For those unfamiliar, GrapheneOS is a privacy and security enhanced custom ROM endorsed by Snowden. Despite these big names, plenty of people give it backlash
Even @TheAnonymouseJoker@lemmy.ml gives it backlash despite being a moderator of Lemmy's biggest privacy community. A quote here: "grapheneOS trolls are downvoting every single post and comment of mine, and committing vote manipulation on Lemmy. They are using 5-6 accounts." That was in response to downvotes on a comment posted in the c/WorldNews community, which is entirely unrelated to technology.
One of the reasons is that GrapheneOS can only be installed on Google Pixels due to security compatibility, which makes complete sense considering Android should be most compatible with Google's own devices. GrapheneOS even lists the exact reasons they chose Pixels, and encourage people to step up and manufacture a different supported device.
One year ago, Louis Rossmann posted this video outlining his reasons for deleting GrapheneOS. Mainly, he had multiple bad experiences with Daniel Micay (the founder and main developer of GrapheneOS) which put his distrust in the GrapheneOS project. Since then, he has stepped down and will no longer be actively contributing to the project.
So, I am here to learn why exactly people still do not like GrapheneOS.
Personally is due to the toxicity of their dev and socials team, basically if you ask something, you are wrong and they are right, if you recommend other options, you are wrong and they are right. They have been publicly raging war against cybersecurity content creators that dare question some decisions or do honest reviews (OS Is good but has it's but scenarios) ... Once they get better with their PR relationships most of the hate will go away.
For a good reason. Pixels are currently the only phones besides iPhones with proper hardware security. Only Pixels support hardware memory tagging, have a secure element (Titan M2) that supports the Android StrongBox and Weaver API, insider attack resistance and hardware key attestation. They also have a programmable USB controller, that allows you to fully disable any USB data connections while the OS is running. The GrapheneOS team maintains a list with hardware requirements at https://grapheneos.org/faq#future-devices
Yea, my main issue is that because of the price, you're locked to phones that are either out or almost out of support, or secondhand. Even the last generation's cheapest model is $300! Though very tempted to try to save that anyway.
Plus they are not officially sold here, so always a bit of a gamble.
You don't need to give money to Google, it's trivial to find a second-hand.
not in my country, they are expensive and unavailable. and you have to be ok with their form factor and features over the other options.
overall needing to have one specific phone can get very restrictive.
Is it a reason to hate the GrapheneOS project? Pixel phones are simply the best Android devices for security. You should hate other phone manufacturers that don't care at all.
i don't hate graphene in and of itself, i simply can't use it. and its not much use to most people when most people don't own pixels.
we should hate most phone manufacturers because they are pretty much all shitty.
Sad to see so many people fall for this blatant scheme for buying pixels
Daniel Micay and the GrapheneOS community are all insane shills. They are against FOSS, and feud with: F-Droid, Mozilla, Calyx Institute, FSF, Linux, Stallman, TechLore.
They shill for proprietary software like Google Play Services compared to MicroG because "IT BREAKS THE ANDROID SECURITY MODEL", F-Droid because "IT BREAKS THE ANDROID SECURITY MODEL", and shill for the Google Play Store (just create a burner Google account bro), Microsoft Windows (because they claim it's safer than Linux because it doesn't force the trusted computing environment) and constantly shit on FOSS projects.
Micay is a schizophrenic twitter and Matrix addict that spends his days on Twitter and on the Matrix room banning people because they are "trolls" (they complain about something that's broken on GrapheneOS, he deletes all the messages and then bans the user) or searching for tweets containing CalyxOS or grapheneos on twitter that don't mention him and DEBUNKING them, specially if it mentions CalyxOS in a good light or gives any criticism to him or his project, proceeded by claiming his community is always being brigaded by Calyx users.
Just search all his tweets (on grapheneos or danielmicay that mention calyx).
The guy has a huge persecution complex that every FOSS project or organization is out to get his project and himself (specially the cryptocurrency trolls, the farms and 4chan), so he's always having a schizo meltdown on twitter.
His matrix room are full of schizos and bots that spend all day shilling for the aformentioned services.
They have a whole matrix channel dedicated to fighting "disinformation" about their OS. When a site mentions their crappy OS the link usually gets posted there and after a few hours threads get flooded by GrapheneOS fanboys shilling their system.
They also love censorship.
screenshotThose things do break the security model though. Theyre right about that.
