this post was submitted on 16 Sep 2024
44 points (92.3% liked)
Privacy
31252 readers
748 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Fuck all that noise, Pixel 6a + graphene £130. Why waste so much money!?
These devices aren't even constructed to last 7 years. I don't see that either of those things are worth £600 personally.
Well if the support ends, GrapheneOS support ends too. That's why more years of support is important here.
What relevance does that have to what I said? If the physical phone isn't going to last that long then I'd argue it is of little importance.
Well if you recommend getting an older phone because it's cheaper, GrapheneOS support may be a concern. Also I think a phone usually can last for 7 years with 1 battery replacement, good ambient temperature and careful use.
I mean, the 6a still has 3 years of support left so whilst it is older it is hardly at the end of its supported life.
Not everyone can change a battery in a phone, I can but I would still rather not do it on a phone that isn't really anything special and whilst yes they could feasibly last that long I think in practical everyday use application by the time you are getting to three years of daily use it will be beaten up and physically not in great shape any more for your average user.
My pixel 6 is about 3 years old and the only wear I can see on it is a single little micro scratch in the top right corner of the screen that I can't see without a light reflecting off of it. I don't bother with a screen protector, just a thin silicon case. Battery is fine for about 2 days of normal use even though I regularly use a wireless charger.
I don't know what your doing but with a case and screen protector, I have never ended on a phone looking worse than factory new.
Battery is a good point. I can have a phone shop change the battery for me.
3 years is not that much unless the user doesn't mind changing phones rather often and beating up a phone in such a short time is just a massive skill issue tbh.
Whatever idea you have to phones, you‘re wrong. They can easily make 5 plus years if you treat them right. The more problematic part is daily use and battery degradation/repair.
But google sucks anyway so I‘ll stay with postmarketOS on my oneplus6 and wait for my camera to come to life some day (hopefully).
Why not DivestOS on the OnePlus 6.
Because android. PostmarketOS is linux (based on alpine linux)
Interesting. I have a vastly divergent opinion on linux for mobile, mostly that it is not secure. This is true for Desktop linux but is more important considering the threat model necessary for mobile device Security.
Feel free to elaborate. Everything I have read over my life (couple thousand pages I guess) suggestd that linux can be a lot more secure than windows and ios.
Linux is not security hardened. It does not properly sandbox applications (and there is nothing as secure as android's sandboxing on linux). In fact, most linux package managers do not feature any sandboxing of applications, period. Linux does not implement verified boot. It does not harden against physical port attacks. It does not use a hardened memory allocator. Privilege escalation is simple because of how straightforward it is to compromise a wheel user (sudo user). Linux does not harden it kernel flags by default. Alpine (and most linux package managers) are not secure (aka does not pass the TUF threat model). Most linux distros dont feature a read-only root filesystem, which would help to improve security. Also, Systemd is a bloated init system and has a massive attack surface. GNU's tooling is also bloated and freebsd's would make a good alternative (like what is done by Chimera Linux)
Here are some readings on linux security:
Article by one of the Whonix Devs https://madaidans-insecurities.github.io/linux.html and also are hardening guide from them https://madaidans-insecurities.github.io/guides/linux-hardening.html
Wiki page of Whonix considering many linux distros for whether they make a good base for Whonix's security distro: https://www.whonix.org/wiki/Dev/Operating_System#Alpine_Linux
Kicksecure's wiki: https://www.kicksecure.com/wiki/Documentation
Here are some Security hardened distros (Note that none meet the threat model for a mobile phone OS as they dont feature verified boot):
https://www.kicksecure.com
https://github.com/secureblue/secureblue
https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/hardened.nix.
Special mention which isnt hardened but has great potential: https://chimera-linux.org/