this post was submitted on 31 Oct 2023
85 points (96.7% liked)
Privacy
32482 readers
222 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Are you seeing the problem with targeted downvotes towards my comments? I got precisely 5-6 downvotes suddenly in the past hour (for every single post and comment I have made for the past week or so) suddenly for a reason - vote manipulation via sockpuppets - this is the kind of crap they precisely do. What does a leftist do? Stop supporting and using that product, and switch to something that works just as fine. Continuing using something made by such horrible entities while saying otherwise is a kind of faux virtue signalling US govt does via news media.
Calyx if you want one of these pre-configured custom ROMs for Pixels only, and Lineage or /e/ if you want more device support.
If you think the part about locked bootloaders is so important, just know that they lie to the extent of going around in tech YouTuber comment sections and claim they have $1M Cellebrite Israeli toolkits to verify grapheneOS is safe against bootloader attacks like Evil Maid. https://i.imgur.com/woNxPhx.jpg
Please read the paper by Ken Thompson, co-creator of Unix and C, on why we should be able to trust the developer and NOT the code. https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf
Okay, first of all: Chill, and let me lay out an observation here.
You are very passionate about that topic, maybe a little too much. The way you talk about it is too heated, and gives people the idea that a civil discussion might not be possible.
The fact that you immediately start conspiring about where your downvotes come from doesn't make it any better.
Now, the issues you describe are very much real, and a problem. There are merits and downfalls in each project, each one handles these differently, and it is for us to decide how to react to that.
So, you're saying that as a reaction, I should neither use Graphene nor DivestOS, am I understanding this correctly?
What then? Compromise my privacy by using less optimal systems? Why would I do that?
Doing things out of principle vs doing them out of practical use is something this community is quite aware of, isn't it. Sometimes the decision isn't easy, sometimes it is.
This is not about "passion". I have been monitoring and documenting the "security zealots" in FOSS community for the past 5 years. If you think that's nuts, I recommend you take out an hour or two and go through this stuff. It will be worth it.
https://old.reddit.com/r/privatelife/comments/ug9qnc/writeup_criticism_of_rprivacyguides_grapheneos/
https://old.reddit.com/r/privatelife/comments/13teoo9/grapheneos_corporate_foss_loving_witch_hunting/
There is no conspiracy btw, regarding voting manipulation and sockpuppet trolling (they admittedly do it). GrapheneOS is by far the most vicious entity in FOSS/privacy community for a while now, to the point Techlore community openly calls them "rabid dogs". Lemmy is just seeing this stuff afresh, what has been going on Reddit for over 3 years. They would have imported that culture onto Lemmy long ago, if I was not here for the past 3 years, and not a moderator acting as a defense line.
As for "security" and features of this AOSP fork, look no further. https://i.imgur.com/pQHoq84.jpg
There are only 3 things they ever did on their own as extras, and even they have basically no value in the grand scheme of things, them being offering:
Now, I will elaborate on these 3.
So out of the 20-30 features GrapheneOS claims they developed, everything is either a modification of app permissions or firewalling or AOSP feature rebranding.
Also, as you may have famously heard about "Sandboxed Play Services", it is not developed by GrapheneOS, but a project called ProtonAOSP, whose developer is kdrag0n. GrapheneOS copied that off and rebranded it as their own developed thing.
As you can see, GrapheneOS is basically a lot of marketing and in reality, there is negligible or nothing beyond the surface. This is called snake oil, or selling bridges/dreams.
A civil discussion is not possible with people that always lie about things for years (https://old.reddit.com/user/lo________________ol/comments/1314x2x/why_did_i_do_this/), then manufacture lies about how they were swatted to manufacture drama and gain fame, never to give evidence, label everyone neonazi or complicit in this hoax murder attempt, censor any attempts of being questioned and go underground, and use "autism" label to dodge accountability, and to be a witch hunting liar and an asshole to everyone.
Marketing, lies and deception aside, what is the most secure and private Android system?
Whichever system you can navigate through easily and freely, none of which is a smartphone. Smartphones are only temporary vessels on-the-go for calling, texting and photos/videos. Keep your computing as much as possible to a real, dedicated computer or laptop. Any mainstream Android phone in the past 3-4 years, if you do not root or unlock it, has been "secure" at this point, as long as you are not installing calculator apps that need your credit card info and camera access, and as far as your adversary is not the TSA airport agent with Israeli Cellebrite kit or you are not a state actor target for malware like Pegasus.