If you care that much about """security""" just sell your soul to apple. They will take good care of your data and provide world class security. I don't know how even thinking about using google stuff in a foss rom is considered acceptable. You don't need to go full Stallman, but I believe most people here don't want to use google shit for some alleged "security".
True, but grapheneos prioritizes security to an absurd level where they say stuff like how the google play store is better than f-droid. Of course this can be true, but there's high chance the entire project is influenced by google.
There are one or two accounts on Lemmy who seem to show up in every privacy or graphene thread and shit-talk GOS.
I say if there is something wrong with GOS or the code itself, identify it and prove it. The founder may have been "problematic" or whatever, but it doesn't sound like that person is even associated with the project anymore.
I have personally daily-driven GOS for a year. It has worked well for me. I use a lot of FOSS apps. I use some traditional Play Store apps and avoid logging into Google and I manage permissions closely. I'd say GOS gives you options. Maybe some people would like other customized degoogled OS better, and that is fine. Just... for the love of all that is sacred, don't use vanilla Googled Android.
I find the criticisms of the founder pretty seriously overblown. My interactions with him have always been positive. He's on the spectrum and a lot of people engaged in pretty serious abuse toward him and the project he created... so I'll give him some slack.
I've used GrapheneOS for 5 years. It's good, the project has integrity, and there really isn't anything that meaningfully compares in meeting its goals. It's proactive in that they actually do meaningful security research and implement solutions. People who troll on the project are either straight up bad actors or just stupid.
GrapheneOS only works on Google hardware. Part of the advantage of Android is device variety, but GrapheneOS forces you down a narrow path. Want a rugged device, a headphone jack, microSD? Well Google doesn’t offer those so GrapheneOS can’t meet your device requirements.
GrapheneOS has defined a set of security standards for their operating system which have hardware requirements. These standards have been published and there have been efforts to engage with hardware manufacturers to adopt the required hardware. Blame the manufacturers for skimping on security, rather than Graphene being unwilling to compromising their values.
It would be possible to ship generic system images with separate updates for the device support code. However, it would be drastically more complicated to maintain and support due to combinations of different versions and it would cause complications for the hardening done by GrapheneOS.
Sounds like they could, but have resource limitations to do it. It’s also a knock against Google whose hardware has gotten worse. Personally, IDGAF about these project-imposed requirements if I can’t have the standard headphone jack on portable device.
People have to learn to separate software from its developer.
For example, I don't care about Hyprland dev being an asshole sometimes, if the WM he's developing works good. I don't care about Cider's devs political positions if it doesn't directly affect my experience with the software.And people also have to learn, that if someone uses any particular software, they aren't necessarily using it the way developer pointed out they should.
I use GrapheneOS on my device, but that doesn't mean that I completely follow devs philosophy. I don't use Vanadium, 'cause I don't wanna support Chromium monopoly. I use F-Droid to install my apps, even if developers think, that I should get my apps directly from its devs.Does GrapheneOS founder or developer philosophy that you don't agree with makes Graphene a bad OS? Of course it doesn't. GrapheneOS is still one of the best options on degoogling your device if not the best.
I like grapheneos the product.
The staff is super abrasive and they constantly attack other privacy projects. See the recent attacks on Jonah from privacy guides, or the attacks on calyx, or the bs with rossman that forced micay out of the spotlight.
They need to hire an outside professional to manage their PR. The way they communicate is their biggest flaw.
I hate that they use discord and telegram for comms without any notice that the matrix/irc room you're joining is bridged to those services.
Any organization that thinks its OK to feed my chats to obvious bad actors is extremely concerning. I have brought this to the attention of the maintainers and all they do is say 'but the chats are public, and anyone can index them. So what's to stop discord from harvesting the data from the other public forums".
Well, guess what, as bad as discord is I'm pretty sure theyre not going around to obscure forums to scrape user data when they have such a plentiful source feeding them with their own consent. I do not consent to this invasion of pitvacy and am disgusted a 'privacy' OS can do this and no one be outraged about it.
They tried to switch to Matrix, but it turned out to be too inefficient and buggy for such big community.
Matrix continues to be awful and weird. Discord is basically easy to use IRC -- too bad no one else has figured out an easy irc
Even @TheAnonymouseJoker@lemmy.ml gives it backlash despite being a moderator of Lemmy's biggest privacy community. A quote here: "grapheneOS trolls are downvoting every single post and comment of mine, and committing vote manipulation on Lemmy. They are using 5-6 accounts." That was in response to downvotes on a comment posted in the c/WorldNews community, which is entirely unrelated to technology.
