this post was submitted on 26 Jun 2023
73 points (98.7% liked)

Privacy

31850 readers
146 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Ironically, a large number of privacy minded individuals are using Google Pixels flashed with custom roms (Calyx, Graphene, Lineage, etc)

If not designed specifically for privacy, these Android forks are at the very least not stock Android, and stripped of many anti-privacy features.

This can be accomplished due to the Pixel's (mostly) unique attribute - a bootloader that can be unlocked and relocked.

I don't know why Google have allowed their bootloaders this freedom, but I can't imagine that a company with a reputation for killing anything they touch would allow it to continue for much longer.

If/when the day comes that the Pixel is fully locked down, what options are there for privacy enthusiasts to continue using a smartphone, an inherently unprivate device?

Does anyone know of development going into looking at how to unlock bootloaders on any device, opening the door for custom rom flashing to continue?

Are the pinephones, fairphones, etc going to have to ramp up production?

Anything going on in the iphone department allowing for detachment from the Apple ecosystem?

What happens next, really?

top 25 comments
sorted by: hot top controversial new old
[–] [email protected] 16 points 1 year ago* (last edited 1 year ago)

I'm just waiting for linux phones to be as viable as linux on the desktop, which I already use. I'll take whatever drawbacks come with that decision.

[–] [email protected] 13 points 1 year ago

I don’t know why Google have allowed their bootloaders this freedom, but I can’t imagine that a company with a reputation for killing anything they touch would allow it to continue for much longer.

They've historically always been very pro-developers, and they know Pixels are attractive to developers as sort of the defacto successor to the Nexus line, which was aimed specifically for developer as a way to have a close to AOSP ROM.

Google's also responsible for the entire bootloader specification, which does include provisions to provide your own keys and allow relocking the bootloader with a custom OS. So it's quite fair that their phones implements the full spec completely. If they didn't want people to be able to do this, they wouldn't have written a spec that calls for people to be able to unlock and relock. They also provide ways to authorize Gapps on any device/emulator, if they didn't want that they wouldn't let people do that either. But ultimately most people flashing their Pixels end up still using Google services and spending money on the Play Store and other Google products.

It probably also works to their advantage because it lets people poke at the security which helps people uncover bugs in AOSP so they can fix it.

The bigger concern is more about Google abandoning the Pixel project entirely rather than closing the bootloader.

[–] [email protected] 12 points 1 year ago

There are many phones you can unlock/relock the bootloader on. That's not why pixels are used. https://grapheneos.org/faq#future-devices

"Devices are carefully chosen based on their merits rather than the project aiming to have broad device support. Broad device support is counter to the aims of the project, and the project will eventually be engaging in hardware and firmware level improvements rather than only offering suggestions and bug reports upstream for those areas. Much of the work on the project involves changes that are specific to different devices, and officially supported devices are the ones targeted by most of this ongoing work.

Devices need to be meeting the standards of the project in order to be considered as potential targets. In addition to support for installing other operating systems, standard hardware-based security features like the hardware-backed keystores, verified boot, attestation and various hardware-based exploit mitigations need to be available. Devices also need to have decent integration of IOMMUs for isolating components such as the GPU, radios (NFC, Wi-Fi, Bluetooth, Cellular), media decode / encode, image processor, etc., because if the hardware / firmware support is missing or broken, there's not much that the OS can do to provide an alternative. Devices with support for alternative operating systems as an afterthought will not be considered. Devices need to have proper ongoing support for their firmware and software specific to the hardware like drivers in order to provide proper full security updates too. Devices that are end-of-life and no longer receiving these updates will not be supported.

In order to support a device, the appropriate resources also need to be available and dedicated towards it. Releases for each supported device need to be robust and stable, with all standard functionality working properly and testing for each of the releases.

Hardware, firmware and software specific to devices like drivers play a huge role in the overall security of a device. The goal of the project is not to slightly improve some aspects of insecure devices and supporting a broad set of devices would be directly counter to the values of the project. A lot of the low-level work also ends up being fairly tied to the hardware."

I think basically the higher standard of security on pixel devices allows/makes it easier to setup verified boot so you can relock the bootloader and retain that chain of trust it provides. Rather than an leave it unlocked in something like lineageOS where there is no verified boot and therefore all software isn't coming from a trusted (verified) source.

[–] [email protected] 11 points 1 year ago* (last edited 1 year ago)
[–] [email protected] 10 points 1 year ago (2 children)

As much as I wish something like the PinePhone would be a decent substitute, here's the problem.

Not enough people harden their Linux systems as it is. Mostly because people don't know how.

And now we're expecting consumers to know how to harden a Linux phone, out of the box?

Unless these start shipping with privacy-respecting settings defaulted to by the manufacturer, these will be far less secure than a Pixel.

