For those unfamiliar, GrapheneOS is a privacy and security enhanced custom ROM endorsed by Snowden. Despite these big names, plenty of people give it backlash
Even @TheAnonymouseJoker@lemmy.ml gives it backlash despite being a moderator of Lemmy’s biggest privacy community. A quote here: “grapheneOS trolls are downvoting every single post and comment of mine, and committing vote manipulation on Lemmy. They are using 5-6 accounts.” That was in response to downvotes on a comment posted in the c/WorldNews community, which is entirely unrelated to technology.
One of the reasons is that GrapheneOS can only be installed on Google Pixels due to security compatibility, which makes complete sense considering Android should be most compatible with Google’s own devices. GrapheneOS even lists the exact reasons they chose Pixels, and encourage people to step up and manufacture a different supported device.
One year ago, Louis Rossmann posted this video outlining his reasons for deleting GrapheneOS. Mainly, he had multiple bad experiences with Daniel Micay (the founder and main developer of GrapheneOS) which put his distrust in the GrapheneOS project. Since then, he has stepped down and will no longer be actively contributing to the project.
So, I am here to learn why exactly people still do not like GrapheneOS.
What a dumpster fire this thread is.
I‘m not a fan of graphene, especially because of the cult like following of tech illiterate folks it has, not saying all users are tech illiterate.
I have neither the time or the nerve to read up about the inner workings but I‘m sure someone meant well writing the OS.
However, I use and work on portmarketOS because I dont believe in android and I do believe in linux both for desktop and phone/tablet.
the cult like following of tech illiterate folks it has
what. Is this a joke? Some of the smartest people I’ve seen are members of the GrapheneOS community. Like even Snowden uses GrapheneOS, so I guess Snowden is tech illiterate?
You even say that you haven’t read up on the inner workings? You say one thing and then admit you don’t actually know what you’re talking about. You have made up your mind based on what? BS claims by people attacking GrapheneOS?
Can I ask what’s you’re use case for postmarketOS?
I mean, are you a “just calls and messages” guy or are you using extensively, like many are using an Android/iOS device?
I ask because I don’t believe in Android at all, but I found pmOS not ready yet to be usable daily, last time I tried. I’m anxious for it to be ready though
When you say “believe in Android” what do you mean?
Yeah, what to other guy said.
I just mean that I don’t like it. I use it, because it’s surely better than iOS (for my needs, obviously). I can use a custom ROM, change launcher, use F-Droid… All things that aren’t easily possible on iOS.
But it’s still far from ideal for me and I use it just because there are no better alternatives. I mean, the real better alternative is Linux Mobile and it’s great, but I don’t think that, as today, Android it’s 100% replaceable with Linux.
I’m really looking forward for that moment though.
Not OP but I think they’re just saying they’re not invested in Android as an ecosystem.
I‘m a sysadmin and hobby dev and I am trying to make it work as a daily driver and make it a full replacement of iOS.
Still needs work but I‘d say 80% of my needs are met and I‘m already ahead of iOS in other things (like a full terminal, being able to make my own backups over ssh, being able to control what data leaves my device).
Two things are astonishing: the amount of progress mobile linux projects make and the obliviousness one (I too) has as a proprietary software. We expect things to „just work“ yet we pay for proprietary software either by cash or our data yet most of us are unaware or unwilling to contribute money or work to the cause (translations, writing helpful or nice documentations).
I suggest you give it a whirl and look at it from a „what would I be able to let go of“ perspective.
look at it from a „what would I be able to let go of“ perspective.
I think this is a wonderful advice. I have this idea that the limits of Linux Mobile could actually be a huge help to rethink the relationship with the smartphone and to build a new, healthier one.
I totally agree with you’re observation about how proprietary software spoiled and ruined us in some ways… I think we all need to recover from this, and that’s why I have so much faith in postmarketOS (and Linux Mobile in general).
That said, the last time I tried it there were some actual showstoppers for me, but maybe it’s better now so I’ll definitely give it another go. Thank you!
If you don’t mind, I have a couple of questions to help me to have a better idea on how to approach it.
Do you use Phosh? I tried Plasma Mobile, Phosh and GNOME. Now for me, Plasma was a big no because of a trillion of various bugs. I had the feeling that Phosh was the more optimized and overall the best option, but GNOME had more features (notably the amazing gestures, which were limited and a bit buggy on Phosh). What do you think about it?
