And it still doesn’t support anything that isn’t a Pixel phone.
I respect GrapheneOS very much. But the fact that you need a Google phone to install a deGoogled Android ROM is one contradiction I just can’t get past. I hate Google and I’m never going to buy their hardware and give them money for the privilege of escaping the Google corporate surveillance.
I’m aware of the technical reason why GrapheneOS only supports Pixel phones, but that irony is just too rich for me. So I use CalyxOS on a very much non-Google FairPhone4, and while it’s formally slightly less secure than GrapheneOS, at least Google got none of my money and that’s a lot more important than security to me.
It is quite ironic. “I don’t like Google, let me free myself from all of Google. But to do that first let me buy that $500-$1,000 phone made by Google to then get rid of all the Google software on it”.
Their hardware requirements are pretty clear. Samsung is the only one with comparably secure devices, but they use nonstandard tools like Odin and lock down many security features to the stock OS only.
Other companies are supposedly not making anything as secure.
Also, only Google can really ship updates that quickly and fully, as Android is literally their OS. They are also a huge company, so yeah they have way more resources than a random other company you might prefer.
Example Fairphone, which has horrible update schedules
If your priority is to not give a cent to Google then don’t use GrapheneOS. There are other degoogled OSes for people whose priority is that. If your priority is security then you’d be willing to sacrifice on avoiding anything Google by getting GrapheneOS.
In any case, technically if you wanted to avoid anything primarily made by Google you’d have a Linux phone. The degoogled Android OSes are still based on Google’s open-source code.
if you wanted to avoid anything primarily made by Google you’d have a Linux phone
That’s true.
Unfortunately that’s not possible: I live in a country that delegates secure authentication to banks, and banks only supply 2FA apps that work in Android or iOS. If I had a Linux phone, I’d still need another phone with Android just for the purpose of banking, interacting with social services, logging in my work hours, getting notifications from the post office…
That’s the misery of Android: Google is such a pervasive monopoly that even if you want a fully deGoogled OS, the basis of it has to be 95% made by Google anyway because the rest of society goes along and reinforces their monopoly. And at some point, even someone like me has to make compromises to simply live normally.
I would gladly buy a Linux phone and I’d even put up with their quirks (I tried one once so I know they’re not as polished an experience as Android). But I am also a practocal man and it’s just not an option.
I’m sorry to hear that, but also, what does that mean for people in your country who don’t have smartphones? I know that sometimes people aren’t allowed to own smartphones (refugees, or sometimes imposed on a defendant as part of criminal proceedings)—if you don’t own a smartphone can you just not participate in society there?
Tbh when I’ve been required to install some kind of dodgy proprietary app that doesn’t work well with GrapheneOS I just tell them I don’t have a smartphone and they seem to be fine with that and offer me a “low-tech” alternative for whatever it is (usually some kind of 2FA app). It’s concerning when important things are inaccessible to people without a smartphone, because of course that’s the baseline for things being accessible for everyone regardless of their phone situation, e.g. people with degoogled phones etc.
I also dont think you give Google a lot of money when just leeching on their services with lots of fake accounts.
I use Youtube with adblock / custom apps since 6 years or something, so that should be equal to the market value I gave their phones on the used market
Example Fairphone, which has horrible update schedules
Fairphone’s release schedule and Calix’ release schedules are two different things. CalyxOS is updated less often than GrapheneOS for sure, but it’s updated a lot more often than Fairphone OS.
Not every threat model requires the security level GrapheneOS provides. My threat model ends with Google and other big corporation shouldn’t spy on me and if I lose my phone anyone finding it shouldn’t get in and be able to steal my identity. I think DivestOS and CalyxOS do a fine job with that.
Someone bought the phone the first time and gave their money to Google, and you reimbursed part of that money to that buyer. In the end, Google gets your money. Maybe not full brand-new retail price, but what you paid for your second-hand phone goes indirectly into Google’s coffers.
Buying anything Google, second-hand or not, supports Google’s business. Given the choice, I refuse to support Google in any way, shape or form.