[–] [email protected] 5 points 1 year ago

Valid, but once there's adequete demand it'll be the same as a pixel, get it, install a better distro(hardened), profit, without the vulnerability of google pulling the rug.

[–] [email protected] 2 points 1 year ago

Do you have any resources or suggestions for Linux hardening?

[–] [email protected] 8 points 1 year ago* (last edited 1 year ago)

Well there is always SailfishOS which you can run on Sony phones. It's a Linux OS but runs Android apps as well.

I doubt Google will stop offering the bootloader option tho. Because most of those custom roms are based on AOSP, and anything done with that that's open source, can be used again by Google too. I can't imagibe they don't keep an eye on the bigger projects like GrapheneOS. Free innovation, done by passionate people (who tend to make some if the best code).

At the same time, people who'd buy hardware just to flash it with a privacy-focussed OS aren't going to walk into the Google eco-system if they close it. They'll just go further away from it, while now they buy hardware and otherwise support or perhaps even contribute code (be it by development or by "testing" and adding bugs to github). So there is little to gain, only to loose.

[–] [email protected] 8 points 1 year ago* (last edited 1 year ago) (2 children)

So I’m hesitant to mention this, but I have been noticing similar problems trending worse and worse over the entire Android ecosystem. I love the projects that are trying to solve this, but I don’t see them gaining traction or building top notch phones with high end cameras that compete with Samsung or Apple.

So I recently decided to start trying out something else: after avoiding it like the plague, I’ve been using an iPhone 14 fairly regularly and have been pleasantly surprised by the privacy and security features. Everything seems to be implemented to give you control over what apps can do.

I’m not trying to start and Apple vs Android fight, there are many aspects I hate still, notably all their proprietary nonsense. But that aside, what’s everyone’s opinions on the privacy aspect of iPhones?

Edit: forgot to chime in on the key question: no, I don’t see Apple ever allowing custom ROMs unless it’s legally required. But I don’t see that entirely as a bad thing as long as the platform is appropriately secured and privacy friendly, which is why I’m asking this question and hoping those who know better can explain more.

[–] [email protected] 13 points 1 year ago (1 children)

Apple is a big tech company and no big tech company should be trusted (too much). While I think in terms of their user's privacy they are better than Google, Google at least is pretty vocal about them spying on their users with their actions.

On an iPhone you'll never get completely rid of trackers and stuff even with a jailbreaked device. Imo the best option you have (if you want a phone that respects your privacy) is an Android phone with a degoogled custom ROM that focuses on privacy. Something like Graphene OS, Calyx OS and /e/OS.

[–] [email protected] 2 points 1 year ago

Last time In checked Apple privacy practices, their were collecting same kind of stuff than Google.

The major difference is that Apple acts as a proxy between the user and advertiser, where Google let other companies also track the user.

NONE of them can be deemed as privacy-friendly.

[–] [email protected] 4 points 1 year ago

Apple recently started allowing encryption of iCloud backups which is nice. Def don’t use iCloud without setting that up.

[–] [email protected] 7 points 1 year ago

DivestOS is a privacy focused android ROM that supports a bunch of devices and has support for relocking the bootloader on most devices that support it

[–] [email protected] 2 points 1 year ago

You've to think about a Google Pixel phone as the Ferrari of phones. Who owns a Ferrari knows where and how to service it - no need to protect the user from itself like Apple does.

[–] [email protected] 2 points 1 year ago

I run LineageOS on my supported Samsung tablet and Poco Pro 4 phone. The Samsung is sans gapps so not too leaky.

The main problem is lack of supported tablets. Once the Samsung dies I will have to find some ChromeOS device on which you can install a standard Linux distribution.

[–] [email protected] 2 points 1 year ago (1 children)

I'm on GrapheneOS in my P7 and I suppose if I was ever unable to unlock my bootloader then I'd switch to a platform that supports Linux.

Ultimately, I hope that one-day we can flash a Linux mobile OS on our pixels.

[–] [email protected] -2 points 1 year ago (1 children)

There is no such thing as a private cellular device. It does not matter if it's a smartphone, dumb phone, or simple internet access device.

Cellular devices are location tracked and their owners profiled. All devices have proprietary cellular modems that communicate over the network and have full access to your system. Nothing you do on device will stop that.

The only exception I've heard of is from Purism. The Librem 5 claims to separate the base system from the cellular modem, but that still won't stop the location tracking.

Point blank, you can't carry a connected cellular device, and have privacy. They are mutually exclusive goals.

[–] [email protected] 13 points 1 year ago

There is no such thing as a private cellular device.

So what? You're gonna throw up your hands and give up? Why are you even here then?

There's degrees of privacy, and different anti-tracking methods that come with a list of pros and cons.

load more comments
view more: next ›