There is no such thing like "bad government" and "good government". I mean - it really depends on people's views, therefore we must not blissfully put our data into govt hands because "they will protect us from terrorists and child rapists". What they will do, actually, is that for sure they will abuse innocent citizens at some point of time. They will. Even if they don't, they will. Or maybe they are doing it right now and they need more control to make it easier
No. When the government fails to delivery what people need (not necessarily wants), you have a bad government. When gangs and bandits (or drugs, or diseases, or whatever) takes on the street, it's not about people's view, it's just bad stuff that the government need to address or there's no point on having a government.
Aside from the fact that there's a subjective definition problem here (how do we decide what people "need"?), I think this an unrealistic view. By this definition, every government that has ever existed or ever will exist is a "bad" government because no government can ever tackle every single problem 100% of the time. Many problems are extremely difficult to solve (e.g. global warming), and others simply cannot be solved without creating other problems.
For example, people "need" access to healthcare, but there's essentially an unlimited amount of money you could spend to keep improving healthcare (e.g. opting for increasingly expensive treatments with diminishing returns on health outcomes). The more money you allocate to healthcare, the less you have available to spend on other things that people "need". Sure, you can tax more up to a point, but eventually that tap runs dry and you're forced to reallocate existing resources.
As another example, people "need" criminals to be punished in order to be able to live in a safe a crime-free society. People also "need" to not be put in prison when they are innocent. But you can never be 100% sure that a convicted criminal actually committed the crime. Locking up criminals implies by necessity that you will also lock up some innocent people. No government can solve both of these problems simultaneously which means they are all "bad".
Even the most competent "good" government ultimately has to select among which "bad" things it is going to allow to continue and which it will solve.
> Sure, you can tax more up to a point, but eventually that tap runs dry and you're forced to reallocate existing resources.
Since the 1980s, we have been consistently taxing less. If the tap is dry, it isn't because of over-taxation - it's because there's a reservoir of wealth hoarded by the relatively few.
A even cursory glance at the trajectory of wealth distribution will make that clear.
> Since the 1980s, we have been consistently taxing less
Who is "we"? We're talking about governments in general ("good" vs "bad" ones), and I have no idea what jurisdiction you are referring to.
In any case, I didn't say the tap is dry. I said if you keep raising taxes it will eventually run dry. Or to put it another way, taxes are not an unlimited resource that you can keep increasing as much as you'd like. At some point you'll hit a ceiling where raising taxes any further doesn't produce additional tax revenue.
For example, as you raise income tax rates, people have less incentive to advance their careers (e.g. by chasing promotions or improving their skills), and people have more incentive to leave the jurisdiction and go somewhere with lower taxes. Up to a point, the increase in tax rates produces a net extra revenue for the government. Above a certain point, the number of people who stop paying taxes (e.g. by leaving or by working less) outweighs the gains from those who continue to pay. This is why you'll rarely see any government with excessively high top-bracket tax rates (e.g. 60 - 100%), because it results in tax losses.
How are you coming to the conclusion that it will run dry? For example, in the US, arguably the most prosperous period here was in the first half of the 1900s. It is when Roosevelt's New Deal went into place and the US experienced extraordinary growth and prosperity. Do you know what also coincided with this? The marginal income tax rate. From wikipedia:
> For tax years 1944 through 1951, the highest marginal tax rate for individuals was 91%, increasing to 92% for 1952 and 1953, and reverting to 91% 1954 through 1963.
Since that time, the income tax rate has declined, especially for the higher brackets. From my perspective, it kinda just sounds like wealthy people got greedy and they were able to advocate for income tax changes. Back then, they couldn't pull as much funny business as they do today with high compensation modalities ($1 trillion for Musk?) so they opted for marginal tax rate reduction. But there's no evidence from what I can see that the the money was about to "run dry." Quite the opposite it seems. Even in nordic countries, the money is not "running dry". They have great support systems in large part because of the high marginal tax rates.
Consider what would happen if the tax rate was 100% across all tax types, and you'll probably see then how there's an upper limit to how much tax revenue can be raised by a government. Would you get up and go to work if you got to keep 0% of your earnings? How about if you got to keep 1% of them? 2%?
Surely we can agree that there is a threshold, even if we don't agree where that threshold is. That's all there is to the point I'm trying to make: tax resources are limited and therefore all governments must ultimately allocate those limited resources and cannot simply spend unlimited amounts on any "good" projects that they'd like.
> tax resources are limited and therefore all governments must ultimately allocate those limited resources and cannot simply spend unlimited amounts on any "good" projects that they'd like.
