Zum Inhalt der Seite gehen
#phone #librem5 #tech #pinephone
I’m looking for a new option for a phone. No #iPhone no #samsung.

I’m thinking the librem5, but not sure. Are there any good non mainstream phones that have extended security updates and are overall decent?

Would love boosts and recommendations on new phones.
#samsung #tech #librem5 #phone #iphone #pinephone
GrapheneOS
Both the Librem 5 and Pinephone lack basic industry standard security features and patches. They're already missing important security patches and lack basic security properties in the first place. They have incredibly outdated hardware too. They're a massive step backwards for privacy and security from an iPhone in a bunch of different ways.

Mainstream Android devices with proper support are much more support, but non-Pixel Android devices are far behind iPhone security and updates.
GrapheneOS
It's not even possible for Purism to provide long term support since not all the firmware can even be updated by the OS and their OS doesn't ship the updates in the first place. Important components for both are already essentially end-of-life or never had proper support to begin with.

Companies marketing their products as private and secure doesn't mean it's true. Apple actually has a lot of substance behind that marketing, unlike almost any of the niche products marketed as better.
GrapheneOS
As a very basic example of how it matters in the real world: those devices and most other devices lack working encryption without a very strong passphrase such as 6-8 diceware words. They also don't have basic defenses against data extraction such as a secure element integrated. It's easy to get all the data from them.

See https://grapheneos.social/@GrapheneOS/112826067364945164 for leaked Cellebrite documentation as an example of what can be done. Only iPhone 12+ and Pixel 6+ stop them doing brute force in practice.

GrapheneOS (@GrapheneOS@grapheneos.social)

Attached: 3 images Here's the Cellebrite Premium 7.69.5 iOS Support Matrix from July 2024. 404media recently published an article based on the same April 2024 docs we received in April and published in May.
GrapheneOS Mastodon
GrapheneOS
Their security against both physical data extraction and privacy/security from apps is nearly non-existent. They're also far weaker to remote attacks. Not having most of the standard security features and advances from the past decade at a hardware, firmware and software level isn't really a recipe for a private and secure device, regardless of what the marketing says.

There's a whole lot of misleading marketing and misinformation from both companies to promote their products.
GrapheneOS
As an example, they inaccurately portray mainstream devices as not isolating their cellular radio. The reality is that the Pinephone and Librem 5 have a much less well isolated cellular radio. It's also far less secured against attacks itself and doesn't get proper updates (or normally any at all for the Librem 5). A switch to turn it off doesn't make up for this if you ever use it, and the overall lack of verified boot for components or the OS means attacker persistence is very simple.
vvbudh
I appreciate the essay! That’s great to know. So basically I’m stuck with getting an Apple then? Until the others become actual contenders and are supported enough to become daily drivers?
GrapheneOS
Pixels with their stock OS have largely competitive security with iPhones especially at a low level but not competitive privacy. Pixels support installing a more private and secure OS like GrapheneOS. Both iPhones and Pixels have long support.

We consider recent iPhones to be the next best option after a recent Pixel with GrapheneOS for both privacy and security. iPhones are definitely not a bad choice if you care about those things. Nearly any option is objectively worse in most ways.
vvbudh
I’ll definitely look into your GrapheneOS. I’ve never particularly wanted a Pixel phone. Just shrugged at them mostly. But also never really liked the iPhones. Let’s see a quick quack search here..
GrapheneOS
Pixels and Nexus devices before them are the Android Open Source Project reference devices so they have to provide great support for developers and other operating systems to serve that purpose properly. Pixels ended up turning them into genuinely good hardware especially for Pixel 6 onwards.

Pixel 8+ has hardware memory tagging which the stock OS only uses it as a developer bug finding feature. GrapheneOS integrates it as a game changing security enhancement through the OS and apps.
GrapheneOS
Around the Nexus 5X and Nexus 6P, they started doing major catch-up to iPhone hardware security. By around the Pixel 3, they'd largely caught up. We'd argue the Pixel 8 is ahead on that front when using GrapheneOS due to memory tagging. Android did major catch up to iOS in terms of privacy over the past 8 years too. It hasn't fully caught up and some of our features like Storage Scopes and Contact Scopes are needed to match iOS in those areas, but we exceed it in others.
GrapheneOS
iOS is genuinely very good at security and privacy from non-Apple apps/services. It's less good at privacy from Apple apps/services but they do have great end-to-end encryption support via the Advanced Data Protection opt-in.

They do hinder Android-to-iOS messaging privacy with their anti-competitive iMessage approach without people using another app and they have some major failings at privacy from their own services.

Very rare case where privacy/security marketing has real substance.
zetabeta
i don't want to start heated debate here.

grapheneos has done good job securing android, which developed by alphabet inc, i don't go criticizing graphenos.

grapheneos uses alphabet inc's pixel phones, which uses closed bootloader and closed drivers, who knows what they do. oem unlock is not total unlock. and i simply do not trust alphabet inc. maybe alphabet inc locks pixel phones and puts more restrictions in the future.
GrapheneOS
You are absolutely attacking GrapheneOS and you're doing so with unsubstantiated claims and spin. You're not engaging in debate but rather lowering the level of conversation to something that's not based on facts.

GrapheneOS is no way specifically tied to Pixels. They're the most secure Android devices by far and the only ones meeting our objective security requirements. Your claims about open vs. closed source are wrong and is not how things actually work in the real world.
GrapheneOS
We've had multiple companies begin working with us but end up being unwilling or unable to successfully make a reasonably secure device, let alone one that's better than an iPhone or Pixel.

