They have partnered with motorola too right? Basedbasedbasedbased
If the US government bans Graphene, Motorola will drop them in 1/1000th of a heartbeat.
Do you think Motorola would lock their bootloader or only stop selling the a phone pre-installed with graphene?
While that may be true, i do not respect corporations or governments and i will do my thing anyways
The rest of the planet may have something to say on that front. There IS more to the world than naziland.
How does the government ban an os? Can’t is a strong word, but I don’t see that happening. It’s a Canadian based foundation, not a Chinese or Russian company where they could argue national security in the same way they did with Huawei or TikTok.
It’s more likely a federal os-level age verification law gets passed and grapheneOS compromises or backs out out of the US market.
That’s great. But sounds like the only phone they going to get is Motorola. And if us gov going to pressure motorola into compliance? Then what?
It’s a nonprofit organisation. They don’t really need to be the default OS in any device, people can install it themselves, which is how most people get GrapheneOS already anyway.
It’s not a federal law right now. It’s CA afaik. So Motorola could sell non-grapheneos phones there (and people could just install later).
It’s like 7 different states at varying stages of “passed” and Meta’s lobby is working on more for sure, wouldn’t be surprised if they were also work on a federal version too.
Probably are. I think it still think a federal age verification bill has low likelihood of passing, but I’d say that’s more plausible than an outright ban on GrapheneOS
I’m gonna have to replace my phone soon since it doesn’t receive security updates any more and I was thinking of going for GrapheneOS. What do you guys think about getting a Pixel 10 for that purpose? My second choice would be an iPhone but it’s both a lot more expensive and also less privacy respecting.
I was also considering a Fairphone but despite rating the repariability highly, there were too many other cons to the device.
Adding to the noise: don’t forget that Graphene discontinues support for older devices as well, although the 10 is not one of them
It discontinues support on my phone the same month google does, so that support ends either way.
I’d concur with the other commenters here and recommend getting a second hand Pixel device. I was a lifelong iOS user until they walked back their end-to-end encryption, jumped ship to using a second hand Pixel 8 Pro I got on eBay, installed GrapheneOS immediately, never even experienced stock Android. After a bit of an adjustment period, I’m very happy with my choice.
Using a 2nd hand Pixel 8 I got for 180 EUR running GrapheneOS, daily driving it since I received it.
As a Fairphone 4 user, I’ve been quite happy with it for a few years. Could you elaborate what you deem the cons to be? (I’m not gonna argue, just curious)
Got a Pixel 8a, i love it. Its fast, clean and customizable the phones have good technical specs and price/value for the a series is great.
In one year i only had two complications. One App i use hates the sandboxing and is lagging/freezing. I once had a broken update that bricked the phone until i sideloaded a newer update from pc. But its much less compromises / work then using a linux phone.
You can get a pixel in the “a” series for a lot cheaper than the main series or pro.
I always run them and they last forever.
For example a pixel 8a is just under $400 full price.
Graphene also runs better than android due to lack of bloat, so you won’t notice the lower specs quite as much.
Graphene is probably overkill for a simple (commercial) privacy use case but it seems to be the best for confounding google and also stability. So that’s why so many people use it.
And there’s not much in terms of downsides.
Thanks for the response!
Currently, the Pixel 10 goes for 600€ including taxes, while the Pixel 9a goes for 370€. Both are on sale right now. The iPhone 17 and the Samsung S26 meanwhile both go for 1015€ and 1106€, respectively, just for price comparison. Would you still go with the 9a over the 10 in this case?
For my use case, the Pixel 10 doesn’t offer enough over the 9a to make the extra cost worth it for me.
Depends on your angle. The Pixel is a good phone and the OS works well, but it is a Google device. A growing minority wants to avoid investing in US big corp, or in anything US related in general given the current political situation.
A growing minority wants to avoid investing in US big corp, or in anything US related in general given the current political situation.
I’m definitely one of those people but there just aren’t that many alternatives. Like I said, I did consider Fairphone, but there were so many cons to their devices that it’s just not a reasonable choice for me personally. Which is unfortunate.
Thanks.
