I dont want to start a fight or anything like that, I have to decide between these 2 and cant figure out which is the best and why, mostly because if you ask on X they just start swearing to each other without giving any real explanation, can anyone help a person who want to embrace privacy and anonimity?
GrapheneOS is unmatched when it comes to security features including hardening. Don’t get me wrong calyx is great and when you like to use microG then it’s there. With graphene you can also install google play and framework (if you wish so) but in a different approach. It’s like a normal app. So you can do it with network access given or not even etc… it’s worth to test out also the profiles and separate your life into profiles… you can have on one google service on one not etc… and all getting push notifications. Most banking apps work (to be honest very had any issues.)
With calyx like I say it’s a privacy but not security hardened approach. And calyx been back in security updates what been pushed from google sometimes for months. For me it’s a clear choice but it’s your call…
There is some more reading here from the DivestOS site about why Graphene Is better.
I still dont understand how the graphene sandboxing is better than microG that is a randomized ID more or less, why I should install feds apps on my phone? even if they’re sandoboxed
its down to your threat model, microg runs as root, sandboxed play runs as a normal app.
There is one philosophy that says the less privileges the better, the smaller the risk surface
oooh ok, now its all clear, thats why people blame microG for security stuff, thats right didnt thought about that at all, damn dumb me fr, thanks man, thanks for the help
You can choose not to use it at all. My main profile does not and all work fine. Non privacy respecting/ goggle dependent apps I keep in a separate profile.
You can’t do that on calyx.
Since play on GOS is toothless , while microG is a hacked up job yea it’s better. Microg is ofc amazing , but still a have issues.
If you’re not running play services youll have to set up push notifications with something like ntfy or use background sync which uses more batteries.
Could you please elaborate so that I know what to look into? I plan to switch and no notifications is a concern of mine.
Ntfy for apps that support it
When I was looking into Graphene people said the issue is lack of notifications. Is this outdated info?
Any android without google play. Many apps lack notifications outside of firebase.
whats firebase?
API for push notifications
foss google play alternative?
ntfy and unifiedpush
There are 3 important factors that drove me to CalyxOS rather than GrapheneOS:
1/ There’s no way in HELL I’m buying a Pixel phone and giving my money to Google for the privilege of not being tracked by Google. That’s really too rich for me.
2/ I want a repairable device.
Therefore I bought a FairPhone 4 (repairable and not Google), and only CalyxOS supports it - of those two that is.
And finally 3/ The GrapheneOS community is toxic. Although in fairness, now that the Chief Toxic Officer is gone, maybe it’s gotten better. At any rate, the Calyx community is completely peaceful and exemplary compared to Graphene.
This may not matter to you, but it seems to me like a sane thing to do not to trust software made by someone who talks that much shit.
While I am agreeing somewhat, and I haven’t been active in the community much. The few encounters I had was in the matrix chat . Yea toxic af . Checked in too see now , scrolled a bit but quite civil atm.
I repair pixel phones as an hobby / side gig and yea not comparable withe fairphone, but still repairable , better than a lot of others but depends on models.
I buy second hand in bulk and repair whats needed. Bonus of no trail to Google as well.
Off topic: but about repairing pixels as a side gig.
For the Pixel 5A5G, the screens not being responsive issue, it appears to be widespread. The discussion forums, and the Google forums, simply refer to it as a “motherboard issue”.
In your experience is that more likely to be a bad BGA join coming loose over time? Is the most likely repair option for those devices reballing the BGA on the CPU?
Graphene community isn’t toxic at all, there’s some people who you really shouldn’t listen to seriously for advice but other then that it’s like all community’s with some good eggs and bad eggs
Also, privacy fruendly esim activation anyone? (Am aware of privacy issues with sim)
Confused on what you mean by that
Well, if you want to activate an esim on any other Android rom, you need to use Google services and have an internet connection. DivestOS is the first rom to implement an open source version of eUICC, which is used for activation, called OpeneUICC. It also does not need an internet connection, so nobody knows that the esim is installed on your device. That is, until you actually use it, of course. This is in line with DivestOS actively trying to “deblob” (remove binary, closed source parts of) Android.
The second part, about why sim is not very private, well it has a unique identifier and the technology was specifically designed to pinpoint your location, as this helps keep a good connection.
Also, why did my comment get downvoted?
