Thread 105906147

Are Open Source Operating Systems on your phone like GrapheneOS worth it in order to make it more secure or are phones a lost cause to begin with?

>>105906147 (OP)
>Are Open Source Operating Systems on your phone like GrapheneOS worth it in order to make it more secure
No.
>or are phones a lost cause to begin with?
Yes.

>>105906162
What OS do you use for sensitive activities on your desktop/laptop? TailsOS, Qubes or something else?

>>105906208
Debian Stable of course.

for most people lineage will be the best option. anything that gets google off your device. graphene benefits mostly apply to high risk individuals. you won't be asking if you are one you already know. chances are if you know how to install a custom rom you know how to avoid normie security and privacy issues so the criticisms don't hold up.

>>105906147 (OP)
To be honest: I don't know. I would also would like to have a definitive answer about this issue. The thing is, custom roms are not the magic bullet and they come with alot of risks, which keep me from switching from my standard android device to something else. There are two problems which are in my opinion crucial:

1. You have to blindly trust into the developers claims, because the code is not reviewed by third parties

2. Proprietary hardware which is under the control of the corpos. Pixels seems to be the worst of all, because they contain chips from literally Google

At this point you are playing russian roulette. And me personally, I'm not a gambling type.

>>105906582
Do you ever sleep?

>>105906162
fpbp

>>105906582
>1. You have to blindly trust into the developers claims, because the code is not reviewed by third parties
At least GrapheneOS because that's the only one I know about, says that they get their code audited by security researchers on the regular considering its the leading secure OS for phones

>>105906147 (OP)
You should still be careful with your phone if you're doing anything you really need top secret in case there is proprietary spyware embedded in the hardware (there's really no way to know whether there is, or how much it actually does). That said, you can at last secure the OS to prevent known spyware (google play services, samsung shit, etc) from running in the background at all times with full privileges with no way to turn it off.
People like >>105906162 are glowing in the dark trying to tell you that, because you can never be fully secure, you shouldn't even try to be more secure than you are now.

>>105906695
>People like >>105906162 are glowing in the dark trying to tell you that, because you can never be fully secure, you shouldn't even try to be more secure than you are now.
I don't think that's what he's saying. "smart"phones are all inherently compromised, due to the broadband processor and the SIM, these are at least two proprietary computers constantly operating in you hand in addition to your snapdragon. give up on smartphones: you will do all these steps and in the end install whatsapp or telegram which are also dogshit when it comes to privacy, so why bother. assume that the glass slab is constantly monitoring, lock it in faraday cage when not in use, get a dumbphone for SIM calls (which are assumed to auto-monitored), remove the "smart"phone occasionally to charge to 1%, login to the web version fo wheatsapp or TG, and lock it back again

>>105906620
This is not true and you know it.

>>105906620
>they get their code audited by security researchers
I didn't believe it so I searched whether it's true, and:
>The problem with audits the way we traditionally think about them (a company being paid to go through a snapshot of the codebase at a certain point in time) is flawed. New code is introduced all the time, so auditing a snapshot of that is not really going to be useful at any given point in time, since the "audit" would be outdated soon after.
>We've built relationships with security researchers and organizations interested in GrapheneOS or using it which results in a lot of this kind of collaboration. This is not a one-time event but rather something that happens regularly as the code evolves, features are added and we ported to new release. The benefits of a group unfamiliar with the code spending a short time doing a shallow review are greatly overstated in marketing. We instead focus on having people very familiar with areas of the code regularly auditing all our changes. The large number of upstream Android security vulnerabilities discovered by GrapheneOS despite us not actively seeking them out speaks to the results of our review and testing.

So basically there was no audit, reviewing commits is a very different thing. But the part about contributing fixes upstream was interesting, I checked whether lineageos os is doing it, and:
>Sometimes someone tries to submit something to AOSP (bug fixes most of the time). The response most of the time is: "Sorry, that is already fixed in an internal magic branch, so we can't merge this".
>Submitting to AOSP can be a pretty frustrating process, however, if you get the right people's eyes on it, the process goes much smoother.
Seems very suspicious, maybe graphene is secretly a google product? Which I suspected long time ago because it's only for pixels...

