Alternative to GrapheneOS
from Linsensuppe@feddit.org to privacy@lemmy.ml on 20 Jul 2024 22:18
https://feddit.org/post/965432
from Linsensuppe@feddit.org to privacy@lemmy.ml on 20 Jul 2024 22:18
https://feddit.org/post/965432
Im considering buying a new phone and i don’t really consider a Pixel. I really like Fairphones approach, with the self repairable stuff. Even though they don‘t have a headphone jack. But well… I can’t change it. I’ll definitely go with the adapter over wireless headphones.
But to my question: What private OSes are there? Fairphone sells FP4s with eOS, how is that? And does it work on the FP5? GrapheneOS only works on Google Pixels right?
#privacy
threaded - newest
Graphing does only work on the pixel devices. What makes it special is that you can lock the bootloader again after installing it, which with things like lineage, you cannot do. I have never used /e/OS but i use lineage as my daily and it can be installed on FP
Honestly trusting the bootloader feels very risky
In that case, have fun coding up your own bootloader and flashing it onto the device. If you can’t trust the bootloader, then you can’t trust anything at all from the operating system that sits on top of it, because it could be compromised. If you can’t trust a bootloader, then the only thing you can trust is a pen and a piece of paper.
True but it feels like obscurity via obscurity.
A huge part of the bootloader stack is opensource…
android.googlesource.com/platform/…/fastboot/
android.googlesource.com/trusty/lk/trusty/
android.googlesource.com/platform/external/avb/
why dont we just put uefi on phones
Phones don’t use an IBM-PC architecture. You’d need a phone based on an architecture phones aren’t usually based on or You’d need to re-engineer UEFI to work for an architecture it wasn’t designed for
UEFI has supported ARM for years now…
And “phones don’t use UEFI”
I’d be more worried about the ROM that runs before the bootloader that you can’t inspect, or possible hardware implants if you don’t trust the bootloader shipped to you from the vendor.
I don’t trust it not to be flawed
GrapheneOS uses pixels because not even Google employees can break into it.
Yes. Insider Attack Resistance is pretty awesome.
Ok what is your alternative? Android Verified Boot with a secure hardware keystore like the Google Titan M2 is basically the best thing you can get.
Strong encryption with a password you know only. The password should have a high enthropy
This is unrelated. You want to familiarize yourself with the concept of OS integrity and how it is different from data encryption. You can have a passphrase that encrypts your data alongside having access to these hardware features.
It has very minimal code and its implemented in a robust manner. Unlike UEFI and the desktop implementation of secure boot, it does work well and it has not yet been exploited on pixels. Its way better to have any kind of OS integrity check than none.
I’m not sure why this is considered special. You can also re-lock the bootloader with CalyxOS, iodéOS and DivestOS. This is a Pixel thing, not a GrapheneOS thing.
Okay, I was not aware of that, so thanks for the information.
It’s also possible to relock the bootloader on a handful of Motorola and fairphones, at least as part of the Calyx install procedure
DivestOS is a good option
CalyxOS is another one. Some consider fairphone problematic
Can you explain that? Why is Fairphone problematic?
Well, whether anything is problematic or not is highly subjective.
Do you consider no headphone jack to be problematic?
What about the use of slave labor? After realizing it was impossible to get away from that, they tweaked their slogan from a fair phone to a “fairer” phone.
How about the high price and little demand?
See what I mean? One person’s problem is not everyone’s.
I do consider the missing headphone jack a problem, but are other brands better? I did not research any of this, but don‘t other brands do the same. Considering this, I think Fairphone is one of the better phone producers. Im not saying they are the best or that they do nothing wrong. And please correct me if I’m wrong, I think the high prices come from the higher loans and better quality materials than other brands.
What does any of this have to do with Fairphone? You can apply every single one of these criticisms to the rest of the industry and it would be way more relevant than it is with Fairphone.
It seems some people will not accept paying more for an ethically superior product unless it is literally perfect in every single ethical aspect. If it’s not perfect, then this company that is vastly superior to all its competitors when it comes to ethics is somehow the villain. This is braindead logic.
I think the point is, why avoid buying a more mainstream phone like a pixel if even fairphone can’t avoid slave labour? The two big reasons why people go for fairphones is ethicality of the manufacturing process (labour and environmental impact) and modularity/fixability. If their labour is unethical then that means they lose one of their most important appeals. The horrific treatment of miners in the global south is easily one of if not the most significant issue with modern phone manufacture.
