What are the most privacy respecting smartphones to buy, I am also looking for the one which respects your privacy the most. So far going to privacy communities esp on reddit, I often see Google Pixel + GrapheneOS being recommended.

But the thing is I don’t really trust Google with privacy, as we have seen they are last one to respect privacy. What if Google has some backdoor in the hardware that cannot be changed? And the problem with the more privacy respecting OSes for mobiles like GrapheneOS, CalyxOS etc are that they are only supported for Google pixel phones.

So I am really confused here.

  • @Lunacy@lemmy.ml
    link
    fedilink
    13
    edit-2
    2 years ago

    Google Pixels have no backdoors. Recently, Maxime Rossi Bellom , Philippe Teuwen and Damiano Melotti did a deep research about the Google’s Chip, called TITAN M, in order to give an understanding regard it’s attack surface as well as the known and previously vulnerabilities.

    Presentation Material

    There is also a repository on GitHub, which contains the tools they used in their research on the Google Titan M chip.

    There is also a very interesting thread from Daniel Cuthbert, in which he showed some part about their presention. In the same thread, he also wrote that the Titan M is the reason why he switch from iPhone to Pixel.

    We’re are talking about BlackHat here, not some random guy which claims things without any proof.

    Regard the OS, GrapheneOS is far better than CalyxOS; it offers much better privacy and security improvements. You can see the list of the features here; https://grapheneos.org/features

    • @nVZWmCa67Tq0SQkXPR@lemmy.mlOP
      link
      fedilink
      3
      edit-2
      2 years ago

      This is interesting to hear. So research finds no presence of any backdoors on the TITAN M chips of Google pixel phones. I wanted to buy a new smartphone which is more private and so far the most private OSes are only supported for pixel phones. On a sidenote, how does the GrapheneOS compare to other OSes like the LineageOS or DivestOS?

      • @Lunacy@lemmy.ml
        link
        fedilink
        22 years ago

        I don’t know about DivestOS. However, GrapheneOS is dramatically better than LineageOS. That’s because GrapheneOS is focused on privacy and security rather than customization like LineageOS. GrapheneOS starts from the strong baseline of the Android security model and brings a lot of privacy and security improvements. While LineageOS doesn’t have real privacy and security improvements, it also weakens the android security model.

        There is a very good article written by madaidan, who explain the security of Android and the problems about lineageOS; https://madaidans-insecurities.github.io/android.html

        • @nVZWmCa67Tq0SQkXPR@lemmy.mlOP
          link
          fedilink
          2
          edit-2
          2 years ago

          Thanks. DivestOS is a fork of LineageOS. Website: https://divestos.org/

          Madaidan’s article also seems to recommend Pixel + GrapheneOS. Would there be any significant difference between Pixel 3, 4 or 5 when it comes to privacy? Asking since, Pixel 5 costs more than 4 and 3 and whether it would be worth paying an extra hundreds of dollars for the latest Pixel.

            • @southerntofu@lemmy.ml
              link
              fedilink
              32 years ago

              This article smells bullshit.

              Having a separate chip for some system activity is reasonable security, but what about running a libre GSM modem with some clear (hardware) limits on what it can reach in case it’s compromised (this is what Pinephone/Librem is doing)?

              Encouraging fingerprints as passwords. Worst security advice ever.

              Built-in protections automatically scan for potential threats from phone calls, text messages, emails, and links sent through apps, notifying you if there’s a potential problem. (…) The detection runs on your Pixel, and uses a privacy preserving technology called federated analytics to discover commonly-run bad apps.

              I don’t know about the details, but this smells like some really privacy-invasive tech.

    • @nVZWmCa67Tq0SQkXPR@lemmy.mlOP
      link
      fedilink
      52 years ago

      Librem seems very expensive ranging from $1200-2000. Can’t afford that, I would want something less than $500 and if more preferably to be under $350. Would sticking to android that’s already installed and degoogling it be really enough when it comes to privacy?

        • @nVZWmCa67Tq0SQkXPR@lemmy.mlOP
          link
          fedilink
          22 years ago

          For me it would be enough that big corps not taking my data or tracking any of my activities. With degoogling you can only decrease the amount of spying that big corps do instead of completely eliminating it?

            • @nVZWmCa67Tq0SQkXPR@lemmy.mlOP
              link
              fedilink
              32 years ago

              Unfortunately privacy and convenience generally just don’t go together and the convenience factor along with the mentality of “nothing to hide, nothing to fear” makes people just go for the most privacy violating stuff and arguing about privacy with those who have that mindset is just not easy either.

