Pro/Con of DeGoogled Phone operating systems
Graphene
Pro: Good optional sandbox for Google push. And advanced security features such as:
1) Hardened to resist memory attacks
2) Better sandboxing (access policies)
3) Enhanced verified boot
4) Attestation tool to diagnose Pegasus malware
5) Browser reducing “just in time” JavaScript
/
Con: Only Google manufactured hardware, which is the most likely to have hardware backdoors. Titan-M security chip is closed source and therefore untrusted to protect me from Google/Government
Calyx
Pro: Similar DeGoogled experience to Graphene, but supports a wide group of phone manufacturers outside the 5 eyes including Fairphone, OnePlus, Vivo, Xiaomi, ZTE, and Huawei. LOL, Do you trust Google or the Chinese? Calyx also has a great built in Firewall app to cut off apps from the internet
/
Con: While Calyx is better for avoiding Google’s unknown hardware backdoors, it doesn't have Graphene's advanced security against known targeted attacks. Additionally, if you need Google push notifications, then it uses MicroG instead of Graphene's sandbox, which isn't as good at isolating Google from the core system data.
Lineage
Pro: Works on an even larger variety of hardware, so you got a lot of choice. Lineage is also great for fake android virtual machines on your desktop PC. You can easily spin up a VM with this and use spyware apps. While as Graphene won't allow this under current builds, and Calyx requires "annoying to use" Android developer kits to do it.
/
Con: Can't lock the bootloader. Controversial security issues.
Pinephone (Linux phone)
Pro: It's good to see alternatives to Android. Hardware "brains" are open source.
/
Con: Low amount of apps because it's not using Android's ecosystem. Not as good performance as Android. Lacks Android's good security model, and it still uses closed source hardware to communicate: WiFi and LTE modem (they had to)
Purism's Librem 5
Scam. They won't ship it, don't buy it.
Summary,
Graphene - Extra Security, IF you trust Google's hardware
Calyx - Good for non-Google hardware & app firewall
Lineage - Great for VMs
Pinephone - Boycott Google
</end>
SimplifiedPrivacy has lowered custom consultations to $30/hour. Reach out and we'll help you with flashing phones, routers, Linux, any tech support.
Are you shadow rebel on Matrix?
Shadow rebel is our non legally binding, unpaid, free speech town crier. He accepts no legal responsibility for talking in the videos
lol ok, just curious as saw in the same channel i'm in 🤙
There's also #Vollaphone, #FXtec and other devices that support #UbuntuTouch.
Also, #Purism's #Librem5 cannot be a scam if people have received it. It's the only x86 device on the list.
I've heard a lot of people getting scammed. If you trust it, then buy it. But I can't recommended
Pinephone is complete garbage. The limited apps and borderline-unusably-buggy OS I could work around.
But the thermal engineering - man, a Pinephone can literally cook itself on a warm day.
And the aftermarket support and parts availability is exactly what you'd expect of a scammy Chinese startup.
I'm surprised they charge so little. Why not charge more and fix it
Mine was part of a batch with Qualcomm modems that had actually failed QA. The modem used to freeze randomly. Various devs (not Pinephone staff) came up with a series of increasingly effective workarounds.
But the thermal issues are the real killer. Pinephone need to stop using laptop-spec chips in a mobile phone form factor.
Pinephone does hilarious things to shave a few cents per unit, and the rusted-on fans gaslight complainers by asking if we really want an open hardware phone or not?
I do, but it needs to do what the advertising says it does...
You can manage for instance firewall on that "garbage" anyway you want and many other things you can only dream.
My Pinephone power micro-switch failed within a month. I ordered a replacement from Pinephone, and after six weeks I received a parcel sent from a university dorm room in Shenzhen. The parcel was empty. Complaints went unanswered. Forum posts went ignored except by other customers.
If that's the service you dream of, buy a Pinephone.
My pinephone is just fine
I've had good experience with CalyxOS and find it a perfect blend of security and usability
How can Google get to a Pixel if graphene os has been flashed? I've never read that from Graphene os developers...
As your question is vague, I broke it down into 2 questions for you:
a) “If Graphene is flashed, how can a backdoor in the Google hardware exist?”
The answer is that all hardware uses firmware which operates at a lower, more base level, than an operating system. This firmware could potentially communicate to remote actors. This could potentially be EVALUATED through WiFi to a router you control, but can not be even evaluated if it goes to cellphone towers. It also could potentially communicate even right under your nose of a FOSS router firewall, if you go to “google.com” and some hidden data exchange takes place with SSL encryption to the right domain.
b) “If google’s push notifications are enabled, how can this google service get to the hardware identifiers on the device?” The answer is that the sandboxed google push service prevents it from getting to the hardware identifiers IN THEORY.
I think my question was clear enough.
In any case, you base your reply on assumptions; assuming this, could be that etc. Have you seen this been discussed by GrapheneOS developers? Have you contacted them to get their take on this hardware-firmware backdoor?
There’s not much they can do on a google hardware backdoor other than not use google only and support other phones. But we are not officially involved with their decisions, this is just commentary in general
For sure. They could have phones observing their behavior over time. This is what they could do for example. Maybe they have done so. That is the reason of my question to you as an advisor of privacy.
I recommend looking at DivestOS before going Lineage, they try to mimic graphene but for non pixel phones.
Its a fork of lineage using microG and does not have the security of graphene.
Security of GrapheneOS means being patronized by a mentally unstable person who behaves like some diva.
GrapheneOS forces people to connect to their servers to keep clock accurate. Nowadays you cannot rely on manuall clock setting.
Do you use your computer with disabled administrator power because some autistic dev said so? You don't trust government but you agree that an individual treats you like a child.
MicroG is not a part of DivestOS. You must install it.
DivestOS doesn't recommend that.
Wwyd? I'm leaning toward GrapheneOS.
What do you think about/e/OS ? https://e.foundation/e-os/
Good for Samsung devices which don't work on a lot of the other ones.
Beyond that it's more of the same
What is your impression concerning DivestOS?
https://divestos.org
https://eylenburg.github.io/android_comparison.htm
DivestOS - first and formost you don't have to relay on Daniel Micay - GrapheneOS - unfortunately mentally unstable person - you can find details on the internet.
This is the biggest advantage.
...
Networking on DOS
Network Restriction: DivestOS already lets you restrict network for each app by connection type (cellular/Wi-Fi/VPN), when in the background, and optionally completely revoke NETWORK permission.
Ad/Tracker Blocking: DivestOS includes a tailored HOSTS file by default for such blocking. The user can further choose to use an alternative DNS or use a local VPN app such as DNS66 or NetGuard.
http://2ceyag7ppvhliszes2v25n5lmpwhzqrc7sv72apqka6hwggfi42y2uid.onion/pages/faq
#privacy #security #android
Oddbean new post about login | logout