Conversation

Say no to corporate surveillance. (1) Run

@GrapheneOS

. (2) Disable location. (3) Use as few apps as possible. GrapheneOS install guide: youtu.be/oO0UFZjuotg

316

Replying to

What do you think about Lineage for non Pixel devices?

Replying to

and

Seems solid. So does /e/ which is a more privacy focused fork of lineage. The main negative compared to graphene on a pixel device is that you can't relock the bootloader which makes physical security questionable (if an attacker is holding your phone).

Replying to

GrapheneOS has substantial privacy and security improvements compared to AOSP. AOSP itself has verified boot just like the stock OS. Most derivatives of AOSP substantially roll back privacy and security. GrapheneOS is focused on doing the opposite by doing significant hardening.

Replying to

GrapheneOS is not just AOSP with the existing security features intact. CalyxOS is a well implemented derivative of AOSP with optional microG support. They've worked on support for non-Pixel devices too, but within the constraint of supporting ones that are reasonable secure.

Replying to

The difference between GrapheneOS and CalyxOS is that GrapheneOS provides substantial privacy/security hardening beyond AOSP and CalyxOS integrates microG support, the F-Droid privileged extension and bundles other apps. CalyxOS is the only other AOSP derivative preserving the...

Replying to

... standard privacy / security model, taking care to implement things properly and trying to support devices with all of the standard hardware security features intact. Pixels have a lot more advantages than verified boot compared to most other devices though, and an OS can't...

Replying to

... fix serious security problems in the hardware and firmware. The hardware and firmware is the foundation for privacy and security in the OS. Few devices with ongoing security support and a lack of serious security flaws have alternative OS support, let alone in a way that...

9:20 PM · Jun 22, 2020Twitter Web App

Replying to

... actually preserves the standard security features for the alternate OS. That's a really low bar and yet a tiny fraction of devices can meet it. A higher standard would be providing comparable firmware/hardware security as the reference devices (Pixels)... doesn't exist ATM.

Replying to

And even that would just be matching the security of mainstream devices. I think it's pretty sad that those are the best options and no one else currently seems particularly interested in producing hardware that's competitive let alone better, just branded/marketed as such.