For those unfamiliar, GrapheneOS is a privacy and security enhanced custom ROM endorsed by Snowden. Despite these big names, plenty of people give it backlash
Even @TheAnonymouseJoker@lemmy.ml gives it backlash despite being a moderator of Lemmy’s biggest privacy community. A quote here: “grapheneOS trolls are downvoting every single post and comment of mine, and committing vote manipulation on Lemmy. They are using 5-6 accounts.” That was in response to downvotes on a comment posted in the c/WorldNews community, which is entirely unrelated to technology.
One of the reasons is that GrapheneOS can only be installed on Google Pixels due to security compatibility, which makes complete sense considering Android should be most compatible with Google’s own devices. GrapheneOS even lists the exact reasons they chose Pixels, and encourage people to step up and manufacture a different supported device.
One year ago, Louis Rossmann posted this video outlining his reasons for deleting GrapheneOS. Mainly, he had multiple bad experiences with Daniel Micay (the founder and main developer of GrapheneOS) which put his distrust in the GrapheneOS project. Since then, he has stepped down and will no longer be actively contributing to the project.
So, I am here to learn why exactly people still do not like GrapheneOS.
It is ironic, but that’s the best you can get in terms of security on Android, which is why GrapheneOS supports nothing else
I don’t think it’s ironic. Google benefits massively from their projects like AOSP or OpenTitan being open source, and they even benefit from projects like GOS doing some heavy lifting for them in developing bug fixes that get integrated upstream.
The fact that their mobile phones are relatively friendly to alternate operating systems is of pretty significant benefit to them.
Google is invested in security research, albeit usually for reasons that don’t benefit users.
Google is a tech giant, which abuses peoples privacy with every click
Their phones enable users to (at least partially) escape that bs
that’s what I found to be ironic
A lot of people here have higher priority for privacy over security. If you wanted maximum security you should be fine with using even apple products, they’re incredibly secure. But privacy- that’s a completely different thing. Hell, even the community is named privacy. The freedom to compromise alleged security features for privacy should be an option for users.
I’m sorry, but that’s just not how security works. Most of the “security” features exist because of patching known vulnerabilities. What this means in real terms: vulnerabilities and how they work are published to the public. There are people who specifically write and sell malware to exploit these known vulnerabilities. This is happening all the time. If you have a permissive security model, you are opening all of your information up to compromise
You cannot reasonably expect privacy on a system that makes major concessions to security. Security is necessary for privacy. The two are not the same thing, but one is needed for the other.
But also… GrapheneOS is in fact a very privacy-friendly operating system. I would consider it the most privacy-friendly in fact.
For me it is a matter of trust. What does it matter if you’re getting security updates faster than everyone else if you’re getting them Solar Winds? In other words, if you don’t need security against nation-state actors, the highest threat is Google / Apple themselves.
Your logic doesn’t escape me but in point of fact, when we’re talking about GrapheneOS we’re not talking about volunteering usage data to Google. GrapheneOS does a better job of protecting user privacy than any other mobile option I can think of.
The problem I have is treating security and privacy like they’re opposing forces. They’re not. You don’t need to make security concessions to ensure privacy and that line of thinking doesn’t make sense when you examine it.
Genuinely curious: what your privacy metrics (what does this actually mean to you) and what is an organization that you trust?
Not too many unfortunately. I trust Proton bc I am not breaking any Swiss laws, and I know they leak recovery emails so I don’t have one listed, but that’s about it.
To be honest I’m not an expert in this, definitely haven’t achieved de-googled life yet, but someday I dream I will. Even if they are not collecting usage data they’re surely getting metadata
I think that’s a good baseline. Not placing unnecessary trust is definitely a priority. The idea is definitely to remove as much of the need as possible for trust.
You have good goals and they are attainable. I wish you luck.