It's absolutely insane that phones have online accounts deeply integrated into the OS. You need to give Apple your phone number to download any apps on iOS.
For example:
Say anyone that downloaded IceBlock commited crime, Apple could give the govt everyone who downloaded its phone number, the govt could get the realtime location of everyone based on their phone number from the carrier.
And that's not even mentioning the other problem that nobody can download IceBlock anymore[1].
It's so refreshing for my phone not to ask for any identifying information when I set it up. GrapheneOS is a better software experience than iOS anyway[2].
Phones have great potential to be the most private and secure computers, cell services not withdrawing. And iPhones are one of the most private and secure devices. But, Apple uses that to restrict its users freedom and it makes Apple's users can easily be controlled by any government.
[2] once you install good apps. This is coming from a lifelong iOS user. Not prejudiced against Apple, I use a Mac (without an account) and their Advanced Data Protection is great (when I had an account).
I agree with that.. additionaly, I'm finding it to be insane that organizations are trying to force you to have a "audited" phone to interact with them. (I.e. events, businesses, etc)
Remote attestation is not just insane, it's the technology that will end free computing as we know it today.
What good is free software if using it marks our devices as untrusted and gets us banned from every service out there? Gets us ostracized from digital society? Because we "tampered" with the device?
We should be able to run whatever software we want and they should be none the wiser. Instead, we are part of the threat model now. Our devices are now cryptographically attesting that they are corporate owned and that we are under corporate control. It's so disgusting. The future we're heading towards is terrifying. Everything the word hacker ever stood for will be destroyed if this keeps up.
I miss the days when iOS jailbreaks allowed you to completely circumvent basically all DRM because the trust in Apple was so high that you could just assume a device is secure. Contrast that with Android, which has always had invasive attestation mechanisms because of widespread mistrust in OEMs. On iOS, sometimes you had individual apps trying to check for jailbreak but that was it
We're running into situations where the usage of smart phones and apps are becoming mandatory for using services.
For example: The UK has a digital ID requirement which is required for you to be employed in the UK. Additionally the EU digital identity services have a hardware/software attestitation that is required to run their apps. (Many of those which 3rd party software can't run).
Another example of this is the Australian eTA - (Everyone has to have a visa to visit Australia.. but the real only way to get a visa* is you have to get an electronic travel authorization which only works via an App)
myGov (Australian government app)
gov.br (Brazilian government app)
Ticketcorner
Authy
Chyrpe Dating
TextNow
mada Pay (Saudi NFC payment app)
McDonald's (International app used for many but not all countries not including the US)
Dott
My SEAT (Connectivity for SEAT cars)
SwissID
Volkswagen
BKK Faber-Castell & Partner
TK-Doc
TK-Ident
TK-App (Blocks access to TK-Safe, TK-GesundheitsMessenger, fingerprint login)
IO (Italian government app which uses it to gate access to the digital wallet feature)
PosteID (Italian postal service’s app used to access the national digital identity system "SPID")
Singpass
Likely referring to Android's Play Integrity/hardware attestation API (good explainer from GrapheneOS [1]) that is practically used to restrict what devices/brands/Android builds an app will allow itself to be run on.
Can someone explain this? I've used custom ROMs back in the day (Cyanogen!) but I'm not familiar with GrapheneOS.
I remember Cyanogen ships without Google Play etc., right? (Because if you install Google Services and a bunch of crap from their store (theirs and otherwise) that spies on you, it defeats the purpose of a privacy preserving OS.
So I'm assuming Graphene is at least as strict as that? (Well Cyanogen at least give you the option of installing all that crap but that would seem to defeat the purpose in this case.)
But more broadly I'm not sure I understand the relevance in this particular context. The article mentions that an abuser could put spyware on your phone? Is that a realistic scenario? (Ok I suppose half the stuff on the Play store is spyware so maybe it's more realistic than I'm thinking...)
