Mastodawn

MostRegularPeople

Graphene vs /e/ os

https://lemmy.world/post/43570354

Graphene vs /e/ os - Lemmy.World

A question as old as time, I know. I’m getting away from Google and I’ve done the easy stuff: CoMaps, Proton mail (I know, not the best move), aveslibre, etc. I currently don’t have the time (or the knowledge base) to learn how to self host, but hopefully that will replace Drive and such in the future. But I digress. I’m looking at a new OS for my phone. I’m currently in a contract with a phone that is incompatible with alternative OSs. Graphene needs a Pixel. Used, they’re $150-400. /e/OS will run on a Motorola or whatever and those are like $80. There’s also the option of going full Fairphone with /e/os and I like that idea in the future. The internet people tell me that Graphene is the best due to ease of installation, privacy, and security. I don’t need a lot of security. I just want Google to stop suckling all that sweet, sweet data from my teat. What are your thoughts?

Graphene is the best by a long shot, security wise and degoogling wise. In fact, you can use GrapheneOS with absolutely zero Google services running on your phone. /e/OS uses MicroG which while better than your usual Android phone, still runs with privileged access to your device. This is in contrast to GrapheneOS’ optional sandboxed Google services implementation which gives Google the same privileges any other app on your phone would have.

MostRegularPeople Feb 25

Thank you for detailing in one paragraph what I was unable to understand after reading articles about it all last evening.

It is also largely questionable.

/e/OS has MicroG, and that runs as a system service. You can disable most of it, and if you’re not using any App that needs Google services, I doubt it really does much.

It is possible to use Graphene without using any Google at all. However… Doing so will break almost every app out there. Anything that needs push notifications, AndroidAuto, a thousands more things. So you end up using Graphene with Sandboxed Google services.

And we get into the debate. Is it better to take the official Google Play Services, which we all consider malicious, and run it in a sandbox, or take an open source private, and trusted implementation (MicroG) and run it as a system service?

It is at the very least largely debatable.

ScoffingLizard Feb 25

You can delete MicroG with Android Debloater. You will not be able to do most transactions afterwards.

It is best to run GOS or Lineage OS completely Google-free.

It is best from many points of view but, as far as I understand, this community is about providing knowledge and tools, and leaving it up to the individual users to asses their threat modeling and determine the extent of the acceptable compromise?

Edit: in every use of connected technologies there are privacy trade-offs, and privacy may not be the only concern on a user’s plate.

The Fairphone mentioned in the opening has the more ethical production and spare parts support, that can be a concern for many users. Ultimately it’s for them to decide. Maybe we bore them and they just get a third hand iPhone, which is still largely a privacy improvement over stock Android.

“Best” only in the context of this thread.

If it’s only about degoogling, they can very well use /e/OS and remove the network permission from microG. Yes, it’s possible.

skyline2 Feb 26

From the official GrapheneOS response to exactly this same debate, it seems that the issue is MicroG’s reliance on having signature spoofing enabled. Which is a security hole that can be exploited by anyone, not just MicroG, as it allows anything to masquerade as Google Play Services to an app that wants to use it.

discuss.grapheneos.org/d/…/11

Yes, Google Play Services is closed source and contains functionality that would be considered “spying on the user”, and “malicious”. But that is the same for any closed source app; you can’t prove it isn’t trying to spy on you or compromise your device. What you can do is rely on the App sandboxing and fine grained permissions control that GrapheneOS allows to disable such functionality if it exists.

Of course, if even having a closed source app on your device is too much, then honestly you wouldn’t even be using MicroG as you wouldn’t want any apps using Google’s proprietary libraries for accessing Firebase or other proprietary services anyways…

So, GrapheneOS offers the most sane approach in my opinion, without opening any security holes. By default the entire OS (not talking about pixel firmware blobs, just the os and kernel drivers) are open source and you can use only open source Apps via Fdroid, Accrescent, direct with Obtainium, etc. But for the average user enabling sandboxed Google play and managing its permissions is the best compromise between security and privacy.

Sandboxed MicroG? - GrapheneOS Discussion Forum

GrapheneOS discussion forum

GrapheneOS Discussion Forum

Being open source is not the only benefit of MicroG. It massages some (many) of the queries, removing as many bits of identifying information as possible. It lets you replace Google Location services with BeaconDB. And some other stuff.

These are all privacy wins. Practical ways to maintain as much of the functionality as possible, as much of the convenience, while minimizing the amount of information that is sent to Google (among others).

They come with a compromise in security. So this comes down to threat modeling. To use the naming from privacyguides.org, is your model includes “surveillance capitalism” but not “targeted attacks” then MicroG might even be better.

e/OS, while far from perfect, also adds a feature that blocks requests from tracking services using a blocklist. You can get that in 50 other ways, but this one does not drain my battery at 3x the speed, so I like it.

I do not claim that /e/OS is “better” than GrapheneOS, just that other ROMs can be a very good choice, depending of the user.

