Which is more secure with the privacy and security of LineageOS and GrapeneOS?

That’s a very interesting post Jonah, and has me wondering now! What I don’t get is … Apple is a swine for stealing/tracking data etc, so why would that be trusted?

This got my attention, and same question! Do you REALLY TRUST Google to do ANYTHING which doesn’t give them a backdoor into people’s data, location, browsing habits, messages… ?? I am not questioning you, I have no technical abilities at all so next to you I am a mouse, but I am curious about this now as I may get myself a Pixel based on this because I can’t trust many people but I know you can be trusted and if that’s your view, I better think hard!

I desperately want a second phone, it needs to be a smart phone so I can use Signal/Wire/Riot and ProtonMail App, but I want to make it as private/anonymous as possible. Any advice you can offer will be hugely appreciated

PS I should add - Would the best option (best possible currently) be to wait and buy a Librem5 phone?

With regard to security I definitely trust Google, they’re doing incredibly important work on all fronts, with their Pixel hardware, and with things like TLS 1.3 in Chrome, and their focus on hardware security like U2F.

Where I don’t trust them is with privacy, and that’s where the custom software comes in. If you’re running GrapheneOS there’s nothing to worry about.

I haven’t seen any evidence of that.

The big thing is Apple keeps their hardware/software offerings relatively siloed from their services and third party apps. I think their hardware is exceptional, and iOS is great for security. Where it gets less clear is with iCloud: the data that they collect that isn’t End-to-End Encrypted should be for example; and with third party apps, because no privacy/security features on a device are going to prevent you from giving away your data to Facebook or whoever.

Contrast with OEM (Google Play enabled) Android, which is basically just a vehicle to get people using Google Chrome, Google Photos, Google Drive, etc.

Also with the iPod Touch I was more referring to heightened hardware security because it lacks GSM, so cellular tracking methods are completely out of the picture. It’s just iOS and a WiFi module that can be disabled, which is fantastic. There aren’t any phone-like Android devices without cellular capabilities that I’m aware of, and certainly none I’d trust (I mean, I’m sure some Chinese company makes one). And even stepping it up larger there might be some Android tablets that could fill that niche, but I’m not even sure if I trust them. Samsung is basically the only people making Android tablets anymore and their track record with updates is abysmal.

And I forgot to answer your other question. I personally don’t trust Purism and I don’t see anything that makes the Librem5 more (or less) secure or private than a non-Google Android ROM. But I’m holding my final judgement until they actually make a product.

Thanks Jonah, some very interesting points there.

Fair enough, and I also have my reservations.

I am running Lineage. I have not heard of Graphene. I don’t know if I am up to making the change but would get someone to do it for me if it’s really worth doing. What does Graphene do for my privacy that Lineage doesn’t?

You haven’t seen any evidence of Apple tracking their users? I am surprised by that, but that’s not a snarky comment, I am just genuinely surprised and I will look into it again. FWIW I am actually an apple user, I have iMacs and iPhones (and Samsung tablet as I thought a rooted Samsund tablet was more privacy focussed than an ipad).

I am trying to find a way to set up the most secure and private MACHINE (laptop ideally but tablets could be considered) and same for phone. These are for personal use. I will continue with Aple gear for business stuff. The trouble is Apple requires all users to have an Apple ID to use just about any of the features of a mac, such as Facetime, Messages,etc. I could try living without it if I put my mind to it, and I might after reading your post.So you think an apple machine/iphone can be private, if only by removing icloud?

Thanks

Who and/or what are you protecting yourself against?

The only honest answer is “everyone”, but given some context I could probably elaborate a bit on that. I would “like” to protect myself from govt level attacks, ISP and cell company spying/tracing etc, but as I am not doing anything criminal (until they change the law of course, 10 years ago it wasn’t illegal to do many things people are arrested for now!!) I probably don’t need that level, but I do WANT it if i can get it.