That’s not a point. This is not a case of all or nothing. You seem to have been raised with some kind of Disney fantasy land ideals about good and bad but the reality is that nothing is perfect including ethical consumerism. We simply look for the better or best alternative and that is currently Fairphone. That’s an objective fact.
Where did I say it was all or nothing. I don’t think you’re reading anything me or the other person is saying
You acknowledged yourself that Fairphone is also environmentally superior to its competitors, such as Google, yet apparently this doesn’t matter to you when it comes time to purchase. Your logic seems to assume that because Fairphone is not perfect, it is therefore no better ethically than a company like Google. That is an all or nothing mentality.
I didn’t say it didn’t matter.
Other phones have advantages over Fairphone. Nobody buys a Fairphone because they think it has the most cutting-edge features. They buy it because they believe it’s more ethical. So any way in which Fairphone fails to be significantly more ethical than mainstream phones, is a reason to go for mainstream phones instead, as Fairphone loses its main advantage.
I didn’t say this. I said that believing Fairphone is more environmentally friendly is a reason why people go for Fairphone. For the record I do believe its emissions are lower but I don’t believe it to be environmentally friendly because I don’t think there’s any eco-friendly way to make modern smartphones, but that’s besides the point, I never commented either way on what I think of Fairphone’s environmental policies, only its labour policies.
Only one of these is undermined by your supposed slave labour argument (you’re yet to share any evidence that suggests Fairphone is worse than its competitors in this regard). Discounting the other reasons you listed because of this is an all or nothing mentality.
You haven’t proven or argued this, though. You’ve only argued that Fairphone uses “slave labour” (again, no comparison here with competitors). That doesn’t mean that Fairphone loses ALL its ethical advantages.
I never said Fairphone was more unethical than its competitors, only that it claims to be more ethical and its main marketability is on the basis of this claim. If you didn’t care about ethics in phone production, would you still buy a Fairphone over any other phone? I don’t think so. Aside from their claims about ethics, the only thing that sets them apart is the modularity, which I do think is a positive and possibly that’s enough for some people, but I’m personally more concerned about the ethics of phones. If Fairphone is not substantially more ethical than its competitors then a lot of their customers would buy other phones, because other phones may have features that Fairphones don’t have.
And for the record I don’t think any ethical phone exists nor do I think it’s possible to ethically make a modern smartphone. There’s no ethical way to mine cobalt, and if you dispute that I challenge you to go work in a cobalt mine. Phone production is evidentially terrible for the environment and many of the natural resources required to make phones cannot be extracted without incredibly unpleasant and frequently deadly labour, which nobody would voluntarily do. I think it’s good enough that Fairphone is supposedly making an effort to mitigate this, and if you need a smartphone I don’t think there’s anything wrong with buying a Fairphone. But I think it’s quite obvious that the reasons to buy one are undermined significantly if Fairphone is engaging in much of the worst of industry standards.
It seems like an incredibly disingenuous representation of criticism of a tech company to say that it’s “all or nothing” to be swayed away from a company that specifically markets itself as an ethical alternative (which Google, Apple, Samsung, Huawei, etc do not market themselves as) when they could be getting something they may consider to be a better product from another company with similar working conditions etc.
/e/OS, DivestOS, LeneageOS and CalyxOS are some options I’m aware of.
/e/OS is often a month or more behind on Android updates (including security). Unacceptable I think.
Some info about patch history here: www.divestos.org/pages/patch_history
General comparison table of Android ROM features: eylenburg.github.io/android_comparison.htm
Don’t forget iodéOS!
Oh yea! My bad 😅
If I had a Fairphone I’d use CalyxOS or DivestOS. They seem to be the best for privacy and security out of the OS that Fairphone supports.
What about de-googled android? Is that private/secure?
No given the recent Cellebrite leak. You’re only secure if you use Pixel 6 and after, stock or GOS.
Of course that mostly only apply if you put government into your threat model.
That’s a threat to any device. Also the pixel scored way better than many other devices
DivestOS is the way to go.
There are only a few to consider. /e/os if you want it easy or DivestOS if you want it most secure and private. All the other possibilities have disadvantages compared to these.
