this post was submitted on 09 Dec 2024
776 points (99.7% liked)

Privacy

32442 readers
695 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

cross-posted from: https://slrpnk.net/post/15995282

Real unfortunate news for GrapheneOS users as Revolut has decided to ban the use of 'non-google' approved OSes. This is currently being posted about and updated by GrahpeneOS over at Bluesky for those who want to follow it more closely.

Edit: had to change the title, originally it said Uber too but I cannot find back to the source of ether that's true or not..

you are viewing a single comment's thread
view the rest of the comments
[–] HiddenLayer555@lemmy.ml 340 points 1 week ago* (last edited 1 week ago) (1 children)

This makes me want to use GrapheneOS more. If the dataminers don't want you to use it then it must be doing something right.

[–] 0x0@programming.dev 46 points 1 week ago (2 children)

Too bad it only runs on Google's phones...

[–] Realitaetsverlust@lemmy.zip 65 points 1 week ago (4 children)

It's only officially supported on google phones because sadly those are the only ones that are not modified to fuck which makes installing and supporting other OS'es way too much work.

Giving google money once for a device is not a problem from a privacy or security standpoint.

[–] Samsy@lemmy.ml 28 points 1 week ago (1 children)

That's correct, but not the reason grapheneOS chooses only pixel phones. It's the level of hardware security features.

[–] XTL@sopuli.xyz 9 points 1 week ago (1 children)

Also unlockable and presumably has well working builds. It's not just graphene, but just about every Android project it there that's best supported on pixels. Other manufacturers have a crazy variety of locking schemes and required tools. Each one is a nightmare to support.

[–] orange@communick.news 14 points 1 week ago (2 children)

For GrapheneOS, it's primarily that it's re-lockable. That's why other unlockable phones aren't supported.

The GrapheneOS install process sets new OS signing keys so you can lock the phone again and get full verified boot. However, most manufacturers haven't implemented this feature.

[–] XTL@sopuli.xyz 4 points 1 week ago

Yes, that cuts the list down even more.

[–] fuzzzerd@programming.dev 1 points 1 week ago (2 children)

What do you get, app/feature wise for verified boot vs. Play integrity app? Does it increase the amount of apps that work on it?

[–] orange@communick.news 2 points 1 week ago (1 children)

No, Play Integrity intentionally checks if it's a Google-approved key. Android itself has an API to check verified boot and gives info on the signing key - most devs just want to know verified boot is working.

I feel Play Integrity has a short life ahead of if competition authorities realise how exactly it works. "Anti-competitive" is the first thing policy-minded folks think when I explain the API to them.

[–] fuzzzerd@programming.dev 1 points 1 week ago

Hope you're right, because it basically spells the end of customizing.

load more comments (1 replies)
[–] MTK@lemmy.world 9 points 1 week ago

Second hand, no money for them

[–] Irelephant@lemm.ee 3 points 1 week ago

In the EU almost every phone has an unlockable bootloader, there just isn't any roms or custom recoveries for a lot of them.

[–] HiddenLayer555@lemmy.ml 2 points 1 week ago* (last edited 1 week ago) (1 children)

Wish they'd at least support Fairphone.

If Graphene reached out to them I bet Fairphone would even actively work with them to make it an official OS option.

[–] porous_grey_matter@lemmy.ml 7 points 1 week ago

Fairphone would need to substantially modify their hardware to make that work

[–] ryannathans@aussie.zone 8 points 1 week ago (2 children)

Right? Have to pay google for the privilege

[–] OrganicMustard@lemmy.world 16 points 1 week ago (9 children)

You can always buy a second hand one

load more comments (9 replies)
[–] 50MYT@aussie.zone 7 points 1 week ago* (last edited 1 week ago) (3 children)

Your options are:

Apple phone

Bloated android phone like Samsung etc.

Chinese android phone (xiami etc)

Google phone with Android

Google phone with graphene. This still looks like the best of those options.

Or no phone? I guess people are hardcore enough that will be the option.

Edit: I stand corrected.

[–] Samsy@lemmy.ml 15 points 1 week ago (7 children)

Fairphone? Swiftphone? eOS? Linuxphone? PostmarketOS etc?

[–] Killercat103@slrpnk.net 4 points 1 week ago* (last edited 1 week ago) (2 children)

Is swiftphone its own thing or did you mean shiftphone? I kinda want the shiftphone 8 myself even if they only ship to neighboring countries.