There are a huge number of highly insecure products filling the market niche for people who want private and secure devices via false marketing and misinformation. There are all kinds of these products for people with different political views, etc. telling them what they want to hear.
GrapheneOS
We have clear hardware requirements at https://grapheneos.org/faq#future-devices. These are very reasonable security standards, nothing exotic. We need them to protect our users from real world attacks from forensic data extraction to malicious apps to remote exploitation. Some of our strongest security features are based on leveraging hardware features such as hardware memory tagging and hardware level USB-C connection/data blocking.

We aren't trying to maximize usage share with more devices.

GrapheneOS Frequently Asked Questions

Answers to frequently asked questions about GrapheneOS.
GrapheneOS
GrapheneOS
An iPhone is a better choice for people than a port of GrapheneOS to devices with poor security which can't offer reasonably good security. We're not trying to get as many users as possible by supporting a whole bunch of devices and misleading people about what is provided. It's simply not a goal. We'll continue focusing on the most secure devices where we can actually do a good job protecting people. Making hardware for GrapheneOS will only happen when it can be done well.
zetabeta
i just wonder, daniel micay left the organization.

it is pointless me to argue.

make your own decision with following videos.

https://odysee.com/@rossmanngroup:a/why-i-deleted-grapheneos:8

https://neat.tube/w/7b133330-a065-4c89-97e2-1a3244e58716

disclaimer about odysee:
odysee is not youtube, but it has some dubious background.

GrapheneOS: Documenting Numerous Attacks Against CalyxOS, Seth Simmons, Techlore, & More

👉 Leadership reflects the project 👈 An issue we've been quiet about for months...this video shows the leadership put forward from GrapheneOS, certain members of their community, and their lead deve...
Neat.Tube
zetabeta
thank you so much such marketing speech.
GrapheneOS
Apple products having better privacy and security than nearly all the open source options is not marketing but rather the harsh reality. Open source does not come with magical privacy and security properties regardless of the false beliefs people have about what it provides. The idea that open source prevents unwanted behavior including backdoors doesn't hold up to basic scrutiny. Hundreds of security fixes for the Linux kernel per month, many serious, many around for years.
GrapheneOS
We don't believe those are intentional meaning they weren't hidden but rather were mistakes in plain sight. It's one of the most widely used and heavily reviewed open source projects. If someone tried to hide vulnerabilities intelligently, they'd be harder to find than these accidental serious vulnerabilities. It is also not even ending up with fewer vulnerabilities over time. Most open source projects have tiny teams and don't get serious external review. That's the reality.
GrapheneOS
Assembling an OS out of hundreds of open source projects largely maintained by people who don't particularly care about security and don't make sacrifices for it without any overall systemic security work or policies is in fact not a better way of building a secure OS. The Linux kernel compares very poorly to the iOS kernel on security. An open, collaborative development model is in this case preventing a security focus since most stakeholders don't value it very much.
Liam :ablobwobble:
As someone who daily drives Linux on mobile it's not ready to be used as a daily driver unless you're attempting to develop for it.

On top of that, the Librem 5 was always a scam, if you look into the history of it, they failed to produce **most** of the phones that were purchased (not croudfunded). There are people that are still waiting for their phone for the last five years at this point. And the phone turned out to be horrible. You might as well pick up a @PINE64 Phone Pro or a second hand Pixel 3a but in saying that, your experience is going to be horrible. At this stage of development, Linux on mobile is solely for people who want to develop distros or applications for Linux mobile.
@PINE64
Dieser Beitrag wurde bearbeitet. (1 Woche her)
Liam :ablobwobble:
If you don't mind having a dumb phone, and still want things like signal for end-to-end encryption texting, the PUNKD phone is a good alternative. However, remember it's not a smartphone, it just has basic 4G support to enable e2e
Liam :ablobwobble:
Alternatively, you can run @GrapheneOS, which is an Android based ROM that focuses on hardening privacy and security features of Android.

You can *optionally* install Google Play Services as a user app which in turn forces the Google Play Store to run behind the user permissions of Android which, if used properly and you actively pay attention to permissions, works quite well.
@GrapheneOS
Dieser Beitrag wurde bearbeitet. (1 Woche her)
GrapheneOS
GrapheneOS is an operating system based on the Android Open Source Project. It's a Linux distribution and we do a lot of work on the Linux kernel. We're the first Linux distribution deploying hardware memory tagging within the Linux kernel in production. We strongly disagree with the whole idea that it has to have systemd, glibc, GNOME, etc. for it to be Linux. It's Linux if it uses the Linux kernel. FreeBSD, etc. use the same desktop software stack as Linux, that's not Linux.
Liam :ablobwobble:
The fact that you keep having this issue with people shows that you're the problem, not others.

I only added you into this conversation just because it was a recommendation because the platform that the OP wanted is not ready. You then decided to go on a fucking rant saying that you were actually the platform that they're looking for, but you're not. You're far from it.
Dieser Beitrag wurde bearbeitet. (1 Woche her)
Liam :ablobwobble:
Your issue is that you think too much like an engineer and not enough like a user and as a project lead, you need to be able to do both so you can operate as an engineer and look at your project from your user's perspective. If you can't do that, you need to reconsider your position.
Liam :ablobwobble:
And yet I still decided to support Graphene considering what you guys do for the android community and I also didn't want to blame the Graphene for one individual's problems but considering you want to sit there and tell people that it's all a fabrication then I'm assuming you guys are as ignorant as he is.