It seems to me that you might be confusing things: You say that people hate the OS but share a comment complaining about the community of users/fans, not about the OS.
I have never used GrapheneOS and cannot comment on the OS, but I have seen some users in different communities commenting that GrapheneOS is the only valid alternative OS and discrediting any other OS. It becomes tiring pretty fast.
Basically because Daniel "MacCock" behaves like a massive paranoid schizophrenic prick when he doesn't take very strong meds (that's my take on it anyway). And as others have mentioned, his claim to have stepped down is just that, "his claim". Everything points to him still very much being at the help of the project.
I like the project, but any software I use being directed by someone like that guy is a huge red flag.
“grapheneOS trolls are downvoting every single post and comment of mine, and committing vote manipulation on Lemmy. They are using 5-6 accounts.”
Is that really criticism of graphene os? or is it complaining about specific users who like graphene os?
It stems from a blind hatred for GrapheneOS and its users as a whole.
maybe consider buying hardware that supports a real mobile Linux like https://postmarketos.org/ next time
Linux mobile is not threat modeled for a moble device. It is quite risky. Mobile devices must consider more known and unknown attack vectors than a device (like a Desktop) that stays in a consistent trusted environment (like home or a personal office in some cases).
The software that runs on mobile Linux is the same that runs on desktop arm64 Linux, minus a few mobile-specific components packaged by postmarketOS/etc. Minus the few mobile-specific components (modem drivers, userland components like the virtual keyboard and window manager), the software is very well tested and used regularly. Only thing I'm sketched about is the sim card, which has quite a lot of control over the device from what I was told. It's not like non-linux phones are any safer from this though; if anything they're more likely to be targeted by any hardware vulnerabilities/backdoors due to being more popular devices.
Security through obscurity is not security. There are special considerations that have to be taken on a mobile device. Mobile OSes, while unhardened normally, are still designed to protect against attack vectors that aren't considered by normal linux. Linux can be hardened, but is very open by default. It also offers no out of the default sandboxing of apps from each other. It isn't immutable, unless postmarketOS is, which is a large security threat when considering device integrity. Full disk encryption isn't enabled by default (unless changed in postmarketOS). Root login is enabled by default (a huge attack vector). Linux isn't secure by default, but more private than any proprietary OS like Windows, iOS/MacOS, ChromeOS, and Android. But Linux because of its open default makes it vulnerable to spying 3rd party by apps installed by the user. It is also vulnerable to attacks from a network.
I recommend a deblobbed Android ROM like DivestOS (my personal fav and more deblobbed of proprietary blobs than any other ROM) or GrapheneOS. See a good comparison between ROMs here: https://eylenburg.github.io/android_comparison.htm
For linux hardening, check out Kicksecure for Debian distromorphing, Secureblue for Fedora Atomic (immutable) rebasing, and Brace by DevistOS's developer for general security hardening of Fedora/RHEL, Debian/Ubuntu, Arch Linux, and OpenSUSE Tumbleweed.
Linux can be hardened, but is very open by default.
yup.
It also offers no out of the default sandboxing of apps from each other.
I don't use applications that need sandboxing. I would enjoy if OpenBSD's pledge and unveil were ported to Linux at some point though.
It isn’t immutable, unless postmarketOS is, which is a large security threat when considering device integrity.
How does immutability improve security beyond standard unix file modes?
Full disk encryption isn’t enabled by default (unless changed in postmarketOS).
I used to do FDE, but now I prefer just encrypting the files I actually need encrypted. FDE doesn't protect you from an attacker that can get access to your phone while it is booted.
Root login is enabled by default (a huge attack vector).
What huge attack vector? It's just as secure as any account if it's given a good password. I'd argue sudo/doas is a lot less secure when authenticating to root, since if an attacker knows your user password, they now also have root access.
I recommend a deblobbed Android ROM like DivestOS (my personal fav and more deblobbed of proprietary blobs than any other ROM) or GrapheneOS.
I will use my already deblobbed Linux distribution, but thanks ;)
Did you go to any of my links about Linux hardening? Do you implement any hardening yourself? Do you harden kernel flags or replace malloc with hardenned_malloc?