If I had to change phones now, I’d get a second-hand/refurbished Pixel and wait until the motorola devices take on. Fairphone is nice but lacks in security. The high price is only because of the “fair” small-scale production, the specs are quite mid for the price. I say this as a fp owner, I’m happy but if I had to choose again I’d go about it differently.
Can recommend the Pixel, after my 7 pro went to shit I’ve picked up a 10 pro w/ GrapheneOS - way better experience.
Thank you!
I did this. Pixel 10 pro. Works great. Did it for my previous 2 pixels as well. Feel free to ask about it.
The $700 you give Google for a pixel is only going to erode your privacy further and personally I wouldn’t trust any device made by them, regardless of the OS.
Edit to say you are basically just rewarding their behaviour.
I wouldn’t trust any device made by them, regardless of the OS.
What device would you trust?
Edit to say you are basically just rewarding their behaviour.
That’s a good point and it’s one I’ve been considering. I would’ve bought a second-hand phone if it weren’t for the fact that the second-hand market in my country is so bad to the point it’s not even worth considering.
Just get a refurbished/second hand one, many are as good as new
I think Fair phone with eos is the “least evil” option but you won’t be able to use most banking apps or contactless payment.
this is why its a poggers operating system
CA’s law is “per child”. I guarantee lawyers are foaming at the mouth to claim every child in CA was hurt so they can line their pockets. CA’s public protection laws seem to be for the purposes of enriching lawyers. I’d love to see how many class action suits would get filed if lawyer fees were put under a hard cap.
“lawyers” can’t bring charges for this law. Only the AG. If people don’t like what the AG is doing then they can just start a recall election.
Good. Put that energy into a moderate parental control education fund or something. The ID gating the net is only for control.
Better yet, vote/demand actual punishments for parents when their children chose to commit crimes as they don’t want to parent.
“If GrapheneOS devices can’t be sold in a region due to their regulations, so be it.”
Wonder if Motorola feels the same way.
Wonder if Motorola feels the same way.
Motorola phones will have both Graphene and Android.
They can just sell their normal phone. As long as the user is able to run the installer it doesn’t really matter.
During prohibition era, there was a brick of dried grapes being sold as a nutrition supplement or something like that, but it had a “warning” sticker attached saying specifically not to dissolve it in a specific quantity of water, and if that were to happen, do not let a specific quantity of yeast to fall in it, and especially not to let it sit for 6 weeks, or else you might end up with wine, which is forbidden!
I can see a cheeky sort of company selling a phone with a little warning label attached to it…
That’s probably not a viable economic decision though
mandatory age verifications on the OS isn’t a viable economic decision either, but that’s not stopping Media Matters and Meta from forcing their shitty anti-privacy policies on citizens.
If you can’t open chrome on a pc, connect an android phone to it, and use a simple web tool you’re probably not capable of any actual level of digital privacy.
This isn’t me being elitist its just the fact that the resources needed to make this shit viable and easy are being tied up to corporations in order to make more easy-to-use corporate spyware.
Privacy under fascism takes time, effort, and education. Stop fucking expecting it to be OOTB. Society is literally engineered against that. Its not a reasonable ask of open source devs making privacy tools.
What else can those who value privacy and have computer skills do but try to be a good example and offer to help to those around them without the know-how?
You can lead a horse to water but you can’t make it drink, especially not when you barely have time in the day to take a drink yourself.
If someone doesn’t have time or will to put privacy over convenience that’s kind of their gig. It sucks but like I can’t fuckin’ change their life schedule/priorities.
I spend enough time documenting and working in my homelab, I don’t need other people’s too. I’ll be happy to point people towards information and documentation, but that’s about it.
However if you’re not willing to:
- bury your nose in multiple wikis
- change out the OS on nearly every general purpose computing device you own
- Live most of your online life anonymously/pseudononymously
- Run a homelab (technically not required but makes life nicer)
You should stop while you’re ahead.
If you have kids I have no fucking clue how you’d even begin.
At that point you’re installing rootkit anticheat just to get little johnny playing games with their friends, fucking nightmare scenario.
Agreed, but teaching them the skills to do it themselves is better than doing the process for them.
Look at the teacher over here with the sensible opinions about teaching people to fish …
/s
If they ship with Android but confirm that GrapheneOS works, those who even know of GrapheneOS’s existence will put in the effort to install it themselves. It’s totally viable and a simple plan.