GrapheneOS allows for "twin states" with a default vanilla state and additional non obvious parallel accounts that are secured to low level milspec(?)
Popular in Ukraine for keeping captured phone data resistant to opposing forces.
Popular with outlaw gangs for annoying LEO anti gang squads.
Now recommended for battered domestic victims to keep controlling others from spying on digital habits.
An unsuspecting clueless abuser might put the spyware on the vanilla account, the victim can "live with that" assuming that the secure obscure login in safe from spyware apps on the alternative state.
Counterpoint: Not all abusers are dumb, smart people can be toxic. Also - I'm not as clear as I would like to be on the GrapheneOS isolation.
Zero Google services are shippsx by default, but you can install Play Store and Services in a sandbox and it has minimal privacy problems, depending on the permissions you give it.
Their docs are really good, not only for their phone but for learning about privacy and security: https://grapheneos.org
You could still install an app that spies on you on grapheneos because it has 99.99% android app compatibility, so if you gave an app designed for spying the relevant permissions, it would still be able to spy. No way it could hide location indicator or anything like that, but I doubt it could do that on other OSes (don't quote me on other OSes).
I mean, some obvious things are there in the article, IMHO -
- App isolation and hidden profiles (up to 32 separate profiles)
- Verified Boot (tamper detection on every startup)
So you can do stuff on there that's not going to tip off someone who's controlling enough to demand to see your phone, and so you'll at least be tipped off if someone compromises it.
Stock photo - yeah that triple camera is equivalent to an Apple logo. Perhaps royalty-free image chosen without enough care or b/c it’s just a stock photo. (Or they already licensed that one.)
The relevant quote* from the linked Australian research is:
Technology-facilitated abuse is becoming more and more of a key feature of domestic and family violence. A 2015 survey of 546 domestic and family violence frontline workers found that 98% of respondents had clients who had experienced technology-facilitated abuse.
The research then focuses specifically on children, finding that of all the domestic violence cases, 27% involve technology-facilitated abuse of children.
Can you expand on what it is that "Doesn't fill [you] with confidence" ?
I've used GrapheneOS, but not PrivacyPros setup. The site is interesting. It is almost like a to do list of things for my phone. Most of the things they've done feels like a topic to look into and consider implementing.
I disagree, it's cool to promote good projects like GrapheneOS that help people.
Have you seen how many articles recommend not secure and not private alternative phones, that's not cool.
Edit: damn some of their phones with it preloaded are like 4x the price your can get for pixels in the state's. Can't speak to Australian prices for regular pixels tho.
The cheapest option, Pixel 10, costs $1349 from Google, they want $1990 (in Australian Dollars, that's about $940 and $1390 in USD)
So not quite a 50% markup on the bard phone, not quite as bad as 4x.
And while I'd feel like a jerk if I asked for money helping someone at risk of DV setting this up, if I was doing it as a business with the mandatory warranty and support this'd need to include in Australia, I think that's expensive but probably fair?
For example:
Say anyone that downloaded IceBlock commited crime, Apple could give the govt everyone who downloaded its phone number, the govt could get the realtime location of everyone based on their phone number from the carrier.
And that's not even mentioning the other problem that nobody can download IceBlock anymore[1].
It's so refreshing for my phone not to ask for any identifying information when I set it up. GrapheneOS is a better software experience than iOS anyway[2].
Phones have great potential to be the most private and secure computers, cell services not withdrawing. And iPhones are one of the most private and secure devices. But, Apple uses that to restrict its users freedom and it makes Apple's users can easily be controlled by any government.
GrapheneOS delivers that dream.
[1] https://www.iceblock.app/
[2] once you install good apps. This is coming from a lifelong iOS user. Not prejudiced against Apple, I use a Mac (without an account) and their Advanced Data Protection is great (when I had an account).
What good is free software if using it marks our devices as untrusted and gets us banned from every service out there? Gets us ostracized from digital society? Because we "tampered" with the device?