          • @southerntofu@lemmy.ml
            link
            fedilink
            22 years ago

            If you remove Google Play Services and only install apps from F-Droid (which are vetted by the community and explicitly list antifeatures) you should achieve your goals. That is, assuming your system itself is not snitching on you.

            Also worth noting, phone providers are big corps doing tons of spying on their users. If you’d like to get rid of those, running your smartphone using wifi only with randomized MAC addresses (i think is default now on Android) is very reasonable.

            • @nVZWmCa67Tq0SQkXPR@lemmy.mlOP
              link
              fedilink
              12 years ago

              Yes removing Google Play services will reduce the spying that Google does on you but the mobile company can still possibly spy on you. How do I check that my phone has a randomized MAC address or not?

              • @southerntofu@lemmy.ml
                link
                fedilink
                12 years ago

                The easiest way is to use the admin interface of your router to see connected devices. Turn on plane mode on your phone, then connect again. See if the device is “recognized” (with the same MAC) on your router or not.

  • @hello_lebbit@lemmy.ml
    link
    fedilink
    42 years ago

    Yeah thats about right. If you stat worrying about hardware backdoors then you should go with a pinephone. Personally im not that worried about hardware backdoors as theyre probably everywhere so i use a samsung with LineageOS, up to you to choose

      • erpicht
        link
        fedilink
        22 years ago

        I purchased a used Pixel 3a for ~$150 last week and it works well with GrapheneOS. Since your budget is a bit higher than mine was, you could go for a newer Pixel.

        GrapheneOS places more emphasis on security than LineageOS, but the privacy provided is comparable, or so I have heard from several sources.

      • @southerntofu@lemmy.ml
        link
        fedilink
        12 years ago

        Pinephone is a hacker’s phone, like a beta under constant evolution. So depending on the system you use on it (which you are free to choose, that’s refreshing) you may have varied experiences like with battery life.

        However, Pinephone is much cheaper and hardware wise inspires more confidence. The modem does not have direct access to the phone’s memory (unlike most smartphones) which is like hardware security 101, and there’s ongoing R&D to develop a FLOSS driver for it.

        The question is also: would we rather financially support an enthusiast community building awesome hardware? Or a giant corp ruining our lives?

  • @murky@lemmy.ml
    link
    fedilink
    32 years ago

    LineageOS also supports some more obscure phones if you don’t like Google pixel phones or if you’re on a tight budget

    • @southerntofu@lemmy.ml
      link
      fedilink
      2
      edit-2
      2 years ago

      LineageOS from what i heard stopped supporting different passphrases for partition decryption and session unlocking. Having two separate passphrases was very useful because unlocking your screen happens much more often and is therefore much more likely to be compromised (eg. recorded by CCTV).

      Still, much respect for LineageOS, but we should still consider that most smartphones (except for Librem 5 and Pinephone) don’t care for hardware architecture and firmware reach, rendering the entire phone insecure.

      • @M500@lemmy.ml
        link
        fedilink
        22 years ago

        This article is not really relevant. It points out that when the os is replaced by a privacy focused os like e-os then no data is sent back.

      • @M500@lemmy.ml
        link
        fedilink
        12 years ago

        This article is not really relevant. It points out that when the os is replaced by a privacy focused os like e-os then no data is sent back.

  • @TheAnonymouseJoker@lemmy.mlM
    link
    fedilink
    32 years ago

    GrapheneOS is a highly problematic ROM with a lot of security grift. Their community is extremely toxic, racist, disgusting and refuse technical help via a combination of lots of gatekeeping and technical elitism. https://www.youtube.com/watch?v=Dx7CZ-2Bajg

    The developer is a one man show who acts like a dictator and exclusively claims Google Pixels are the only phones he will ever support. Why? https://unddit.com/r/privacytoolsIO/comments/gs4uv7/i_dont_fully_trust_grapheneos/fs82fdv/

    GrapheneOS also takes some rather controversial stances regarding the protection of its users, a lot of whom have a high threat model. https://teddit.net/r/privacytoolsIO/comments/pjl4bh/what_is_your_opinion_of_grapheneos_conforming_to/

    There are a few malicious actors and proponents of this community that attack everyone like an unorganized group, sometimes with sockpuppets and sometimes with their known accounts when they want to come off as self proclaimed experts.