If PostmarketOS is just ARM linux with minimal changes than it isn't secure enough for a mobile device. All apps should be sandboxes regardless of whether you can trust the code or developer. Each app expands the attack surface of your device.
Linux kernel also has proprietary blobs for firmware and device support. That is the difference between Linux normal or libre kernels.
Did you go to any of my links about Linux hardening? Do you implement any hardening yourself? Do you harden kernel flags or replace malloc with hardenned_malloc?
No. Why would I need to do this compared to a standard Linux desktop PC? Does having a WWAN radio somehow open me up to some massive amount of exploits compared to another mobile device, say a linux laptop?
Linux kernel also has proprietary blobs for firmware and device support. That is the difference between Linux normal or libre kernels.
I don't think my hardware (pinephone) needs any blobs (If any, the GPU? Panfrost exists so probably not). It may need proprietary firmware, but firmware doesn't touch the kernel and is loaded onto the auxilliary device's CPU, so it's not as big of a security compromise (excluding CPU firmware). I already replaced the modem firmware with an open source version, so I think I'm fine there.
Point still stands. postmarketOS isn't hardenned. Default desktop linux isn't hardened. Malware could easily infect your device and exfiltrate data, escalate privileges, modify the kernel, etc. Each of the things I have mentioned (hardened_malloc, immutable OS, hardened kernel, hardened firewall, removal of identifiers, full disk encryption, locking of root login [not the same as invoking root], MAC hardening through SELinux or/and AppArmor, service minimization for reduced attack surface, package manager hardening, secure boot, sandboxing of applications, etc) should be implemented for both Desktop or Mobile Linux to have "good" security. Security is preventative. All of these things come together to create a system better equipped to protect against know and unknown threats, which especially true for mobile devices which are near-costantly in unknown environments. A vulnerable device is weak link in the chain of your security, which can be used to compromise your privacy. You may never be attacked or have your device exploited, but that doesn't make it secure as a result.
I would love to see an actually secure mobile device that is rid of Google's stench. Problem is postmarketOS isn't secure, its just default linux on a phone. If it saw largescale adoption (which we all would like a good alternative to do) it would be easily exploited.
It says postmarketOS is based based on alpine Linux, which according to Whonix doesn't meet their threat model and it's odd to claim "Alpine Linux was designed with security in mind" when Alpine's package doesn't pass The Update Framework model. A vulnerable package manager can be used to compromise a system, read more package management on TUF's website.
- My point was that standard linux should have those things too if it wants to be considered "secure". Default Linux isn't secure out of the box without a lot of work. It is more private than proprietary OSes but not more secure, therefore compromising your ability to safeguard privacy as a result. Linux is also a great target for threat actors because the majority of servers run Linux, meaning security researchers and cyber criminals alike are looking for weaknesses. I'd recommend looking into Android's Security model because it is interesting and gives insight on designing a secure mobile device. Stock Android suffers from OEMs not providing consistent long-term updates for devices, which 3rd party security hardened ROMs like DivestOS and GrapheneOS help to address.
Extra reading: see Whonix comparison table to see what they look for when choosing a base OS that can be later hardened for security. Note that some things in the table are not security specific but important for anonymity (which Whonix modifies to Kicksecure to better protect). Whonix is a security focused operating. Here is a comparison of different memory allocators showing their features for preventing different types of exploitation. Memory based attacks consistently are reported to be one of the most common types of attacks.
- Here is a link to the Wikipedia page on Linux-libre Kernel. I'm not suggesting this should be the default, was just making a point that binary blobs may be needed in a kernel for compatiblity or security (eg updating firmware that is vulnerable when that happens).
People like to ntpick and fight. GrapheneOS is one of the best options (realistically of just a few) out there, and it's pretty damn good and simple to get into.
It was never so much about the hate for GOS as it was for Daniel. Daniel is a absolute genius but has some mental and paranoid issues. Which hurt GOS reputation in the proces, Dont get me wrong I do not hate the guy or GOS at all but I do agree Daniel has some serious issues.
It's literally a covert project funded by google to both sell pixels and harvest data of "privooocy" minded users. It seems to be working well.
It’s literally a covert project funded by google to both sell pixels and harvest data of “privooocy” minded users. It seems to be working well.
Is it actually funded by Google? Citation needed.
I would assume Graphene users make up a statistically insignificant number of Pixel buyers, and most of the users of it I've met opt to use it without any Google services.