What are the most privacy respecting smartphones to buy, I am also looking for the one which respects your privacy the most. So far going to privacy communities esp on reddit, I often see Google Pixel + GrapheneOS being recommended.

But the thing is I don’t really trust Google with privacy, as we have seen they are last one to respect privacy. What if Google has some backdoor in the hardware that cannot be changed? And the problem with the more privacy respecting OSes for mobiles like GrapheneOS, CalyxOS etc are that they are only supported for Google pixel phones.

So I am really confused here.

  • Lunacy@lemmy.ml
    link
    fedilink
    arrow-up
    14
    arrow-down
    1
    ·
    edit-2
    3 years ago

    Google Pixels have no backdoors. Recently, Maxime Rossi Bellom , Philippe Teuwen and Damiano Melotti did a deep research about the Google’s Chip, called TITAN M, in order to give an understanding regard it’s attack surface as well as the known and previously vulnerabilities.

    Presentation Material

    There is also a repository on GitHub, which contains the tools they used in their research on the Google Titan M chip.

    There is also a very interesting thread from Daniel Cuthbert, in which he showed some part about their presention. In the same thread, he also wrote that the Titan M is the reason why he switch from iPhone to Pixel.

    We’re are talking about BlackHat here, not some random guy which claims things without any proof.

    Regard the OS, GrapheneOS is far better than Calyx; it offers much better privacy and security improvements. You can see the list of the features here; https://grapheneos.org/features

    • nVZWmCa67Tq0SQkXPR@lemmy.mlOP
      link
      fedilink
      arrow-up
      4
      ·
      edit-2
      3 years ago

      This is interesting to hear. So research finds no presence of any backdoors on the TITAN M chips of Google pixel phones. I wanted to buy a new smartphone which is more private and so far the most private OSes are only supported for pixel phones. On a sidenote, how does the GrapheneOS compare to other OSes like the LineageOS or DivestOS?

      • Lunacy@lemmy.ml
        link
        fedilink
        arrow-up
        3
        ·
        3 years ago

        I don’t know about DivestOS. However, GrapheneOS is dramatically better than LineageOS. That’s because GrapheneOS is focused on privacy and security rather than customization like LineageOS. GrapheneOS starts from the strong baseline of the Android security model and brings a lot of privacy and security improvements. While LineageOS doesn’t have real privacy and security improvements, it also weakens the android security model.

        There is a very good article written by madaidan, who explain the security of Android and the problems about lineageOS; https://madaidans-insecurities.github.io/android.html

        • nVZWmCa67Tq0SQkXPR@lemmy.mlOP
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          3 years ago

          Thanks. DivestOS is a fork of LineageOS. Website: https://divestos.org/

          Madaidan’s article also seems to recommend Pixel + GrapheneOS. Would there be any significant difference between Pixel 3, 4 or 5 when it comes to privacy? Asking since, Pixel 5 costs more than 4 and 3 and whether it would be worth paying an extra hundreds of dollars for the latest Pixel.

            • southerntofu@lemmy.ml
              link
              fedilink
              arrow-up
              3
              ·
              3 years ago

              This article smells bullshit.

              Having a separate chip for some system activity is reasonable security, but what about running a libre GSM modem with some clear (hardware) limits on what it can reach in case it’s compromised (this is what Pinephone/Librem is doing)?

              Encouraging fingerprints as passwords. Worst security advice ever.

              Built-in protections automatically scan for potential threats from phone calls, text messages, emails, and links sent through apps, notifying you if there’s a potential problem. (…) The detection runs on your Pixel, and uses a privacy preserving technology called federated analytics to discover commonly-run bad apps.

              I don’t know about the details, but this smells like some really privacy-invasive tech.

  • glorpster@feddit.de
    link
    fedilink
    arrow-up
    9
    ·
    3 years ago

    I’d say the most private would probably a Purism Librem with Pinephone being second place. Both of those come with their own caveats.

    I think Graphene also puts a high focus on security for which, if you’re using android, the Pixel phones offer the best platform. You could also go with the /e/ android operating system if your focus is on de-googling while sticking to android.

    • nVZWmCa67Tq0SQkXPR@lemmy.mlOP
      link
      fedilink
      arrow-up
      4
      ·
      3 years ago

      Librem seems very expensive ranging from $1200-2000. Can’t afford that, I would want something less than $500 and if more preferably to be under $350. Would sticking to android that’s already installed and degoogling it be really enough when it comes to privacy?