That's a strawman. There are no proposals for a 100% tax across tax types. There is an argument for reversing the direction of the last several decades in which taxes on the wealthiest have been dramatically cut.
> Since the 1980s, we have been consistently taxing less.
Assuming "we" means the United States, this isn't really true. Tax revenue as a percentage of GDP has been remarkably stable, not just since the 1980s, but since the end of World War II [1].
The long-term average since 1945 is 16.85%, the average in the 1970s (i.e. the decade before the 80s) was 16.76%, and the average in the 2020s is 16.96%.
Since the 1980s, we have been consistently taxing less. If the tap is dry, it isn't because of over-taxation - it's because there's a reservoir of wealth hoarded by the relatively few.
A even cursory glance at the trajectory of wealth distribution will make that clear.
Others have attempted to refute your above statement, but it's not really relevant. Your response does not really align with the parent post, because at no point did the post you replied to say "We need to tax less all the time!" or even "we need to tax less!" or "we cannot have better health care".
None of these things were said, advocated for, or espoused as a position.
Instead, they said "you cannot solve everything ever, and everything has tradeoffs", along with "because if you try, you run out of money no matter what".
This seems like a fair statement. Would you care to address that?
> Instead, they said "you cannot solve everything ever, and everything has tradeoffs", along with "because if you try, you run out of money no matter what".
> This seems like a fair statement. Would you care to address that?
Sure. That's like saying fire is hot and water is wet. The fact that tradeoffs obviously exist doesn't mean we can make meaningful changes to improve things.
I think you mean "doesn't mean we can't", but you seem to be hyper-focusing on the summary statement I wrote, of the original author's post. That summary statement was in place to explain why your original post wasn't addressing the issue.
But that statement was summarizing a portion of the original author's post. If placed back in the context it came from, you can see the original author was not saying we cannot make meaningful changes. At all.
Instead, the author was said:
Aside from the fact that there's a subjective definition problem here (how do we decide what people "need"?), I think this an unrealistic view. By this definition, every government that has ever existed or ever will exist is a "bad" government because no government can ever tackle every single problem 100% of the time. Many problems are extremely difficult to solve (e.g. global warming), and others simply cannot be solved without creating other problems.
Thus, they are not defining this as a "we cannot improve things", but instead "if we improve things, some will see that as bad" conjoined with "in other cases, we improve things, but not as fast/completely as desired".
As far as I can see, there is not a single point that the original author said we cannot improve things. They don't even hint at that.
> Since the 1980s, we have been consistently taxing less.
In the US at least, that’s the perception because the tax cuts get a lot more publicity than the increases; everyone know that Reagan passed what was, to that time, the biggest (at least in aggregate nominal terms) tax cut in US history, fewer know that he followed it with the biggest increase.
But what has actually happened is a series of tax burden shifts (often, downward from the wealthiest, though some have been the other way or largely orthogonal to wealth.)
Sure. But the original commenter's point that whether a government is "good" or "bad" is subjective because it's dependent on people's views. Other commenters objected to that and appear to see it as objective: a government is either clearly good or clearly bad, and there's no debate to be had.
The reality however is that all governments are a mixture of good and bad, and different people will see that mixture in different proportions. One person might overlook the fact that their government funds the Israeli military because their government does plenty of other "good" things to make up for it. Another person might find that to be a completely unacceptable compromise.
What the "man-made global warming crisis" is, is an example of how a corrupt/captured state will overreach and control the people for its own gain through manipulation. Many governments are captured by the now global financial system that has almost unlimited power due to its money printers. It charges interest on money that it prints out of thin air. By leveraging its existing power to steer the governments to spend money it is able to effectively spend printed money (governemnt loans) on itself and then receive interest on that money as a bonus. A positive feedback loop that ends in global domination by the unelected financial system with the national and international central banks at its heart. Even worse is that it's power obtained essentially through fraud - it's all based on lending out something for interest that isn't theirs. It started with them lending out gold that people had given them to safely look after in their vaults.
I disagree strongly with you on this, but nonetheless I think you've proven the point that the original comment was making i.e. that what constitutes a "good" or a "bad" government is subject to people's views.
In my view, a government that does nothing to tackle global warming is "bad". In your view, a government that spends resources on something you think is a fraud, is also "bad". We can't both be right.
Nonsense. The Earth used to be a boiling lump of magma at once point before it cooled, but guess what -- humans can't live on liquid rock. Warmest or coolest is irrelevant over the lifetime of the Earth. What matters is "modern humans".
Global warming is indeed real. Effective change doesn't have to cost a dime. An example is forcing people to buy electric cars at some point. The government spends nothing, people just buy new cars when their old cars expire, now people are driving new cars. Solved.
