Only 2 problems I have with Graphene personally is the need to give Google money, which the irony is just too much, and no option for rooting. Otherwise it seems like a pretty good OS overall. In the meantime, while I wait for those options to be more flexible so I can have full control, I just use a rooted lineage os with all the extra Google stuff (ntp, DNS, etc) stripped and replaced with my own self hosted systems.
@Mikelius@Imprint9816 what do you need root for? it makes absolutely no sense to root GrapheneOS and they won't ever make that option available. It's a huge security risk and massively increases attack surface. If you want root so badly, stay with lineage. Giving Google money for a product they make isn't any different from buying a Samsung or Apple phone really.
I’ve heard and seen folks say rooting Android is a huge security risk and adds an attack surface, but haven’t seen anything to support the claims, really. Yes it’s less secure for the average person, who doesn’t know anything about security, to root an Android, but to say it’s completely insecure without any supporting explanation (not you in particular, just in general when this is said) doesn’t help. I like to imagine it like installing Linux and being told to trust the distribution you installed, but they disabled root and removed sudo because it’s insecure.
The reason I root is actually for both security and privacy. Without it, I can’t use custom firewall rules to restrict apps and system processes from reaching out to the internet or local network devices (AFWall+), have a local hosts setup (Adaway), run a VPN to my home network (Wireguard), and monitor all app network process calls (PCAPdroid) at the exact same time. It also prevents me from being able to create custom cron jobs and custom system changes I need that have only root access.
Being that I am also home 95% of the time with my phone on my person at all times, physical attack surface is less concerning for me, too.
With that all being said, the (assumed) excuse that “malware” is the security risk with root makes no sense to me because whether or not I have root access, phone malware probably doesn’t need it in most cases since they’re exploiting non-root things so that they can target the majority, not minority. Not to mention I rarely ever even install apps on the phone and most of my web surfing is done on my laptop, not my phone.
hmm. i see where youre coming from, but thats a bit of a stretch. you could use that logic for anything. imo its still much better than the alternative
You technically can root (xdaforums.com/…/guide-pixel-6-oriole-unlock-bootl…), but I wouldn’t recommend it. I wouldn’t recommend rooting any version of Android, it unnecessarily increases attack surface.
I guess there’s actually nothing stopping you from rooting: you say “nope” when they ask you to confirm re-locking the bootloader, and then do the usual shenanigans with patching and flashing boot partition.
However, it makes graphene a whole lot less grapheny since you can’t re-lock the bootloader anymore (except if you sign modified stuff yourself and let vb know of your key, which sounds like too much of a hustle), which means you don’t really need a pixel and graphene except for a few unique features mb.
There’s no requirement to give money to Google, buy a phone from whoever you like. There’s also nothing that stops you from rooting Graphene, some people do, why I don’t know, because once you do you’ve spit in the face of the security aspect of the OS, which is it’s main goal.
Reminder that GrapheneOS dev and mods officially conduct witch hunting and harassment of any critics https://i.imgur.com/nhepoMJ.jpg and their mods officially declare targeted harassment and trolling as “brand reputation and competitor analysis”. (i.imgur.com/q2OefBw.jpg)
They also add threatening features like camera shutter sounds impossible to disable without consent of community users, putting people at risk. And the dev, mods and community are largely toxic, dishonest crybullies. Never a good idea to trust insane people that accuse everyone and their children of fake attempted swatting.
I also see a lot of GrapheneOS shilling/brigading in recent times, including this thread, similar to i.imgur.com/G6P1c9n.jpg and i.imgur.com/woNxPhx.jpg . Action will be taken against it. This is not 4chan or Reddit.
The shutter sound is present regardless of global version, it was not added by asking community despite the risks, and there is a lot more to the project than that one part.
What do you need root for? Having root privileges exposed significantly increases attack surface and decreases security. You can use Shizuku on GrapheneOS if you want to, it requires adb and works on any Android ROM. Also, there is a way to get root on GrapheneOS, but I really don’t recommend it.