We should be able to run whatever software we want and they should be none the wiser. Instead, we are part of the threat model now. Our devices are now cryptographically attesting that they are corporate owned and that we are under corporate control. It's so disgusting. The future we're heading towards is terrifying. Everything the word hacker ever stood for will be destroyed if this keeps up.
For example: The UK has a digital ID requirement which is required for you to be employed in the UK. Additionally the EU digital identity services have a hardware/software attestitation that is required to run their apps. (Many of those which 3rd party software can't run).
Another example of this is the Australian eTA - (Everyone has to have a visa to visit Australia.. but the real only way to get a visa* is you have to get an electronic travel authorization which only works via an App)
https://grapheneos.org/articles/attestation-compatibility-gu...
Apps that ban graphene-os being used:
[1] https://grapheneos.org/articles/attestation-compatibility-gu...
They also recommend at least 12 GB RAM. What about domestic abuse survivors requires that?
I remember Cyanogen ships without Google Play etc., right? (Because if you install Google Services and a bunch of crap from their store (theirs and otherwise) that spies on you, it defeats the purpose of a privacy preserving OS.
So I'm assuming Graphene is at least as strict as that? (Well Cyanogen at least give you the option of installing all that crap but that would seem to defeat the purpose in this case.)
But more broadly I'm not sure I understand the relevance in this particular context. The article mentions that an abuser could put spyware on your phone? Is that a realistic scenario? (Ok I suppose half the stuff on the Play store is spyware so maybe it's more realistic than I'm thinking...)
Popular in Ukraine for keeping captured phone data resistant to opposing forces.
Popular with outlaw gangs for annoying LEO anti gang squads.
Now recommended for battered domestic victims to keep controlling others from spying on digital habits.
An unsuspecting clueless abuser might put the spyware on the vanilla account, the victim can "live with that" assuming that the secure obscure login in safe from spyware apps on the alternative state.
Counterpoint: Not all abusers are dumb, smart people can be toxic. Also - I'm not as clear as I would like to be on the GrapheneOS isolation.
Their docs are really good, not only for their phone but for learning about privacy and security: https://grapheneos.org
You could still install an app that spies on you on grapheneos because it has 99.99% android app compatibility, so if you gave an app designed for spying the relevant permissions, it would still be able to spy. No way it could hide location indicator or anything like that, but I doubt it could do that on other OSes (don't quote me on other OSes).
- App isolation and hidden profiles (up to 32 separate profiles)
- Verified Boot (tamper detection on every startup)
So you can do stuff on there that's not going to tip off someone who's controlling enough to demand to see your phone, and so you'll at least be tipped off if someone compromises it.
I wouldn’t recommend domestic violence victims to install graphene os on their phone by themselves
[attestation.app]
"Australian research shows that 99% of domestic violence cases now involve some form of technology-facilitated abuse."
Where the "Australian research" is linked to a page where the first Key Finding states:
"Over one quarter (27%) of domestic violence cases involve technology-facilitated abuse of children."
Doesn't fill me with confidence in anything they say (even if I do believe the advice is right).
Can you expand on what it is that "Doesn't fill [you] with confidence" ?
* Page 9: https://www.esafety.gov.au/sites/default/files/2020-12/Child...
Have you seen how many articles recommend not secure and not private alternative phones, that's not cool.
Edit: damn some of their phones with it preloaded are like 4x the price your can get for pixels in the state's. Can't speak to Australian prices for regular pixels tho.
So not quite a 50% markup on the bard phone, not quite as bad as 4x.
And while I'd feel like a jerk if I asked for money helping someone at risk of DV setting this up, if I was doing it as a business with the mandatory warranty and support this'd need to include in Australia, I think that's expensive but probably fair?
Interesting they don't sell the 10a, seems like a great budget phone from what I've seen.
Edit: I didn't consider taxes and initially I assumed exchange rates were more similar then they are.
Law in my profile heh (not on purpose)