GOS also have esim implementation without google
Sandboxed Google Play has to be activated. I don’t have an issue with SGP but some people do.
Ah yea, that’s true. But at least you can remove it after activation it seems. https://github.com/GrapheneOS/os-issue-tracker/issues/159#issuecomment-1292329307
I assume this is more up to date information. https://grapheneos.org/usage#sandboxed-google-play-esim
One bit that I found interesting is: “Privileged eSIM management can be enabled in Settings ➔ Network & Internet ➔ Privileged eSIM management. The toggle will be greyed out and unusable if sandboxed Google Play is not installed, as the functionality is reliant on it.”
The second part, about why sim is not very private, well it has a unique identifier and the technology was specifically designed to pinpoint your location, as this helps keep a good connection.
SIM cards contain authentication keys for the cellular network so it knows who to bill and which cells to send a paging signal over to ring a call. The use of SIM cards does not pinpoint your location, and SIM cards have absolutely nothing to do with keeping a good connection (pSIM or eSIM). The network and handset are constantly re-evaluating signal strength across various bands and modes and the network tells the handset to switch to what works while moving about the network. The SIM just auths the user account. It is ostensibly a key to your service, nothing more.
All the network band/mode hunting will continue with or without a SIM card, the phone would just be limited to emergency calls in that state.
I don’t think you understood half of what I wrote correctly. Feel free to skip the next paragraph if you already know about triangulation in the context of cell towers.
Your phone, when connected to a cellular network, can be tracked by cellular towers. Take a single tower to which you are connected. The tower has a multitude of devices which are connected to it. Since latency is a large issue due to distance, communication is less trivial. To prevent waiting for packets from a device for too long, the cell tower will divide a certain time into sectors. In each of these sectors, one device is supposed to send it’s packet. To hit this time window however, the device has to send it’s packet in advance, as to cancel out the latency of the transmission. By how much is determined by the distance between the cell tower and the device. This system requires knowledge of distance. This distance has to be close enough to the real distance, to cancel out latency and maximize the time a device can send data. With obstacles that may reflect the waves, the preciseness of the distance determined is correlated to the stability of the connection. Given that a lot of people can be using a cell tower at once, there are towers which are segmented. These work slightly differently than non segmented ones, in that they have multiple antenna sending and receiving signals in different directions. A segment of a tower with 6 segments would then be responsible for all devices which are in the area of 60 degrees from the tower. The distance together with the general direction already gives us a pretty accurate depiction of the user’s location. However, since most towers are neither segmented, nor would a say 6 segmented one give as accurate of a reading if the device is 3 miles away (that would be a possible curve of pi(≈3) miles which the device could be on, given a perfectly flat ground), let’s make this even more interesting. With a simple, rough time stamp, we can find out the location of a device up to an accuracy of a single point. Add a second cell tower, make the device connect to the towers one at a time and you have the exact position of the device. Well, pretty close to exact at least.
With that said, the reason why a sim card is the issue in this constellation is the unique identifier. If a network of cell towers can determine where you are located and the imsi is tied to your identity, then your location is tied to your identity. And if you think, even for a second, that mobile internet providers would not take advantage of this, think again. A very popular example of this are malls wanting to know where their customers came from.
Now, if you have a device with GrapheneOS (DivestOS too I think, don’t know) for example, then you will have the ability to entirely switch off the cellular antenna of your phone (which one should likely do if they don’t have a sim anyways). This is supported by hardware due to airplane mode, where the airplane requires least interference.
Now that I have explained in more detail, do you understand better why a sim card is a privacy concern?
I went with GrapheneOS and it is my preference, but we need all this software to mature. We want choices and a hardened more complete feature set, so I really want CalyxOS to succeed also. That and Lineage, /e/os, Linux Mobile options etc.