That’s probably not a viable economic decision though
Should still be a good deal for Motorola. There’s a bunch of folks now who buy whatever phone runs GrapheneOS best. Whichever company courts us gets our business.
I’m sure we’re not a landslide, but sometimes niche communities can still make a huge difference for a company.
Hi, yes, it’s me, I’m one of those bunch of folks who would willingly switch off Google’s Tensor crap modem to ideally a Motorola phone with a Qualcomm modem that can run Graphene.
Why?
Lol. The US is not the only market.
And the US isn’t the only place pulling this shit.
I believe the US and Brazil are the only countries in the world forcing age verification. They chose to pull their infrastructure out of France bit there is no ban on the sale of devices with it installed.
Germany has been discussing this for a while now. So are other EU states.
It’s always the same. “We need to catch the pedophiles, end e2e” or “the Internet is not a lawless space, give us id”.
Well, instead of us sitting here talking about GrapheneOS, an Android based system, why aren’t we all talking about pure Linux based phones instead of feeding into the duopoly of Google/Apple?
Good point.
It’d be pretty naive to assume that other countries wont follow.
I doubt Lenovo (Motorola) would commit to selling mobiles with gOS preinstalled if they really thought there was a threat to their sales.
Imagine if California then declared a ban on the sale of GrapheneOS compatible phones.
would be fun to see.
what the fuck is a graphene OS device
Google Pixels can be flashed with Graphene OS which is just a debloated, private, secure, opensource OS.
I don’t think a Google pixel is considered a grapheneOS device
When you put grapheneOS on it it is, and until Motorola releases their phones designed for it it’s the primary option.
A Motorola
Ig they are called grapheneOS devices?
I was wondering when I would see this headline. I wonder if any other big names do similar
Linux Distros (so far) Refusing Age Verification
EDIT
I recommend going to Ageless Linux’s site and reading up on their take on the whole issue. They clearly illustrate how poorly thought out the California law is.- Ageless Linux - https://agelesslinux.org/index.html
- Omarchy Linux - https://omarchy.org/
- Adenix GNU/Linux - https://www.adenixgnulinux.org/
- Artix Linux - https://artixlinux.org/
I think this might be the first and only time I’ll ever see Omarchy getting upvotes on this site.
Linux Distros (so far) Refusing Age Verification
The systemd dude, ever so flexible as long as the request does not come from actual users, is already working on adding this into core components, though.
Systemd is open source so it can be forked to have features removed.
Good luck building a distro that play nice with your fork, then. Systemd is embedded deep in most distro, replacing it without breaking things is not an easy task.
The systemd mod is not a gateway. It’s just a date field.
Damn. It’s only being talked about and people have already folded.
It’s only a date field. Then it’ll only be an API for other service integration. Then it’ll only be an optional plug into a remote service. Then it’ll only be an optional, but strongly recommended, dependency in other software. Then it’ll only be a digitally signed third-party value that’s mandatory. Then it’ll only be something most installer won’t proceed without.
We’ve been jumping from slippery slopes to slippery slopes over the past few years. It’s tiring. And the coincidental timing of all this is not helping.
Okay. But right now, it’s only a date field.
I also wonder whether or not grapheneos, or open source Linux OSs in general, will face any repercussions for failing to comply to these regulations due to the relatively low user count.
Hate to say it but systemd, the init system of most Linux distros, already has PRs with maintainer backing to implement DoB recording.
Some people can’t kneel fast enough.
Which already has a revert commit https://github.com/systemd/systemd/pull/41179
The self-important creator of Systemd has personally blocked that PR, if I’m hearing correctly, which would suggest he or his employer Microsoft is all in on it.
Ugh of course. Thanks for pointing that out
It’s an optional field in the userdb JSON object. It’s not a policy engine, not an API for apps. We just define the field, so that it’s standardized iff people want to store the date there, but it’s entirely optional.
“I’m not picking a side” and “this future proofs standardization” is of little comfort, that is seriously suspect. I ought to look to alternatives to SystemD(odge the issue failed).