I was just thinking, you mentioned ipod touch. That really got me thinking and I may explore that (removal of baseband issue, he says pretending he understands the words he speaks :D). I had an idea, which is probably a dumb one, but just in case… I will need data access when not near wifi. What if I had an iphone, and an ipod touch, and when the ipod touch wasn’t near wifi, i used the hotspot provided by the iphone. Would that be in any way better than having cellular data connected to the ipod touch (private device)??

I said that Edward Snowden says Google Pixel is dangerous, what do you think about this?

Link/source? Can’t find this. In fact, I found this tweet of his semi-endorsing GrapheneOS on a Pixel over iPhones:

(Well, CopperheadOS, but that’s the project the GrapheneOS dev was working on at that point in time, and Copperhead’s security was moved into Graphene)

Anyways, at the end of the day Snowden is just some guy, same as myself or anyone else here, and is certainly not infallible. I tend to take his opinions with a grain of salt.

What happens if you install GrapheneOS on a non-Pixel device (eg Nexus)? Also, can GrapheneOS be used without any problems, including Android apps? What is the cheapest way, site or service to buy Pixel in secondhand?

Very well said. I totally agree. I think the guy is a bit of a hack. He paints an image of being some super high tech spy with knowledge of everything. Not only is he just a guy, he is just a guy who wasn’t an analyst (for long, arguably at all), he was a geek who had high level access for geek needs. He snatched some shit and released it. I make no judgement of that, I am in many ways pleased that he did it (to alert people to the dragnet we live under), but I don’t rate him as some kind of expert. In fact I would sooner trust opinions of people on this BOARD than him. Another point is that he is just ONE man, so even IF he was a genius and totally pure in his motives, it would only take ONE act to bribe/blackmail him into promoting stuff “they” want him to promote. Making all the techs in the free software world would be a much harder task, impossible more like!

to say that Snowden is a hack, or just some guy, or that he paints an elevated image of himself is wildly inaccurate in my opinion

that may be what the mainstream media would like people to believe, but that’s not what he is - also he never claimed to be an NSA analyst - he worked for Booze Allen

let’s not forget that he risked everything, including his life, to bring to the attention of the public what no establishment “news” company has bothered to do - let’s also not forget that this isn’t over; his fate is still very much undetermined and he cannot return to his home country without risking prison - that’s not something i’d want hanging over my head every day

Snowden does not appear to be seeking attention - according to his statements and actions, as well as the documentaries about him, he never wanted this to be about him; he wanted people to focus on the documents

there’s a lot he exposed that isn’t new at all, but he’s a highly credible source and he had the documents to bolster his case and, as a result, the tech landscape has changed as well as the political landscape to a lessor extent

look at the documents, not the messenger as the media/government would rather you do

I don’t actually think you have disagreed with me much there. I certainly don’t disagree with much you said! I overstated my position though. “Hack” was overstated in particular.

My point is about his level of expertise, and I didn’t accuse him of being responsible for what others say about him (which is my main cause for concern). Just as you said, it’s about the DOCUMENTS, not HIM. Agreed. The documents are awesome, genuine, and the points he made were backed up and true. He is a hero for freedom. I take nothing away from him for that, and he gets shit loads of credit from me for ruining his own life to expose the crap he exposed.

I was mainly referring to how everyone says “Snowden said use this, or that”, unless I heard it from him myself, I take it with a pinch of salt. And I do WONDER if there are people out there (agencies/media) using “Snowden says” to push people towards things they already have exploited in some way. If that were true, it wouldn’t reflect on him of course. I don’t think HE has been exploited, but I think his image/words/recommendations are often exploited and used as some kind of holy grail. I think that much faith in one man’s words are always dangerous, so for me, the words of a large group of people (such as on this forum and others) will always have to carry more weight for me just for the reason of it being a collective rather than a one man show.