(you may notice that incentives are gone in most countries now)
And if the weirdos would stop trying to crush every tiny part of carbon emissions, dams provide an immense amount of cheap, clean power once built. We can even make concrete using low-emission methods. Regardless, dams are far better than coal or gas (yes they are random anti-concrete weirdos), so moving on a path to 'better' is laudable and helpful.
(Yes, anti-concrete weirdos are either useful idiots or secret lobbyists. Why? Well, my city puts more concrete into new basements in a single year, than go into a dam that lasts 50 years. Yet I only hear people blather on about dams, which would save immense pollution from coal, the worst polluter it would replace. Also, I've now out-conspiracied the conspiracy guy I'm replying to.)
Power plants expire, whether gas, coal, etc, and instead of revamp you slowly build new, and expire the old.
None of this has to cost. There is no cabal to enact global warming related change.
There has been no man-made climate change during the period of "modern humans" either.
It's not a conspiracy as such - it helps to think of government and corporations as an AI. A hive intelligence with constraints and goals. The constraint is to operate within legislation and keep the people on board, the reward/goal is to acquire money/power.
At this stage the financial system (which we gave a money printer!) has obtained enough power to steer legislation in its favour and keep the people on board though manipulation of the mainstream media and education.
Show me the incentives and I'll show you the outcome.
I completely agree that there's no reason why we can't replace power plants with more environmentally friendly ones as they are retired, but ask yourself why Germany then has shut down it's fully operational nuclear power plants. Even with energy shortage and the many of the plants ready to be turned back on tomorrow, the state refuses to.
The trouble with videos is you can just... choose not to include stuff that obviously refutes your argument.
The reality is that global warming is definitely happening, and also the Earth is definitely not flat. But it's pretty easy to make a super convincing argument that the Earth is flat - you just don't mention any of the math behind why the Earth is round and then you can have a 5 hour long video filled to the brim with evidence the Earth is flat.
And it's not even lying. We're not saying anything that's not true. We're just choosing to omit data and evidence that proves us wrong. We can even include fake data and evidence, if we want, and refute that - ie build a strawman.
Videos are a terrible way to convey logical arguments. It's much harder to skip back and forth, search for specific bits, etc ... . They're for entertainment, which encourages a suspension of critical thinking. If you're confident there's a solid argument to be made, make it in text so it can easily be analysed and challenged.
The 50s~70s are idealized by many as an American golden age, despite higher reported crime. Law enforcement back then did not have AI-powered surveillance camera networks, widely deployed IMEI stingrays, private data-brokers, or the ability to remotely activate any phone's microphone with 0-click RCE.
A type of exploit (Remote Code Execution) that can be used to secretly infect your device with spyware without requiring any interaction from you (0-click).
Pegasus [0] and the like — commercial spyware updated with the latest exploit chains, developed in-house or purchased from markets like Zerodium, sold as terrorism-prevention tools to such trustworthy states as Russia, UAE, and Hungary.
This sounds extremely simplistic. Countries are isolated universes. Actions of a government in a country affect other countries. Some problems require multiple governments to work together (see global warming and supply chain issues). Different governments have different priorities at any given time even if they all have roughly the same absolute list of issues
Agreed. There are problems that governments solve and if a government can't solve them it's a bad one.
Maybe consensus shifts (or goes away) about which problems are the domain of government, buy ultimately it's about efficacy against those. The rest is a distraction.
"people" being their own citizens. Many governments do not limit their activities to their own people and they have almost opposite rules for their own people vs others. Not that the picture is so clear for their own people either.
> therefore we must not blissfully put our data into govt hands
Extending this reasoning, we should not blissfully put our data into anyone's hands.
Government mission at least have a veneer of public servants, as opposed to private hands whose only real motivation is fiduciary obligations towards the shareholders.
The interest of a government is to control its citizen, either now or at some point in the future.
The interest of a private company is to make more money.
Between the two, I certainly prefer a private company attempting to monetize my data rather than a government trying to control me either now or in the future. And let's stop the bs about "public servants", even in the EU which is maybe the most democratic bloc in the world, governments are trying to impose a chat control (among other laws restricting freedom). It's just in the nature of governments to control its population
It's an interesting argument in theory, but in practice the government in my country of origin actively searches through people's phones to find evidence of wrongthink (e.g. donations or incriminating social media activity), for which they sentence people to incredibly long prison terms.
You're being willfully dense, I do not believe it's up for debate.
Governments that public force to kidnap, torture, murder, "disappear" their own citizens, are bad. Plenty of examples to go around, both historically and currently: China, Russia, México, North Korea, Belarus, the balcans, plenty of African governments, etc.