Maybe https://agelesslinux.org/ or systemd free distro https://without-systemd.org/wiki/index_php/Linux_distributions_without_systemd/
I was shocked it listed LMDE but it’s a very old version (Linux Mint Debian Edition 2).
So in other words, “Sure we built the people-crushing machines, but we didn’t wire them up or turn them on.”
IBM, is that you?
SystemDOGE. It is just a matter of time before Big Balls exfiltrates our Linux data.
He left MS in January
That has already been closed
Maybe this’ll take the shine off that wunderkinder mess and people will finally be free to choose something more reliable. I love how RH pushed this beta software so hard and my reboots are now just shite – unreliable and occasionally ridiculously delayed.
I’ll be glad to see the back of that metastatic shitball.
DoB recording, and ID age verification, are two different things though.
My OS has never needed to know my DoB before. What’s it gonna do, make me a cake?
No, they’re the same in this context.
Runit supremacy. Welcome to the void.
That’s just systemd adding a birthdate field to their userdb. Doesn’t require that it be filled out or accurate, and especially doesn’t require it to be validated against a government database. I don’t see it as fundamentally any different from adding a userdb field for favorite color, phone number, or blood type.
Without 3rd party validation, I really don’t see the privacy issue with an age field. Without verification, it is, at worst, one more byte available to hash into a unique identifier, but you can feed that field from /dev/random at every query and poison even that hypothetical.
You are absolutely right, we are not in fact getting screwed, they are just applying the lube for later. (Shamelessly stolen from elsewhere)
Why the ever loving fuck does an init system even need a user database?
Honest to God, if FIFA were giving out a World “Understanding UNIX” Prize, Poettering would be the inaugural, and only, winner. Never in the field of operating systems has one man driven so much enshittification through sheer force of cluelessness coupled with supreme arrogance. And in a world that Steve Ballmer still occupies, that’s one hell of an accolade.
Systemd is more than an init system. Systemd was designed to be different from previous Unix-style single-/narrow-purpose services. Many distros making the switch seems to indicate that such a switch had significant enough upsides or necessities. No?
I read an article about why Systemd became what it is, and why it makes sense, and that made sense to me. Integration and a fully designed system has advantages over disconnected utilities and systems you have to connect and negotiate, especially on system- and boot-up level concerns.
Systemd was designed to be different from previous Unix-style single-/narrow-purpose services.
And therein lies one of its problems.
That comes with the price of lower reliability, highly non-linear behaviour and a central point of failure (or control). But, its thr user’s choice.
But, its thr user’s choice.
Is it though? If it’s an app you can (usually) replace it, but the init?
The choice there is, in most cases, to replace the whole distro.
Other init systems are able to handle those issues without requiring the absolutely insane amount of scope creep that systemd exhibits though.
That’s just systemd adding a birthdate field to their userdb. Doesn’t require that it be filled out or accurate
Whoosh.
Plesse don’t give them any ideas. Here’s a list of what’s currently included
Localized age checks ARE a good system and are something that should have been in the OS for decades. It is the basis for being able to make “child accounts” and is a genuine requirement for Linux to be a meaningful option for “normal people”. And having a protocol for software/websites to request that is a very good system to build on that.
We talk about how the problem of kids getting exposed to horrendous shit is a problem of “bad parenting”. This is the tool you provide to allow parents some control.
The issue is not the age check. The issue is verification. To my understanding, the California legislature explicitly does NOT require a third party. So it is literally just you saying “Sure, whatever. I was born in 1901. Now load the Maya Woulfe video faster”. And yes, this is a step towards that. But so is having network access or user accounts at all.
Even if we say I agree with this, why even ask for a specific year? Separate into child and adult, and let the super user make that change when asked.
In theory I’m not opposed to it existing as an option, but I do not like it being mandatory at all. Websites and applications should never be allowed to know any PII without explicit consent.
Even if we say I agree with this, why even ask for a specific year? Separate into child and adult, and let the super user make that change when asked.
Different countries (actually different regions within said countries) have different laws related to what “kids” can and can’t see and what age defines a “kid”. How much that matters is up to you. But it provides an automated check that ALSO avoids having to say “Hey mom? I just turned 18 and for no reason whatsoever it would be great if you could switch my account to an adult. Also make sure to knock and don’t look too closely at my laundry basket ever again”.
