this post was submitted on 15 Apr 2025
649 points (98.4% liked)
Technology
68772 readers
5108 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Graphene isn't the best choice for everything. It doesn't have good backup solutions nor device to device backup or anything solid for complete snapshots and when restoring your so called backups you'll realize what all it truly lacks.
It's hardened and has a lot of security and privacy features but none of that matters if your opsec is bad, or it's feature set doesn't match your threat model. I am not knocking it at all. It just isn't the white knight for every case.
What's wrong with Seedvault?
I'm being bugged by Seedvault caring for apps that have a 'don't backup app data' flag.
I could live with that being a default setting, which can be manually overwritten in the Seedvault settings for these apps.
Apps not allowing (in case of Seedvault: encrypted) full backups while offering no or bad built-in backups is just cumbersome when trying to have current backups.
afaik their device-to-device mode should be able to workaround that. it can still be saved to storage
Seedvault works, I've restored from backups multiple times.
However there are still many parts of overall data that aren't fully backed up.
Certain app data doesn't get saved.
Settings are but not in entirety requiring manual rechecks of all settings and reconfiguration if needed. Which saves no time because then you cannot trust it fully for what was and was not altered meaning you then must asses everything which took away the total value, and adds a layer of distrust.
Profiles must be backed up individually which creates a giant hassle to restore/maintain consistent backups, which also requires different drives for each profile to be recognized correctly.
App lists are impartial requiring a wrote down list or some form of rememberance that's not reliant on the backup list of installed apps.
I can go on with more its late in my time zone and I have to sleep so. It's a good project and has merit. It is just not where it should be to really be useful at scale. I am aware of the experimental setting to create a more comprehensive backup. Even with it checked on the backups are not complete. Thus the use of Graphene while a great project has definite major flaws. If they implement device to device backups it would be a game changer. Not high up on their list of to dos though.
Thanks for the info. I have not really tested Seedvault myself so this is all good to know.
Ironically, one of the main reasons I switched to GrapheneOS was because Google's backups were so frustrating and I was hoping Seedvault would be more comprehensive.
Agreed.
That said, it would be awesome to have an alternative to Pixel devices if you do want GrapheneOS.
The project has sort of silo'd itself into security which is only one part of the equation. Rather than overall completeness, functionality, maintainability. It's lacking major fundamental feature sets. Thus its more of a tails meets whonix/Qubes right now not a all in one bow wrapped package to save the day for its consumer base. Many many other issues/bugs I didnt list. Perhaps I'll add more tomorrow. If everyone wants.
And that's exactly what it should be IMO. I prefer a project with narrow goals to one that does everything, but poorly.
If I want backups, I can use something like Syncthing. When moving to a new device, I prefer to install everything from scratch because I generally don't use most of the apps I have anyway. I don't put anything critical on it, so why would I need to restore from a snapshot?
If you want those features, it's not the ROM for you.
I just want a simple device with a long support cycle and no spyware, and GrapheneOS delivers. I have Google Play Services on a sperate profile, and my main profile is completely free of that crap. I want a Linux phone, but every phone has serious limitations, like missing audio, sketchy calls, or completely broken camera. GrapheneOS is the closest experience I have to that.
syncthing cant backup your device. that is a file transfer app. for backing up the device you need either appmanager and root, or good old dd and root (and a half shutdown system)
currently there's no ROM on which you could execute a real backup, thanks to encrypted storage with keys stored in TPM. TPM sees a change, and now your backup is a useless blob of practically random data
as does calyx os
with microg, this can be done on calyx too. there's even a few options on how much you want google to know.
and if your point is that not all apps work with microg, then you would never actually move to a linux phone because that will never have google play services (hopefully, else something has gone way wrong), probably not even microg or apps that would depend on it
Seedvault worked fine for me when I moved phones last year.
I agree. Seedvault works but if you really use the project and its features as intended you'll see problems I listed above which is not complete I'm just tired there are plenty more.
You'll start to see the problems and the lack of value add from graphene. I'd feel much safer on a Linux machine and correct backups, under most threat models and opsecs, even without all the advanced security features than stuck locked into graphene as a half baked project. Which is saying something, and why I said it depends on your opsec and threat model I wasn't bashing the project it just is not the end all be all right now.
The year of Linux is upon us. Soonish*
Its had more dev time across the board which is why I would choose it first and foremost. What it lacks in certain features its fundamentally more complete. Regardless of distro mostly.