It shouldn't matter that "34% of my neighbors" want me sent to a concentration camp, personally I wouldn't want to end up there.
The example you're giving, the whole "it really depends on people's views, ..." is a bad government.
And the truth is that it's easy to be a good government: don't be bad.
>In 2015, the Guardian revealed Chicago Police had allegedly employed torture and days-long unlawful detention at the secretive “black site”-like Homan Square facility
And the federal government knew and participated.
>“When we’re doing joint operations with the federal government, it’s generally — it’s under the supervision of an Assistant U.S. Attorney and they’re merely using our facility because it’s more convenient."
Ok, so how do you categorise a country like Norway (typically viewed as a "good" country by most people) which knowingly invests money from its sovereign fund into companies which are linked to the Israeli military which (in many people's view) is currently causing genocide and widespread starvation?
At what point does the "good" cross over into the "bad"? Is it ok that having a highly regarded government comes at the price of dead children? How about the sizeable group of people (e.g. in the US and Israel) who don't believe there is any genocide at all? Doesn't that make the whole thing subjective?
No.. If one follows that absolutism then people deserve nothing better than the worst government anyway because of social slippery slopes like the popular worship of Charles Manson.
There are obviously a lot of dimensions and clusters within those dimensions and we can't always say exactly which nationalist fascists to beat to death with hammers for the global good, but we can say Norway is a bit removed from them.
If you go by examples like that then there are a number of nations you cannot support at all - consider for example that China has the Uyghur concentration camps, US has Guantanamo Bay and now the new prisons in partnership with El Salvador. Belgium got away scottfree with their genocide in Africa, Turkey carried out a genocide in Armenia, France still collects fines from its previous colonies etc.
I think this sort of thinking is symptomatic of something very problematic: that if a government doesn't align with your views, it's a bad one. We've forgotten that, in order for a civilization to survive, with many, many viewpoints, we must compromise sometimes.
> There is no such thing like "bad government" and "good government".
Of course there is, compare the government of Finland to that of North Korea. Just because there are shades of grey and human institutions are generally susceptible to corruption greed an power politics doesn't mean there aren't governments that are different not only in degree but in kind.
It is strange how folks are refusing to admit they can even _evaluate things_ in a bunch of cases. We're seeing that here, but I've also noticed it in other posts on HN: a disagreement with the position of the article is framed not as a distinct examination which comes to different conclusions, but instead commenters claim the post author was foolish in even attempting to evaluate the thing the post is about.
To some degree it feels like bits and pieces of anti-intellectualism getting into folks brains: rejecting the idea that folks can think about things at all.
Finland will approve shit like chat control, age verification or covid lockdowns against civil rights.
Whataboutism is bullshit. Power corrupts. It doesn't matter if you idealize a government, it's still composed of people who get compromised by money, power and general corruption.
In the past, whenever I read someone say stuff like what I myself say down below, I put them down as a crackpot:
But as time goes by and I travel the world, I find it's hard to deny that there are and always were distinct classes within human civilization, though the lines may be blurred here and there, and almost everything within every human society serves to preserve those classes, whether as the direct intentional goal or as a convenient side effect.
"Govern" is to "rule"
Other commenters mention the lack of government, and pockets of chaos where gangs/bandits/warlords/disasters run rampant, but those too are different classes versus each other, or vacuums where classes have yet to [re]form.
I really love Graphene OS but I _wish_ there was a version in which you could get a root shell and extract private data of apps you install when verified as the user. The developers are on record as saying that root blows a hole in their security model (it does!) but if there was _some_ way of doing it safely, so I can modify applications I as the user wish to, it would be my ideal OS. I know I could download and self sign it, but I'd rather not…
One of the things I like the most about GOS is the web installer, and how easy it is to use. If I need a custom build, to run my own server, and sacrifice performance for it, it doesn't seem worth it. It would also be good to know what a debug build entails, how exactly it is "less secure", and so on. Since this is unlikely to be documented by the GOS team, a 3rd party guide would still be helpful.
> It would also be good to know what a debug build entails, how exactly it is "less secure".
Using software engineering terms, think of the official GOS as production release, and the debug version as test release. You deploy it by actiually building it, like building a linux kernel. This takes lots of reaources (RAM + storage). But also is quite flexible because you can compile and build it whenver there is a new update. And you can sign the build yourself. The reason why they say it's insecure is the same why your server sysadmin does not give you the root password. You can do some serious damage if you have no idea what you're doing. On Android, root allow you to peek on other processes and apps, so if you grant root to a malicious app, high risk of data leakage. That's it though. Been rooting and building roms since early android days, no issues for me as I tend to use open source tools most of the time.