    A lot of evidence I collected personally via my own interactions with madaidan, cn3m and the likes: https://lemmy.ml/post/73800/comment/66676

    Evidence of GrapheneOS proponents practicing censorship on Lemmy on my comment on c/GrapheneOS, one day after they became moderator (FYI this was my only comment on that sublemmy): https://lemmy.ml/pictrs/image/3hsM7Du9n6.jpg

    They have also hijacked the Android, AOSP sublemmy communities by becoming defunct moderators.

    • @nVZWmCa67Tq0SQkXPR@lemmy.mlOP
      link
      fedilink
      42 years ago

      Sorry for a late reply. The grapheneOS seems to have a problem with not a very welcoming community but their OS is still good with all the security and privacy features that it comes with? If it is not Google Pixel + GrapheneOS that is the most private way of using a mobile phone then what is the most private way? I see this set up recommended in almost every privacy community including this thread.

      • @TheAnonymouseJoker@lemmy.mlM
        link
        fedilink
        -3
        edit-2
        2 years ago

        A lot of these people are either sockpuppets or members of GrapheneOS, NoGoolag or SpiteChat Telegram/Matrix rooms that create a narrative to hijack the privacy communities. And it would not be surprising to conclude that they are a menace, because they encourage technical elitism quite a lot, and all of the other problems mentioned above.

        GrapheneOS moderators practicing censorship on Lemmy is not going to look the best either, but here we are. I have engaged with these people for probably 2-3 years, so I am about as experienced as one gets.

        A lot of these GrapheneOS privacy grifters also promote Windows, MacOS and iOS over Linux distros and Android, because they have some distorted definitions of security in their head. They believe closed source security is better for some reason.

        You could check this resource I made for a smartphone guide https://lemmy.ml/post/54596 or https://teddit.net/r/privatelife/comments/lpyl1s/

    • @GenkiFeral@lemmy.ml
      link
      fedilink
      32 years ago

      can’t you stick to the OS and hardware (facts) and leave politics/opinions outta this? the community does matter if you need help, but how in the hell do they know your race, sex, or politics unless you wear them on your sleeve?

      • @TheAnonymouseJoker@lemmy.mlM
        link
        fedilink
        -6
        edit-2
        2 years ago

        GenkiFeral, You know, what you call politics only tells about your indecency as regards with how communities are run. And whoever calls calling out assholery a mere form of political whining tells a lot about them. Nobody likes assholes, period. And nobody wants to worship one. Especially one that is adamant at establishing a cult with the use of sockpuppets and handful friends.

        Facts do not care about feelings, so you can just stop feeling about others’ feelings towards your lack of decency, and you can enjoy your technical supremacy, if you really think you are so highly meritorious and if that gives you the right to trample on others.

        • @GenkiFeral@lemmy.ml
          link
          fedilink
          42 years ago

          My rights end where yours begin and vice versa. My main point will always be “you do you” or “good fences make good neighbours” or don’t trespass on my property or in my mental space. Values differ from individual to individual - even within close-knit families or within causes. As long as you don’t infringe upon another’s freedom (I include all animals - wild and domestic), you should be able to do as you please. Both Left and Right have one thing in common - both try to shove their values (“decency”) down the throats of others. Fuck you both equally. If that (do as I say) mindset isn’t offensive, then i don’t know what is! Be as this or that as you like, but preaching to me when I don’t wanna hear it is going to breed resentment. That is you wasting my time and mental energies. Live by your own values and if I see that you are content, healthy, and successful in one manner or another, maybe I will adopt some of your ways WITHOUT your saying one word to me. Proselytizing or ‘teaching’ me is so often rude.

          • @TheAnonymouseJoker@lemmy.mlM
            link
            fedilink
            -32 years ago

            Both Left and Right have one thing in common - both try to shove their values (“decency”) down the throats of others. Fuck you both equally.

            Well, then indecency will not be spared either. You already resent decency, since you already decided your stance, and have decided that any discussion is going to result in you saying “fuck you” to anyone that does.

            You are also wasting your time when you say calling out GrapheneOS community is political whining, when it is not, and if it is, then it makes you the same, because you are complaining about feelings when you ask me to stop caring about some politically motivated understanding or feelings. It is hypocritical.

            • @GenkiFeral@lemmy.ml
              link
              fedilink
              22 years ago

              Right and wrong are relative to some extent and always have been and always will be. Who is to say the religious fundamentalist’s ‘decency’ is better or worse than (the obvious opposite) a Progressive’s? Who is sole arbiter of the truth? Shouldn’t it be more up to the individual? What ever happened to “Live and let live”?