Root can be useful for plenty of reasons: there are many apps which use root access to increase privacy, customize the system, restrict apps, manage battery charging, enforce firewall for apps and system, block trackers, backup the system, etc… I currently have 8 apps (if I don’t count all the lsposed modules) using the root privileges to do all of that but I also use it for other things like automation.
The only kind of security I want to have is privacy from my own apps installed on my system, something root privilege allow me to have. For the rest, I just don’t install any random program on my phone and I didn’t have any problem for years.
(and no, I can’t do any of that with shizuku or adb)
When I was talking about “battery charging”, I meant using an app to limit the charging at a certain level: look for “acca” or simple “acc” which is the module/daemon to manage that. You have to be root to do that and there is no way around. For the rest, sure, but that’s for GrapheneOS, I was talking in general, most ROM not having what GrapheneOS has and considering GrapheneOS is exclusively present on Pixel phones unfortunately…
Why is Graphene listed as Google play incompatible? They have far and away the best implementation of google play services if the user chooses to install them.
I think you read the column that says Google Pay compatible. It’s talking about the tap to pay feature you can use with your credit card at merchants, rather than the play store.
Honestly, the tap to pay feature is what’s keeping my from using one of the more privacy oriented ROMs or root. It’s just too convenient.
As usual if you’re looking to have any security (Verified boot) GrapheneOS + Pixel phone is the only options. I really don’t get it how come people in places like this are okay with having a phone with all their personal data and logins without verified boot. Stolen / lost phone and game over.
Getting a Pixel just to have Graphene is not always an option. At least not a sensible one that factors in everything that’s important when buying something.
My current phone still runs perfectly fine, so getting a new one feels like a massive waste, too.
That means shit, if someone can compromise your bootloader in an hotel or some other public place then they’ll get to your data either way once you turn on the phone. This is one very small and very important detail that all those tech youtubers pro-privacy, security and whatnot love to ignore as it is the really hard one that makes all the difference.
Secure boot is a complex subject and it requires a lot of work and checks to make sure nobody tempered with your device and Graphene / Pixel are the ones that really give a shit about that (except for Apple that wants to block jailbreaking and pirated Chinese app stores at all costs).
Ah I see, does that mean that in terms of security, switching to another ROM on a phone with non re-lockable bootloader is a downgrade from the stock ROM?
switching to another ROM on a phone with non re-lockable bootloader is a downgrade from the stock ROM?
It depends on your goal. If you plan to have any kind of boot / data security and the device can’t be re-locked with an alternative ROM you’re essentially better with the stock ROM in a locked state.
Now that’s kind of personal choice, I believe the instant damage done by someone stealing your phone and getting your data (because your bootloader was unlocked) is considerably larger than the privacy implications of running the stock / vendor Android. For what’s worth if you can root your stock Android and firewall everything that seems suspicious it might be better than running an alternative ROM without a secure boot. Even with an alternative ROM you can run into privacy issues, take for example here CalyxOS running on Qualcomm CPUs. What’s interesting here is that this issue doesn’t happen in Graphene because they’re actually better at covering all grounds than CalyxOS and others seem to be.
Don’t you think it’s easier, due to inattention when installing a compromised app, a privilege escalation attack through root or actually an invasion due to the amount of bloatware from companies that take their piece of the pie in the Stock ROM (even though they do would cleaning via ADB) and even worse rooted to block these suspicious traffic be something more harmful for the user?
Because the ability to steal the decryption password in RAM memory due to the unlocked bootloader is a little less likely for the thief to have.
I use LineageOS and I feel much better, since my cell phone is Xiaomi, than using MIUI, which is from a chinese big tech company and has proprietary code.
