this post was submitted on 23 Mar 2024
95 points (93.6% liked)

Privacy

32120 readers
396 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

*In terms of privacy, customisation, camera quality, and battery time.

For the longest time I have only used either iPhone or Samsung. I plan on switching to Android for the next phone I get, but I find that Samsung phones are often too big for me and put too much energy on camera quality (I don’t take many photos). I have started to look into brands such as Nokia and Motorola, and I would like to know what you guys think of them. Additionally, do you suggest any other phone brands aside from them? My biggest priorities are privacy and long battery time. Bonus if the phone can run LineageOS (I have excluded Graphene as they are only compatible with Pixel phones).

Thank you for any answers. Cheers!

you are viewing a single comment's thread
view the rest of the comments
[–] sugar_in_your_tea@sh.itjust.works 1 points 8 months ago (1 children)

Does everybody have a personal beef with this disgusting person?

IDK, seems like it. But that still has nothing to do with the product itself. As long as the product is good and is FOSS, I can look past the people behind it.

It is mostly a rebranding of AOSP features with app permission controlling and firewalling.

That's a good thing IMO. The more an Android ROM deviates from AOSP, the more difficult maintenance becomes and the more problematic a toxic core contributor is.

There are only 3 things they ever did on their own as extras, and even they have basically no value in the grand scheme of things

That doesn't match with what I'm reading online. This comparison table lists a number of differences between the various projects, and many of those are important to me. That source claims to not be affiliated with any of the projects (I haven't done much due diligence though).

I don't really care if these changes were made by GrapheneOS themselves or pulled in from other projects, the end result is a more interesting product that has a fast response to security updates.

Look at Linux distributions, most aren't anything more than a set of configuration changes, packaging policies, and maybe a home grown package manager. Yet there are interesting differences between Ubuntu, Debian, Fedora, Arch, openSUSE (my preference), and others. It's all mostly the same code underneath, just packaged differently. That's what I want from an Android ROM, a secure, privacy-focused configuration.

It's not snake oil if the difference between ROMs/OSes are tangible.

This person is who you seem to like.

I never said I liked him, I said the website has valuable information. I don't really care who makes the recommendation provided the statements are independently verifiable, and they do a way better job of linking sources than PrivacyTools.

At the end of the day, I'm not blindly trusting anyone's advice and I'm looking at a variety of sites. I actually disagree with some of the recommendations, especially omissions, but I can usually find those when searching "X vs Y" with two recommendations from their site. Privacy Tools includes some odd suggestions, and it seems like they just throw a bunch of stuff that claims to be privacy-focused without doing much research (or at least they don't link anything).

Ken Thompson, co-creator of Unix and C, on why we should be able to trust the developer and NOT the code.

That's not my takeaway, in fact it's the opposite.

I don't believe in trusting developers, I believe in a mix of security audits, reproducible builds, eyeballs, code signing, and cryptographic hashes. Developers can be bought, accounts can be hacked, etc, but code can't. For example, I don't think Linus Torvalds would intentionally break Linux security, but that's not why I trust Linux, I trust is because it's the subject of a lot of security researchers, large organizations, and a team of proven-capable subsystem maintainers. If I trust the developers, they could sneak in a malicious Trojan horse like Ken Thompson mentioned and I'd just roll with it.

As the Russian proverb goes, "trust, but verify."

selflessly

Well, you certainly talk about it a lot. Maybe you're genuine, but that's kind of irrelevant. I trust technical sources, not personal attacks.

I'm not suggesting you create a wiki at all, I'm saying that having a community effort for a wiki could be valuable. The place for a mod, imo, is to police rule violations (ideally mostly responding to reports, not active policing), and those rules should come from the community they operate in. Issues arise when the police make the rules. Maybe it makes sense for a mod to coordinate that effort, but contributions should come from the community with proper sources and whatnot.

I will not lie or sugarcoat things

And that's commendable, I prefer transparency when I can get it.

My issue here is that I think you're letting your distaste for individuals (however well founded) supercede technical discussions. I think it's reasonable to put a footnote on the technical discussions noting potential conflicts of interest (e.g. Microsoft's push for TPM is commendable from a security standpoint, but there are concerns about NSA backdoors, chilling effect on alternative OSes, etc), but not reject projects entirely just because of an association with a distasteful entity. For example, most here don't trust Google, but that doesn't mean Chromium-based browsers are automatically bad. Doing so is just poisoning the well. Provide 2-3 points of independently verifiable, technical evidence of BS and that makes a pretty strong case to avoid something.

But that's my 2c. I absolutely thank you for your efforts and intentions, and I appreciate the transparency. However, that doesn't necessarily mean I agree with your conclusions, though I could be persuaded with technical arguments. Since you seem to believe GOS is all marketing fluff, perhaps we could start a community initiative (I'm willing to help) to verify claims of various projects. At the end of the day, citations and methodologies should carry the day.