And… One thing I thought that could really be a problem (beside the banking apps, that’s just a lost cause I think) were some messaging apps. I think that if you use just matrix and xmpp you could be just fine on pmOS, but I use Signal on a daily basis and sometime I’m forced to use WhatsApp. I think that one could use unofficial flatpaks, but would still be necessary to have an Android phone to manage login from time to time… Is that right? How do you manage your messaging apps?
Sorry for all the questions, but I think that it’s pretty rare to have the opportunity to talk about this with someone who uses pmOS on a daily basis so I sort of had to 😄
Don’t worry! I‘m glad you asked. :)
Currently I use pmos 23.10 stable with phosh. Depending on the software, using stable vs unstable/edge/etc makes a huge difference.
That said current situation is quite good. I use podcasts, phone, matrix (fluffychat) bridged to whatsapp, signal and discord, nextcloud and a couple more things.
Currently I‘m trying to port the bitwarden desktop app which is quite the endeavor.
All in all I love the OS but its nowhere near consumer ready. Peeps who can give constructive and detailed feedback are needed hence my issue with corporate „polish“ and the resulting standards.
Banking is dead at this point and so is the camera for now.
The „separate phone for login“ could technically be a docker container or vm but easiest is some crap phone so their security measures dont get triggered (locking you out).
Its just a bad situation in total. Phone monopolists ruling with an iron fist, having most governments and companies jump through loops for them.
But yes, linux on phone def is the future imo. I think I might check ubuntu touch too just to know what I might be missing.
I hope this helps. Feel free to ask more.
Thank you for the reply!
Feel free to ask more.
Okay, I will 😄
using stable vs unstable/edge/etc makes a huge difference.
Yeah, that’s why I was thinking that using edge could have been a good idea, on software so rapidly evolving. Do you use stable because you fear sudden bugs and breakages or for other reasons?
matrix (fluffychat) bridged to whatsapp, signal
So you’re using only fluffychat with bridges? I mean, you have not installed WhatsApp, Signal or Discord clients, right? But there are unofficial flatpak which should work I guess. Or bridges are the only choice? I ask this because while I think bridges are neat, they have their problems and I’m not sure I would happily and painlessly be able to use only them.
And, you’re still using an iOS/Android device from time to time to prevent automatic logout from WhatsApp’s bridge and manage Signal’s login, right? Well I think you should have a device anyway for banking apps. Yes I saw banking it’s dead on Linux and this may be alone one reason to keep an Android device around. It’s a good idea to use a container, although I agree on the risk of being locked out. Though for other android-only apps mendeavor
the bitwarden desktop app which is quite the endeavor
You know, to be honest the last time I tried pmOS it was specifically the unusable state of Bitwarden and Freetube which made me think “okay, maybe it’s better to wait more time before trying to using it”. But after reading your messages I think the time has definitely come :) I’d love to contribute too!
Anyway, one last thing. How do you primarily install software? Apk and flatpak should be the easiest ways I think…? Because I’m talking about flatpak when I say that I tried, but now that I think about it I’m not sure at all that I was supposed to install graphical apps like that, it was just the more obvious way to do it.
Do you use stable because you fear sudden bugs and breakages or for other reasons?
No. I installed it because they said its better for daily use because the other versions might break. I have since used it with few real issues and no serious (as in requires another machine to get back in a working state or serious knowledge of the inner workings). I might try different things but not without having done and checked everything in stable. :)
So you’re using only fluffychat with bridges?
yes
I mean, you have not installed WhatsApp, Signal or Discord clients, right?
Not on the linux phone
But there are unofficial flatpak which should work I guess.
I dont install things I dont need. I have a configuration that works with every service I need and has zero breakage as of now.
Or bridges are the only choice?
I dont know. It is the most complete and privacy friendly compromise that I know of. The more privacy route would be to abandon whatsapp but I guess for you its the same as for me: not an option at this point.
I ask this because while I think bridges are neat, they have their problems and I’m not sure I would happily and painlessly be able to use only them.
Bridges work 99% of the time for me, maybe 100 messages+ per day. It has been months and I had to reconnect two bridges, one time each. This is not proprietary stuff with billion dollar budgets so in my book that is perfect with no issues. If I want stuff to “just work” I pay someone to write it for me. Can someone break it by sending huge files, have 1000 messages per hour or 1000 contacts to sync? Of course. But thats not my usecase so I cant swear to you that everything will always work perfectly. Again. Companies are investing insane amounts of money in these services and if you dont want to be the product and you dont want to pay for it, thats what you get. :)
And, you’re still using an iOS/Android device from time to time to prevent automatic logout from WhatsApp’s bridge and manage Signal’s login, right?
yes, same for discord btw. I am still testing mobile linux so I have two phones anyway.