You can enable root on GrapheneOS. It will erase your data, however, so make a backup before you do. But if you really want root you can save your data, root, restore, and leave root on.
On Linux, I can add an account to the sudoers list, and have the flexibility to configure the level of security appropriate for my use case. I have yet to experience any security issues (that I'm aware of). Why isn't this possible on my mobile device as well?
This absolute stance is not right. Security is not binary, but a spectrum. I should be allowed to have full control over my device without this being a security risk.
Malware capable of getting root can access / exfiltrate anything, use your network, flash your firmware, can persist permanently, can use you as a vector.
Shellshock, log4j, Heartbleed. Hundreds of the big profile vulnerabilities that can be exploited on the system in an attempt to obtain root. And then you're cooked.
You really think a malware with the root access can't do much?
Why do you think selinux (and similar) even exist?
This isn't absolute stance. This is just stating that having a root access on the proruction/daily system is the opposite of security.
Yes but root still exists in phones just like it does in servers. It's just not accessible by the user. The OS does run processes as root and it needs it for things like updates.
Also, the user having root access doesn't mean that every process they run has root rights. For rooted phones there's apps to control what it's used for. Anything else just runs with the limited rights as before.
Of course those 'sudo' apps would be an attack vector but a pretty niche one.
I understand the risks, but just because they theoretically exist doesn't mean that they pose an active threat in all scenarios, or that they can't be mitigated.
The idea of locking the system down completely and preventing anyone from accessing it is technically more secure, but it creates many practical issues for tech-savvy people who want full control over their devices, which is the vast majority of the GrapheneOS user base.
If SELinux can mitigate the risks, then sure, let's use that. I don't really care what the technical solution is to this problem.
I'm just saying that:
a) As a user of an OS I want to be allowed full control over my device and not have babyproofed functionality because "it's for my own good". That is the realm of walled garden OSs from most major corporations which I deliberately avoid by using GOS in the first place.
b) My personal threat model doesn't involve using a bunch of untrusted applications, and I'm fine with trading some security for convenience. If the risks from choosing convenience can't be mitigated, then my OS should be flexible enough to allow me to make that choice. Other OSs can do this, so why can't GOS? I'm inclined to believe that there's no technical reason for it, but it's something that maintainers simply don't want to support. Which is fine, it's their project and their prerogative, but then let's not pretend that this is a discussion about security.
Well, anyone with actual root on a secure (locked, verified boot on) Android phone can hard brick it with a single command. Yes, you can yell at the user telling them it's their fault. Still something you usually do not want to support.
I don't think having authorized temporary root is inherently insecure, but on the other hand making sure it is secure could be a huge time sink.
Now, the original request here, modifying user app (I'd assume it's not system app) data, is reasonable. Designing a properly authenticated way to allow doing so would be an interesting challenge.
What is the threat model when enabling root on a phone and why can't it be mitigated? Root is enabled on most servers and desktops and we are surviving fine.
The way apps behave and the user interface to apps and the way they are used, the level of basic visibility and control that the user has moment to moment, is totally different on a phone than on a pc.
In practice, desktops and servers are quiet secure because you don't need to download random closed-source firmware and apps to use your device.
iOS and Android are a security nightmare. Downloading a random-ass executable to pay for parking is asking for trouble. Relying on millions of lines of proprietary Google code that you-don't-know-what-it-does is asking for trouble.
This code could have, and almost certainly does have, spyware, keyloggers, and various other forms of malware. You're simply trusting that it doesn't, because it's unverifiable.
And this doesn't even TOUCH on all the vulnerabilities associated with cellular networks, the baseband, SS7, etc. Good luck auditing that code.
At least on a server I can have some baseline guarantees about what software I'm running and what it's doing. Whereas on a phone, your location could constantly be triangulated, your phone identity spoofed, your cellular traffic sniffed, and on and on and you'd never know.
I mean, just this week we saw a post on here about ICE using fake cell towers to identify protestors. That shit is truly trivial to do, and people have been doing it for almost two decades. You wanna talk CVE? Start with that.
Is Qubes resistant to forensics? I think its selling point is multi-level security and lateral movement prevention, not safeguarding data on a stolen laptop.
This kinds of make me want to get a pixel and install GrafeneOS there.
I'll admit that big companies may have some incentive to protect their users' privacy; but they are an easy legal target. If tomorrow the US or EU pass legislation that mandates a backdoor in all mobile devices, the entire world is screwed.
I bought a cheap refurbished Pixel 7 Pro off eBay for $250 and installed GrapheneOS on it. Threw an eSim $20/m plan on it and use it as my phone when I leave the house and go IRL.