The attack you’re describing is a typical automated thing where hackers are exploiting dozens of devices in some automated fashion, that can happen but the damage is different. They might get your data but that’s usually sold on the black market in a bundle of compromised data. It will take some time for the info to get sold and for the buyer to act on it and sometimes it may never act - after all you’re one compromised device among millions. Even if the buyer it’s more likely he’ll simply use your device in a botnet to fake clicks on ads or DDoS something and profit that way. The key aspect of those attacks is that you’ve time to flag suspicious activity and act.
However if you carry an unlocked phone and someone steals that from you there’s a very high chance that it isn’t a random burglary, according to statistics most burglaries are committed by someone who knows victim aka is targeting you specifically. If you’re targeted by someone or some entity they’ll want your data and accounts and they’ll have the time, resources and attention focuses towards you giving you little to no time to react. This is why I would NEVER use a phone without a secure bootloader.
Tell you what: I agree with you on this. If one is truly paranoid and takes physical security into account, a rooted stock OS is a far better option in terms of restricting access to system files (not saying the CIA/MOSSAD can’t do it, but your random reddit-informed script kiddie definitely can’t). Indeed, rooting your stock OS, firewalling everything and deleting telemetry might be a decent idea (there are ways to install security patches on rooted mobiles, not to worry).
Edit: on the matter of CalyxOS, I wouldn’t go as far as to fault them on it. Grapehene has taken a resolution to either block/use their own almanac servers. This requires a fair bit of work. Oh, and what domain do Google chips use for almanacs anyway?
Edit: on the matter of CalyxOS, I wouldn’t go as far as to fault them on it. Grapehene has taken a resolution to either block/use their own almanac servers. This requires a fair bit of work.
Yes, but if you want sell a secure OS to people it should be really secure and not have big blind spots hidden from the users like this one.
One could argue about funding/interest when there are other things to fix. Essentially, when someone develops FOSS, people don’t get to order them around on what to do. I’m very pleased with what Calyx and Graphene have achieved till date and support them wholeheartedly (speaking of which, I should get back to donating, money is a bit tight though). But yes, perhaps a disclaimer for the paranoid people on Calyx’s website could be a decent idea.
But yes, perhaps a disclaimer for the paranoid people on Calyx’s website could be a decent idea.
It isn’t about being paranoid. It’s about knowing where you’re stepping, not everyone has time / can do proper research and I’m sure there are people running Calyx / others that aren’t aware of that boot security issue and if they were they wouldn’t be using it.
Look those projects are great as you said and I’m very grateful they exist but people should know what they’re “buying into” when it comes to security and privacy.
I think the industry/market generally realises that Graphene is the most secure Android OS there is. I’m interested in trying to understand how they implemented locking the bootloader and why other ROMs aren’t picking this up yet. Maybe it’s just a lot of work.
I think people who go on to flash Calyx definitely know the advantages of locking one’s bootloader and that using Calyx doesn’t let you do that. I think ROMs such as these also explicitly mention that the bootloader cannot be locked once said ROM is installed. I understand if someone doesn’t have the time but if they had enough time to understand how to flash a ROM on their mobile one would think they’d be interested in such details too (well, if they aren’t, then they likely don’t care).
I think the industry/market generally realises that Graphene is the most secure Android OS there is. I’m interested in trying to understand how they implemented locking the bootloader and why other ROMs aren’t picking this up yet. Maybe it’s just a lot of work.
From what I know it isn’t only about “a lot of work” its about phone vendors having to support that in the first place.
I think people who go on to flash Calyx definitely know the advantages of locking one’s bootloader and that using Calyx doesn’t let you do that
From what I see in this post and others doesn’t seem like it. Seems like a lot of people are unaware of this issue.
That’s only possible on a small subset of devices and I actually remember that even for the FP4 they said in some devices it doesn’t work due to some bug and may lead to a bricked phone.
Ok. My understanding is that Calyx only supports devices that allows relocking, which essentially means Pixels, FP4 and some Shift-device (according to their documentation). So I become a bit confused when it is claimed that it cannot be done at all in Calyx, and that this is some big truth that its users (me included) are not privvy to.
