Privacy

46624 readers

289 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

Graphene vs /e/ os (lemmy.world)

submitted 1 day ago by MostRegularPeople@lemmy.world to c/privacy@lemmy.ml

47 comments fedilink hide all child comments

A question as old as time, I know.

I'm getting away from Google and I've done the easy stuff: CoMaps, Proton mail (I know, not the best move), aveslibre, etc. I currently don't have the time (or the knowledge base) to learn how to self host, but hopefully that will replace Drive and such in the future.

But I digress. I'm looking at a new OS for my phone. I'm currently in a contract with a phone that is incompatible with alternative OSs. Graphene needs a Pixel. Used, they're $150-400. /e/OS will run on a Motorola or whatever and those are like $80.

There's also the option of going full Fairphone with /e/os and I like that idea in the future.

The internet people tell me that Graphene is the best due to ease of installation, privacy, and security.

I don't need a lot of security. I just want Google to stop suckling all that sweet, sweet data from my teat.

What are your thoughts?

you are viewing a single comment's thread
view the rest of the comments

[–] skarn@discuss.tchncs.de 7 points 1 day ago* (last edited 1 day ago) (3 children)

It is also largely questionable.

/e/OS has MicroG, and that runs as a system service. You can disable most of it, and if you're not using any App that needs Google services, I doubt it really does much.

It is possible to use Graphene without using any Google at all. However... Doing so will break almost every app out there. Anything that needs push notifications, AndroidAuto, a thousands more things. So you end up using Graphene with Sandboxed Google services.

And we get into the debate. Is it better to take the official Google Play Services, which we all consider malicious, and run it in a sandbox, or take an open source private, and trusted implementation (MicroG) and run it as a system service?

It is at the very least largely debatable.

[–] skyline2@lemmy.dbzer0.com 1 points 7 hours ago

From the official GrapheneOS response to exactly this same debate, it seems that the issue is MicroG's reliance on having signature spoofing enabled. Which is a security hole that can be exploited by anyone, not just MicroG, as it allows anything to masquerade as Google Play Services to an app that wants to use it.

https://discuss.grapheneos.org/d/4290-sandboxed-microg/11

Yes, Google Play Services is closed source and contains functionality that would be considered "spying on the user", and "malicious". But that is the same for any closed source app; you can't prove it isn't trying to spy on you or compromise your device. What you can do is rely on the App sandboxing and fine grained permissions control that GrapheneOS allows to disable such functionality if it exists.

Of course, if even having a closed source app on your device is too much, then honestly you wouldn't even be using MicroG as you wouldn't want any apps using Google's proprietary libraries for accessing Firebase or other proprietary services anyways...

So, GrapheneOS offers the most sane approach in my opinion, without opening any security holes. By default the entire OS (not talking about pixel firmware blobs, just the os and kernel drivers) are open source and you can use only open source Apps via Fdroid, Accrescent, direct with Obtainium, etc. But for the average user enabling sandboxed Google play and managing its permissions is the best compromise between security and privacy.

[–] eleitl@lemmy.zip 2 points 12 hours ago (1 children)

It is best to run GOS or Lineage OS completely Google-free.

[–] skarn@discuss.tchncs.de 3 points 11 hours ago* (last edited 11 hours ago) (1 children)

It is best from many points of view but, as far as I understand, this community is about providing knowledge and tools, and leaving it up to the individual users to asses their threat modeling and determine the extent of the acceptable compromise?

Edit: in every use of connected technologies there are privacy trade-offs, and privacy may not be the only concern on a user's plate.

The Fairphone mentioned in the opening has the more ethical production and spare parts support, that can be a concern for many users. Ultimately it's for them to decide. Maybe we bore them and they just get a third hand iPhone, which is still largely a privacy improvement over stock Android.

[–] eleitl@lemmy.zip 1 points 11 hours ago (1 children)

"Best" only in the context of this thread.

[–] skarn@discuss.tchncs.de 1 points 11 hours ago

If it's only about degoogling, they can very well use /e/OS and remove the network permission from microG. Yes, it's possible.

[–] ScoffingLizard@lemmy.dbzer0.com 4 points 1 day ago

You can delete MicroG with Android Debloater. You will not be able to do most transactions afterwards.