-
I understand the argument: buying a pixel to escape Google, sounds ironic I know, but it makes sense from a technical POV, Graphene Devs have explained over and over, ( on the forum, Reddit, Mastodon, Matrix ) that the most secure implementation of Android is how Google has done it with the pixel, ( I’m not a Dev, but I understand it’s something to do with the firmware ), Graphene Devs can explain this better, way better. The FAQ is a good read
-
100℅ agree. I like the fairphone for the same reason, and I like that CalyxOS supports it, price is too high though, compared to what you get on a pixel, but it’s repairable at least
-
I think you saw too much drama on YT and reddit, the problem with all that coverage, is they didn’t get the context right, Gos devs get attacked all the time by outsiders and people from other communities ( unfortunately ), and for every action there is a reaction, sure it may not be a wise reaction, but a reaction all the same, GOS should hire a professional Social media manager, they should have done this earlier, but the community itself isn’t toxic, their matrix rooms have been a huge help for me, even in topics not related to GOS, and the project is open source, people saying they might slip something malicious into the code, are the ones ruining the project reputation by spreading paranoia
1/ I know Pixels are technically the best. That’s not the issue. My issue is: I am not giving my money to Google, and certainly not for the purpose of escaping the Orwellian dystopia they’re building around us. It’s not a technical problem, but a question of principle.
I know some people argue that buying Pixel phones specifically to install a deGoogled OS sends Google the message that people are willing to pay for the privilege of preserving their privacy, and the more people buy Pixel phones for that purpose, the louder the message and the more likely Google will finally listen and convert at least part of their business model away from corporate surveillance.
But you know what? That’s bullshit. Google will never stop violating people’s privacy and monetizing people’s data. They just take your Pixel phone money and laugh all the way to the bank at how naive you are.
I will NEVER give Google a single dollar. Full stop. It’s not even an option. I’ll take the additional risk of using a non-Pixel phone - which, for my threat model, it completely insignificant anyway.
2/ I’ll pay whatever it takes to escape Google, and also give the throwaway economy the middle finger. As a well-to-do first-worlder with plenty of disposable and grown up children who have left the house, I have the means to buy overpriced equipment that’s compatible with my worldview.
3/ I don’t care about drama regardless of where it comes from. Quite frankly, I don’t even want to know: I’ve read enough about and around what was going on with DM to just give the whole thing a pass. Besides, like I said, the man seems crazy enough that it basically invalidates any trust I might have in his code, and it’s precisely the type of application for which I desperately need trust. I don’t trust DM nor his code, and that’s not even a community issue.
I have neither the time nor the desire to review MD’s code. I need a working cellphone OS that I can place a reasonable amount of trust in. The Calyx Institute looks 100% legit, run by normal, rational people who aren’t off their goddamn minds, and I trust what they do a lot more than GrapheneOS because a lot of GrapheneOS was put together by a nutjob.
I know some people argue that buying Pixel phones specifically to install a deGoogled OS sends Google the message that people are willing to pay for the privilege of preserving their privacy, and the more people buy Pixel phones for that purpose, the louder the message and the more likely Google will finally listen and convert at least part of their business model away from corporate surveillance.
Really ? This is the first time I’m reading this, as a person who own 3 pixels actually, and this is too rich for me, people seriously think that ?
But seriously, the reason, I always go for, and recommend a pixel, is because
A - they’re available B - they’re easy to unlock and flash ( and that’s not by accident, Google engineers who still have some humanity and ethics are doing it ) ( although pixels from Verizon are always OEM locked ) C - they’re cheap, especially older models
That said, If the circumstances allowed it, I’ll do exactly what you did ( FP + CalyxOS ) or just buy a Murena Phone ( and help support a company that fights for user digital rights in the process ) or maybe go “based” all the way, and buy a Pinephone ( + PostmarketOS )
So, hope you didn’t interpret me saying ( FP is expensive ) as it’s not worth it, as you explained if Adding ~ not supporting a monopoly ~ checkbox to the list, then FP is totally worth every penny, and it’s highly unlikely they lock the bootloader in the future ( can’t say the same for Google )
I don’t trust DM nor his code, and that’s not even a community issue
DM actions has damaged his project, there’s no denying that, and I don’t blame people for not running someone’s code inside their phones, because they feel uncomfortable about the person himself
And that often leads to harsh judgments like this one :
… who aren’t off their goddamn minds…
GrapheneOS was put together by a nutjob
Idk DM personally to make that kind of judgment, but I do know that he’s a brilliant security researcher, and the work he put into GrapheneOS made it leagues ahead of any stock Android, and you don’t have to trust him, the code is on github, and it’s not made by a bunch of shady cipherpunks, many organizations supports and recommend GOS, such as this one
If we were to judge a project by the actions of one of their Devs, then we’re just killing the free software movement from inside, this is something that I keep thinking about actually, Linus torvalds went as far as telling someone to kill themselves, and he admitted that: his not a people’s person, RMS with his attitude… Etc
So, what I’m trying to say, is that we should be objective, Open source is way of developing software, and the people behind that software, their takes, their tweets, them drinking alcohol, being abusive… Etc has nothing to do with software, the software doesn’t feel… humans do… But is it enough reason to discard that software and trash it, or worse cancel the developer from society ?