My understanding is that Calyx only supports devices that allows relocking, which essentially means Pixels
It can be installed in other phones besides those that can be relocked. I guess you’re referring to actual “official support”. Anyway the “rant” (lemmy.world/comment/4965517) was more about other ROMs, not specifically Calyx as they are indeed one of the better options.
That means shit, if someone can compromise your bootloader in an hotel or some other public place then they’ll get to your data either way once you turn on the phone.
I never really understood how this kind of attack happens. Can it simply be done in any phone? What are the required conditions?
Where is GrapheneOS securing millions of dollars from to buy Cellebrite kits that Israel government only sells to governments and contractors? Or are they lying? Because they lie everywhere on the internet to manufacture myths so they can later quote themselves as the source of “truth”. i.imgur.com/woNxPhx.jpg
Brazilian here, used to people being robbed all the time:
Almost 100% of the time, robbers just want quick cash, ant they will either 1: steal the phone and try to sell it (most robberies simply fall into this first category) or 2: point you a gun and force you to unlock the phone in order to 2a: force you to transfer money from all your banking apps or 2b: take it unlocked in order to send messages to your contacts asking for money.
Most robbers don’t have enough tech skills to even understand what a bootloader is. We live in techy social circles and we tend to think everyone has similar skills, while in reality, most people can barely use their devices. Just to illustrate how low are most people skills, if you format a drive with something like ext4, most of the population will be unable to access it.
The kind of situations where criminals will have high skills tend to be when they target specific people or companies, usually paid by crime lords or rivals. Such scenario is very unlikely to happen to the average joe.
Don’t get me wrong here, I’m not saying that security measures are unnecessary. I’m just telling how most criminals operate around here, and highlighting how we tend to overestimate people’s tech skills.
I’ve been using a Pixel 6a with GrapheneOS and the battery life is just fantastic. Sometimes I can go for a whole week without charging, but this is the exception. But under normal circumstances, I still get like 3 days of battery life. You don’t need to be worried about that at all, battery life is even improved on GrapheneOS compared to the Stock ROM.
Dang a whole weeks seems like you’d have to not use it at all.
I have an s10e currently (been using it for over 4 years now) and the battery is shot. I’m at like 30% by noon. I use a lot of Bluetooth throughout the day at work. Basically 10 hrs of Bluetooth a day.
I just never see pixels on the top battery life for phones round up and that make me nervous.
I want something that will be at 30%ish when I go to bed.
On average I get like an hour and a half of screen time per day. I use my phone to message people on Signal, I connect it to my bluetooth earbuds and listen to music or a podcast when I go for a run and I occasionally like to take photos. I don’t waste my time scrolling through TikTok for 8 hours like many other people unfortunately do. One week of battery life is pretty rare, but it has happened before. As I said, usually I get 2-3 days out of it when I it charge up to 80%. (charging up to 100% is bad for battery health, so I try to avoid it). I’m sure you will be fine. You can get a Pixel, install Graphene, try it out and give it back and receive a refund if you don’t like it. That’s the good thing about Pixels, installing a custom OS doesn’t void the warranty or anything like that. You can just revert back to the stock OS and everything will be fine.
DivestOS absolutely slaps. Well, all things considered
Edit: It’s absolutely fantastic for what it is, and that is fact. Maintained by a single person, well documented, and doesn’t promise more than it can deliver.
I’ve been using it for almost two years now, and I like it a lot. (small disclaimer, I’m running it on a OnePlus 5T, which is one of their so-called golden devices that it runs best on)
It’s pretty much the next best thing after Graphene, if you don’t want to buy a Pixel.
The guy who maintains it does an excellent job of documenting issues, what works on what device, what the system itself can and can’t do, it’s very transparent.