If I ever lose it or it gets taken while traveling, who cares, its secure af. I just cancel my eSim and buy another phone to install GrapheneOS on all while my main phone Pixel 10 Pro is still safe and at home.
Android auto used to not work but they added support. Voice commands to Google while driving don't work for me, but may be possible to get working.
Google voice commands work, but you need to open the Google app.
Google wallet works fine for tickets, bar codes etc, just no NFC payments.
Android song search works for me, there's a quick access file for it and it works great. I think pixels normally show what's playing on the lock screen, offline. I think this might be the same thing, triggered manually. Though I'm not sure if it's offline or not.
I'm in Ireland and any backing apps I've tried work fine, PTSB, AIB, revolut, IBKR, Trade Republic. I've had no issues there.
It's a very stable OS IMO, the extra user profiles, being able to choose whether to have Google play or not, and what level of access to give it. I've used it on a pixel 6, which died not too long ago, and now a pixel 9a.
Depends on the apps. You wont be able to use a lot of apps like Chase Bank app and etc w GrapheneOS. Lots of errors bc it blocks a ton of shit your banking apps will need or want to use.
To be fair after that came out they disabled ADP for the whole country. If they were willing to go along with it then that would not be the course they would take.
Not to mention it's a colossally dumb move to create a back door into your system that anyone can access and can break things like government contracts. Apple is greedy but they aren't suicidal.
My last pixel (4a) started falling apart after about a year and a half. Is there an android device that's a bit more hardy? I switched back to apple as I was able to use an SE for YEARS. Would love to try running GrapheneOS, though.
My wife uses her Pixel 4a to this day. I moved on from mine after some problems, but a factory wipe of the 4a actually fixed all of the problems with mine too.
And you know what else is cool? If the screen gets cracked or something doesn't work, you can take it to an independent repair shop and they can fix it.
I want to get a Pixel just for GrapheneOS as well but Google is incapable of selling those things worldwide despite being a trillion dollar corporation.
I had issues buying my Pixel from Google. My memory is fuzzy, but I think after I activated my account they said great, We'll let you purchase in a month... A really cautious security model I suppose. I gave up and bought it on Amazon.
This feels like countering insinuations on the Internet with insinuations on the Internet.
Cellebrite doesn't publicly publish the latest support matrix so we have no real idea what progress if any they've made against recent iPhones and iOS versions, nor any real detail on how something like Lockdown Mode influences outcomes for their software.
Nor does this show anything about Pixel 9 or Pixel 10 and the newest variants of Android OS (which for Pixel 10 makes sense given (2024), but for Pixel 9 does it?).
What we do know as both companies disclose this is that Apple implements particularly with Advanced Data Protection enabled significantly more E2EE than Google, and both companies invest significantly through i.e. Apple's SEAR into the security of their hardware, software and platforms.
That GrapheneOS exists is great but I don't think this post helps much.
Documents have been leaked at the beginning of this year: https://osservatorionessuno.org/blog/2025/03/a-deep-dive-int... which do include the Pixel 9. They show GrapheneOS being pretty secure in comparison to other vendors at the very least, with GrapheneOS being marked as unsupported if patched beyond 2022. They also show GrapheneOS beating the stock Google firmware.
One reason GrapheneOS fights these threads is by doing what Google doesn't want to do out of user friendliness, like disabling USB in AFU mode. Unlike Google, Samsung, or Apple in non-lockdown mode, GrapheneOS doesn't need to deal with upset users when they need to unlock their phone before hooking it up to their car/display/flash drive/3.5mm jack converter/etc.
GrapheneOS also enables security features when compiling the OS that have a performance impact but mitigate security risks. They end up with a slower phone with less battery life that's protected better against extremely uncommon attack vectors.
We don't know the current state of Celebrite's capabilities, but the fact they struggled for at least three years last time intel leaked out does paint a good picture for GrapheneOS. I'm sure the GRU and NSA have exploits that can hack even GrapheneOS, but at least they're not the type that makes it into commercially available exploit kits as of now.
> GrapheneOS also enables security features when compiling the OS that have a performance impact but mitigate security risks. They end up with a slower phone with less battery life that's protected better against extremely uncommon attack vectors.
Apps may take slightly longer to launch, which was more noticeable on older devices, but not so much on modern supported devices. I understand that some of the other exploit protections mean that apps and processes take up slightly more memory, but that's another thing that people don't seem to be affected by.
As for battery life, not really. Most people report having roughly the same battery life with GrapheneOS as with the stock OS. People who don't install Google Play report much better battery life. Sure, the exploit protections might use a small amount of extra power, but it's negligible as far as I can tell based on my own experiences and what other people report.