>>105906783
if you dont believe them on that then i guess its hard to believe any open source project that hasnt been reviewed by an actual organization

>>105906147 (OP)
i was using lineage years ago, but i don't think it's worth, some apps didn't even work
i think it's impossible to make an android private, jews will still get in

>>105906147 (OP)
Anything that connects to the Internet is not secure.

>>105906803
So 99.99999% of them

>>105906590
He'll get tired of it eventually.Just create a filter to remove all posts with the word graphene in it For like a week or two. You can tell by the linguistic mannerisms that he uses that not only is it the same person posting every time, but they have no idea what they're talking about. Eventually, they'll get refuted on their points enough that other people will catch on and they'll stop posting. But until then, just filter it out.

>>105906147 (OP)
> GraphmemeOS

>>105907361
Did someone said Glowphene?

All I need is my phone to have a web browser and a secure messaging app like Session or Simplex.

Is GrapheneOS suitable for this?

>>105908377
Yes, the only thing it breaks is Google wallet. If you don't need that it is pretty simple to use. You can even install Session without signing into the playstore with Fdroid.

>>105906751
What about CDM phones

>>105906850
That includes TOR

>>105907361
Pussy

>>105910670
Ok

>>105906147 (OP)
>are phones a lost cause to begin with?
Yes, but also no. Using a stock system image is basically the same as making the pin 1111. Anyone who wants in can get in with basically no trouble. Install Graphene and use a 6-digit pin that's not an obvious pattern and someone with a lot of time and/or money can still get in, but they have to really want it. If you're worried that it just means that they'll send someone to break your kneecaps to get the key, well at least you have the choice between giving it up immediately and dying painfully without divulging your secrets. Having choices beats not having them.

>>105906147 (OP)
A phone is always going to be running proprietary firmware for its mobile modem, so phones are fundamentally a lost cause. By all means use a basic phone that can do tethering/hotspot, but then use that with a VPN or whatever from a secondary device.
>>105906799
>Seems very suspicious, maybe graphene is secretly a google product? Which I suspected long time ago because it's only for pixels...
How is that even a question? It's basically just like all the bullshit they engage in with Chromium.

>>105910652
even more cuckced and pozzed than regular "smart"phones (carrier lock)

>>105907788
>But what about hardware security
At this point just go live in the woods without electricity because you can't prove every Intel chip isn't compromised.

>>105906147 (OP)
There's no use case for GrapheneOS, by virtue modern mobile smartphones are meant to be on the go devices that are highly compatible with daily tasks and little annoying services like using it for a parking place, or for a restaurant, or for a coupon and discount in a shop, or to get quick syncing of all your big tech notifications from your social media like whatsapp, messenger, facebook, instagram, threads etc so you can lead a normal social life and fit into society without falling behind everyone else and being a social outcast. You need it for work or education institutions you are at, and you need it for dating and socializing. So it's incredibly retarded to install a "private" honeypot that's not gonna work properly for most of the bloated spyware you need for a phone to be worth using. Otherwise might as well just not use a phone and instead use dumbphones or a desktop computer only.

Also, fucking lol at GrapheneOS's whole shtick being shitting on proprietary slop and google's invasive spyware, and then forcing you to exclusively buy Google's hardware and directly give them money every few years, instead of just using any random samsung or xiaomi phone and simply not logging into a google account and disabling the unnecessary services. Your data is pointless unless it's connected to an account that allows data personalization and ID and is useful to marketing firms.

>>105914011
>Your data is pointless unless it's connected to an account that allows data personalization and ID and is useful to marketing firms.

I think that Google has created shadow accounts of everybody and they use correlation to profile us.

>>105906147 (OP)
it's a device made for communication, and you idiots wanna make them private. Wanna be private? don't own a phone.

>>105906234
Based. Keep it up, sister

>>105915634
Yes, it is a device for communication. For one-sided communication with corpos and glowies.

>>105915634
>A house is for protection from the elements, so don't lock your doors

>>105916549
>A house is for protection from the elements, I wanna make it completely empty and in a vacuum

>>105915319
I don't believe google coders are that competent, sorry.