[–] Samsy@lemmy.ml 2 points 1 week ago

Ah sorry, you're right. I meant shiftphone.

[–] brisk@aussie.zone 2 points 1 week ago

There's always package forwarding. I'm about to find out how bad an idea that is.

load more comments (6 replies)
[–] ryannathans@aussie.zone 9 points 1 week ago (1 children)

I use cheap motorola phone with lineage OS, add that to your options

[–] SeekPie@lemm.ee 4 points 1 week ago (4 children)

I don't think LOS has any privacy/security improvements over the stock android?

(IIRC) it's even worse than stock because you can't lock the bootloader after installation.

Though if your phone isn't getting official updates, it's probably safer with LOS.

[–] 211@sopuli.xyz 8 points 1 week ago (1 children)

There's also the Lineage-based DivestOS that attempts to keep up with more security updates, and relocking the bootloader in phones that support it.

https://divestos.org/

[–] SeekPie@lemm.ee 4 points 1 week ago* (last edited 1 week ago) (1 children)

Yeah, I myself am using CalyxOS, because DivestOS doesn't support the Fairphone 5 unfortunately. CalyxOS also has relocking.

[–] 211@sopuli.xyz 3 points 1 week ago (1 children)

Calyx also comes with MicroG, right? So mitigates many problems with a bit more Google.

And Fairphone 4 here, partly for Divest (had it on Oneplus 6 before this and just used to it), partly because of a good deal for a barely used one.

[–] SeekPie@lemm.ee 2 points 1 week ago (1 children)

(IMHO) CalyxOS is a good balance between security and usability. Better than LineageOS, worse than GrapheneOS (and DivestOS).

[–] 211@sopuli.xyz 2 points 1 week ago (1 children)

Amen to that. Everyone has their own balance point, Calyx seems to hit that for many.

[–] SeekPie@lemm.ee 2 points 1 week ago* (last edited 1 week ago)

Forgot to say that yes, CalyxOS does have microG, though you don't need to log into Google to download apps from Aurora. Login is only required for apps from Google (like maps, gmail etc).

I also got the Fairphone 5 because of the used price! Mine was 300€ with a slightly burned in screen (it was used as a store display model), though I only notice it when on a completely white screen and looking for it.

[–] veniasilente@lemm.ee 1 points 1 week ago (1 children)

(IIRC) it’s even worse than stock because you can’t lock the bootloader after installation.

That's a problem with the phone manufacturer, not with Lineage.

load more comments (1 replies)
[–] ryannathans@aussie.zone 1 points 1 week ago (1 children)

Physical access is game over anyway?

[–] Andromxda@lemmy.dbzer0.com 2 points 1 week ago (5 children)

Not with GrapheneOS, since you can entirely disable the USB controller from the settings on a driver level, making it impossible to connect the phone to a forensic data extraction device. GrapheneOS also has a convenient auto-reboot feature, which (together with their patches to the Linux kernel and Fastboot recovery OS to include memory zeroing) erases the encryption keys from memory, putting the device in BFU state and requiring the PIN/password to unlock. This is additionally secured by the Titan M2 secure element, which makes use of the Weaver API and drastically throttles brute-force unlock attempts. https://grapheneos.org/faq#encryption

load more comments (5 replies)
[–] zerozaku@lemmy.world 3 points 1 week ago (1 children)

Xiaomi has the biggest custom ROM scene out there btw despite them trying their hardest to stop bootloader unlocking. You really don't need to have a company supporting unlocking to make ROMs for them. If they outright block it then that's an issue.

[–] Irelephant@lemm.ee 3 points 1 week ago (1 children)
[–] DoeJohn@lemmy.world 1 points 1 week ago

My friend just got a new Xiaomi phone. He tried unlocking it a few days ago and got "try again in 168 hours". That happened in Europe. It's an absolute mess nowadays, I remember when they started blocking you from unlocking the bootloader. First you had to wait 24 hours, then 3 days, now it's an entire week. You also need to make sure you're logged into your Mi Account on both phone and PC and do even more weird fuckery to ensure the process actually go through. Meanwhile, on GOOGLE Pixel devices you just type one command after you enable oem unlocking in settings and reboot into fastboot mode. Crazy.