this post was submitted on 24 Feb 2024
122 points (88.1% liked)

Privacy

31991 readers
499 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I want to mainly use it for privacy over its "security". I don't know what makes everyone fine with running it on fucking google pixels. Is there some kind of "low security" version or something for other phones? I'm so tired of certain organizations infiltrating privacy communities and making people believe in improving "security" by voluntarily giving up on privacy and using even non free software like that insecurities blog and other people.

you are viewing a single comment's thread
view the rest of the comments
[–] onlinepersona@programming.dev 57 points 8 months ago (5 children)

I believe the devs of GrapheneOS have tailored their requirements to target Google Pixel phones for one simple reason: there aren't enough devs to help them support other phones. They probably owned Pixels and started development on them, got specialized in them and didn't want to branch out as that costs lots of time.

There's nothing wrong with that. The only issue I find with their reasoning is all the claims they make of Google Pixels being the only secure Android phones in existence. It's detrimental because non-techies will just repeat that to death because they don't know better - just like Appholes repeating that iPhones are the most secure phones out there and Apple cares about privacy. It's free advertisement for Google. So people head out and give Google more money than their data would ever be worth and they do it repeatedly every few years because it's "common knowledge" that Google Pixels are the most secure phones out there.

The worst thing about that is that Google didn't have to do anything. Had Google made those claims, people would be wary, but this is an independent group and because of that, people give it credence.

Not saying GrapheneOS is a shit project - it definitely isn't, just the claims and free advertisement these devs are giving Google is bad.

CC BY-NC-SA 4.0

[–] ArcaneSlime@lemmy.dbzer0.com 29 points 8 months ago* (last edited 8 months ago) (2 children)

The issue is that Pixels are one of the only manufacturers that lets you install a custom ROM and re-lock your bootloader, which is an important security feature. Afaik only pixels and xaomi can do that, so they could expand it a bit, but tbh if those are my two options I'll take the pixel.

If you don't care about relocking your bootloader just use lineageOS or eOS, they aren't as secure, but if you don't want/need it to be as secure they do exist as options.

Edit: Relocking and https://grapheneos.org/faq#future-devices my mistake

[–] onlinepersona@programming.dev -1 points 8 months ago (3 children)

I've relocked 3 different phones from Samsung, Nexus (was that the old pixel? dunno), and OnePlus 🤷‍♂️ Maybe it's because they were old (<2020) ? No idea.

CC BY-NC-SA 4.0

[–] ArcaneSlime@lemmy.dbzer0.com 13 points 8 months ago (1 children)

Turns out it's a bit more than just relocking the bootloader.

https://grapheneos.org/faq#future-devices

[–] Max_P@lemmy.max-p.me 7 points 8 months ago

Google's phones have always supported the full spec. OnePlus used to also do that, but quietly removed support for it. OnePlus 8T on Android 11 (last OxygenOS version) you could, but when they switched it to Oppo's ColorOS that got removed, that'd be 2021-2022 ish so that fits your experience.

For Samsungs, I don't know. They let you relock the bootloader with a custom ROM on it, not just after flashing back a stock image? And it does the whole verified boot dance, TPM works and everything?

The key feature here is relocking with your own keys and retain all the security features as if it was a manufacturer's build. Rollback protection and everything.

[–] LoveSausage@lemmy.ml 3 points 8 months ago

With your own key? Nope

[–] user@lemmy.world 11 points 8 months ago* (last edited 8 months ago) (1 children)

Pixels have the most secure hardware features and they are the only ones that allow for bootloader relocking with custom os. You clearly have no idea what you're talking about.

[–] onlinepersona@programming.dev 4 points 8 months ago (2 children)

Again, I've relocked multiple phones with custom ROMs. If you choose to believe everything you're told, keep being blue eyed.

CC BY-NC-SA 4.0

[–] user@lemmy.world 6 points 8 months ago

Additionally, relockable bootloader ≠ full verified boot, but i doubt you even know what that means.

[–] user@lemmy.world 1 points 8 months ago

your personal experience from 20 years ago is irrelevant. its not possible today. tell me a phone where it is.

[–] THE_MASTERMIND@lemmy.today 8 points 8 months ago (2 children)

I have to agree that i too hate the devs saying pixel is the most secure but i disgree that google gets more money from pixels than our data .

[–] user@lemmy.world 1 points 8 months ago

Okay. Show me another secure android OEM.

[–] onlinepersona@programming.dev 1 points 8 months ago (2 children)

Hmm... is your data worth 300€ every 3-4 years? This would indicate not. There are probably other sources, but 100€/year for your data = ~8€/month for your data. I'd find that hard to believe, but will gladly be proven otherwise.

In any case, even if it were > 100€/year, giving them that amount is like a present despite trying to degoogle yourself.

CC BY-NC-SA 4.0

[–] THE_MASTERMIND@lemmy.today 2 points 8 months ago (1 children)

You are thinking the wrong way a phone like pixel would cost that much to make, transport, advertise etc in fact i think pixel is the best hardware you can get in that price range and google is only selling it at that price because they wanna be big in market and also tgey can bloat their own software to the phone aldready .

[–] onlinepersona@programming.dev 1 points 8 months ago (1 children)
[–] THE_MASTERMIND@lemmy.today 0 points 8 months ago (1 children)

And ? It has specks that match its money .

[–] onlinepersona@programming.dev 3 points 8 months ago

Are you aware of the context of your own discussion? You're arguing a completely different point.

CC BY-NC-SA 4.0

[–] z00s@lemmy.world 1 points 8 months ago (1 children)

May I ask why you put a creative commons licence link in all your comments? Is it because of Reddit's recent activities?

[–] onlinepersona@programming.dev 2 points 8 months ago

It is indeed because of AI training, but it wasn't prompted by reddit as I've been doing it for longer than the recent announcement. It was prompted by CoPilot (Microsoft/Github's AI for coding). There's an ongoing case about them using licensed, opensource code that hasn't been settled yet.

CC BY-NC-SA 4.0

[–] jet@hackertalks.com 4 points 8 months ago (1 children)

What phone hardware to you suggest as a replacement from a security perspective?

[–] onlinepersona@programming.dev 12 points 8 months ago (1 children)

TL;DR Unless you're being persecuted, I'd say the most important criteria is picking a modern phone actively supported by a ROM. Samsung, OnePlus, LG, FairPhone, ... they're all fine.

What's your threat model? Most likely, if you're just a normal dude, the most you'll have to fear is someone stealing your phone and trying to replace the OS on the phone. Probably every modern Android phone protects against that with secure boot. If somebody wants to read your data, IINM every modern Android phone has encryption activated by default meaning so do modern ROMs.

If you have somebody knowledgeable enough to start attacking your phone by opening it and messing with hardware, you've got an entirely different problem and if they want to get in, they will. Either physically through you (a wrench can reveal your password), a 0-day (iPhones were hacked through iMessage by text messages the user never saw aka zero click), or through some yet unrevealed vulnerability if you're that important.

[–] user@lemmy.world 1 points 8 months ago (1 children)

Without relockable bootloader you might as well disable encryption, as its possible for any attacker even for a thief to unlock your "secure" device by flashing any cracker zip.

[–] Joosl@feddit.de 1 points 8 months ago

Xiaomi HyperOS says no