You know, to be honest the last time I tried pmOS it was specifically the unusable state of Bitwarden and Freetube which made me think “okay, maybe it’s better to wait more time before trying to using it”
Bitwarden as a firefox extension works okay but it needs work. The standalone app which I’m trying to port is pretty tough, not sure what the exact reason is.
How do you primarily install software?
APK, if that doesnt have anything or the program doesnt work well I try flatpak. A LOT of stuff is available. No comparison to more popular platforms though. Mobile linux is in the infancy of infancy so whoever uses it rn is a pioneer in my book. It works well but peeps who use it need to have the correct mindset or they will hate it: You’re not in kansas anymore. Stuff will break and you’re supposed to help fix it and not let out your frustration on others as they dont on you. :)
I hope that helps.
Thanks mate!!
On the bridge thing I 100% agree, although for the way they works you’ll have to deal with your messages being unencrypted. On WhatsApp (and Discord, I guess? I don’t use it) this probably is still far better than having the app installed, on Signal it’s a bit of a shame because it’s the only app with proprietary-level usability while being real FOSS and e2e. So using it with the bridge kind of defeat the purpose of e2e I guess, but still I’m definitely gonna try it again.
I have a OnePlus 6 and a Poco F1, so I’ll just choose one and give pmOS another go :)
Easy: it only supports pixels. I don’t really care what excuses they have unless it’s “we don’t have enough people”. But that binary " google is most secure so nothing else matters" makes me distrust them.
They are pushing people to give google more money than google could make on their data. I find that highly questionable.
“Excuses” are all security related: https://grapheneos.org/faq#future-devices
The project’s Twitter account has already stated they want to use Samsung phones, but the hardware security isn’t accessible for custom ROMs.
We know Samsung suck, though (The Samsung Galaxy S22 was just hacked in 55 seconds — yikes. Maybe the hardware sucks too, not just the software, so who knows.
Let me write a list of requirements that only a specific phone can fulfill and call that “secure”.
GrapheneOS devs probably.
Like:
At least 5 years of updates from launch for phones (Pixels now have 7) and 7 years for tablets
Why? The image is based on AOSP. Are they going to reverse engineer the releases of other vendors and incorporate whatever fixes are in there?
Complete monthly Android Security Bulletin patches without any regular delays longer than a week
Same as above. It’s like like red hat releasing a security bulletin but a Debian based project has to be up to date with that bulletin. Makes no sense - unless you aim to build upon red hat enterprise Linux (which you won’t).
Inline disk encryption acceleration with wrapped key support
Optimisations are part of the requirement? Come on.
Support for A/B updates of both the firmware and OS images with automatic rollback if the initial boot fails one or more times
How is this not a nice to have?
Seriously, basically what they’re doing is grabbing the newest pixel and setting that as the baseline regardless of whether other phones do things better or worse.
[Anti Commercial-AI license](https://creativecommons.org/licenses/by-nc-sa/4.0/
I dont hate it but id rather just use lineage os cause of broader device support. I live a degoogled life and would rather not have to explain to people I dont use and avoid google services yet own a google manufactured phone lol.
Here you go:
“Google makes the most secure phone. Including for securing your phone against Google.”
Its better then explaining you rather risk your data security then buy a phone from Google.
I really don’t mean to make this sound like FUD, but what about that blackbox security chip only used in google phones, that they promised to open source but never did? No OS can get around that…
Is there a fully open source phone?
I like lineage is and have used for 5+ years. I’m now using it without google services. I mainly use it because I can’t really afford a pixel phone and the many supported devices lineage is has is phenomenal. That being said I would love to tey graphene os.
FYI- Its not a ROM.
deleted by creator
I usually buy pixels used for $200, where are you getting 6/7 phones for that price?
deleted by creator
I like grapheneos the product.
The staff is super abrasive and they constantly attack other privacy projects. See the recent attacks on Jonah from privacy guides, or the attacks on calyx, or the bs with rossman that forced micay out of the spotlight.
They need to hire an outside professional to manage their PR. The way they communicate is their biggest flaw.
There are no “attacks”. Members of GrapheneOS usually are just responding to people attacking them. You mention the recent “attacks” well Jonah was using their forum to say false things about GrapheneOS and how they’re marketing themselves to criminals. It’s a ridiculous claim. GrapheneOS focuses on improving the OS’s security and privacy and if companies can just hack the phone then GrapheneOS isn’t very secure is it? But recent news has shown that at least Cellebrite cannot get into a GrapheneOS phone. Isn’t that a good thing?