Some devices are listed with both "BFU Yes" and "BF No" under the "... BFU" column (for example, the newer Pixel devices table). What do these mean in combination?
There is someone who leaks Cellebrite's support matrix to GrapheneOS dev's and it confirms that they are still unable to exploit it.
"Their documentation has explicitly listed GrapheneOS for years due to the high demand from their customers for breaking into it. It shows they were last able to exploit a GrapheneOS release with a 2022 or earlier patch level.
We have their June 2025 documentation and could obtain the newer documentation if we ask for it, but we have much bigger priorities than that right now and we would have been contacted by the main person providing it if anything relevant changed."
> Cellebrite admits they can not hack GrapheneOS if users had installed updates since late 2022.
So, how do I know that GrapheneOS is not a honeypot for the really big fish?
At this point it seems if you really want to be safe, you have to add obscurity (in addition to conventional best practices). Like changing the pinout on your USB port so the exploit device can't connect.
As mentioned in the link, Graphene has a lot of additional security feature. It can auto reboot after X hours without being unlocked. You can lock down the usb port to be charge only, or even completely disabled so that the only way to charge is with the device powered off.
>...because it is doing far more hardening than iOS against these attacks. iPhones also have security element, but the companies developing attacks, had successfully bypassed secure element throttling from Apple for years (and are doing the same with Samsung and Qualcomm
Is it true that Pixels are more hardened against brute forcing the security module and that iphones (and other phones) are easily bypassesed by these hacking tools?
I don't think I agree with this assessment; I have a lot of respect for GrapheneOS but they are very prone to this type of puffery, especially in face of criticism.
The information in this and other GrapheneOS articles comes from a leaked copy of the Cellebrite support matrix which is shipped with their end-user (law enforcement) devices, so it's a point-in-time look at one vendor's capabilities in one product line.
At the time this article was written, Cellebrite had brute force-based passcode access to iPhones before the iPhone 12 (prior to the Secure Storage Component), and supposedly had support for the iPhone 12 on iOS versions prior to 17 in development (vs. just under research), while they had no access to bruteforce on Android devices using the Titan M2 (Pixel 6 and later).
The general trust model is pretty similar: the user's passcode is entangled with (predictable) secure entropy and used to derive a key encryption key which can unlock the filesystem. Firmware running on a secure processor rate-limits passcode attempts.
Overall I would say that a modern iPhone running the latest iOS and a modern Pixel running GrapheneOS represent the absolute state of the art in protection, and seem to have pretty similar public support from forensic vendors. The article is right that essentially everything else is junk; hardware vendors by and large seem to really struggle to implement secure software (including ROMs and bootloaders).
Slightly off-topic: how many people are maintaining GrapheneOS? Suppose Daniel Micay suddenly disappeared from planet earth - is there someone who has the knowledge, access and keys to continue immediately?
As long as the USB port of your phone is used, you can not stop it. This is the backdoor the governments want without having to be tethered. Vote for privacy. Vote against the police state. Vote for freedom.
Libertarian rant aside. Governments fund these kinds of operations in secret so they can "effectively do their jobs". There's a ton of subcontractors working on AWS platforms that do analysis of this UFED "dump". (just a zip file of your phones directories). Emails, Phone logs, Carrier settings, Browser History, Text Messages, Cookies, Apps, App Logs, App Data, if it's on your phone, it's in the zip.
Sure... Vote "correctly" and then watch the world burn anyway when the politicians start spinning some nonsense about money laundering drug trafficking child molesting terrorists.
The only thing that comes to my mind is the so-called blobs, the closed source hardware drivers that are needed to make an Android phone work and that run at high privilege level.
If GrapheneOS is not tightly sandboxing them, then chances there are that a capable operator can use whatever backdoor each driver offers, mainly the wifi adapter, the baseband modem and the Bluetooth adapter.
No matter what GrapheneOS developers have done.
Imagine the wifi driver being able to spoof on pin entry procedure.
I am probably the only one but the geek in me would love to see an article where digital forensics are used against the most common operating systems in their most secure configuration - just to see how they compare with one another.
AFAIK the Pixel devices are the only ones that reliably allow bootloader unlocking / re-locking, that is required to perform custom os installs.
There are others e.g. Motorola ones or Fairphone, that also allow this but it's a good idea to focus on a specific set of devices keeping maintenance as low as possible and security focus as high as possible.
There are alternatives like /eOS/ or CalyxOS supporting more devices and I experienced exactly this "no longer supported" issue with my Xiaomi A2, which suddenly disappeared from the list of supported devices (see https://calyxos.org/news/2021/03/29/mi-a2-ten-firmware/).