              • @TheAnonymouseJoker@lemmy.mlM
                link
                fedilink
                -32 years ago

                Who is to say the religious fundamentalist’s ‘decency’ is better or worse than (the obvious opposite) a Progressive’s? Who is sole arbiter of the truth?

                I see these arguments from modern day fascists and /pol/ users all the time. This is a classic grift technique to make themselves look balanced and somehow try to place the onus of morality on an entity that does not exist, and so they themselves can look more balanced instead of the extremists that they are.

                Your history, your above comments and your obsession to reply even after 18 days reveals enough about your interests, so forget about convincing me regarding your holier than thou arguments.

                Anyway, downvoting my comments will not make a difference. The moment I see something that goes against Lemmy rules or the rules for this sublemmy, I will take action in accordance.

        • @Cerov2@lemmy.ml
          link
          fedilink
          22 years ago

          The question is “which smartphones are most private?” Not “which OS community is the least toxic?” Seems you have your reasons for hating on Graphene, but you’ve totally lost the plot here. Save that rant for a question thats actually asking about it, please. In the end, if it works and its the most private, thats what is going to matter the most to the end user.

          • @TheAnonymouseJoker@lemmy.mlM
            link
            fedilink
            02 years ago

            GrapheneOS community is terrible if you want help from them. It is a place filled with faux elitists with 4chan and reddit tier knowledge, and will use buzzwords to impress you, with non existent explanations when asked for. If you want to use it, go ahead. But if you want to enter a landmine expecting any guidance, good luck.

            Many people have been driven away from that community and ROM for plenty reasons I laid out in parent comment. People learn only via 2 ways - they learn from others’ experiences or they experience it themselves and then learn. You can make your choice.

      • @TheAnonymouseJoker@lemmy.mlM
        link
        fedilink
        -39 months ago

        mimimimimi

        You will be banned for this callous, delusional and dismissive form of derailment of evidence based discussion, if you do not bring facts to the table that address the issue. The creator cannot be separated from the creation, when the created commodity’s direction is decided by creator.

          • @TheAnonymouseJoker@lemmy.mlM
            link
            fedilink
            -49 months ago

            No, but he is certainly mentally ill to the point any promotion of him as a security developer will be condemned here. Security development from sane, even if prickly behaved people, can be handwaved, but he needs clinical help, as he even went to the length of not apologising to any people he ever accused, instead hiding behind his computer screen. He has gone to the lengths of claiming just about everyone, including non-critics, as being harassers, complicit in his faux murder attempt and so on.

            The slightest form of promotion of him or his work is out of question.

              • @TheAnonymouseJoker@lemmy.mlM
                link
                fedilink
                -29 months ago

                The source of your trust is his marketing, not any concrete evidence that his work is any superior to that of other custom ROMs if they were tweaked around with firewalling and app permissions. His malloc Linux kernel patch laurels are a thing of the past and do not prove GrapheneOS is just as secure, considering he maliciously, upon not being paid his share in CopperheadOS, truncated the security sign keys and put at risk hundreds of thousands of users who used CopperheadOS. If anything, GrapheneOS maker’s malicious stunt at Copperhead exit, and later on his malicious accusations at everyone combined with using sockpuppet witch hunting troll army, proves that neither GrapheneOS nor anyone ever closely associated with Daniel Micay must ever be trusted in the security community.

                The fact that he has bullied multiple projects like DivestOS, Bromite and others into dropping his code unless they worship him and support his internet trolling and whatever he says (with the threat that he would release his troll army on them), means GrapheneOS code is not even free and open source, but partially closed source, where personal agreements with him serve as the official binding agreement on GrapheneOS code usage. He also added a shutter sound on camera app that could not be turned off, without asking anyone, putting the very demographic of its userbase at risk of jail/death in some countries.

  • @R51@lemmy.world
    link
    fedilink
    39 months ago

    I hear lots of great things about Graphene but it’s only able to run on Pixel phones. I have a LineageOS installed on my phone & I have full control over the firewall, and there’s no google on it. Got the phone a year ago, battery still lasts 2 days of occasional use. It’s amazing how nice a phone feels without ads, constant upload/download, and unneeded background services running.

    Basically, and even with Graphene, the biggest security risk for a phone is the person using it. I wish it were more turn-key but the tracking with cookies is just the tip of the iceburg… apps like to track too and if you need an app outside of the free-open-source-software circle you should know how to control its access to the internet.

  • @GenkiFeral@lemmy.ml
    link
    fedilink
    12 years ago

    I saw a new brand of phone recently that allows you to remove the battery and also can be ordered with a choice of OSs, I think. I forget the name…sorry