Websites and applications should never be allowed to know any PII without explicit consent.
And what do you think you are providing every time you tick “Yes, I am 18 years or older” or “Yes, I was born in 1920 or whatever the first option is now”?
That’s there point, with this websites will just know the users age, before it was the users choice: “are you 18 or over?” But now it will be: “I know you’re 37.567 years old” user has no idea. Maybe we should add religion and skin color too
"You have selected ‘Caucasian Christian’. Permanent light mode has been activated and you can no longer look up porn on Sunday.
You have selected “Arabic Muslim”, sensor access has automatically been granted to determine when you are facing Mecca. If you have too many friendly fire incidents in CoD, the US will deploy reaper drones to your IRL GPS location.
On a more serious note:
There’s been a lot of talk about protecting kids, but none about protecting grandma from scams and AI misinformation if her systemd age field indicates she’s 65 or older. Why is that? Is it because kids don’t have rights, so who cares if by protecting them we prevent them from developing a shred of digital literacy? Or is it because the over 65’s can vote and kids can’t?
The idea of storing age in the OS is that end programs don’t actually access it directly. They get age ranges, like child/adult, not the actual birthdate. In theory, it’s much more private than uploading your id and photo to every random website/app that you use.
Cookies already exist and there is countless leakage (both intentional and unintentional…). Like most things, you are not as private and protected as you seem to think you are. Just because a website is asking you to tell it (which is mostly for compliance, not knowledge) doesn’t mean they already know that you said you were 250 years old but your shopping habits suggest you are actually in your 20s and live in Detroit and really enjoy pegging.
Maybe we should add religion and skin color too
To my knowledge, very few nations tie laws or access to that slippery slope fallacy. And parents generally have those same traits (at least while the kid is living with them). So I am not seeing much benefit from this?
And if/when we reach the point where that is the case? Uhm… I don’t think companies and software will be given anywhere near as much freedom to say “Sure, we’ll comply so that we can be eligible for these contracts” or “No, we won’t comply so that we can market ourselves as protecting people”
I completely agree with this. treat it like a privilege level. it’s that simple. it doesn’t need to define “age”, it can just define what a account cannot access.
this is all a slippery slope, and a terrible one at that. gates protect no one and just tech people to learn to get around them…
Yeah, to be completely honest, the one place where you actually could trust this kind of information is on your own local (and ideally libre-oriented) OS, never leaving your device and instead obfuscated through an API that’s exposed to whatever services need to do an age check, with the potential for additional security impositions or other concessions from data requesters due to the leverage of still having your data controlled by you. This is the bonus FOSS part where we get a say on how we want our data to be exposed on our libre systems. Other users aren’t so lucky and don’t get to have any voice on how this implementation happens, so we should probably participate in the discourse for those PRs rather than condemn them point blank.
However this is not entirely true either, for two reasons.
- Philosophical: FOSS relies on the “many eyes” approach to security. Adding any API, even internal adds another layer of risk. This is exactly why some projects refuse to have API access to application data, even if it runs from a privileged forked service. (Using locked sockets or other methods instead).
Any open port is a attack vector and no matter how secure it is today, tomorrow is not a promise. More so with how this overlaps with laws like Australia’s, which requires all encryption to provide a backdoor for government access. (This means the 5 eyes nations get access by definition to this API while it’s in transit, as soon as it leaves the host system…)
But that’s not just the only issue. The whole issue with libxz being targeted by nation state sabotage proved that, it’s possible to put backdoors into applications despite “many eyes” on the code. (That case was only caught because one obsessive person over the /testing/ speed… 90% of such attempts in most projects would go unnoticed simply as there is not enough maintainers)
- Licensed software: not all applications are completely open, even if the underlying OS is. This is a API thats exposed to all userland applications. Nothing stops Firefox for example from using binary blobs in Thier source to “sign” this data for supporting websites, then send this data to places you don’t consent.
Firefox is just a example, so many applications use permissable licenses that don’t require all of the sourcecode to be human readable or even accessible.