He doesn’t overpromise either, and explicitely states that getting a Pixel with Graphene is the better option overall. Greatly appreciate the honesty.
I’ll use it for as long as he’ll support my device, and then we’ll see if I switch to Graphene.
One important thing though: While you can install microG, DivestOS doesn’t officially support it, and while most things work, some don’t. SafetyNet, for instance.
DIVESTOS DEVELOPER BANNING ME ON MICAY’S ORDERS OTHERWISE HE WILL INITIATE A SOCIAL MEDIA HARASSMENT CAMPAIGN AGAINST DIVESTOS
Yes, this happened, and this is my favourite part as far as everything GrapheneOS head/mods have done to date. As dramatic as it sounds, Micay in realtime, in DivestOS’ XMPP chatroom, was accusing me of the typical “harassment ringleader campaign” BS, and ordered DivestOS/Mull developer (these are his aliases) SubZer0Carnage/Tad/SkewedZeppelin that if I was not banned immediately, DivestOS and him would face social media targeted campaign and DivestOS will have to forcibly pull off any borrowed GrapheneOS code. DivestOS developer dusted his hands off me, since he does not like me apparently for liking some closed source software and he benefits off of the crybully. Also, unlike the crybully, I have never harassed or harmed anyone because I have a moral conscience to not be an abusive asshole on internet, so he will face no issues on my end.
The most recent incident that exists is lead dev accusing the following entities of being complicit in a swatting attempt, for which no evidence has been provided in the last 5 months: r/privacy users and moderators, r/PrivacyGuides moderators, CalyxOS members, Techlore members, individual reddit users and Louis Rossmann. The dev even had the audacity to hide behind an “autism” placard to justify his abusive behaviour and accusations.
This is not personal drama, but proven and documented large scale incidents, and you should oppose toxicity, fake accusations and witch hunting, being a trans leftist. These are societal problems for all of us, and should be fought the same way we fight for social movements. The tech sector is so bad because it is filled with toxic dudebros like this, and many GrapheneOS supporters justify this behaviour as “security/IT people are like this”.
Are you seeing the problem with targeted downvotes towards my comments? I got precisely 5-6 downvotes suddenly in the past hour (for every single post and comment I have made for the past week or so) suddenly for a reason - vote manipulation via sockpuppets - this is the kind of crap they precisely do. What does a leftist do? Stop supporting and using that product, and switch to something that works just as fine. Continuing using something made by such horrible entities while saying otherwise is a kind of faux virtue signalling US govt does via news media.
Calyx if you want one of these pre-configured custom ROMs for Pixels only, and Lineage or /e/ if you want more device support.
If you think the part about locked bootloaders is so important, just know that they lie to the extent of going around in tech YouTuber comment sections and claim they have $1M Cellebrite Israeli toolkits to verify grapheneOS is safe against bootloader attacks like Evil Maid. i.imgur.com/woNxPhx.jpg
Okay, first of all: Chill, and let me lay out an observation here.
You are very passionate about that topic, maybe a little too much. The way you talk about it is too heated, and gives people the idea that a civil discussion might not be possible.
The fact that you immediately start conspiring about where your downvotes come from doesn’t make it any better.
Now, the issues you describe are very much real, and a problem. There are merits and downfalls in each project, each one handles these differently, and it is for us to decide how to react to that.
So, you’re saying that as a reaction, I should neither use Graphene nor DivestOS, am I understanding this correctly?
What then? Compromise my privacy by using less optimal systems? Why would I do that?
Doing things out of principle vs doing them out of practical use is something this community is quite aware of, isn’t it. Sometimes the decision isn’t easy, sometimes it is.
This is not about “passion”. I have been monitoring and documenting the “security zealots” in FOSS community for the past 5 years. If you think that’s nuts, I recommend you take out an hour or two and go through this stuff. It will be worth it.