There is a reason why GrapheneOS is the golden standard, and if I were a journalist or activist in many parts of the world I would definitely stick to that and only that.

But that is why threat modeling exists. My threat model allows me a little more latitude, so I am not restricted to buying Pixels in an era when Google seems to be slowly undermining GrapheneOS, and I can choose a different manufacturer with better ethics. Among other things.

Of course, no question that with threat modeling you can arrive at /e/OS being an acceptable choice. However threat modeling is difficult and the devil is in the details, which is why I’m responding (mostly for the benefit of other readers of this thread) to provide the GrapheneOS side of things and avoid the impression that /e/OS offers unique or generally superior features in the areas we are discussing.

Here is GrapheneOS’s network location implementation details. grapheneos.org/features#network-location

GrapheneOS features overview

Overview of GrapheneOS features differentiating it from the Android Open Source Project (AOSP).

GrapheneOS

First a technical thing which is not obvious to me.

I understand that the general, non-proprietary Android system service would uses a privacy preserving service like BeaconDB. From what I understand, Google offers an alternative, proprietary, location API in its Play Services. Is that one also prevented from giving your location to Google of you’re using Sandboxed Google Play?

It’s an honest question. I assumed that the provider option I had in MicroG was exactly for that purpose, but I could be wrong.

Next, a small rant.

Bloody hell, I really do appreciate your politeness, but how is it that every damn article about privacy starts with threat modeling, but every discussion about privacy ends with “yeah but if your threat model does not require QubesOS you’re doing it wrong”?

(I use Arch BTW)

willington Feb 27

Thanks for explaining all that.

I don’t like being fed conclusions even if in the end I will agree with those conclusions. I need to know all the relevant thinking for the topics with elevated importance to me.

Maybe I can afford a mental shortcut on a topic of little consecuence, or if I have an overwhelmingly good personal relationship and have outsourced 60% of important thinking to this hugely trustworthy person (then I will be in deep shit should something happen to my relationship with that person, not good).

I won’t say I do all my own thinking for myself, but I try. So thank you again for explaining.

Thank you for reading that, and for supporting the idea that these topics are worth discussing about, and different people can reach different conclusions.

Also notice a couple more useful posts in the responses to my post, courtesy of a users who decided to verbally disagree instead of just downvoting.

I love my graphene phone, and also installed lineage on my old motorola phone , works great , i used that one as a backup

did you buy it with graphene preinstalled? i’m thinking of doing it this way through murena because i also need a new phone, but hesitating on network coverage in the united states.

persona_non_gravitas Feb 25

IMHO if you only care about Google sucking your data and not other privacy/security, the most important question isn’t between OSes as much as it’s between:

No Google apps (GAPPS); honestly good ol’ LineageOS is just fine. If you don’t install Google spyware you don’t have Google spyware, just the connectivity check and dns. Which you can probably change. Major con, many applications installed from Play store (through Aurora store, apk, whatever) and practically all notifications you’d receive from them stop working.

MicroG; open source GAPPS replacement that tries to send as little data as possible to Google, while keeping Play store apps & push notifications working. /e/, iodé, Lineage for MicroG, Lineage but add microG manually during installation, formerly CalyxOS…

Add GAPPS but try to handicap it somehow (incl. GrapheneOS work profile isolation); I don’t remember if it’s eg. possible to block them from accessing the Internet on non-GrapheneOS phones, by app permissions or eg. NetGuard?

If we’re taking into account other privacy and security, then GrapheneOS by a mile.

FrostyPolicy Feb 25

block them from accessing the Internet on non-GrapheneOS phones

This is an important feature in GrapheneOS. You can deny network access for any app.

Yeah, /e/OS too, and so I assume also LineageOS and the rest.

RmDebArc_5 Feb 25

Personally I am using /e/is, but I think GrapheneOS is technically superior. I would first research whether the apps you need (EG banking) work on either one and then decide

MostRegularPeople Feb 25

Oh man, I didn’t even think about banking and credit card apps.

shortwavesurfer Feb 25

Phones have this neat thing called a web browser that you can use to access your bank and if you can’t use a web browser to access it then honestly you should switch banks because that just shows that your bank doesn’t give a fuck about you and that you are the product because they have proprietary shitware on your phone

Undertaker Feb 26

/e/OS is not Google free (several calls, integrations and so on are connecting to Google). It makes use of OpenAI as well, uses tracking ids for updates. It is far behind regarding updates and thus risking privacy due to lack of security. They ignore any sort or critique.

Graphene: You have to buy a Google device. Even second hand is support as it increases the value of their devices (or stabilize) and you walk arround with their name.

Advice: Have a look at Iode.

Pick a device that is not meant to be used for many years as Graphene plans to support a non Google device in coorporation with an unknown manufacturer.

(Written from a Fairphone using /e/)

Have a look at Iode.

Its the same as /e/

Linaegeos fork with no updates and its only „security” is a literal subscription for a DNS blocker