Funnily enough, Pixels have been horrifically insecure for a while now, besides their garbage QC issues. Google took months to fix these security issues for 6A, 7 series that were more easy to exploit than the security issues any other Android maker has had for the past few years.
https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/
https://twitter.com/ItsSimonTime/status/1636857478263750656
https://www.notebookcheck.net/Google-Pixel-6a-reviewers-claim-to-encounter-a-potentially-serious-device-security-issue.637266.0.html
Any decent Android phone post Android 9 version, provided you:
is a secure phone to use. There is full disk encryption for years now, and iPhones are cheaper and easier to exploit than Androids since 5-6 years.
I have had a non-root smartphone guide for years now (https://lemmy.ml/post/128667), letting anyone have a private and secure Android device without any Safetynet tampering or bootloader unlocking complexity, which also allows to use Android Auto, bank apps and any of those Safetynet apps comfortably. This, to the best of my knowledge, is the Pareto frontier of usability, privacy and security on smartphones, provided you have an actual computer as well.
Someone made an Android app that allowed me to solve the issue of physical phone theft as well, effectively disallowing anyone (unless million dollar Cellebrite-like kits can exploit the stolen locked phone) to extract data out of your phone, in case someone took your phone on the street and ran away. This requires locked bootloader, which is the default state of any Android phone you purchase commercially, unless later unlocked or rooted.
That is the most elaborate way of dancing around a simple answer I have ever seen, I am impressed.
That is the ELI5 version, which is how I talk to people about technical matters. If you were to quote this 20 years later, it would require no further context and citation, and would still be a relevant comment. A lot of my comments are guest-blogging style mini posts. Generally one should have no further questions about picking a private and "secure" Android device for years after reading this.
See, I genuinely appreciate the thought behind that. It's just that the way you word things sounds like an uncomfortable mix between aggressive, a dash of condescending, and getting worked up about others not accepting „the one truth“, so to speak.
Again, I appreciate trying to raise awareness.
But firstly, roll back and try other ways of doing it, and secondly, you can't force decisions on others.
You have to because you are XY political affiliation
No, just stop saying stuff like that. Seriously, it doesn't do you or your cause any favours.
There are certain "security zealots" in FOSS community that shill Big Tech, dump on FOSS projects and promote typical IT dudebro asshole behaviours. I am documenting it since 5 years, so I am coming from a far different place, having seen it all. Being in their chatrooms, engaging with racists, IRL Nazis and absolute clowns has allowed me to see pretty much every trick they can pull.
The reason I called out the political affiliation is because as a leftist, cherrypicking and supporting/opposing issues is incorrect. IT dudebro behaviour is what GrapheneOS community staunchly supports and normalises, and is the root of many problems in tech sector.
Micay using the "autism" placard to dodge accountability is disgusting, and it hurts all autist and neurodivergent people. Micay is the embodiment of most of the worst kind of behaviours, and rewarding him by using his AOSP fork is one of the worst things you could do.
Didn't Micay announce in May that he was going to step down as lead developer and head of the foundation?
Still though, him being a massive dick doesn't mean Graphene is a bad system all of a sudden. As I said before, it's a case of personal principles vs practical use, and people will decide whatever they'll decide.
People are complex, and this kind of decision-making simply isn't as black and white as you'd like it to be. (And don't get me wrong here, there certainly are many situations where it should be)
Anyway, I guess you'll be happy to hear that sustainability and repairability in form of a Fairphone is ultimately more important to me than being able to use Graphene.
That's likely the route I'll be going whenever DivestOS doesn't support my device anymore.
Its easy to see why "stepping down" means nothing, when you see that GrapheneOS is a one man army show, his GitHub says the same, and GrapheneOS commits tell the same story since April 2023 (when he told how there was a CP/gore spammer in his offtopic Matrix chat and he claimed to be swatted, no evidence or in local Canadian news in 5 months). Check his GitHub repo member list (flat hierarchy makes no sense), correlate with Matrix chatroom and Discourse admins/mods lists.