Say I buy a pack of gum at the supermarket. The supermarket got my $2. Then I resell the pack of gum to my neighbor for $1.50. Who do you think has my neighbor’s $1.50 in his pocket? Me or the supermarket?
Hint: it’s not me. I’m still down $0.50 from the moment before I bought the pack of gum. And even if I had sold it to my neighbor full price because it’s new and unopened, it’d like I never bought it in the first place and my neighbor did.
tl;dr: your money does not go to Google and the ppl you get it from would have purchased it anyway. The device just ends up in your hands instead of the land fill or being recycled
It all depends on how you look at it. You choose to see it as your money saving an object from the landfill, and I choose to follow the trail of my money going all the way to Google’s pocket ultimately.
But those two outlooks are not incompatible: they both hold true. You just choose to disregard the latter while I can’t get past it.
It would be nice if the GrapheneOS dev would work it out with the FairPhone folks to make a device that could be supported. I don’t know why any company would hesitate to work with him, he is obviously doing good stuff, but I agree, Pixel only is kind of a turn off because it doesn’t seem like a long term path to building something sustainable in terms of both hardware and software. It’s a workaround.
I think GrapheneOS should come with a no-compromise-security branch that only supports Google Pixel phones and an “ordinary security” branch that supports a wide variety of less-secure but non-Google hardware for people who can’t stomach the idea of buying a Google phone.
GrapheneOS would reach a much wider audience, and not everybody needs perfect security. I for instance am a low-value target and I have no need for GrapheneOS-level security.
And it still doesn’t support anything that isn’t a Pixel phone.
I respect GrapheneOS very much. But the fact that you need a Google phone to install a deGoogled Android ROM is one contradiction I just can’t get past. I hate Google and I’m never going to buy their hardware and give them money for the privilege of escaping the Google corporate surveillance.
I’m aware of the technical reason why GrapheneOS only supports Pixel phones, but that irony is just too rich for me. So I use CalyxOS on a very much non-Google FairPhone4, and while it’s formally slightly less secure than GrapheneOS, at least Google got none of my money and that’s a lot more important than security to me.
It is quite ironic. “I don’t like Google, let me free myself from all of Google. But to do that first let me buy that $500-$1,000 phone made by Google to then get rid of all the Google software on it”.
To be fair, there’s an argument to be made that “I’ll just pay Google one last time in order to get my privacy back.”
Their hardware requirements are pretty clear. Samsung is the only one with comparably secure devices, but they use nonstandard tools like Odin and lock down many security features to the stock OS only.
Other companies are supposedly not making anything as secure.
https://grapheneos.org/faq#future-devices
Also, only Google can really ship updates that quickly and fully, as Android is literally their OS. They are also a huge company, so yeah they have way more resources than a random other company you might prefer.
Example Fairphone, which has horrible update schedules
I am aware of the shortcomings of my choice.
But my priority is to not give a cent to Google: what am I supposed to do then?
I argue that GrapheneOS gives Pixel phones more value, thereby supporting Google. That is not great.
Buy a used Pixel phone.
If your priority is to not give a cent to Google then don’t use GrapheneOS. There are other degoogled OSes for people whose priority is that. If your priority is security then you’d be willing to sacrifice on avoiding anything Google by getting GrapheneOS.
In any case, technically if you wanted to avoid anything primarily made by Google you’d have a Linux phone. The degoogled Android OSes are still based on Google’s open-source code.
That’s true.
Unfortunately that’s not possible: I live in a country that delegates secure authentication to banks, and banks only supply 2FA apps that work in Android or iOS. If I had a Linux phone, I’d still need another phone with Android just for the purpose of banking, interacting with social services, logging in my work hours, getting notifications from the post office…
That’s the misery of Android: Google is such a pervasive monopoly that even if you want a fully deGoogled OS, the basis of it has to be 95% made by Google anyway because the rest of society goes along and reinforces their monopoly. And at some point, even someone like me has to make compromises to simply live normally.