good - i tried to not to come off as an opinionated jerk talking out of my ass … i think i partially succeed

i was actually going to comment about that in my last post, but then forgot what i wanted to say, which is this…

if people want to legitimately discredit Snowden, i think one avenue is whether his dump was a limited hangout or not - and then you have to ask if he knew he was being used

the answer to the latter question is, IMO, a big fat NO - i’ve been studying body language (and no, not that ‘if he looks down and left he’s lying’ crap) and though i’m not at all proficient, there’s certain deceptive behaviors i can pick out pretty easily and i’m not seeing that at all with Snowden, at least not where it matters - i think he does show deception, but not because he’s lying, rather because there’s something he simply cannot talk about or something he’d rather the public figure out for themselves and in those cases you see certain movements or changes in his voice that indicate that

the bigger question you seem to be alluding to is whether TPTB perhaps allowed the leak because it suits an agenda and i think that’s possible - perhaps achieving self-censorship because people know they’re being watched was a goal, or not … i dunno

Nope. Fully

I really had to take 5 minutes out to stop crying with laughter after reading that. You see… for we dumb folks who aren’t up on the modern lingo for tech stuff, that sounds rather rude.

Body Language - Ha, i am VERY interested in that too, and past work roles of mine taught me a lot about it too. Generally I can usually spot a liar at 100 yards - it’s indeed fascinating, and I have to say, nothing about his behaviour ever gave me cause for concern about him having devious motives or anything like that. For a beginner’s guide to reading body language, I usually tell people to study all the videos of the mother and father of Madelaine Mccann!! Something is rotten in the state of Denmark.

Now THAT is an interesting point. They really are that clever and devious, that I often wonder about things like that. How many false flag events do we need to witness before we understand that when commonly perceived “bad” things happen, TPTB ALWAYS seem to BENEFIT. Whether it’s the Patriot Act, FISA, Homeland Security… yawn.

There are no builds for non-Pixel devices because the developer doesn’t believe any other Android devices are secure whatsoever hardware-wise. The code could theoretically be built for any platform, and you would get a few benefits like the hardened memory allocation, but you’d still be missing out on many, many security features, the most important of which is timely security updates. Because the Nexus devices are no longer receiving security patches from Google no security patches will be available in custom ROMs, even GrahpeneOS.

Yes, it’s basically just a hardened version of stock AOSP. It doesn’t come with an app store, but you could install F-Droid no problem. However, with GrapheneOS the device cannot be rooted, so you can’t install app stores that automatically update apps, unless you’re willing to give up a locked bootloader, which is an important security feature.

Probably depends on location, what’s your budget? I like Swappa in the US personally.

I don’t think anybody wants to discredit Snowden, he did an important service for our society. It’s just exactly like @StanTheMan was saying:

People are using his quotes and advice like it’s the end-all to discussions.

hehe - ‘limited hangout’ - funny, i never once though about it the way you did - shows how different people exposed to different stuff can think very differently

re: Madelaine Mccann - you aware of the Podesta “coincidence” in that case? yes, that one boggles the mind

re: body language - yes, how people say things is every bit as important as what they say - i really like Bombard’s Body Language ( BitChute channel - BitChute feed ) - apparently she’s been booted from ThemTube (aka YouTube)

NO SHIT… LMAO

I am aware of more ‘coincidences’ than I can honestly handle, I gave up learning about any more, but my answer is “no”, for fear of more emotional distress coming my way!

BitChute link- Woah, I clicked it and it downloaded a text file full of code (links to paypal and stuff). I will look it up though thanks.

Jonah - Damn the more i read of your posts the more I think I better sell my (as yet unusued) Motorola G (LineageOS) and my Samasung Tab S, also running LineageOS!

I really do need every bit of (achievable) security/privacy I can get my hands on, and as annoying as it is, I would rather be changing things now than after I start using the devices regularly. Maybe a silly question, but would anyone (reputable) on here be willing to consider setting up a device for me and chucking it in the post to me (not via Langley preferably :D) - Paid obviously. I expect not, but have to ask as I have really no friggin clue, and even though I could learn, I am so flat out at the moment that it just won’t happen soon enough.

Maybe, PM me.

Fun fact: You could use attestation.app (a project by GrapheneOS) to verify the integrity of the software running on your phone to ensure it hasn’t been tampered with, no matter who/where you get it from.

that was an XML file - you clicked the news feed link which i provided in case you subscribe to news feeds - try this: Bombard’s BitChute channel