>>105916617
>nonsensical, non-sequitur, unrelated comment.
Ok

>>105914011
>not gonna work properly for most of the bloated spyware you need for a phone to be worth using
I see people posting this but I installed GrapheneOS recently and every app I have installed on it works without any issues. What apps besides some banking apps don't work properly? (my banking app works fine btw)

>>105916866
I assumed that you'd destroy your warranty and break banking apps, If it can work with banking apps then it's not as bad as I thought. But still don't see the point, Degoogling by buying a google phone, and then downloading modern bloatware that I'll need anyways on top of grapheneOS invalidating it's use case. Just doesn't seem logical, would rather use a nice samsung or xiaomi phone instead that might be on a nice deal or have better specs.

>>105906147 (OP)
Honestly, as a former privacy-fag it really comes down to not putting all of your data on the internet. Just keep most of your information offline and use Google - it works and you will have close to no issues in life.

>are phones a lost cause to begin with?
lost cause

>>105906147 (OP)
i have graphine and honestly i have no real complaints. does it have some issues? yes. but i dont use my phone enough to really give a shit.

>>105916889
>samsung or xiaomi
>nice
?????

>>105916889
All the modern bloatware that you need to install you can adjust the permissions a lot more than what's possible on stock Android to give it only what is necessary for it to function, and you can set them to never run in the background when it's not being used. Also the apps are sandboxed and you can put them on a dedicated profile so it can't interact with anything else on your phone. It also stops Google from spying on everything you're doing on your phone, and it prevents glowies/anyone else from breaking into your phone if they were to get physical access to it. 100% privacy from corporations is impossible if you still need to use their services for some things, but at least you can greatly limit how much of your data they have access to without having to compromise much/at all on usability.

>>105916851
welcome to /g/

>>105917018
Yes. They are objectively better than pixel, google isn't trying to compete in budget or high end market, they just make middling phones for old people to pick up because they see the big Google label and think it's safe to buy. You'll never see a celebrity or a popular young succesful chad or stacey using a pixel phone, they are all on iphones or galaxy phones.

>>105917732
well yes Pixels are the worst
t. Pixel user

>>105917732
Truer words have never been spoken.

>>105906582
>1. You have to blindly trust into the developers claims, because the code is not reviewed by third parties
Oh, no, Linux bros! Think about third parties!

Are there any phones on the market that aren’t susceptible to hackers?

>>105906582
you can like monitor the traffic. even if you dont' trust the blobs you can see what's happening and when. if you have the skills.
spreading FUD because you're a retard who can't do shit is not enough. you can't just say shit because your chimp brain goes "grug no trust, grug too dumb to investigate".
you must understand that you being a retard you need an authority you trust. this is the catch22 of the paranoid brainlet.

>>105919305
Phones are more secure than computers because they are locked down. If I handed you my phone how would you hack it? If you are talking about hiding from state level actors if they want into your phone they will just waterboard you until you give them the password but the average thief or your girlfriend is not getting into your iPhone or Android.

>>105919333
>If I handed you my phone how would you hack it?
That's easy, beat you with a bat/pipe until you unlocked it or died, whichever comes first.

>>105919333
android has a better security model than your random stock linux distro. avb/selinux and other shit

>>105919357
not even, just put the phone in front of your face and it unlocks

I think most of /g/ are either legit schizo/paranoid or actually believe they are far more important than they are. If you want to get down to it, your phone is tracking you every couple milliseconds it's on. It doesn't matter what super special security OS you have installed, it'll do that regardless. At the end of the day, Google, Apple, etc. are just farming data for advertising, search, and AI reasons. I'm a huge conspiracy theory guy, but that's the truth. It's not some big nefarious scheme to sell it to some federal agency who'll then use it to throw you in jail for searching up illegal porn or streaming sites. Sorry, but you're just not that significant.

>>105919331
Ok, glowie.

>>105919362
I would say the only Desktop OS harder to hack than stock Android is Qubes and that is no joke 20x harder to use than stock Android.

>>105919401
>I think most of /g/ are either legit schizo/paranoid or actually believe they are far more important than they are.

What if some of us are just extremely bored?

