this post was submitted on 05 Jan 2024
43 points (100.0% liked)
Free and Open Source Software
17931 readers
113 users here now
If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I would let your wallet decide.
GrapheneOS and the Librem 5 can handle this. If I hadn't bought a phone at the end of 2022 I'd likely go for the Librem 5 unless a used Pixel could be acquired.
I think the only thing you will lose with GrapheneOS is tap-to-pay, if you even use that. Beyond that, if you don't install GSF or even microG on the device you're already doing a lot in terms of privacy. You have to look into whether things like Uber would work without GSF (I don't use Uber so I can't check).
I was going to set up a Nextcloud server, but ended up just using Syncthing. I thought I would need that full suite of services, but it turns out my workflow just needs a few directories. I use Markor to take notes and write drafts. Before, I did editing on my phone, but now I wait until I am sat down in front of a computer. Syncthing can run on an old Raspberry Pi and requires very little upkeep.
Another suggestion is to use something like UAD to debloat most any Android phone. It is a bit of a preview of what to expect from many alternative ROMs. You need to switch to OSM and use a different calendar app and possibly a different camera app, contacts, keyboard, etc. and you'll notice very quickly that...nothing really changes except maybe battery life.
If you want any banking apps, they can also refuse to run without at least microG and some Magisk trickery. Some will go as far as refuse to run if they barely find a sudo binary on an otherwise locked non-rooted phone.
Don't root your GrapheneOS system. This site offers a great summary why it's bad. Root and Magisk are huge increases in attack surface and microG isn't recommended either, as it requires root for basic functionality. GrapheneOS has created Sandboxed Google Play services, which takes the official Google Play services binary and runs them in the normal Android application sandbox. This is more private and secure than both the implementation on the Stock OS and microG. Most banking apps work on GrapheneOS with Sandboxed Google Play services, no need for root. In fact, root decreases your chances of getting banking apps to work, because a rooted device can't pass Google Play device integrity checks (previously known as SafetyNet).
I've been pretty meh on GrapheneOS, haven't actually used it, usually lean towards LineageOS, but the sandboxed Google Play feature sounds pretty interesting.
Unfortunately, LineageOS is pretty insecure. Worse than stock Android. https://madaidans-insecurities.github.io/android.html#lineageos
Does Lineage actually have any advantages over Graphene?
Well, it works on more than 10 phone models. The criticisms in the post are valid, certainly, but that doesn't help much if my device isn't supported.
Honestly, the stock ROM on most phones is probably better than LineageOS. I would stick to that, maybe use the Universal Android Debloater to remove some of the crap and eventually get a Pixel with GrapheneOS.
Linux phones like the Librem 5 are fundamentally insecure. It's also outdated and overpriced, I really wouldn't recommend it.
Is this your blog?
No, but the guy publishes some great articles in regards to privacy and security. privsec.dev is another one I recommend.
Obviously these phones aren't as good as megacorp-backed Androids yet, they're much newer and the software is being developed by the community for fucks sake. And the manufacturers haven't had so many design revisions to recognise and fix all the issues.
They're development/early adopter devices. And the killswitches aren't pointless, because while you can enable airplane mode, that's a software mechanism which can be maliciously changed, either by the manufacturer or an attacker. A kill switch will 100% cut you off.
Airplane mode exists because it is mandated by law that every handheld cellular device needs a reliable way of disabling the cellular modem to prevent interference with airplanes. When airplane mode is turned on, the cellular modem actually needs to be turned off. Otherwise, the device is not compliant with regulations and can't be sold. Obviously, this is not a 100% guarantee, but the chances that the cellular modem randomly turns on while in airplane mode are very slim. And the Wi-Fi switch isn't really useful, because GrapheneOS and even Stock Android use Wi-Fi MAC address randomization. On GrapheneOS you can also fully disable Wi-Fi scanning.