His whole game is playing with optics in the FOSS community, portraying his hobbyist stuff as professional even when his behaviour screams the opposite, and using labels like "lead dev", as if many people make commits to GrapheneOS. Optics is the key word, which also plays into marketing fluff about features, mostly which are rebrandings like what OEMs do with tacky skins.
While things in life are not black and white, they are certainly not 45% and 55% gray either, but more like 20% gray and 80% gray. (I am a Pareto's principle shill.) Most (not many) situations in life are just that, distinctly clear with no fog clouds. Nuance changing a situation's dynamics is the exception, not the norm.
Fairphone is one of the top recommendations in my guide, and they now have 8-10 years of security updates as well (7y with FP3+ iirc).
All this is not to appease or stroke my ego (I have refused donations for my guides), but to refuse rewarding this IT brodude bullshit behaviour, and to put an end to it in the IT and FOSS/anonymous communities. The privacy community has been filled with illogical, conspiratorial nutjobs and assholes and I have been one to help clean it up myself for about 4 years now. I still fondly remember how r/privacy mod censored my r/privatelife subreddit with 26 members, and swore to clean this mess. Simply put, I am a meta-contrarian voice of reason that has and will go against anyone to say what needs to be told.
These are not the same community. The actual free software community has been a thing for 40 years, and the privacy/security people spend as much time attacking free software as they do big tech. I've come to believe no security or privacy guy is trustworthy in the free software space. Reject Rossman, return to Stallman.
edit: security guys will say "free software isn't always more secure!" and privacy guys will say "freedom, what is this freedom? it has no internet access, that's the only thing that matters!" and meanwhile stuff like WEI is being implemented, that we've been warning about for the last 40 years. The security and privacy guys will say you don't need freedom, just the "best tool for the job" - Chrome was the best browser when it came out, now it's being used to subjugate the free web. WEI is the end result of treating freedom as a second thought behind security.
That was not a generalisation, but a (perhaps confusing) way to convey this group exists in both FOSS and privacy community, attacking both, creating drama in both and normalising asshole behaviour and lies in general. I am well aware of the distinction, as a Debian user, and a Linux adopter since when W10 dropped. I advocate for both free libre OSS and privacy (if you noticed r/privatelife before).
Thanks for making me smirk a little with the WEI example. There is hope only in prioritising freedom AND democratisation of technology, everything else second, as principle. But I consider realism and use specific closed source software where needed, because the world is far from utopia. I have been a Netscape and Phoenix user since the beginning, only tried Chrome once for a few days around 2010s when it was being hyped in the Browser Grand Prix Wars and found it not worth the loss of freedom.
I would like to take this opportunity to show you how Micay and his acolytes and GrapheneOS members have time and time again evangelised Windows, MacOS, Google and Big Tech companies over the years.
Big Tech shilling: https://i.imgur.com/bUdVCpH.jpg
Big Tech shilling on Telegram: https://i.imgur.com/V7McLFO.jpg | Their mirror on Lemmy: https://lemmy.ml/c/windowssec
Astroturfing Reddit, a collage: https://i.imgur.com/Yv9nvxy.jpg
Them astroturfing 4chan for years. A collection of 6 months of posting. https://i.imgur.com/G6P1c9n.jpg
GrapheneOS key member who became Privacyguides mod, "considering" closed source promotion rules (http://web.archive.org/web/20220501174616/https://old.reddit.com/r/PrivacyGuides/comments/siqc69/consideration_on_removing_rule_1/) and one month later implementing them (http://web.archive.org/web/20220501174740/https://old.reddit.com/r/PrivacyGuides/comments/tdtbcz/recent_changes_to_privacyguides/). Keep in mind the Big Tech shilling evidence above.
This is one of the key reasons why I act as a defense line to protect Lemmy against their invasion. I stopped them completely on Reddit. I stopped them 2 years ago here. Now they are back, downvoting me with 5-6 alts, and I need community support. They are enemies of FLOSS, freedom and even many open source projects. All they do is create drama and spread hate, then when someone complains, they start crying. They are crybullies. Last year they even did this to me, trying to get me out of the way. https://archive.ph/acy2h
I don't think graphememe is all that great either I tried it once a few yrs back and hardly any apps worked that I need and everything was slow af.