this post was submitted on 20 Jul 2024

8 points (100.0% liked)

Privacy

37039 readers

1 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

Alternative to GrapheneOS (feddit.org)

submitted 1 year ago by Linsensuppe@feddit.org to c/privacy@lemmy.ml

56 comments fedilink hide all child comments

Im considering buying a new phone and i don't really consider a Pixel. I really like Fairphones approach, with the self repairable stuff. Even though they don‘t have a headphone jack. But well… I can’t change it. I’ll definitely go with the adapter over wireless headphones.

But to my question: What private OSes are there? Fairphone sells FP4s with eOS, how is that? And does it work on the FP5? GrapheneOS only works on Google Pixels right?

top 50 comments

sorted by: hot top controversial new old

[–] Andromxda@lemmy.dbzer0.com 4 points 1 year ago* (last edited 1 year ago) (1 children)

Yes, GrapheneOS only works on Pixel devices, because the project has some pretty extensive hardware security requirements: https://grapheneos.org/faq#future-devices

The Fairphone is a highly insecure device, which comes nowhere close to the (hardware) security of a Pixel. On top of that, the Fairphone company doesn't even know how to maintain their own Fairphone OS. The verified boot implementation is fundamentally broken and very misleading, since it's signed with the publicly available (!!!) AOSP test private keys. This is such a blatant disregard of security practices, that should have made it impossible to certify their devices. It's not a surprise either that Fairphone regularly misses important Android security patches, or delivers them months later. That's also why GrapheneOS will never support devices like the Fairphone. There are more issues with Fairphone's misleading update policy that I haven't covered in detail.

I highly recommend against purchasing such insecure, and poorly maintained hardware. DivestOS is the best option for "damage control", if you already own a Fairphone. Its developer actually cares about users and their security, and the OS is properly signed.

[–] Dymonika@beehaw.org 0 points 1 year ago

I've never heard of Fairphone and have only barely heard of DivestOS.

[–] N4CHEM@lemmy.ml 2 points 1 year ago

There are several degoogled OS options for the Fairphone models, with different levels of degoogling and privacy: LineageOS, CalyxOS, DivestOS, iodéOS and /e/OS.

Most of these are based on LineageOS (I understand that CalyxOS isn't, but I might be wrong). I personally use iodéOS and I like the helpful developers, the ability to remove / replace any of the apps preinstalled with the system, and the iodé blocker which blocks trackers, adds and any connection you want to at a system level.

[–] communism@lemmy.ml 2 points 1 year ago

Fairphones can also run CalyxOS if you want to look into that

[–] fudo@scribe.disroot.org 1 points 1 year ago

I found the following website to be a definitive source for comparisons of all sorts, including this one:

https://eylenburg.github.io/android_comparison.htm

Too bad it's hosted on Microsoft's GitHub. Wish open source proponents would stick to open source solutions

[–] shortwavesurfer@lemmy.zip 1 points 1 year ago* (last edited 1 year ago) (2 children)

Graphene does only work on the pixel devices. What makes it special is that you can lock the bootloader again after installing it, which with things like lineage, you cannot do. I have never used /e/OS but i use lineage as my daily and it can be installed on FP

[–] possiblylinux127@lemmy.zip 0 points 1 year ago (6 children)

Honestly trusting the bootloader feels very risky

[–] user@lemmy.world 0 points 1 year ago

It has very minimal code and its implemented in a robust manner. Unlike UEFI and the desktop implementation of secure boot, it does work well and it has not yet been exploited on pixels. Its way better to have any kind of OS integrity check than none.