Big thing is nothing stops driver vendors from stealing this data too, no different than Microsoft does, whether or not you are signed Into a Microsoft account on windows. Telemetry is already a growing issue and the scope of telemetry data in closed source blobs doesn’t have to be defined…
So by definition it’s not any more secure…
Even if it was, the bigger question is why. Why does the application or web service need to know.
If a child walks into a liquor store and steals alcohol, they get arrested. The burden of proof was never on the liquor store. Why is the burden of proof on the OS and not the parent or child.
We don’t need nanny software, that teaches kids to be better liars. We need stronger punishments for criminal actions, regardless of age and more importantly punishments for the parents for allowing it to occur. Babygating the entire OS for some one elses children that would never touch it, legally. Is a example of creating solutions for a problem YOU(parents/government) created.
All of these age laws came from the social media bans. These of which only came into existence as a means of datacollection… Non-compliance, is actually compliance with how they are written, as they all place the burden of proof on you. No evidence == no crime. It’s still a crime to lie about your age to age restricted content.
Any age check is just a good way for predators to know WHO are the actual children, and with the epstein files revealing the whole billionaire and politician interest in trafficking and raping minors, this is essentially the perfect playground for them.
^^^ If you needed proof that lemmy is overrun with bots just like everywhere else.
Motorola* bending the knee to the mass surveillance corps and international governments comes to mind. We’ll see how their deal with GrapheneOS goes now.
I mean they can simply sell that phone with stock androud in californua and if users flash Graphene on it afterwards thats hardly motorolas fault
I imagine people behind this law are pretty interested in this small but powerful user base. I would just boldly assume that a lot of people responsible for independent software and privacy advocates are using Linux etc. So its a interesting user base for sure. But regulating open source software luckily is pretty much impossible and they wont give up their(our) privacy without a fight. Also, we will see how much the user base will grow when these regulations get tighter.
They can simply say on their download pages that residents of Brazil and California are not allowed to use their OS.
Sure. Let them be sued on profits made 😂
Genuine question:
is Graphene a “big name”? They talk a big game and are probably one of the biggest alternative phone OSes but all results I can find are putting them at 250k users and less than 2% of the Android market share.
But, more importantly: Do they at all care about US government contracts? Red Had have RHEL. ubuntu have whatever they call their premium OS for enterprise users. Google and Apple are obvious.
Big name for government backed hacking tools to list them separately on supported devices / OS cause it’s more secure.
“More secure” is a minefield of marketing and intentionally misleading the populace. In a “perfect” world, everyone would believe that just putting something in a txt file protects it from The Government. Its akin to how so much media has pushed the “if you’re a cop you have to tell me” myth.
But mostly I see it listed more as a way to build up precedent/probable cause. I forget which country it was, but Graphene was specifically listed as being used by criminals/drug dealers. Whether that is true or not isn’t the point. The point is that now, using Graphene, counts against you for the purposes of pressing charges or taking you to a black site.
Which is the reality of a lot of laws. Let’s say it is declared illegal to have the text of Animorphs 01 in your possession. Cops aren’t going to be going door to door to find out if you are a Friend of Katherine. But if they raid your home because they decided you are a drug dealer or a dissident and find it? That is an extra charge. Or their suspicion that you had it is the entire reason they raided in the first place.
Which IS the reality with a lot of “decency” laws. That isn’t to say they are all evil (CSAM being pretty universally accepted as being banned for a reason) but it is important to always understand how enforceable a law is and whether it actually changes anything.
“More secure” is a minefield of marketing and intentionally misleading the populace.
Here is the popular phone cracking company Cellebrite’s leaked slides showing them telling the people they’re selling their tools to that they can’t as easily (if at all, depending on device state) crack GrapheneOS as they can stock Android:
https://grapheneos.social/@GrapheneOS/112462758257739953 (This is just a well-summarized and explained post from GrapheneOS themselves, but the original leak was independent of them, and the slides and final interpretation are no different from what GrapheneOS is showing, thus I wouldn’t consider this just “marketing”)
Objectively, if you have a GrapheneOS phone, and you plug it into a Cellebrite machine, it will not have its data extracted if it’s before first unlock, or after first unlock but on the lock screen. (as long as you’ve updated your security patches since like 2022, which most GrapheneOS phones will be) A stock Android phone, or even many iPhones were not as resistant to brute forces or even full file system extractions as a Pixel with GrapheneOS.
