A question as old as time, I know.
I’m getting away from Google and I’ve done the easy stuff: CoMaps, Proton mail (I know, not the best move), aveslibre, etc. I currently don’t have the time (or the knowledge base) to learn how to self host, but hopefully that will replace Drive and such in the future.
But I digress. I’m looking at a new OS for my phone. I’m currently in a contract with a phone that is incompatible with alternative OSs. Graphene needs a Pixel. Used, they’re $150-400. /e/OS will run on a Motorola or whatever and those are like $80.
There’s also the option of going full Fairphone with /e/os and I like that idea in the future.
The internet people tell me that Graphene is the best due to ease of installation, privacy, and security.
I don’t need a lot of security. I just want Google to stop suckling all that sweet, sweet data from my teat.
What are your thoughts?
It depends on what phone you have and what you’re looking for.
For me, personally, I went for e/OS as it allowed me to buy a fairphone and support a hardware manufacturer without putting money in Google’s pocket for a pixel.
A modular repairable phone was more important than which ROM i used. Though i do wish e/OS had some features graphine has
That is absolutely a conundrum. I’d rather support repairable hardware than even getting a used Pixel. By GOS seems like a great OS. I’m at least a couple months out from making the switch so I have a lot of time to agonize over it at least.
When I switched to Graphene a month ago, I was expecting to make a lot of concession for privacy, security and to get rid of Google.
But honestly, it just works great and while it is meant to be used without google, WhatsApp and all those spywares.
You still have the ability to use them if needed but sandboxed and in a different profile. It makes it so that the switch is easier and not a all or nothing.
The only thing I struggled with was using something else than Google Maps and Obtainium at first.
Check out iodeOS Its a LineageOS fork but more privacy friendly. They support many phones and deliver security updates much faster thab /e/os
/e/, lineage, Jolla/sailfish, they are all bad for security and really not that great for privacy. grapheneOS really is the best without question especially if you value the best security.
/e/ and lineage:
- https://grapheneos.social/@GrapheneOS/114235397501611300
- https://xcancel.com/GrapheneOS/status/2026368443071582346#m
Sailfish:
Check my post history if you want as I did post quite a few times about my journey there but basically :
- used Android a long time ago
- switched to iOS due to discussions with security experts at Mozilla
- bought and used sporadically Linux proper phones (PinePhone and PinePhone Pro) with different distributions
- tired of iOS restrictions as a developer, switched to /e/OS last year
The main appeal of /e/OS for me wasn’t security or privacy but rather being able to purchase a phone with the OS installed. I wanted to buy a phone, put the SIM in and be pretty much done with it. I also wanted banking apps to keep on working. I bought the cheapest /e/OS phone namely https://murena.com/shop/smartphones/brand-new/murena-cmf-phone-1/ then and basically I’ve been using daily since.
Few clarifications that I believe are misunderstandings :
- on security, yes /e/OS lags behind GrapheneOS for Android updates. If you are worried of 0-days because you are a political dissident you should probably NOT use /e/OS but get your setup reviewed by experts. You should definitely not trust randoms strangers on the Internet on that topic. It’s important to put an emphasis on the fact that even with the latest Android updates, a phone is still not entirely secure, does not matter if it’s with Googled Android, GrapheneOS, iOS or whatever other OS. It’s only the least worst known state, in theory. It’s better to follow best practices but without being either naive or paranoid.
- on privacy, /e/OS has some defaults you might not like but they are JUST that, namely default settings. If you do not want to use a Murena account, simply do not create one. That’s it. You won’t have any call to any API, even proxied one like OpenAI. AFAICT this is also only for paid accounts so it can’t happen by mistake. Feel free to check my post/comment history on that. Again if your threat model is any information leak, might be better to use GrapheneOS but if you are fine with just avoiding the downside of surveillance capitalism, IMHO /e/OS is good enough, namely you don’t share usage data to Google, even with default settings.
Also self-hosting is not trivial but it got way easier over the years IMHO thanks to Docker/Podman. Also I’d recommend investing time in it because… it will still be worth it in a decade!
If you are up for it I could write few “challenges” for you and see where it leads.
I came to GrapheneOS for privacy and security, but stayed for the features.
-
Per application network toggle: I found this incredibly useful in cases where the application is fully functional without internet, yet still asks for internet permission, and I do not want it to phone home (e.g. Google Photos). It is helpful for when you are using a VPN, and do not want the slot to be taken by an application like NetGuard. Although, I believe you can replicate this functionality with (Split Tunneling) + (Block connections without VPN).
-
Storage Scopes: This is a another highly useful feature. Say you took a bunch of pictures on a trip, and want to show the pictures to a friend. Normally, you’d fear them snooping around pictures that you don’t want to show them. However, with GrapheneOS, you can just download a separate Gallery application, only expose the photos (or the photo directory) that you want to show via Storage Scopes, pin the application, and safely hand the phone over to them.
I found this feature very helpful when shortlisting ~10 photos from a gallery of 500 photos. I downloaded PhotoSwooper (which lets you keep/delete photos by swiping right/left) from F-Droid, exposed the 500 photos directory to it, and started swiping. I iterated this a couple of times, and got my perfect 10.