      • glorpster@feddit.de
        link
        fedilink
        arrow-up
        4
        ·
        edit-2
        3 years ago

        Depends on what you consider “enough”. Even “degoogling” it in most instances won’t entirely get rid of proprietary code and reliance on some google services. It’s a trade-off.

        • nVZWmCa67Tq0SQkXPR@lemmy.mlOP
          link
          fedilink
          arrow-up
          2
          ·
          3 years ago

          For me it would be enough that big corps not taking my data or tracking any of my activities. With degoogling you can only decrease the amount of spying that big corps do instead of completely eliminating it?

          • glorpster@feddit.de
            link
            fedilink
            arrow-up
            5
            ·
            3 years ago

            That’s my understanding. You can decrease it, significantly, but not entirely. But the same goes for the web in general. Hard to completely bock all tracking and such too while still interacting meaningfully. So unless you’re a die-hard fanatic and willing to suffer a lot of inconveniences, good enough will have to be, well, good enough for most of us.

            • nVZWmCa67Tq0SQkXPR@lemmy.mlOP
              link
              fedilink
              arrow-up
              4
              ·
              3 years ago

              Unfortunately privacy and convenience generally just don’t go together and the convenience factor along with the mentality of “nothing to hide, nothing to fear” makes people just go for the most privacy violating stuff and arguing about privacy with those who have that mindset is just not easy either.

          • southerntofu@lemmy.ml
            link
            fedilink
            arrow-up
            2
            ·
            3 years ago

            If you remove Google Play Services and only install apps from F-Droid (which are vetted by the community and explicitly list antifeatures) you should achieve your goals. That is, assuming your system itself is not snitching on you.

            Also worth noting, phone providers are big corps doing tons of spying on their users. If you’d like to get rid of those, running your smartphone using wifi only with randomized MAC addresses (i think is default now on Android) is very reasonable.

            • nVZWmCa67Tq0SQkXPR@lemmy.mlOP
              link
              fedilink
              arrow-up
              1
              ·
              3 years ago

              Yes removing Google Play services will reduce the spying that Google does on you but the mobile company can still possibly spy on you. How do I check that my phone has a randomized MAC address or not?

  • TheAnonymouseJoker@lemmy.ml
    link
    fedilink
    arrow-up
    12
    arrow-down
    6
    ·
    3 years ago

    GrapheneOS is a highly problematic ROM with a lot of security grift. Their community is extremely toxic, racist, disgusting and refuse technical help via a combination of lots of gatekeeping and technical elitism. https://www.youtube.com/watch?v=Dx7CZ-2Bajg

    The developer is a one man show who acts like a dictator and exclusively claims Google Pixels are the only phones he will ever support. Why? https://unddit.com/r/privacytoolsIO/comments/gs4uv7/i_dont_fully_trust_grapheneos/fs82fdv/

    GrapheneOS also takes some rather controversial stances regarding the protection of its users, a lot of whom have a high threat model. https://teddit.net/r/privacytoolsIO/comments/pjl4bh/what_is_your_opinion_of_grapheneos_conforming_to/

    There are a few malicious actors and proponents of this community that attack everyone like an unorganized group, sometimes with sockpuppets and sometimes with their known accounts when they want to come off as self proclaimed experts.

    A lot of evidence I collected personally via my own interactions with madaidan, cn3m and the likes: https://lemmy.ml/post/73800/comment/66676

    Evidence of GrapheneOS proponents practicing censorship on Lemmy on my comment on c/GrapheneOS, one day after they became moderator (FYI this was my only comment on that sublemmy): https://lemmy.ml/pictrs/image/3hsM7Du9n6.jpg

    They have also hijacked the Android, AOSP sublemmy communities by becoming defunct moderators.

    • GenkiFeral@lemmy.ml
      link
      fedilink
      arrow-up
      4
      arrow-down
      2
      ·
      3 years ago

      can’t you stick to the OS and hardware (facts) and leave politics/opinions outta this? the community does matter if you need help, but how in the hell do they know your race, sex, or politics unless you wear them on your sleeve?