GrapheneOS also has additional features that can make the cracking process even more difficult, such as disabling USB even after first unlock when on the lock screen, automatically rebooting after set period to return the phone to BFU state, or setting a duress PIN that wipes the phone, which could be triggered via a brute force before the real PIN is guessed.
Also, in case you want to look at the diagrams in the post more since they don’t really explain all the acronyms, here’s a key:
- BFU (Before first unlock - essentially when you’ve restarted the phone but not put in the PIN/password yet. When fingerprint unlock will not work)
- AFU (After first unlock - after you’ve put in your PIN/Password, fingerprint gets enabled at this point. Using the “Lockdown” button from the power menu on GrapheneOS disables fingerprint and appears to be BFU, but isn’t fully in BFU state and should still be considered AFU just in case)
- FFS (Full Filesystem extraction, essentially dumping literally every single possible file, app data, etc)
- BF (Brute Force, basically just spamming the PIN/Password to try and crack it. GrapheneOS is essentially never vulnerable to this due to the Pixel’s secure element, and it’s the same for newer Pixels with stock Android too, though those tend to still be vulnerable to FFS)
- “Up to late 2022 SPL” (“Secondary Program Loader” version, which most GrapheneOS phones will have updated by now as long as they’re running a GrapheneOS version released after 2022. As you can probably tell, 2022 is referencing the (late part of the) year that version was from. It’s essentially what helps to load programs on the device)
I forget which country it was, but Graphene was specifically listed as being used by criminals/drug dealers.
You might be referring to Catalonia, Spain?
In their case, it was more about Pixel phones in general being used by criminals, and GrapheneOS being their OS of choice which made cracking them harder, rather than GrapheneOS itself being considered criminal or suspicious, but I get where you’re coming from.
You could also be referring to the UK, but that was regarding a journalist with GrapheneOS, but the charge was refusing to unlock his phones. And yes, I said phones, because he was also carrying an iPhone, and they wanted that password too. So in this case the charge wasn’t GrapheneOS-specific.
There’s also France, who was going after GrapheneOS because they wanted an encryption backdoor, but GrapheneOS just said no, so they told police to consider any Pixel with GrapheneOS “suspicious”, but not to consider it a crime in itself. (nor did they have the legal authority to do so) GrapheneOS actually migrated all their server infrastructure out of France as a result of this.
The point is that now, using Graphene, counts against you for the purposes of pressing charges or taking you to a black site.
Generally speaking, even in those areas, this (fortunately) just isn’t true. You are more likely to be considered suspicious in Catalonia if you have… a Pixel, GrapheneOS or not. You’re likely to be criminally charged in the UK… if you don’t give up your password, GrapheneOS or not. And you’re likely to be considered “suspicious” in France… but can’t be charged with anything for it, and the only way they’ll know if you have GrapheneOS installed is if you were already arrested for something else and had your phone seized.
Practically speaking, it’s better to support an OS that protects your data, but could increase the risk of you getting in trouble for protecting your data, than an OS that doesn’t protect your data, and gives it all to the authorities, making whether or not you’re considered criminal pointless. After all, you could voluntarily unlock your GrapheneOS phone in any of these jurisdictions and stop facing any of these possible consequences, and it would carry the same implication as a non-GrapheneOS phone that does it whether you provide your PIN/password or not.
So this:
That is an extra charge.
Just isn’t (at least currently) the case, since no regions currently doing anything against GrapheneOS have made the act of having GrapheneOS installed in itself a crime.
Not to say this couldn’t change, and you’re totally valid in assuming that governments will try to push this, but at least currently, using GrapheneOS will not in itself increase the chance of you going to a black site.
deleted by creator
GrapheneOS has a deal with a hardware manufacturer, Motorola. I’d consider this refusal to be a big deal on those grounds alone
Frankly I think they are the largest os vendor that is going to take a principled stance on this.
Big enough for a headline, not big enough to make a difference.
I would go so far as to say they are only big enough to make an updoot-bait headline at that.
It’s about time I flash that onto my pixel 6 pro.
The 5a is the newest unsupported device, so i’d guess the 6 is next.
Good boys !