There is no conspiracy btw, regarding voting manipulation and sockpuppet trolling (they admittedly do it). GrapheneOS is by far the most vicious entity in FOSS/privacy community for a while now, to the point Techlore community openly calls them “rabid dogs”. Lemmy is just seeing this stuff afresh, what has been going on Reddit for over 3 years. They would have imported that culture onto Lemmy long ago, if I was not here for the past 3 years, and not a moderator acting as a defense line.
There are only 3 things they ever did on their own as extras, and even they have basically no value in the grand scheme of things, them being offering:
instead of 16 character, 64 character password limit on lockscreen
PIN scrambling
Morula method of exec spawning instead of Zygote method used in most AOSP projects
Now, I will elaborate on these 3.
Elaborating on first one, it is kind of useless as you can see for obvious reasons.
For second one, you already understand why fingerprint avoids the issue of someone peeping at your PIN/password entered across your shoulder. Fingerprint is infinitely superior. Even more so with Android and iOS both offering biometric Lockdown features.
This one is somewhat half credible, but the goal is to destroy the memory blocks used by an app after it is exited, so that memory blocks do not retain essential text strings of data to exploit. For this, you can just go to Developer Options and enable “Don’t keep activities” and it will achieve the same effect as Morula method of exec spawning implemented by GrapheneOS.
So out of the 20-30 features GrapheneOS claims they developed, everything is either a modification of app permissions or firewalling or AOSP feature rebranding.
Also, as you may have famously heard about “Sandboxed Play Services”, it is not developed by GrapheneOS, but a project called ProtonAOSP, whose developer is kdrag0n. GrapheneOS copied that off and rebranded it as their own developed thing.
As you can see, GrapheneOS is basically a lot of marketing and in reality, there is negligible or nothing beyond the surface. This is called snake oil, or selling bridges/dreams.
A civil discussion is not possible with people that always lie about things for years (old.reddit.com/user/…/why_did_i_do_this/), then manufacture lies about how they were swatted to manufacture drama and gain fame, never to give evidence, label everyone neonazi or complicit in this hoax murder attempt, censor any attempts of being questioned and go underground, and use “autism” label to dodge accountability, and to be a witch hunting liar and an asshole to everyone.
Whichever system you can navigate through easily and freely, none of which is a smartphone. Smartphones are only temporary vessels on-the-go for calling, texting and photos/videos. Keep your computing as much as possible to a real, dedicated computer or laptop. Any mainstream Android phone in the past 3-4 years, if you do not root or unlock it, has been “secure” at this point, as long as you are not installing calculator apps that need your credit card info and camera access, and as far as your adversary is not the TSA airport agent with Israeli Cellebrite kit or you are not a state actor target for malware like Pegasus.
Funnily enough, Pixels have been horrifically insecure for a while now, besides their garbage QC issues. Google took months to fix these security issues for 6A, 7 series that were more easy to exploit than the security issues any other Android maker has had for the past few years.
Any decent Android phone post Android 9 version, provided you:
do not root or unlock it
you debloat it thoroughly
install apps carefully
put a firewall with nice DNS provider
restrict app permissions as much as possible
keep OTA security patches updated
is a secure phone to use. There is full disk encryption for years now, and iPhones are cheaper and easier to exploit than Androids since 5-6 years.
I have had a non-root smartphone guide for years now (lemmy.ml/post/128667), letting anyone have a private and secure Android device without any Safetynet tampering or bootloader unlocking complexity, which also allows to use Android Auto, bank apps and any of those Safetynet apps comfortably. This, to the best of my knowledge, is the Pareto frontier of usability, privacy and security on smartphones, provided you have an actual computer as well.
Someone made an Android app that allowed me to solve the issue of physical phone theft as well, effectively disallowing anyone (unless million dollar Cellebrite-like kits can exploit the stolen locked phone) to extract data out of your phone, in case someone took your phone on the street and ran away. This requires locked bootloader, which is the default state of any Android phone you purchase commercially, unless later unlocked or rooted.