I think, if we see that kind of behavior within our Foss community, we must not trash the software and developer, and abandon their project, I think that’s too harsh, and no developer deserves that. Instead we should make them aware of their behavior…
DM, got aware after that incident with Louis rossmann , and stepped down, and he was open about having mental issues and he needed and still needs help… Maybe I’m too sensitive and emotional but that’s me,
Also, what if someone new to the privacy community sees people trashing other projects, because of their first impression or whatever… That doesn’t help anyone
Really ? This is the first time I’m reading this
Yes. There are deluded, wide-eyed idealists who believe Big Tech should be shown that there are honest ways to make money off of direct sales and they don’t need to put people under surveillance, and the best way to show them is proving it with their wallets. What they fail to realize is that Big Tech is unprincipled to the core, and the unprincipled way of making money off of people’s privacy is orders of magnitude easier and more profitable.
he was open about having mental issues and he needed and still needs help…
I have nothing against people who have mental problem. Hell, many people who get heavily involved in computers and into free software are on the spectrum and I have no issues with them or the software they made, which I enjoy using.
What I have a problem with is code made by people who make threats. I don’t care why they make threats: if they can code, they can code revenge code. And I have a problem with code made by people who have a persecution complex for the same reason.
DM thinks he’s persecuted and he did make threats. Repeatedly - unlike Linus. I’m sorry for him and I sympathize on a personal level, but that makes his code quite untrustworthy, because his motivations for making the code and the state of mind he was in when he made the code make the code inherently suspicious. And like I said, I don’t have the time nor the desire to go through and vet his code. I have enough projects to take care of myself without having to second-guess someone’s suspicious code.
He may be a genius security researcher and he may be the most talented individual on planet Earth. But in the line of work he chose, having a squeaky-clean reputation and credentials is everything, and his personality issues unfortunately damaged both and tainted his work.
Personally, I preferred not to take the risk and I went with Calyx’s work which, while perhaps not as hardened as DM’s libraries, is adequate enough for my threat model and - most importantly - made by people with a clean rep. At least it was one of the factor, since I was never going to buy a Google phone anyway, and GrapheneOS only supports Google phones.
I preferred not to take the risk and I went with Calyx’s work which…
made by people with a clean rep
…if they can code, they can code revenge code…
Well, all I can say is that your arguments are theoretical ( so far )… DM is innocent until proven otherwise…
Not saying “trust” isn’t a valid criteria when choosing software, It is… But I can’t see anything shady about the project, it’s a joy to use, and for what’s it worth, I never looked at buying a big tech phone and flashing a custom ROM as a solution, it is, but a temporary fix, real solution in my opinion is a Linux phone that can run Android apps
this 👇 is not theoretical though, buying a pixel does support Google, that’s why you buy a used pixel, minimizing the damage I guess
since I was never going to buy a Google phone anyway
GOS also got code upstream in AOSP.
Here is an alternative Piped link(s):
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
-
Is it possible to re-lock the bootloader on the phairphone with calyxOS?
Absolutely. It is recommended in fact.
I use calyx on a spare phone, graphene on my regular. Graphene is better security wise, and better privacy wise.
If your device can run graphene is go for it.
Graphene for example are using a sandbox Google play that’s not have any special privileges. Which you can choose to use or not. Or use in a separate profile. Calyx comes with microg from the start. Which still uses proprietary stuff. Just the hardened malloc and other stuff under the hood on graphene makes it a better option
what about battery life? I heard that calyx can stay on for a long time without any issues because there are no actual background apps but I didnt heard anything about that for graphene, can you confirm that since you use it as daily drive?
Amazing battery life , comparing a new install of calyx and graphene it’s a ton of difference. Calyx looks bloated in comparison with graphene. There’s basically like 5 apps on a new graphene install. Just running microg takes a lot of stuff to run.
perfect, thanks for the help.