-
Contact Scopes: This is for the cases when you don’t want to expose your contacts to the application for whatever reason (e.g. you don’t want them to graph your connections or you just want to protect the privacy of your friends). You can just selectively share contact(s) instead of handing your entire phonebook to the application.
-
Sandboxed Google Play: Some applications require the extremely invasive Google Play Services (because it operates with elevated system-level privileges). However, with GrapheneOS, you can just install the sandboxed play services, which acts as a regular user level application. You can then revoke network access within Sandboxed Google Play Services, and use your play services dependant application as usual.
So, basically, if you can afford it, go for GrapheneOS. I wanted privacy and security; but now that I tried GrapheneOS’s features, a lot of these are now nonnegotiable to me.
On Graphene now, I dearly miss simple Lineage features I used 10 times a day: the network speed indicator and long press power button for flashlight. I just assumed GOS would have them.
I browsed the forums and they’re not interested in implementing it. One answer was “buy a flashlight”
Even after a few months I still feel like going back.
I personally do not use long press power for flashlight, but your requirement got me curious, and I tried to replicate it.
This is doable, but seems to require more permissions. I downloaded KeyMapper from F-Droid (https://f-droid.org/packages/io.github.sds100.keymapper/), and added a new key map with Long press Power trigger and Toggle flashlight action. However, this application requires Accessibility permissions (because you are overriding system maps ig), Camera (for flashlight), Network (I think it sends an adb command via wireless debugging to do the toggle) and unrestricted battery usage.
As for the speed data, from a surface level search, I found these two apps:
-
NetUpDown (https://apt.izzysoft.de/fdroid/index/apk/com.by_syk.netupdown): This shows a floating window (instead of the notifications bar) with the network speed.
-
Traffic Light (https://f-droid.org/packages/com.leekleak.trafficlight/): This displays the network speed as a notification, but shows the incorrect data for me for some reason.
Theoretically, it should be possible to just mash the functionality (/code) of these two to get what you want (thanks to open source).
A big thanks for doing all that research!
I had kind of a fix for the flashlight, but this is much better. KeyMapper is really polished, the icon doesn’t do it justice (I’m superficial like that).
I could customize the press duration, vibration, all good stuff. Only thing missing is a timeout.
I did have a bit of a weird behavior, with actions sometimes launched during button press and sometimes only after release. It seems to be fixed for now. For other users: I did grant root to the app but don’t know if it was required for this function.Traffic Light is again a well made app, but it updates too often and I don’t like persistent app notification in the drop down window. I’ll give it a try though.
-
-
Resurrect divestOS is my thoughts on this
There is a AXP-OS, but it doesn’t support unpriviliged MicroG and they focus on their ‘PRO’ (rooted) version, which you have to use if you want microG + AVB.
https://eylenburg.github.io/android_comparison.htm
This is a great table of comparisons between the different Android alternatives.
Did you check out Jolla phone? It’s an Android/iOS alternative
My stocks aren’t great 😭
Why do you say not the best move for Proton?
Mostly it’s accusations of vibe coding a supposedly secure ecosystem. The Trump thing wasn’t great, but I think it was largely blown out of proportion.
At the time I was looking for a Google replacement, which Proton kind of is. It’s got mail, calendar, and a drive, all that stuff. Since then, I’ve learned or realized that I would prefer to be invested in individual services like mailbox.org, mullvad, keepass, etc. So that if one service fails, I can just divest myself from that individual service not an entire ecosystem.
I agree with the Trump thing kinda being blown out of proportion, but I haven’t heard about the vibe coding part? I know there was one point where they used ChatGPT for something and were called out for the irony of it, but I don’t think they are majorly vibe coded. Because everything is open source, and they routinely get audited, I trust them enough to use their products. I do agree however, that not having all your eggs in one basket is a better ideology from a security standpoint. From a convenience standpoint (and wife factor), I pay for everything Proton :P.
Their CEO tried to cozy up to Trump when he re-entered office
Ahh yes, I remember the whole controversy. I still think Proton as an ecosystem, and a product are still great for what they are, and for promoting privacy regardless of what Andy said using the official Proton account. (negative IQ play).
Regardless, GrapheneOS is still the staple in terms of limiting, or out right removing Google from your phone.
Just abit of encouragement
Self hosting is easier than you think. I didn’t know anything about Linux prior to setting up a server. I’m faaaaaar from an expert but even a noobie like me was able to set up a truenas system by watching tutorials and reading. It’s definitely alot of problem solving in the beginning but it gets easier.
In terms of storage. Mega is great value for money and all E2E
Thanks, I really appreciate the encouragement.
You got this!
I have /e/os. I decided on that pretty early on in my degoogling journey. Main reason being that I believe any privacy venture will come with tradeoffs, but I went with the “most things will work” approach. They have this neat privacy manager that tells you which trackers come from where, and I think that covers my needs. There has been exactly zero apps that haven’t worked so far, and most people that use my phone just think it’s a standard pixel.
The app lounge kind of blows though. I use the F-Droid app for updating F-Droid apps instead of it, since there was some weird stuff about where they were getting open source apps from. I use it for the play store, and it does what it needs to, although there is some weirdness with it like not being able to tell which apps have recently updated and when. I like the idea of joining app repositories together, but it needs work.