[–] shortwavesurfer@lemmy.zip 0 points 1 year ago (1 children)

In that case, have fun coding up your own bootloader and flashing it onto the device. If you can't trust the bootloader, then you can't trust anything at all from the operating system that sits on top of it, because it could be compromised. If you can't trust a bootloader, then the only thing you can trust is a pen and a piece of paper.

load more comments (1 replies)

[–] henfredemars@infosec.pub 0 points 1 year ago (1 children)

I'd be more worried about the ROM that runs before the bootloader that you can't inspect, or possible hardware implants if you don't trust the bootloader shipped to you from the vendor.

load more comments (1 replies)

[–] Andromxda@lemmy.dbzer0.com 0 points 1 year ago (2 children)

Ok what is your alternative? Android Verified Boot with a secure hardware keystore like the Google Titan M2 is basically the best thing you can get.

load more comments (2 replies)

[–] RubberElectrons@lemmy.world 1 points 1 year ago* (last edited 1 year ago)

I'm on CalyxOS, it works great. Locked bootloader, ability to block connection of devices when screen is locked (defeating cellebrite's method of choice), work profiles and firewalls etc.

[–] kylian0087@lemmy.dbzer0.com 0 points 1 year ago (1 children)

May i know why you do not like the pixel phones?

[–] sweetpotato@lemmy.ml 1 points 1 year ago* (last edited 1 year ago) (4 children)

They are expensive and I don't want to give money to Google

[–] FutileRecipe@lemmy.world 2 points 1 year ago

They are expensive

Sometimes you get what you pay for, and...

I don't want to give money to Google

I get that, but your purchase (the entire Pixel department, to be honest) is a drop in the ocean to their profits. They won't notice you not buying one at all. You're handicapping yourself in the mobile security arena (not being able to install GrapheneOS) to take the high ground and not effect a tech giant.

That aside, if you really don't want to give Google, buy one from a reseller and not from the Google Store.

[–] Cube6392@beehaw.org 1 points 1 year ago (3 children)

I highly encourage everyone to buy their pixel phones for grapheneos secondhand. there's enough pixel fanbois out there you should be able to deprive any corporation of the money of your sale by buying a like new condition last generation pixel (Like an 8 now that the 8a and 9 are out)

[–] BearOfaTime@lemm.ee 2 points 1 year ago (1 children)

Recently bought a used Pixel for just under $200.

I refuse to buy new when a 1-2 year old flagship is 1/3 the price of new.

[–] Cube6392@beehaw.org 2 points 1 year ago

Especially since when was the last time you got a phone that impressed you? Like phones haven't been getting better they've been getting more gimmicky

[–] sweetpotato@lemmy.ml 1 points 1 year ago

Yeah that's not a bad idea

[–] clark@midwest.social 1 points 1 year ago

Yup. Bought a secondhand 7a for ~$250. Maybe I should have looked for an 8, but honestly I don't think the 7a is too bad all considered.

[–] HEXN3T@lemmy.blahaj.zone 1 points 1 year ago

If you don't want to give money to Google, why not take money from Google?

https://adnauseam.io/

Then, once you've offset enough money, then you can buy a Pixel at an overall loss on Google's side.

[–] Linsensuppe@feddit.org 0 points 1 year ago (1 children)

They are way cheaper than fairphones where I live.

[–] sweetpotato@lemmy.ml 1 points 1 year ago* (last edited 1 year ago)

Sorry I wasn't comparing to fairphones. I was comparing the minimum you'd have to pay for a phone that has everything you could possibly need with the only difference being a not-that-great camera. So like a budget Xiaomi phone that I use.

[–] refalo@programming.dev 0 points 1 year ago* (last edited 1 year ago) (1 children)

CalyxOS is another one. Some consider fairphone problematic

[–] Linsensuppe@feddit.org 0 points 1 year ago (1 children)

Can you explain that? Why is Fairphone problematic?

[–] refalo@programming.dev 0 points 1 year ago* (last edited 1 year ago) (8 children)

Well, whether anything is problematic or not is highly subjective.

Do you consider no headphone jack to be problematic? Or that some think it was done intentionally to push their wireless headphones?

What about the use of slave labor? After realizing it was impossible to get away from that, they tweaked their slogan from a fair phone to a "fairer" phone.

How about the high price and little demand?

See what I mean? One person's problem is not everyone's.

load more comments (8 replies)

load more comments