>>105919401
I like tinkering with the OS for the fun of it, more like an exercise than really being paranoid. feels good to know I'm limiting tracking/data leaks.

>>105919445
Then get some fucking hobbies, learn something new, anything else really.

>>105919460
You're not limiting tracking, it'll always track you ever couple milliseconds it's on. If you want to limit data leaks, just don't tie accounts together and use a different email & password for everything. What you're doing is taking a cup of water out of the ocean. That's how much you're effecting things.

>>105919409
no I mean you're focusing on the wrong things. there's no open source/hardware radio chips. those run proprietary shit.
>but I likes my 5Gs speed
well...

>>105906147 (OP)
>>105907742
>>105916992
https://grapheneos.org/faq#roadmap
>In the long term, GrapheneOS aims to move beyond a hardened fork of the Android Open Source Project. Achieving the goals requires moving away from relying on the Linux kernel as the core of the OS and foundation of the security model. It needs to move towards a microkernel-based model with a Linux compatibility layer, with many stepping stones leading towards that goal including adopting virtualization-based isolation.
>The initial phase for the long-term roadmap of moving away from the current foundation will be to deploy and integrate a hypervisor like Xen to leverage it for reinforcing existing security boundaries. Linux would be running inside the virtual machines at this point, inside and outside of the sandboxes being reinforced. In the longer term, Linux inside the sandboxes can be replaced with a compatibility layer like gVisor, which would need to be ported to arm64 and given a new backend alongside the existing KVM backend. Over the longer term, i.e. many years from now, Linux can fade away completely and so can the usage of virtualization. The anticipation is that many other projects are going to be interested in this kind of migration, so it's not going to be solely a GrapheneOS project, as demonstrated by the current existence of the gVisor project and various other projects working on virtualization deployments for mobile.
Graphmeme is on a whole different level of based

>>105919473
>You're not limiting tracking, it'll always track you ever couple milliseconds it's on
how tf do you know? I'm not logged into any account and I don't use cell networks. I use it mostly to listen to music and offline GPS maps which I rarely need anyway.
you're melting down because you WANT to use the convenience of it. stop using it retard, just fucking stop.

>>105919500
Every phone, at least in the US, must be able to call 911. It doesn't matter if you have no phone plan/SIM, it must be able to. That means it's always connecting to a cell tower if it can and sending your location. If you want privacy, fake your death and move deep into the woods. There is zero privacy in today's world.

>>105919550
show wireshark dump in airplane mode. get some shit cell repeater to mitm even if encrypted packet, show it.

>>105919560
Literally just do a search for "does airplane mode turn off GPS". Answer, it doesn't. You actually don't care about the answer and won't do a simple search because you have already made up your mind.

>>105919581
GPS doesn't emit you fucking turd

>>105919590
>ad hominem
>doesn't do a simple search like I said he wouldn't
Thanks for admitting I was right, and you're wrong. I accept your concession. Filtered. Reply more, I won't see it. I know you can't resist, you're already typing.

>>105919614
>paranoid brainlet cope
this is who's complaining about phone security. the absolute state of /g/

>>105919401
how is it tracking every milisecond if the os makes zero connections to google by default?

>>105906147 (OP)
>Are Open Source Operating Systems on your phone like GrapheneOS worth it in order to make it more secure

no, but it is nice to get rid of all the google shit

>>105919581
>Literally just do a search for "does airplane mode turn off GPS".
gps doeant need mobile connection nigger. its a receive only thing u just have to be outside.

>>105919550
>phone tracked by carrier
no shit nigger, why would you hide from your carrier? its a phone? tje goal is not having sundar up your asshole all times of the day

also without a mobile plan anything other than calls to 911 is just ignored by the tower. at most an imei/k1 record.

>>105919401
>or actually believe they are far more important than they are.
No, it's very simple. They record a lot of data about everyone and store it for decades. Then someone will become a politician, CEO of a company, celebrity etc, will be blackmailed with cringe from that data and forced to do what the owners of data demand. Then our lives will become really bad. What we see now is just some retards having sex with children on Epstein island and p diddy shit. Imagine what will happen with politicians whose whole life was recorded, since his retarded parents took a picture of him shitting himself for first time.