Now if only GrapheneOS was easy to install on cheap Android devices.
They have reached a deal with Motorola, so hopefully there will be more options soon. You can get we used pixels pretty cheap though, and the installation process is very easy.
I was wondering how this stance will impact that deal. A large company like Motorola would typically seek to comply with laws such as these
I’m hoping they already had the discussion with Motorola about it. I’m assuming Motorola wouldn’t be on the hook legally since Graphene is the OS provider. I could be wrong though.
Yeah, hopefully worst case, Motorola just doesn’t ship them with Graphene (which could be a security risk anyway). Then they’d be off the hook.
In the worst case it will just be Motorola shipping their base android version with verification and then just flashing grapheme over it. Just the way it currently works with pixels.
Remember Motorola phones are made by Lenovo which is now an Indian company.
You mean Chinese? With an ever bigger presence in India I’m sure
I thought it was Indian, but very possible I’m wrong.
Irrelevant. They need to comply with the laws of the market they are selling at.
Check what pornhub decided to do in Texas
Pixel is the brand name from DoubleClick. I’ve got no interest. Plus, it’s a pain to put them on Tracfone, so I’ve got net-negative interest.
It’s not just a pain, it’s basically impossible to install Graphene to a TracFone because you’d have to build it all yourself, and then still be vulnerable anyway. I also doubt that you could even get it to properly build for TracFone.
Grapheneos is surprisingly the most easy OS to install… The issue is most phone manufacturer’s dont meet Grapheneos its standards.
I agree, but isn’t that just the same way said differently?
it’s not hard to install if you have a phone that follows stringent standards, that only 30% of manufacturers follow…
Cheap android devices don’t have the proper security hardware. Hopefully the Motorola phone is cheaper than a pixel though. Used pixels are also pretty cheap, all things considered.
Correction, the oldest supported Pixels that will likely lose support soon are pretty cheap. Everything else was still around $400 when I checked last month.
I guess Graphene devs don’t care for ewaste.
$400 is pretty cheap for a phone these days.
No, $400 is about $300 more than any phone could ever be worth.
$400 is more than I have ever paid for a phone (and no, I never bought a carrier locked subsidized phone). From 2014-2022 I had 3 phones that cost a total of $450. This ain’t it.
I’m not interested in using anything with DoubleClick’s hooks in it. I’m happy with my $30 Tracfone for most of the features it offers.
Your TracFone will never have the security features required and will always be vulnerable to things like Cellebrite. If it’s an Android phone, you’re also being tracked by several companies.
That’s what it is then.I just don’t want to deal with the arbitrary nonsense like age-verification and software install limitations. Then again, I only have a phone at all because of my wife. If it were just me, I’d just keep a featurephone in a drawer and maybe check that it’s charged once a month. As it stands, I may end up having to give up the small amount of morality I have and just give up on Android and pay a ridiculous amount of money just for phone service.
I’m glad to see that Graphene won’t be doing the age verification thing, because I’m afraid all new phones (including TracFones) will require it moving forward. But the hardware limitations will continue to be a blocker for people with cheap phones.
I agree on wanting to ditch my phone altogether. Maybe if I can retire, I can ditch it.
Pixel’s a Google device in design. A used one unlocked, and GrapheneOS, and there is no Google.
And if all banking apps were compatible with it…
don’t use a banking app if you enjoy your privacy.
there isn’t a single banking app that isn’t tracking you.
Banking apps work for me with exploit compatibility mode enabled for them.
Ding ding ding! Don’t even need to enable Play Services in most cases.
Banking apps are generally compatible with GrapheneOS. Some of them just require Google Play Services, which Graphene alone gives you the option to turn on or off at will, or to install only on select user profiles.
…it is?
I worry this will squander their new deal with Motorola.
Then again, what’s the point in a world class privacy OS if it complies with compromising mass surveillance laws?
I mean, they must comply or face fines, whereas users can modify things however they please. I am ready to leave google, discord and twitter, so for users like me who won’t be on platforms that require age verification, I’d have no qualms about modding my OS to remove/disable age verification.
As it should be.
If you don’t have age verification you will be blocked from sites that require it, because you can absolutely guarantee they will not want to lose the Californian market.
Good. I will avoid those websites.
