this post was submitted on 09 Dec 2024
780 points (99.7% liked)

Privacy

32383 readers
162 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

cross-posted from: https://slrpnk.net/post/15995282

Real unfortunate news for GrapheneOS users as Revolut has decided to ban the use of 'non-google' approved OSes. This is currently being posted about and updated by GrahpeneOS over at Bluesky for those who want to follow it more closely.

Edit: had to change the title, originally it said Uber too but I cannot find back to the source of ether that's true or not..

you are viewing a single comment's thread
view the rest of the comments
[–] SeekPie@lemm.ee 4 points 1 week ago (4 children)

I don't think LOS has any privacy/security improvements over the stock android?

(IIRC) it's even worse than stock because you can't lock the bootloader after installation.

Though if your phone isn't getting official updates, it's probably safer with LOS.

[–] 211@sopuli.xyz 7 points 1 week ago (1 children)

There's also the Lineage-based DivestOS that attempts to keep up with more security updates, and relocking the bootloader in phones that support it.

https://divestos.org/

[–] SeekPie@lemm.ee 4 points 1 week ago* (last edited 1 week ago) (1 children)

Yeah, I myself am using CalyxOS, because DivestOS doesn't support the Fairphone 5 unfortunately. CalyxOS also has relocking.

[–] 211@sopuli.xyz 3 points 1 week ago (1 children)

Calyx also comes with MicroG, right? So mitigates many problems with a bit more Google.

And Fairphone 4 here, partly for Divest (had it on Oneplus 6 before this and just used to it), partly because of a good deal for a barely used one.

[–] SeekPie@lemm.ee 2 points 1 week ago (1 children)

(IMHO) CalyxOS is a good balance between security and usability. Better than LineageOS, worse than GrapheneOS (and DivestOS).

[–] 211@sopuli.xyz 2 points 1 week ago (1 children)

Amen to that. Everyone has their own balance point, Calyx seems to hit that for many.

[–] SeekPie@lemm.ee 2 points 1 week ago* (last edited 1 week ago)

Forgot to say that yes, CalyxOS does have microG, though you don't need to log into Google to download apps from Aurora. Login is only required for apps from Google (like maps, gmail etc).

I also got the Fairphone 5 because of the used price! Mine was 300€ with a slightly burned in screen (it was used as a store display model), though I only notice it when on a completely white screen and looking for it.

[–] ryannathans@aussie.zone 1 points 1 week ago (1 children)

Physical access is game over anyway?

[–] Andromxda@lemmy.dbzer0.com 2 points 1 week ago (1 children)

Not with GrapheneOS, since you can entirely disable the USB controller from the settings on a driver level, making it impossible to connect the phone to a forensic data extraction device. GrapheneOS also has a convenient auto-reboot feature, which (together with their patches to the Linux kernel and Fastboot recovery OS to include memory zeroing) erases the encryption keys from memory, putting the device in BFU state and requiring the PIN/password to unlock. This is additionally secured by the Titan M2 secure element, which makes use of the Weaver API and drastically throttles brute-force unlock attempts. https://grapheneos.org/faq#encryption

[–] ryannathans@aussie.zone 0 points 1 week ago (1 children)

Some cool features, wonder what backdoors google have put in the hardware

[–] Andromxda@lemmy.dbzer0.com 2 points 1 week ago (1 children)

Those conspiracy theories often come up in discussions here on Lemmy, but the TLDR is: Google is a tiny player in the smartphone market, compared to vendors like Apple, Samsung, Huawei, Xiaomi, and others (https://www.statista.com/chart/25463/popularity-of-google-smartphones/). They also serve a much smaller geographical region than most other manufacturers. The Pixel 9 lineup, for example, is only sold in 32 countries. Most of those are wealthy industrial nations. Google doesn't even try to assume market share in developing countries in Africa and Asia. It can also be assumed that over 97% of Google Pixel users keep the Stock Pixel OS, where Google doesn't need a hardware backdoor since they can just implement it in software. So that leaves only a tiny fraction of all users: people in some wealthy industrial nation who specifically buy a Pixel to install a custom ROM. GrapheneOS for example has about 300K users. Do you really think Google would put in the effort to create a hardware backdoor and take all the risk associated with it (negative PR, loss of sales, etc.) just to collect some data about this tiny amount of users? Google already controls EVERY Android phone on the market by forcing vendors to include Google Play Services as a system application through their contracts, licensing and monopolistic market position. Be realistic for a second, and you will realize that your backdoor theories make absolutely no sense and that no business in the world would ever take such a huge risk with such little reward.

[–] ryannathans@aussie.zone 1 points 6 days ago (1 children)

Bare in mind the chipset is the Google Tensor G4, they already had to design and build their own hardware. We don't know everything it can do

[–] Andromxda@lemmy.dbzer0.com 1 points 6 days ago (1 children)

We don't know everything it can do

Neither do we know this about any other CPU on the market. All chipsets on the market are proprietary. All of them. And no, despite many people (who don't know anything about what they are talking about) claiming this, RISC-V won't actually solve any of these issues. Sure, the ISA is open source, but the ISA would be the worst place for malicious actors to introduce a backdoor. I can guarantee you that despite using the RISC-V ISA, the chips themselves will still be fully proprietary and the IP will be highly protected as trade secrets. You can build a fully RISC-V conformant chip with a backdoor, there's absolutely nothing in place that could stop this, and it surely won't change for the forseeable future.

[–] veniasilente@lemm.ee 1 points 1 week ago (1 children)

(IIRC) it’s even worse than stock because you can’t lock the bootloader after installation.

That's a problem with the phone manufacturer, not with Lineage.

[–] Andromxda@lemmy.dbzer0.com 0 points 1 week ago

LineageOS itself drastically weakens security even compared to stock AOSP, for example by exposing root access or deploying insecure SELinux policies