqyp764lx5nmu32ym6sfz3y9rsed7e5zrypw2uc8t3k5vftr4j6thqwzl6y38
ish4k | 13 hours ago (raw) | root | parent | reply | flag 
 I'm in the fourth group: no google shit at all. and another user for non-foss via aurora.
hh | 13 hours ago (raw) | root | parent | reply | flag 
 So Owner running clean, and Google crap confined to its own user? That includes some critical stuff for me like banking apps, plus all my work stuff which my client insists must run on Google... (so it's all Gmail, Google Docs, Google Meet, Google Calendar, Asana... the whole fucking stack of shit).

To be totally honest, I'm seriously considering a two-device separation. I did it for many years and it was an absolute bitch (especially when for one reason or another I forgot to take one of the phones... which happened often).
ish4k | 13 hours ago (raw) | root | parent | reply | flag 
 that's exactly what I do, tbh, I just didn't wanna sound too paranoid, lol. the second one doesn't even have to be running on graphene, lineage would do the trick. leave pixel at home, go out the other. and now that I'm paranoid enough, I must confess: I have a third one, a cheap ass one only to use as a hotspot when I go out. as we have lotsa robbery here, it also serves as "thief's mobile".
hh | 13 hours ago (raw) | root | parent | reply | flag 
 LOL let's just say you're among friends.
ish4k | 13 hours ago (raw) | root | parent | reply | flag 
 someone called me paranoid here just yesterday cuz I avoid fingerprint on browsers, one never knows haha
H | 10 hours ago (raw) | root | parent | reply | flag 
 If you're a dissident, there's no such thing as too paranoid.
ish4k | 8 hours ago (raw) | root | parent | reply | flag 
 as hunter thompson once said: "there's no paranoia, it's all real."
Duncan Cary Palmer | 13 hours ago (raw) | root | parent | reply | flag 
 nostr:nevent1qqsyp4nmscyjrhrpssdyyrx8vhv6cwtrakz8d4et6sssj84q6gvt57spzemhxue69uhkyetkduhxummnw3erztnrdakj7q3qcxp3l03x20mkzezzr4takm8w8zuva7xwvacmcewp97z58hjt8xlsxpqqqqqqzh7ag5n
hh | 13 hours ago (raw) | root | parent | reply | flag 
 So, one single user (Owner?) running everything, but no Google Play. So you handle banking and similar stuff through Aurora? I hear it's getting congested and rationed. Does it work well?
hh | 13 hours ago (raw) | root | parent | reply | flag 
 BTW, Aurora gave a few "internal error, try again later" messages (I guess that's the rationing I read about), but in the end it did work :]
Duncan Cary Palmer | 12 hours ago (raw) | root | parent | reply | flag 
 Single user.
I don't use it for banking; use banks as little as possible.
Recommend Here We Go for travel/maps. Feel free to ask re: any other specific app.😃