Please be aware that you should buy FP5 as FP4 has huge hardware issues and the support is a dissapointment. And yes, /e/ is available for FP5 (but not via easy installer, but it’s not hard to flash it yourself)
/e/ is announced as ‘degoogled’ but that’s not 100 % true (and not nearly as well). For example MicroG connects to Google as well as connectivity backup check. Patch level is far behind AOSP. The App Lounge uses clean APK for some apps which is very risky. Communication is a problem and they do not react like they should for example when Mike Kuketz analysed /e/ and found several problems.
The community is huge and they support many devices.
DivestOS is better in most points but is managed by one person alone. MicroG is not included by default (if you need it) and multi sim support is a problem.
You can disable microg connecting to google servers, but basically you get a standard gms free experience, with most apps simply not working from play store. They list in the wiki how and why they connect to google: github.com/microg/…/Google-Network-Connections
A completely google free experience would be unusable for “normal” people, so they somewhat right as they target “normal” users. I also don’t like /e/, but because they are deliberately obfuscating a lot of things in their documentation, and they try to sell their os as something genuine, but it’s mostly just AOSP with microG.
I’m on CalyxOS, it works great. Locked bootloader, ability to block connection of devices when screen is locked (defeating cellebrite’s method of choice), work profiles and firewalls etc.
I use MicroG LineageOS which is in my opinion comparable with graphene os and is supported by a lot more devices.
lineage.microg.org
Graphene and Lineage are the most uncomparable custom roms. Have and look at security and privacy and the type of Google Play handling.
See eylenburg.github.io/android_comparison.htm to geht a first idea
MicroG version of lineage. Graphene is obviously way supperior.
The Fairphone 5 is supported by CalyxOS, iodéOS, /e/OS and LineageOS (with or without microG, which is a Google Play Services replacement).
You can read about each of the projects here:
As somebody that might be changing phone sometime this year and to cover all the possibilities, do we have a recent comparison of all these projects?
Yes! There is a really helpful (from a privacy and security standpoint) comparison chart here. It also includes GrapheneOS and “stock” Android.
Thanks!
There are several degoogled OS options for the Fairphone models, with different levels of degoogling and privacy: LineageOS, CalyxOS, DivestOS, iodéOS and /e/OS.
Most of these are based on LineageOS (I understand that CalyxOS isn’t, but I might be wrong). I personally use iodéOS and I like the helpful developers, the ability to remove / replace any of the apps preinstalled with the system, and the iodé blocker which blocks trackers, adds and any connection you want to at a system level.
I currently run DivestOS on a oneplus 6 and it’s pretty slick with mull for web browsing and neostore for apps.
Depending on your linux knowledge, you may want to use real linux (postmarketOS). But beware, the amount of things that require closed source OSs like android or ios isnt 0. banking apps for example arent accepting of non proprietary phones yet. I dont know about emulation though.
For emulation there is Waydroid. I’ve never tried to run bank apps with it, but everything else worked smoothly.
Thanks for mentioning it. I heard about waydroid but havent tried it yet.
I’ve used it in multi windows mode with a libhoudini (installed thru a script, I think it was this) (had no luck with libndk) on desktop (x86) because some android apps are not compiled for x86. No need for it on an arm device.
If you have a dual gpu setup, enable software render because it got issue with dual gpus (see here).
I daily drove a Oneplus 6 with PostmarketOS for a few months. While it was very cool and gave me a bunch of freedom compared to android, I missed things like always having proper mobile UIs and a working camera. It is my understanding that the fairphone 4 is in a similar state of support, if a bit worse. Can recommend it though if you like using linux and don’t need banking or a camera from your phone.
Thanks for chiming in. I agree that pmos is not a perfect drop in alternative for android yet. but for me it is 1. not necessary to have a perfect copy and 2. not a permanent situation since pmos is picking up steam, same as the rest of linux. So I believe cameras will become usable at some point and banking apps will probably also come around at some point. The more people use it, the faster imo.
Every few months or so there is news of what hurdle has been overcome getting the camera on the oneplus 6 to work. So you might be right there.
Thats my impression as well. Lets hope mobile linux goes nuts.
Not true. I’m a Tangerine customer and have no issues at all with their app on Graphene.
That is one usecase. I‘d be a little more thoughtful about my first sentence if I were you.
That one use case literally invalidates the claim that banking apps don’t work. Your banking app might not work, but mine does.
Thats not how logic works my friend. If 99 people cant get it to work and you do, that makes the claim not invalid but either you lie or you have an „unusual“ setup. The claim still holds true in most cases.
Instead of waltzing over someone like this, you could try and show interest in their usecase and how to troubleshoot the underlying problem. That would be making the world a better place.
