this post was submitted on 25 Nov 2024
182 points (97.4% liked)

Privacy

32142 readers
1603 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I am a long term GrapheneOS user and would like to talk about it. r/privacy on the redditland blocks custom OS discussions which I think is very bad for user privacy, and I hope this post will be useful to anyone who are in the hunt for better privacy.

Nowadays smartphones are a much bigger threats to our privacy and Desktop systems, and unfortunately manufacturers has designed them to be locked down devices with no user freedom. You can't just "install Linux" on most smartphones and it is horrible. And most preloaded systems spy on us like crazy. That was why I specifically bought a pixel and loaded GOS onto it.

According to https://grapheneos.org/features , they start from base AOSP's latest version, imptoves upon it's security and significantly hardens it. There's hardened_malloc to.prevent against exploitation, disabling lots of debugging features, disabling USB-c data, hardening the Linux kernel and system apps etc. They even block accessing the hardware identifiers of the phone so that apps cannot detect whqt phone you're using. That means with Tor and zero permissions given, apps are anonymous.

Compatibility with apps are best in Custom ROMs but there are still that can't work, especially if they enforce device integrity. Very few apps usually enforce that tho. Also their community isn't the friendliest but you can get help. Just don't try and engage too much or have too many debates.

Anyone else here use GrapheneOS, or any other privacy ROMs? What is your experience? Do you disagree on any point? Let's have a discussion!

top 50 comments
sorted by: hot top controversial new old
[–] snrkl@lemmy.sdf.org 2 points 5 hours ago

I've been using it on multiple devices for multiple years.

It works for me, and every app in want to use works. I've found that when they don't, it almost always is broken on the stock OS also.

[–] agile_squirrel@lemmy.ml 8 points 9 hours ago

I've been using it for just over 2 years now and am very happy with it. I am curious about CalyxOS though. While I don't think I'd switch I'd be interested in a technical deep dive comparison between the 2.

[–] SpiceDealer@lemmy.world 12 points 12 hours ago (1 children)

I'm pretty sure that every Android Lemmy user has a Custom ROM installed on their device. Currently daily driving GrapheneOS on my Pixel 7 Pro.

[–] mayhair@discuss.tchncs.de 6 points 8 hours ago* (last edited 8 hours ago)

Not me unfortunately ... I used to have a Samsung Galaxy S9+ with an unofficial port of LineageOS. Nowadays I'm using a Samsung Galaxy S21 Ultra with the stock OS.

Maybe a Pixel should be my next phone, so that I get proper support for most custom ROMs.

[–] Lettuceeatlettuce@lemmy.ml 8 points 11 hours ago (2 children)

Pixel 6a with GrapheneOS here. Been using for about a year and a half, and loving it.

[–] dyson@lemmy.ml 3 points 10 hours ago

Exact same setup here! Almost no problems. Also loving it

[–] agile_squirrel@lemmy.ml 2 points 9 hours ago

I don't like the fingerpront sensor. Other than that it works great for me.

[–] bl4kers@lemmy.ml 7 points 12 hours ago

A simple search will tell you a ton of people here use GrapheneOS and other custom ROMs. Are you karma farming?

[–] shapis@lemmy.ml -3 points 6 hours ago (1 children)

Tried it, tons of apps don't work and battery life was ass.

[–] Forbo@lemmy.ml 1 points 3 hours ago

Were you using sandboxed Play Services? Having multiple apps doing their own notification listeners can definitely impact battery, but I've not had an issue.

[–] Fluid@aussie.zone 1 points 9 hours ago (1 children)

How do you find it as a daily driver in terms of QoL features such as banking apps and payments etc?

[–] Bronzie@sh.itjust.works 2 points 7 hours ago

Not a problem. Google Play is still available, with all apps you have today. If you want to run that, then it works allmost like stock but with more control over everything. Only thing missing is Google Pay and I strugle with RCS messages. I never use SMS so I don't care about that one and it could be just me.

Alternatively you can run Google Play Services in a different, sandboxed profile if you're going for privacy.

[–] DollarColonial@lemmy.ml 7 points 14 hours ago (2 children)

I have 1 Pixel 7a running Graphene, 2 Pixel 6a running Graph, 1 Pixel Tablet too, and Pixel 4a using DivestOS.

Top tier.

[–] eleitl@lemm.ee 1 points 57 minutes ago

How do you like it on the tablet? I've been using CyanogenMod and LineageOS the longest time. Waiting for a Pixel tablet sellout.

load more comments (1 replies)
[–] kyub@discuss.tchncs.de 16 points 17 hours ago* (last edited 17 hours ago)

Using it since many years on many Pixels and loving it.