>>105919726
Again, you aren't as important as you think you are. If you want me to be sympathetic to politicians, CEOs, or celebrities, you're barking up the wrong tree. All 3 of those are evil professions, and they deserve far worse than anything they get.

>>105919720
>gps doeant need mobile connection nigger. its a receive only thing u just have to be outside.
Maybe he ment that GPS reciever is inside cellular modem and not a separate device? I had it like that in one phone but never cared how it's in other phones.

>>105919803
retard, they will be blackmailed into making laws (/ promoting opinions among normies) that you will obey, but they won't
>All 3 of those are evil professions, and they deserve far worse than anything they get
without blackmail they will just steal money and smoke crack, the chance they will do something horrible is very low

enjoy NOT using your phone as long as you still can. there will eventually be a mandatory government issued tracking device...I mean phone, and it will be your duty to have it fully charged at all times. failure to comply will result in automatically issued fine + lowered social score.

>>105919855
>without blackmail they will just steal money and smoke crack, the chance they will do something horrible is very low
Yes, they wouldn't want to own bodies of water or anything, right? They wouldn't fire thousands of people just to then import thousands of low wage foreigners, right? They wouldn't sell out their country for money, right? They wouldn't kill people in car accidents and then get away with it, right? High ranking members of the government wouldn't poison their own citizens, right? Oh wait, all of those things happened and blackmail wasn't involved.

>>105919473
>Then get some fucking hobbies, learn something new, anything else really.

Privacy IS my hobby and I am learning every day something new.

>>105919901
>blackmail wasn't involved
it was
>Epstein island and p diddy

Never mind, what I want to say is that the future will be much worse if this spying shit is not stopped

>>105919940
Blackmail wasn't involved with any of the examples I posted. You're simply hyperfocusing on Epstein because it supports your argument and my examples hurt it. If you're going to argue in bad faith, just admit to it.

>>105919952
it happens because it can happen. who's going to stop it? and how?
imagine someone in your village does something bad. rapes someone whatever. the village folk find out, but as it so happens, that someone has the largest business in the village and most village is employed there. they all get to eat.
now...that someone says that if he's punished he takes his business away. all village will suffer. now the villagers have to choose between possibly dying of hunger, or going through a REALLY bad time, collectively, or like...looking away. what exactly do you think will happen in this situation? realistically?
this is how most of the shit you don't like happens. it's a game theory issue. do tell if you have solutions with better outcome.

>>105919996
>arguing in hypotheticals
Yep, arguing in bad faith. Thanks for admitting I'm right, I accept your concession. Filtered. Reply more, I won't see it. I know you can't resist, you're already typing.

>>105906147 (OP)
I have lineageos with microg on my phone.
My gf has stock android.
All I know is that the query logs in adguard home light up like a christmas tree with blocked requests to tracking domains from her phone while mine is dead silent.

My phone still has regular security updates while hers hasn't had any for years. Technically I did partially weaken my security significantly by unlocking the bootloader, which means anyone with physical access to my phone would be able to pwn it, but I accept that tradeoff.
I've been rather happy with the switch to LOS from stock android a few years ago.

>>105920057
>no argument

>>105916889
Can you please stop spamming this bullshit post and pretending you haven't been corrected hundreds of times already?

>>105917732
>objectively better
Value is subjective you fucking retard

>>105919550
use airplane mode

>>105907788
- No independent security audits
> Snapshot audit of GOS would be a huge overtaking, which GOS foundation can't afford and also kind of pointless as new code is added constantly. Debian is also not independently audited. Ubuntu has gone partial audit (only Ubuntu Core and for IoT use only) Not even iOS is independently security audited.
- Support ends with Google's firmware/kernel updates
> Yeah and thats about 7 years. Point me to some other option that has longer support and does not rely on the manufacturer to get firmware updates. Updates are extremely important to keep devices secure.
- Proprietary hardware remains a black box
> Like on almost every other general purpose computing platform, including all smartphones, intel/amd/qualcomm/arm laptops, etc
- Baseband/modem firmware is proprietary - potential privacy risk
> Same as above

>>105919490
Lol this will never happen

>>105923875
>replying to yourself