      • TheAnonymouseJoker@lemmy.ml
        link
        fedilink
        arrow-up
        5
        arrow-down
        7
        ·
        edit-2
        3 years ago

        GenkiFeral, You know, what you call politics only tells about your indecency as regards with how communities are run. And whoever calls calling out assholery a mere form of political whining tells a lot about them. Nobody likes assholes, period. And nobody wants to worship one. Especially one that is adamant at establishing a cult with the use of sockpuppets and handful friends.

        Facts do not care about feelings, so you can just stop feeling about others’ feelings towards your lack of decency, and you can enjoy your technical supremacy, if you really think you are so highly meritorious and if that gives you the right to trample on others.

        • GenkiFeral@lemmy.ml
          link
          fedilink
          arrow-up
          4
          arrow-down
          1
          ·
          3 years ago

          My rights end where yours begin and vice versa. My main point will always be “you do you” or “good fences make good neighbours” or don’t trespass on my property or in my mental space. Values differ from individual to individual - even within close-knit families or within causes. As long as you don’t infringe upon another’s freedom (I include all animals - wild and domestic), you should be able to do as you please. Both Left and Right have one thing in common - both try to shove their values (“decency”) down the throats of others. Fuck you both equally. If that (do as I say) mindset isn’t offensive, then i don’t know what is! Be as this or that as you like, but preaching to me when I don’t wanna hear it is going to breed resentment. That is you wasting my time and mental energies. Live by your own values and if I see that you are content, healthy, and successful in one manner or another, maybe I will adopt some of your ways WITHOUT your saying one word to me. Proselytizing or ‘teaching’ me is so often rude.

          • TheAnonymouseJoker@lemmy.ml
            link
            fedilink
            arrow-up
            2
            arrow-down
            3
            ·
            3 years ago

            Both Left and Right have one thing in common - both try to shove their values (“decency”) down the throats of others. Fuck you both equally.

            Well, then indecency will not be spared either. You already resent decency, since you already decided your stance, and have decided that any discussion is going to result in you saying “fuck you” to anyone that does.

            You are also wasting your time when you say calling out GrapheneOS community is political whining, when it is not, and if it is, then it makes you the same, because you are complaining about feelings when you ask me to stop caring about some politically motivated understanding or feelings. It is hypocritical.

            • GenkiFeral@lemmy.ml
              link
              fedilink
              arrow-up
              2
              arrow-down
              1
              ·
              3 years ago

              Right and wrong are relative to some extent and always have been and always will be. Who is to say the religious fundamentalist’s ‘decency’ is better or worse than (the obvious opposite) a Progressive’s? Who is sole arbiter of the truth? Shouldn’t it be more up to the individual? What ever happened to “Live and let live”?

              • TheAnonymouseJoker@lemmy.ml
                link
                fedilink
                arrow-up
                1
                arrow-down
                2
                ·
                3 years ago

                Who is to say the religious fundamentalist’s ‘decency’ is better or worse than (the obvious opposite) a Progressive’s? Who is sole arbiter of the truth?

                I see these arguments from modern day fascists and /pol/ users all the time. This is a classic grift technique to make themselves look balanced and somehow try to place the onus of morality on an entity that does not exist, and so they themselves can look more balanced instead of the extremists that they are.

                Your history, your above comments and your obsession to reply even after 18 days reveals enough about your interests, so forget about convincing me regarding your holier than thou arguments.

                Anyway, downvoting my comments will not make a difference. The moment I see something that goes against Lemmy rules or the rules for this sublemmy, I will take action in accordance.

        • Cerov2@lemmy.ml
          link
          fedilink
          arrow-up
          2
          arrow-down
          1
          ·
          3 years ago

          The question is “which smartphones are most private?” Not “which OS community is the least toxic?” Seems you have your reasons for hating on Graphene, but you’ve totally lost the plot here. Save that rant for a question thats actually asking about it, please. In the end, if it works and its the most private, thats what is going to matter the most to the end user.

          • TheAnonymouseJoker@lemmy.ml
            link
            fedilink
            arrow-up
            2
            arrow-down
            2
            ·
            3 years ago

            GrapheneOS community is terrible if you want help from them. It is a place filled with faux elitists with 4chan and reddit tier knowledge, and will use buzzwords to impress you, with non existent explanations when asked for. If you want to use it, go ahead. But if you want to enter a landmine expecting any guidance, good luck.