Main pros: zero bloat, efficient, highly secure and highly private (about as private and secure as it can get on any smartphone), and it's an Android without any of Android's typical weaknesses (privacy issues, bloat, etc.). You get to utilize the advantages of Google (its security) and completely avoid the disadvantages (its many privacy issues). You get to use all the advantages of an Android mobile OS while completely avoiding all of its disadvantages. It's like getting your cake and eating it too. You're much better off in terms of security and privacy than almost(?) all other smartphone users. According to leaked documents, Cellebrite for example can't crack GrapheneOS on Pixels at all. They can crack almost any other smartphone if they have physical access to it. Most smartphones are really easy for them to crack. iPhones may pose some trouble depending on model/OS. And Graphene on Pixel is the literal brick wall. And even on top of that it has tons of great security features, like auto-reboot after X hours of inactivity, charge-only-mode for USB-C when locked, distress/duress PIN entry to immediately wipe the phone, many things like that. On the privacy side it's looking great as well: Some folks have analyzed Graphene's network traffic and there's zero privacy issues from the OS or its built-in apps. And the few connections it does make (for updates and so on) are all documented and work exactly like they documented them, and they only transmit the exact least amount of necessary data without anything beyond that (guess what - that's super rare). And on top of that there's even more great privacy features, some of which are invisible but well thought-out, for example any SUPL request goes through a Graphene proxy server first (configurable) which strips all personally-identifiable data from the request and then redirects it to your provider's SUPL server (which is most likely Google's SUPL server in the end). I'm seriously impressed by the quality of the GrapheneOS project. Maybe you don't realize how good and rare such things are nowadays. Also the documentation is very good and actually answers most of your questions and doesn't contain any marketing blurb. The social media feeds and forums are a great source of info as well. On top of all that it's even easy to install GrapheneOS.

Main cons: it's only available on Google Pixel phones, so if you truly despise Google and don't want to buy or use anything from them, it's not the right device/OS for you (or maybe buy it used?). However, the reason GrapheneOS is on Pixel is purely a technical one: Pixels do offer very high hardware based security already (probably the most, although iPhones have good hardware-based security as well. As is known, Apple tends to be produce good quality hardware, not quite so good software) as well as a very high degree of "platform neutrality", i.e. it's supported by Google to flash a different OS on it or use more advanced tools like adb without any sort of tinkering or unnecessary danger involved. Also you don't have to register to unlock your phone or anything, you only need to be online once to enable the OEM unlocking feature (I think this is because Google needs your IMEI to check whether the phone is carrier-locked (cannot ever be OEM unlocked) or can be unlocked, and they will immediately receive some device data including the IMEI as soon as you go online with the preinstalled Android OS once [of course they will receive some more device data than just the IMEI]), so it's best to not insert your SIM yet (and not do anything with the preinstalled OS) before you've installed GrapheneOS on your new Pixel. Do the OEM unlocking step on WiFi only, best on a public WiFi so Google has much less of a chance to identify you based on your IP or related data. Then install Graphene, then insert your SIM and start using your new phone. Other cons exist but they're rare or pretty much irrelevant in daily use. If you have to hear them, read an older post by me about some potential downsides: https://discuss.tchncs.de/post/19867254/12069767

[–] pineapplelover@lemm.ee 12 points 17 hours ago

I am. It's good. Don't have any issues just huge compliments to the team.

[–] R3D4CT3D@midwest.social 6 points 17 hours ago (1 children)

i really want to make the switch but need to figure out how to steal a pixel phone bc i sure as hell ain’t paying for one

[–] sfjvvssss@lemmy.world 14 points 16 hours ago
[–] N0x0n@lemmy.ml 40 points 1 day ago (14 children)

I post someone's comment on a controversial topic about google and GOS. I saved it because that's exactly how I feel.


Step 1 of installing GrapheneOS for de-googling your life: Buy a Google Pixel phone

Look - I know, I know. I get it. Google allows you to unlock the bootloader while maintaining the phone's unique and excellent hardware security features. The argument makes sense. It is compelling. Other manufacturers do not give you this freedom. I am not arguing about that. I have a Pixel phone running GrapheneOS myself.

However... It is just so very obviously ironic that one needs to trust Google's hardware and purchase a Google product to de-google their life through GrapheneOS. I think that it is a perfectly valid position for someone to raise their eyebrows, laugh, and remain skeptical of the concept either because they do not want to support Google at all, or because they simply will not trust Google's hardware.

The reason why I think that this is "controversial" is because I have seen multiple instances of someone pointing out the irony, followed by someone getting defensive about it and making use of the technical security arguments in an attempt to patch up the irony.

https://mander.xyz/comment/15084264

[–] bruzzard@lemmy.world 2 points 7 hours ago

With the lack of any other viable option, I struggle to see the point of the arguement.

[–] schmurian@lsmu.schmurian.xyz 27 points 23 hours ago (1 children)

I think buying a Pixel phone second hand solves this issue and reduces a little e-waste at the same time.

[–] spookedintownsville@lemmy.world 6 points 11 hours ago

This. I never buy a Pixel new.

load more comments (12 replies)
load more comments
view more: next ›