Oh, btw, the only reason GrapheneOS was talking about this stuff in the first place was because another person hostile to the project was posting completely false claims on Reddit that forensics companies could hack GrapheneOS. They conveniently left out the fact that CONSENT based extraction means giving away your PIN/password first.
So, what you’re seeing is project members defending the project from people making false claims. One leads to another. All they do is try to damage GrapheneOS’s reputation because that’s easier than improving their own products.
Removed by mod
It’s literally a covert project funded by google to both sell pixels and harvest data of “privooocy” minded users. It seems to be working well.
Is it actually funded by Google? Citation needed.
I would assume Graphene users make up a statistically insignificant number of Pixel buyers, and most of the users of it I’ve met opt to use it without any Google services.
Which lines of its libre software source code are malicious?
Removed by mod
So, what should we use?
If you’re ready to break free of Android, I would recommend https://postmarketos.org/ though it only works well on a small (but growing!) number of devices.
imho if you want to (or must) run Android and have (or don’t mind getting) a Pixel, Graphene is an OK choice, but CalyxOS is good too and runs on a few more devices.
Why are y’all spamming this Rossman guy suddenly? I had never heard of him before two days ago, and now I’ve seen posts about him every single day.
Seems like a bro-y tech dude. He promotes Brave and references sexual assault when talking about the behavior of software vendors with their customers. Honestly he gives me kind of a shady vibe on top of that.
So like, why is Lemmy suddenly full of his fans? What’s going on?
deleted by creator
Yeah, that’s the bit that gave me the bro-y vibe, honestly. That and Brave. Also like, not that it’s necessarily a bad thing that I can see his muscle veins through his shirt, but that’s often a component of that particular corner of Joe Rogan-NFT-Bitcoin-Tesla.
But yeah, that makes sense. It definitely feels very sudden and artificial, which makes me wary.
Also like, not that it’s necessarily a bad thing that I can see his muscle veins through his shirt, but that’s often a component of that particular corner of Joe Rogan-NFT-Bitcoin-Tesla.
This is such a strange take. Presumably he works out, as do many other people around the world who have absolutely zero connection to “bro-y tech”. I don’t understand why you would let something so irrelevant affect your judgement of a person you clearly know nothing about. It’s almost like some kind of reverse fat-shaming.
Removed by mod
Yeah, although I don’t want to assume that person’s intentions or appearance. Speaking more broadly I do agree that there is this sort of counter-movement happening in the online space where people who are insecure about their own body are hitting out more and more at those who have clearly put more time and effort into maintaining conventional beauty standards. Maybe this has been driven by social media absolutely blasting society with images of beautiful people 24/7; the insecure among us assume those who are fit or work out have some kind of ulterior motive or character flaw, like we see with the narcissistic influencer culture, as a way of coping with their mounting insecurity.
Litterally one of the most famous tech guy on the web and one of the most influential voice of the “repair yourself” movement, on the internet for years
I do not like Graphene os as it is a vessel for proprietary software and anticonsumer practices. There are plenty of better options. For instance, Lineage OS runs on a large number of phones and is better in many ways.
Graphene OS also is kind of what I dislike about the cyber security industry. Many “cyber” people are filled with arrogance and overconfidence
Lineage OS is a shitshow when it comes to privacy and security
(no locked bootloader, using Google DNS by default)
From what I understand, GrapheneOS has the goals of bejng the best of the best when it comes to Android security.
There is and always will be CalyxOS or DivestOS for a wider range of devices (both are still much better than the likes of LineageOS and Pixelexperience)
It is in fact not a shitshow. Stop feeding fear. There are real potential concerns but Lineage OS does a great job of being a middle ground that allows for lots of tweaks and customization
It is completely subjective and depends on your threat model
Don’t reply to him. He’s just another marketing agent for google trying to paint other ROMs as inferior. All an elaborate marketing strategy for selling phones.
I literally mentioned Calyx and Divest OS as alternatives which support non-google devices
also how is buying a used Pixel and degoogling it to the max with GrapheneOS (with reasonable compromises like optional sandboxed GMS) helping Google?
Didn’t know that cutting their mal-/spyware out, and trying to avoid them and their services wherever possible actually helped them, silly me 🤷♀️
(I assume this to be the standard way for most ppl and plan on doing that as well once my current Huawei phone breaks)please learn to read before insulting other ppl with your less-than-a-day-old account lol
My man, Lineage OS isn’t google. All I’m saying is that Graphene isn’t the only option.
Clearly a woman. “My lady” would’ve been more appropriate. Please don’t be rude
Removed by mod
I wanted to love it but my bank’s development team is dumb and won’t run on Graphene, sending me back to the stock Pixel image.