I’m not here to troubleshoot this issue. I don’t have the technical skill or understanding of this platform to do so.
I’m sure I’m not the only one with a working banking app. We don’t all use mainstream banks, right? There are options and I’m sure I’m not alone in this.
Thanks for insinuating I’m a liar though. That’s nice.
I’m on a Pixel 8 with GrapheneOS and a working banking app with no special fuckery because I genuinely don’t know enough about android to deviate from what’s offered in the stock Graphene experience other than using the FUTO keyboard and customizing basic settings just like everyone else.
Well, thanks for the info. I never said you were a liar. I said thats an option.
The point I took issue with is the way you approached this. I dont mind being corrected. I mind it being done like this as if I were somehow saying stupid things which 20 yrs of IT work clearly speak against.
So maybe we just forget this issue and agree that you have a working setup which I find very positive.
Have a good one.
I use CalyxOS on my FP4. I have been happy. Almost 2 years now.
May i know why you do not like the pixel phones?
They are expensive and I don’t want to give money to Google
they sometimes retail at a loss around the holiday season.
I highly encourage everyone to buy their pixel phones for grapheneos secondhand. there’s enough pixel fanbois out there you should be able to deprive any corporation of the money of your sale by buying a like new condition last generation pixel (Like an 8 now that the 8a and 9 are out)
Yeah that’s not a bad idea
Recently bought a used Pixel for just under $200.
I refuse to buy new when a 1-2 year old flagship is 1/3 the price of new.
Especially since when was the last time you got a phone that impressed you? Like phones haven’t been getting better they’ve been getting more gimmicky
Yup. Bought a secondhand 7a for ~$250. Maybe I should have looked for an 8, but honestly I don’t think the 7a is too bad all considered.
Sometimes you get what you pay for, and…
I get that, but your purchase (the entire Pixel department, to be honest) is a drop in the ocean to their profits. They won’t notice you not buying one at all. You’re handicapping yourself in the mobile security arena (not being able to install GrapheneOS) to take the high ground and not effect a tech giant.
That aside, if you really don’t want to give Google, buy one from a reseller and not from the Google Store.
If you don’t want to give money to Google, why not take money from Google?
adnauseam.io
Then, once you’ve offset enough money, then you can buy a Pixel at an overall loss on Google’s side.
They are way cheaper than fairphones where I live.
Sorry I wasn’t comparing to fairphones. I was comparing the minimum you’d have to pay for a phone that has everything you could possibly need with the only difference being a not-that-great camera. So like a budget Xiaomi phone that I use.
I dont know. Its not that I dislike pixels, I just liked the concept of Fairphones. And I just never thought about google phones because I thought google and privacy don’t match, even if I have a different OS installed.
Fairphones can also run CalyxOS if you want to look into that
FP4 with CalyxOS works perfectly.
Yes, GrapheneOS only works on Pixel devices, because the project has some pretty extensive hardware security requirements: grapheneos.org/faq#future-devices
The Fairphone is a highly insecure device, which comes nowhere close to the (hardware) security of a Pixel. On top of that, the Fairphone company doesn’t even know how to maintain their own Fairphone OS. The verified boot implementation is fundamentally broken and very misleading, since it’s signed with the publicly available (!!!) AOSP test private keys. This is such a blatant disregard of security practices, that should have made it impossible to certify their devices. It’s not a surprise either that Fairphone regularly misses important Android security patches, or delivers them months later. That’s also why GrapheneOS will never support devices like the Fairphone. There are more issues with Fairphone’s misleading update policy that I haven’t covered in detail.
I highly recommend against purchasing such insecure, and poorly maintained hardware. DivestOS is the best option for “damage control”, if you already own a Fairphone. Its developer actually cares about users and their security, and the OS is properly signed.
I’ve never heard of Fairphone and have only barely heard of DivestOS.
Yeah Fairphones all are fair and whatnot until you find out their software isn’t fair and they don’t give a shit about managing security properly nor collaborating with others such as GrapheneOS.
Personally, and thanks to some comparison charts, Graphene is the best, followed by DivestOS for most devices. Others are weaker, and Calyx is not useful as we have stronger Graphene.
I found the following website to be a definitive source for comparisons of all sorts, including this one:
eylenburg.github.io/android_comparison.htm
Too bad it’s hosted on Microsoft’s GitHub. Wish open source proponents would stick to open source solutions