The only recommendation I can provide is a Google Pixel device with GrapheneOS. Graphene is only designed to work on Pixels because they are (allegedly) the most secure mobile phone hardware-wise. Once you flash Graphene, it’s up to you to install any apps beyond the basic browser (Vanadium), gallery, camera, caller, SMS, PDF viewer, contacts, file manager, and security/system apps. No Google involved without your permission, though you will have to install Google services, available via a Graphene mirror and sandboxed for privacy, IF you want to install an eSIM after flashing Graphene. If you’re interested in further information, please let me know. I use it, love it, and am happy to provide any information you may need to decide if it’s a good fit for you or not.
What is the root scene on Graphene? I know the dev is pretty against it but I like having root access after being used to it. Is it possible to easily root it without any integrity issues later on?
Rooting defeats androids security model and allows for further exploitation. Graphene most likely does support it because any AOSP OS that is geared towards security isn’t going to leave a big hole in their security allowing malware or bad actors to modify system files (or install a rootkit).
Desktop linux isn’t the same as Android, which is why I said the “Android security model”. Android is a mobile operating system and must protect against the fact that it will be in unknown environments all the time. It must protect against physical attacks, software attacks, and partially sandbox apps. Root breaks app sandboxing and allows for modifying system files and reading internal app storage. The system image is immutable and modifications/settings are made on top.
Linux desktop isn’t more secure out of the box. The general user account shouldnt be a sudoer. Immutable OSes are more secure and help pervent rootkits and other attacks. PCs are most often stationary and stored in a private location. Laptops are weak against attacks because you can boot to a different OS from usb without passworded BIOS. Desktop OSes are the geared for the same kinds of protections.
There is good reason why Android is far more secure than Linux mobile.
You can root on GrapheneOS. You do it exactly the same way you’d do it for the stock Google ROM:
Have an unlocked bootloader. Yes, this means that it “”“defeats the purpose of GrapheneOS”“”, if the purpose of GrapheneOS isn’t for you to avoid Google’s privacy nightmare. I use GrapheneOS for privacy moreso than security, and not being able to block ads properly is irritating.
Install the Magisk app.
Extract the boot.img from the GrapheneOS image and patch within Magisk.
Flash the patched boot image in the bootloader.
The main annoyance with this is that you’ll have to do that dance every month when a security patch gets released, but for me, it’s better than vomiting from exposure to ads on mobile.
What is the patching process when running with Majisk, without OTA? It looked like quite a PITA to me, but I'm using Graphene for the same reason you are.
It looks like the verified boot security feature of Graphene effectively prevents rooting the OS. I understand wanting root access, it does provide some nice features, but I don’t have any need for it. I don’t have any bloatware embedded to remove, and I don’t need to mod any system apps, so I haven’t looked into it much. I know the dev says it isn’t planned because it massively increases attack surface, which I personally agree with, but it would be nice to have the option via a separate version of the OS or something. If you need root access, I would suggest looking into LineageOS. It’s similar in privacy to Graphene and last I knew could be rooted. Graphene is very focused on security as well as privacy, and for me is a best of both worlds, but if you want to modify the system for various power-user type features, it might not be for you.
No, it doesn’t. I use 95% FOSS software, so anything that might have ads just gets denied network permission entirely. As for AppOps, I just looked it up, and that would be something I’d like to see developed as a feature of Graphene. It seems like a genuinely useful, and at the very least privacy-protecting, app. I don’t use copy/paste via keyboard, and despite it not having network permissions, I’d still deny it clipboard access simply because it doesn’t need it.
For security reasons GrapheneOS doesn’t allow the modification of system files. You can achieve the same thing with DNS though. Either self-host a Pi-Hole or AdGuard Home, or use something like NextDNS.
Not OP but interested in both privacy and high-tech features. My current (stock) pixel 4a device has a worse camera than many other phones, but the software compensates a lot, netting better picture quality overall very often. I’m wondering how much of that is lost when using graphene instead of stock android, do you know?
Similarly with the latest gen pixels having AI features built in, I’m assuming much of that is software that’s not as easily installed somewhere else…
It’s been a couple years since I tried the graphene camera, but (at the time) it’s essentially trash in comparison to the Google camera. I just use the gCam without internet permissions and call it a day.