Unsure if this is a reason to hate Graphene OS. But some people probably do because App X wont run.
I hate that they use discord and telegram for comms without any notice that the matrix/irc room you’re joining is bridged to those services.
Any organization that thinks its OK to feed my chats to obvious bad actors is extremely concerning. I have brought this to the attention of the maintainers and all they do is say 'but the chats are public, and anyone can index them. So what’s to stop discord from harvesting the data from the other public forums".
Well, guess what, as bad as discord is I’m pretty sure theyre not going around to obscure forums to scrape user data when they have such a plentiful source feeding them with their own consent. I do not consent to this invasion of pitvacy and am disgusted a ‘privacy’ OS can do this and no one be outraged about it.
They tried to switch to Matrix, but it turned out to be too inefficient and buggy for such big community.
Matrix continues to be awful and weird. Discord is basically easy to use IRC – too bad no one else has figured out an easy irc
I don’t use it because Calyx is “good enough” and I make a lot of my decisions about which projects to use based on the community associated with them. Graphene has a toxic as fuck community, Calyx is very carebear.
Same, I’ve been team calyx for several years now, the dev rocks and I’m very happy to donate to them for keeping my pixel 3 running.
You really shouldn’t be using that device. It’s not secure and it’s messed up that CalyxOS still supports it.
Graphene seems to be the real outlier in terms of its community, which I guess comes back to the tone set by its founder. No other project (in terms of privacy ROMs) has such a toxic culture.
I suppose your “good enough” isn’t others’ “good enough”. They pile on security theater features and consistently are behind on keeping up with upstream updates.
Not sure what to say about GrapheneOS’s community being toxic. It’s not and just saying it doesn’t make it true.
Basically because Daniel “MacCock” behaves like a massive paranoid schizophrenic prick when he doesn’t take very strong meds (that’s my take on it anyway). And as others have mentioned, his claim to have stepped down is just that, “his claim”. Everything points to him still very much being at the help of the project.
I like the project, but any software I use being directed by someone like that guy is a huge red flag.
I’m shocked that anyone can think that saying what you said here is ever okay.
The “claim” that you’re talking about was misinterpreted by so many people and warped by people who are hostile against GrapheneOS. The former lead developer only said that they were stepping down as the lead developer and another person would take over. They said it would take a long time for all of the duties to be transferred over to other people.
I’m good with a project that’s concentrating on privacy being run by a paranoid fuck. If he’s pouring all his lunacy into making it as locked down as possible, seems like a good thing to me.
I particularly like the recent duress PIN code upgrade. Seems like something every OS should have in it. I don’t need some cops fucking around with my social media and banking info because I got stopped for jaywalking.
It’s not just paranoid, it’s totally toxic and aggressive. He attacked and verbally abused dozen of different project for naive reasons, and spread FUD and slanders about other developers and projects
GrapheneOS only works on Google hardware. Part of the advantage of Android is device variety, but GrapheneOS forces you down a narrow path. Want a rugged device, a headphone jack, microSD? Well Google doesn’t offer those so GrapheneOS can’t meet your device requirements.
I think part of the reason is there’s a chip that limits brute force attacks and it’s not in other phones
GrapheneOS has defined a set of security standards for their operating system which have hardware requirements. These standards have been published and there have been efforts to engage with hardware manufacturers to adopt the required hardware. Blame the manufacturers for skimping on security, rather than Graphene being unwilling to compromising their values.
It would be possible to ship generic system images with separate updates for the device support code. However, it would be drastically more complicated to maintain and support due to combinations of different versions and it would cause complications for the hardening done by GrapheneOS.
Sounds like they could, but have resource limitations to do it. It’s also a knock against Google whose hardware has gotten worse. Personally, IDGAF about these project-imposed requirements if I can’t have the standard headphone jack on portable device.
Removed by mod
On top of it, they have lied about testing. https://i.imgur.com/woNxPhx.jpg
Yeah, no. Pretty sure that’s just a rando with GrapheneOS logo as their avatar. The way they talk doesn’t sound like the dev to me, and I also don’t think the dev would ever misspell a word like “cellular” as “cullar”.
Removed by mod
“What is this level of grand security…” Enumerated here: https://grapheneos.org/faq#future-devices
Once manufacturers can implement those things, then you will have an alternative to Google hardware for running Graphene. I’m not telling people to trust anything, don’t put words in my mouth.
Who is PrivacyPhones and why should I believe they are in any way affiliated with Graphene?