If you have a pixel I recommend graphene and if not I recommend calyx. Graphene has some lower-level security primitives and their sandboxing between profiles is very good. I recommend not installing Google Play Services on your main profile (ideally in none but you might not have that luxury).
Security and privacy require diving into the topic, though. You can still easily do non-secure, non-anonymous things in either case. Sometimes people even seem to do riskier things when they think their privacy tools are there, and end up being less private and secure as a result of not knowing how the threats work.
wait whats a profile, ive installrd only snapchat on my phone. is it too late to delete it without consequence and put it on this ‘new profile’?
Both are good solutions however if you’re on a supported phone I would pick GrapheneOS every single day.
CalyxOS (and the supported devices) expose you to a classic “evil maid attack” applied to phones. There’s also other privacy implications of mishandled stuff in CalyxOS.
If you want a detailed explanation read this https://lemmy.world/comment/4962467 and my comments bellow it:
As usual if you’re looking to have any security (Verified boot) GrapheneOS + Pixel phone is the only options. I really don’t get it how come people(…) are okay with having a phone with all their personal data and logins without verified boot. Stolen / lost phone and game over.
Doesn’t Android have file based encryption by default since a while now??
if someone can compromise your bootloader in an hotel or some other public place then they’ll get to your data either way once you turn on the phone. This is one very small and very important detail that all those tech youtubers pro-privacy, security and whatnot love to ignore as it is the really hard one that makes all the difference. Secure boot is a complex subject and it requires a lot of work and checks to make sure nobody tempered with your device and Graphene / Pixel are the ones that really give a shit about that (except for Apple that wants to block jailbreaking and pirated Chinese app stores at all costs).
switching to another ROM on a phone with non re-lockable bootloader is a downgrade from the stock ROM?
It depends on your goal. If you plan to have any kind of boot / data security and the device can’t be re-locked with an alternative ROM you’re essentially better with the stock ROM in a locked state. Now that’s kind of personal choice, I believe the instant damage done by someone stealing your phone and getting your data (because your bootloader was unlocked) is considerably larger than the privacy implications of running the stock / vendor Android. For what’s worth if you can root your stock Android and firewall everything that seems suspicious it might be better than running an alternative ROM without a secure boot. Even with an alternative ROM you can run into privacy issues, take for example here CalyxOS running on Qualcomm CPUs. What’s interesting here is that this issue doesn’t happen in Graphene because they’re actually better.
That’s immediately wrong because CalyxOS has verified boot.
Not sure because I rooted my calyx spare, and it was a while back since I used it… I thought calyx also had locked bootloader?
yeah, Calyx does support relocking it.
CalyxOS (and the supported devices) expose you to a classic “evil maid attack” applied to phones.
As usual if you’re looking to have any security (Verified boot) GrapheneOS + Pixel phone is the only options. I really don’t get it how come people(…) are okay with having a phone with all their personal data and logins without verified boot. Stolen / lost phone and game over.
But CalyxOS focuses on verified boot too?
Sure it does: https://calyxos.org/docs/guide/security/bootloader-lock/. To some degree for the officially supported devices and if you aren’t one of those FP4 users who will get bricked. And speaking about the FP4 there’s this: https://twitter.com/GrapheneOS/status/1546224158769659904
Meanwhile a proper description of how it works, and what it does: https://grapheneos.org/faq#encryption
perfect I’ll take a look thanks
Just copied over the most relevant parts of the discussion with other users.
After having done some recent experimentation: from a usability perspective.
Graphene Exclusive:
- sandbox google if you want it
- can disable apps, so they never run, but still get updates. ( This is great for those apps you want on demand i.e. food, hotels, movie, banking, etc)
- elegant cross user notifications, so if you’re in your banking user account, you can see you got a text message on your social user account. And switch over quickly
- security scopes for contacts, and media- you can choose exactly what to share with a app when they ask for access to media. This might now be a general Android 14 feature I’m not sure
Calyxos Exclusive
- share VPN via tethering and profiles (lineage os too)
- work profile for EVERY user account (normally only the owner account can set up a work profile. This is the only ROM I’m aware of that allows this.)
Honestly, I would like the vendors to incorporate each other’s features. I don’t see why not since they’re both open source.
When traveling, the ability to share a tethered VPN is an absolutely killer feature. You don’t need travel routers.
Sorry for necroing an old thread. But it’s relevant