I would gladly buy a Linux phone and I’d even put up with their quirks (I tried one once so I know they’re not as polished an experience as Android). But I am also a practocal man and it’s just not an option.
I’m sorry to hear that, but also, what does that mean for people in your country who don’t have smartphones? I know that sometimes people aren’t allowed to own smartphones (refugees, or sometimes imposed on a defendant as part of criminal proceedings)—if you don’t own a smartphone can you just not participate in society there?
Tbh when I’ve been required to install some kind of dodgy proprietary app that doesn’t work well with GrapheneOS I just tell them I don’t have a smartphone and they seem to be fine with that and offer me a “low-tech” alternative for whatever it is (usually some kind of 2FA app). It’s concerning when important things are inaccessible to people without a smartphone, because of course that’s the baseline for things being accessible for everyone regardless of their phone situation, e.g. people with degoogled phones etc.
I also dont think you give Google a lot of money when just leeching on their services with lots of fake accounts.
I use Youtube with adblock / custom apps since 6 years or something, so that should be equal to the market value I gave their phones on the used market
The phones are good. Yes it is a lot of money, and they do silly stuff with these phones, like removing everything or using glass everywhere
I just buy used. Way cheaper, never gonna pay more than for my Laptop
Fairphone’s release schedule and Calix’ release schedules are two different things. CalyxOS is updated less often than GrapheneOS for sure, but it’s updated a lot more often than Fairphone OS.
Nobody talked about Calyx, but yeah, Fairphone is the worst XD
Others like /e/OS are similar to Fairphone (it runs on Fairphones)
I did, and you replied to me 🙂
And now I am replying back, just like that!
Are you using a vibes-based threat model?
Not every threat model requires the security level GrapheneOS provides. My threat model ends with Google and other big corporation shouldn’t spy on me and if I lose my phone anyone finding it shouldn’t get in and be able to steal my identity. I think DivestOS and CalyxOS do a fine job with that.
deleted by creator
If you buy second-hand, you give money to Google.
Someone bought the phone the first time and gave their money to Google, and you reimbursed part of that money to that buyer. In the end, Google gets your money. Maybe not full brand-new retail price, but what you paid for your second-hand phone goes indirectly into Google’s coffers.
Buying anything Google, second-hand or not, supports Google’s business. Given the choice, I refuse to support Google in any way, shape or form.
I’m sorry, what? That does not make sense to me.
Really?
Say I buy a pack of gum at the supermarket. The supermarket got my $2. Then I resell the pack of gum to my neighbor for $1.50. Who do you think has my neighbor’s $1.50 in his pocket? Me or the supermarket?
Hint: it’s not me. I’m still down $0.50 from the moment before I bought the pack of gum. And even if I had sold it to my neighbor full price because it’s new and unopened, it’d like I never bought it in the first place and my neighbor did.
deleted by creator
It all depends on how you look at it. You choose to see it as your money saving an object from the landfill, and I choose to follow the trail of my money going all the way to Google’s pocket ultimately.
But those two outlooks are not incompatible: they both hold true. You just choose to disregard the latter while I can’t get past it.
deleted by creator
It would be nice if the GrapheneOS dev would work it out with the FairPhone folks to make a device that could be supported. I don’t know why any company would hesitate to work with him, he is obviously doing good stuff, but I agree, Pixel only is kind of a turn off because it doesn’t seem like a long term path to building something sustainable in terms of both hardware and software. It’s a workaround.
I think GrapheneOS should come with a no-compromise-security branch that only supports Google Pixel phones and an “ordinary security” branch that supports a wide variety of less-secure but non-Google hardware for people who can’t stomach the idea of buying a Google phone.
GrapheneOS would reach a much wider audience, and not everybody needs perfect security. I for instance am a low-value target and I have no need for GrapheneOS-level security.
Buy used? Pixel 8s are on a fire sale now
Which phone on the market has the best hardware sexurity?
Pixel phone also uses modified Exynos chips, that Samsung themselves stopped using in Europe because they suck.