That is the ELI5 version, which is how I talk to people about technical matters. If you were to quote this 20 years later, it would require no further context and citation, and would still be a relevant comment. A lot of my comments are guest-blogging style mini posts. Generally one should have no further questions about picking a private and “secure” Android device for years after reading this.
If you were to quote this 20 years later, it would require no further context and citation
See, I genuinely appreciate the thought behind that. It’s just that the way you word things sounds like an uncomfortable mix between aggressive, a dash of condescending, and getting worked up about others not accepting „the one truth“, so to speak.
Again, I appreciate trying to raise awareness.
But firstly, roll back and try other ways of doing it, and secondly, you can’t force decisions on others.
You have to because you are XY political affiliation
No, just stop saying stuff like that. Seriously, it doesn’t do you or your cause any favours.
There are certain “security zealots” in FOSS community that shill Big Tech, dump on FOSS projects and promote typical IT dudebro asshole behaviours. I am documenting it since 5 years, so I am coming from a far different place, having seen it all. Being in their chatrooms, engaging with racists, IRL Nazis and absolute clowns has allowed me to see pretty much every trick they can pull.
The reason I called out the political affiliation is because as a leftist, cherrypicking and supporting/opposing issues is incorrect. IT dudebro behaviour is what GrapheneOS community staunchly supports and normalises, and is the root of many problems in tech sector.
Micay using the “autism” placard to dodge accountability is disgusting, and it hurts all autist and neurodivergent people. Micay is the embodiment of most of the worst kind of behaviours, and rewarding him by using his AOSP fork is one of the worst things you could do.
Didn’t Micay announce in May that he was going to step down as lead developer and head of the foundation?
Still though, him being a massive dick doesn’t mean Graphene is a bad system all of a sudden. As I said before, it’s a case of personal principles vs practical use, and people will decide whatever they’ll decide.
People are complex, and this kind of decision-making simply isn’t as black and white as you’d like it to be. (And don’t get me wrong here, there certainly are many situations where it should be)
Anyway, I guess you’ll be happy to hear that sustainability and repairability in form of a Fairphone is ultimately more important to me than being able to use Graphene.
That’s likely the route I’ll be going whenever DivestOS doesn’t support my device anymore.
Its easy to see why “stepping down” means nothing, when you see that GrapheneOS is a one man army show, his GitHub says the same, and GrapheneOS commits tell the same story since April 2023 (when he told how there was a CP/gore spammer in his offtopic Matrix chat and he claimed to be swatted, no evidence or in local Canadian news in 5 months). Check his GitHub repo member list (flat hierarchy makes no sense), correlate with Matrix chatroom and Discourse admins/mods lists.
His whole game is playing with optics in the FOSS community, portraying his hobbyist stuff as professional even when his behaviour screams the opposite, and using labels like “lead dev”, as if many people make commits to GrapheneOS. Optics is the key word, which also plays into marketing fluff about features, mostly which are rebrandings like what OEMs do with tacky skins.
While things in life are not black and white, they are certainly not 45% and 55% gray either, but more like 20% gray and 80% gray. (I am a Pareto’s principle shill.) Most (not many) situations in life are just that, distinctly clear with no fog clouds. Nuance changing a situation’s dynamics is the exception, not the norm.
Fairphone is one of the top recommendations in my guide, and they now have 8-10 years of security updates as well (7y with FP3+ iirc).
All this is not to appease or stroke my ego (I have refused donations for my guides), but to refuse rewarding this IT brodude bullshit behaviour, and to put an end to it in the IT and FOSS/anonymous communities. The privacy community has been filled with illogical, conspiratorial nutjobs and assholes and I have been one to help clean it up myself for about 4 years now. I still fondly remember how r/privacy mod censored my r/privatelife subreddit with 26 members, and swore to clean this mess. Simply put, I am a meta-contrarian voice of reason that has and will go against anyone to say what needs to be told.
Add comment