            Many people have been driven away from that community and ROM for plenty reasons I laid out in parent comment. People learn only via 2 ways - they learn from others’ experiences or they experience it themselves and then learn. You can make your choice.

    • nVZWmCa67Tq0SQkXPR@lemmy.mlOP
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      3 years ago

      Sorry for a late reply. The grapheneOS seems to have a problem with not a very welcoming community but their OS is still good with all the security and privacy features that it comes with? If it is not Google Pixel + GrapheneOS that is the most private way of using a mobile phone then what is the most private way? I see this set up recommended in almost every privacy community including this thread.

      • TheAnonymouseJoker@lemmy.ml
        link
        fedilink
        arrow-up
        1
        arrow-down
        2
        ·
        edit-2
        3 years ago

        A lot of these people are either sockpuppets or members of GrapheneOS, NoGoolag or SpiteChat Telegram/Matrix rooms that create a narrative to hijack the privacy communities. And it would not be surprising to conclude that they are a menace, because they encourage technical elitism quite a lot, and all of the other problems mentioned above.

        GrapheneOS moderators practicing censorship on Lemmy is not going to look the best either, but here we are. I have engaged with these people for probably 2-3 years, so I am about as experienced as one gets.

        A lot of these GrapheneOS privacy grifters also promote Windows, MacOS and iOS over Linux distros and Android, because they have some distorted definitions of security in their head. They believe closed source security is better for some reason.

        You could check this resource I made for a smartphone guide https://lemmy.ml/post/54596 or https://teddit.net/r/privatelife/comments/lpyl1s/

    • Anon@feddit.nl
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      mimimimimi I don’t care, it’s secure, I like the features. Separate the creation from the creator.

      • Ilandar@aussie.zone
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        Do you trust the creator, though? He is an absolutely deranged and extremely spiteful individual.

        • Anon@feddit.nl
          link
          fedilink
          arrow-up
          1
          arrow-down
          2
          ·
          1 year ago

          Deranged and spiteful? Yeah I’d trust that. Spite and grit are the only ways that a huge project like GOS can be maintained so well. If you want me to swap make your own secure Android distro.

      • TheAnonymouseJoker@lemmy.ml
        link
        fedilink
        arrow-up
        1
        arrow-down
        4
        ·
        1 year ago

        mimimimimi

        You will be banned for this callous, delusional and dismissive form of derailment of evidence based discussion, if you do not bring facts to the table that address the issue. The creator cannot be separated from the creation, when the created commodity’s direction is decided by creator.

          • TheAnonymouseJoker@lemmy.ml
            link
            fedilink
            arrow-up
            1
            arrow-down
            5
            ·
            1 year ago

            No, but he is certainly mentally ill to the point any promotion of him as a security developer will be condemned here. Security development from sane, even if prickly behaved people, can be handwaved, but he needs clinical help, as he even went to the length of not apologising to any people he ever accused, instead hiding behind his computer screen. He has gone to the lengths of claiming just about everyone, including non-critics, as being harassers, complicit in his faux murder attempt and so on.

            The slightest form of promotion of him or his work is out of question.

            • Anon@feddit.nl
              link
              fedilink
              arrow-up
              1
              arrow-down
              1
              ·
              1 year ago

              I am willing to change Android distros if you can point me to an actively developed one centered around security that can compete with GOS.

              • TheAnonymouseJoker@lemmy.ml
                link
                fedilink
                arrow-up
                2
                arrow-down
                5
                ·
                1 year ago

                The source of your trust is his marketing, not any concrete evidence that his work is any superior to that of other custom ROMs if they were tweaked around with firewalling and app permissions. His malloc Linux kernel patch laurels are a thing of the past and do not prove GrapheneOS is just as secure, considering he maliciously, upon not being paid his share in CopperheadOS, truncated the security sign keys and put at risk hundreds of thousands of users who used CopperheadOS. If anything, GrapheneOS maker’s malicious stunt at Copperhead exit, and later on his malicious accusations at everyone combined with using sockpuppet witch hunting troll army, proves that neither GrapheneOS nor anyone ever closely associated with Daniel Micay must ever be trusted in the security community.