But I’m not hardcore tin-foil ‘the NSA will use your office mirrors reflection to precisely heat up a 2mm space on the side of your phone that somehow enables Bluetooth and with that the G + glowy bois will exfiltrate your data at 10Kb/s’. I want additional security hardening and some privacy additions, but I also use the play services and store, like a typical user. Yada yada threat model yada yada - I just want my phone to simply function at the end of the day. Middle of the road, if you will, between stock os users and the guy that’s now boarding up all his windows because of the 2mm Bluetooth mystery vulnerability.
Unknown about the claimed AI features - my 8 pro is in transit. But I can check in a few days, if interested.
I’m not sure what the GrapheneOS stock camera app does under the hood, but if it’s not enough for you, you have the option of installing Google’s Pixel Camera app from the Play/Aurora store if you want to compare. I don’t imagine it would require Google Play Services to run on devices older than 8 since they don’t have the AI integration, but I could be wrong. You can easily deny the app network permissions to ensure that the app isn’t sending your photos to Google. As far as the AI features go on newer devices, I could see those requiring Google Services installed to work, but again, they’re available through a Graphene mirror, run sandboxed for privacy, and can be denied network permissions. I’m satisfied with how my pictures turn out (7 Pro), but I may try Pixel Camera out just to see what the difference is.
I mean, not a great source… That’s just a link to a forum post and the only thing they reference for it “not being secure” was a github PR from 2021… Not saying its great they had teething issues, but that’s literally a year within starting up and they fixed all those issues right away, and had an independent audit done. So I kinda feel like using it to say they’re not secure now isn’t very useful. But if you have something showing their current deployment is insecure please share.
They did a complete infrastructure overhaul at the start of 2023 too moving to their own hardware and such so I imagine more might have changed since 2021 than just those issues.
Why do you only give offers to people that havent signed up? People who have an email with them but never have had any other services still dont get the offers ?
Surprise, your local cops are authoritarian pieces of shit who think the law only applies to citizens, who they view as an invading force here to harm cops.
All Cops Are Bastards, and the systems that uphold them as well.
This is the most important point. Governments at every level are discarding constitutional law, and embracing fascism in opposition of American ideals. Cops couldn’t do this without the support of city, county, state, and federal programs to give them what they want.
Thanks for recognizing this. It’s the cops, it’s the DAs, its the Prosecutors that work for the city/state/nation (RIP Aaron Swartz, a victim of one of those), it’s the judges who take all cops word as unfettered truth and do nothing but view regular citizens with unbridled skepticism and contempt, its the mayors/governors who are scared of the cops and keep capitulating to them because the cops just won’t do anything except draw a paycheck if they don’t like what you’re doing politically. The feeble milquetoast broken losers that bend over and take it from the cops because they’re scared of the cops abusing them or the fucking MAGAs abusing them are the enablers. We’re seeing the pinnacle of it right now, endlessly using kid gloves on Donald “Literal Treasonous Spy” Trump because “oh but he might appeal” and “oh but his followers might do nasty things to us, so we don’t want to upset them.” What a bunch of loser ass fucking pussies. So worried about their own skins that they’re going to let us fall into fascism under the waffling of “But it’s not our fault the Republicans and the Cops and Judges hate citizens and think they’re all criminal scum, we have to follow these crazy, unhinged laws that they wrote after literally rigging elections to benefit themselves. There’s literally nothing we can do!” They’re enablers because anybody who gave a single damn would know there’s plenty they could fucking do, and yes it means calling Republicans on their bullshit chicanery and fucking doing something about it.
I’ve also noticed that if you do a search, click a result, then hit back to go back to the results they manipulate the results in some weird way so they’re not the exact same results you got the first time. Infuriating
I also returned totally accurate results using the exact same query. I would really like to know what is going on here. This is a common complaint with some people using DDG, that the results are poor, but I consistently have as good if not better results than using Google.
Noticed in one of your comments this is happening on Signal desktop. Is this a windows machine? Maybe update your post so people are aware it’s no on Android
privacy
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.