                The fact that he has bullied multiple projects like DivestOS, Bromite and others into dropping his code unless they worship him and support his internet trolling and whatever he says (with the threat that he would release his troll army on them), means GrapheneOS code is not even free and open source, but partially closed source, where personal agreements with him serve as the official binding agreement on GrapheneOS code usage. He also added a shutter sound on camera app that could not be turned off, without asking anyone, putting the very demographic of its userbase at risk of jail/death in some countries.

                • Anon@feddit.nl
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  1 year ago

                  Camera app shutter can be muted with the volume slider, just tried it on the latest version so I assume it would have been patched out. I am open to swapping away from a lunatic’s OS if you have any other ROMs that can relock the bootloader and come with a user profile manager that easily allows me to install apps from my main profile to the others. Frankly I’ve never heard of DOS before, and I will immediately give it a shot on my work phone. Thanks :)

  • hello_lebbit@lemmy.ml
    link
    fedilink
    arrow-up
    4
    ·
    3 years ago

    Yeah thats about right. If you stat worrying about hardware backdoors then you should go with a pinephone. Personally im not that worried about hardware backdoors as theyre probably everywhere so i use a samsung with LineageOS, up to you to choose

      • erpicht@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        3 years ago

        I purchased a used Pixel 3a for ~$150 last week and it works well with GrapheneOS. Since your budget is a bit higher than mine was, you could go for a newer Pixel.

        GrapheneOS places more emphasis on security than LineageOS, but the privacy provided is comparable, or so I have heard from several sources.

      • southerntofu@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        3 years ago

        Pinephone is a hacker’s phone, like a beta under constant evolution. So depending on the system you use on it (which you are free to choose, that’s refreshing) you may have varied experiences like with battery life.

        However, Pinephone is much cheaper and hardware wise inspires more confidence. The modem does not have direct access to the phone’s memory (unlike most smartphones) which is like hardware security 101, and there’s ongoing R&D to develop a FLOSS driver for it.

        The question is also: would we rather financially support an enthusiast community building awesome hardware? Or a giant corp ruining our lives?

  • R51@lemmy.world
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    I hear lots of great things about Graphene but it’s only able to run on Pixel phones. I have a LineageOS installed on my phone & I have full control over the firewall, and there’s no google on it. Got the phone a year ago, battery still lasts 2 days of occasional use. It’s amazing how nice a phone feels without ads, constant upload/download, and unneeded background services running.

    Basically, and even with Graphene, the biggest security risk for a phone is the person using it. I wish it were more turn-key but the tracking with cookies is just the tip of the iceburg… apps like to track too and if you need an app outside of the free-open-source-software circle you should know how to control its access to the internet.

    • Anon@feddit.nl
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      That last part is where Graphene shines IMO, as every time you install an app you have the choice of natively allowing network permissions that you can change at any time. I agree with you on Lineage being great for an extra layer of privacy especially for the average person.

      • R51@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        o cool I didn’t know that. I use AF Wall as my firewall GUI on Lineage. I do have to give it root to update the tables though.

        • Anon@feddit.nl
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          I use TrackerControl (TC) on my Lineage devices for this. Will look into AF Wall, thanks!

  • murky@lemmy.ml
    link
    fedilink
    arrow-up
    2
    ·
    3 years ago

    LineageOS also supports some more obscure phones if you don’t like Google pixel phones or if you’re on a tight budget

    • southerntofu@lemmy.ml
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      3 years ago

      LineageOS from what i heard stopped supporting different passphrases for partition decryption and session unlocking. Having two separate passphrases was very useful because unlocking your screen happens much more often and is therefore much more likely to be compromised (eg. recorded by CCTV).

      Still, much respect for LineageOS, but we should still consider that most smartphones (except for Librem 5 and Pinephone) don’t care for hardware architecture and firmware reach, rendering the entire phone insecure.

      • M500@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        3 years ago

        This article is not really relevant. It points out that when the os is replaced by a privacy focused os like e-os then no data is sent back.

      • M500@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        3 years ago

        This article is not really relevant. It points out that when the os is replaced by a privacy focused os like e-os then no data is sent back.

  • Anon@feddit.nl
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Anything with as few data points tied to you is the most ideal. How far are you willing to go for privacy, and what are you using the devices for? If you absolutely need to run an Android ROM on mobile, GOS or even just a carefully setup LineageOS device would be your best bet. If you can live without a cell phone choose to do so.