Pixels are the only devices that are out right now that meet the project's requirements. The project is in talks with a major OEM to have some of their devices meet GrapheneOS's requirements and have official support for GrapheneOS. Assuming all continues to go well, the project has said they expect those devices to be out in 1-2 years.
Kind of. I don't use grapheneOS and I'd like to, but de-googling your phone by buying a Google phone seems a bit sketchy. I don't want to take away from a privacy focused project. I'm super thankful for this option and I can't stand android or iPhone. But in the back of my mind I wonder if I'm being tricked.
As for why graphene uses graphene uses pixels - their FAQ does a good job explaining. As for why google keeps the bootloader opened and maintains (until recently) good enough device-tree support- I would guess mostly historical reasons? Before becoming as mainstream as they are now nexus and pixel phones used to be in part android development devices and certain creature comforts stuck. This seems to be souring though, so some of the people there may be in talks with an OEM for a graphene os specific device[1].
That doesn't seem odd to me. Google's data hoarding is done in software, not hardware. Remove Google's add-on software and you have a more or less blank slate to work with. I don't see why we'd expect any different.
This is the answer. Google play services and related privileged components are the non-open source blob hoarding data, along with whatever backend services you use from Google. These components are part of the stock android image that comes on the device that's replaced entirely by GrapheneOS.
Naturally if you continue to use Google services then the data hoarding continues.
> It still seems strange. A big part of GrapheneOS is to provide a safeguard from Googles data hoarding, yet it works primarily on Google phones.
That's the most confusing part. IMO GrapheneOS is not mainly about "provide a safeguard from Googles data hoarding", instead this is more like a side quest.
GrapheneOS is about creating a mobile OS that is more secure against advanced threats [0] than anything else, including stock Pixel OS and iOS.
[0] Currently my rule of thumb is, anyone who can find and write exploits for new memory corruption bugs for the wanted attack surface, or who can buy such capability, qualifies as advanced threat. Hence Cellebrite qualifies as a borderline "advanced threat".
Considering last years development and quite open Google hostility?
No.
GoS have provided a lot of patches upstream, Some of which were even applied. Despite that they wouldn't get early access to A16 just because. Access EVERY vendor promising to preinstall privileged Google services has.
Allegedly Google security team was very happy about that idea, but got vetoed by management.
I don't have and never had any connection to GrapheneOS developers, positive or negative, online or offline, nor am I working for any of their competitors. I only have the philosophical disagreement with their decisions explained in my link above.
He's not wrong from a computer freedom perspective. GrapheneOS is actively hostile to things like complete root access. It blows a hole in the security model. It's also very much enabled by the exact same sort of user hostile cryptography that corporations use to lock down their devices. Things like hardware attestation which protects apps from us. We can't easily do things like MITM an app to reverse engineer it.
I still it's superior to any stock Android OS but the risks associated with giving up freedom for security must be considered. The ideal is to have security while simultaneously maintaining our power as the owners of the machine.
I love the sandboxed Play Services. It works better than microg, and is more secure/private than installing Play Services normally which are your two options on LineageOS.
The main downside for me was the limited phone choice. I really liked being able to use a smaller Sony phone with LineageOS, but now that those aren't really available in the US, I had to move to big phone anyway and Pixels aren't the worst option out there.
There is no such thing like "bad government" and "good government". I mean - it really depends on people's views, therefore we must not blissfully put our data into govt hands because "they will protect us from terrorists and child rapists". What they will do, actually, is that for sure they will abuse innocent citizens at some point of time. They will. Even if they don't, they will. Or maybe they are doing it right now and they need more control to make it easier
No. When the government fails to delivery what people need (not necessarily wants), you have a bad government. When gangs and bandits (or drugs, or diseases, or whatever) takes on the street, it's not about people's view, it's just bad stuff that the government need to address or there's no point on having a government.
Aside from the fact that there's a subjective definition problem here (how do we decide what people "need"?), I think this an unrealistic view. By this definition, every government that has ever existed or ever will exist is a "bad" government because no government can ever tackle every single problem 100% of the time. Many problems are extremely difficult to solve (e.g. global warming), and others simply cannot be solved without creating other problems.
For example, people "need" access to healthcare, but there's essentially an unlimited amount of money you could spend to keep improving healthcare (e.g. opting for increasingly expensive treatments with diminishing returns on health outcomes). The more money you allocate to healthcare, the less you have available to spend on other things that people "need". Sure, you can tax more up to a point, but eventually that tap runs dry and you're forced to reallocate existing resources.
As another example, people "need" criminals to be punished in order to be able to live in a safe a crime-free society. People also "need" to not be put in prison when they are innocent. But you can never be 100% sure that a convicted criminal actually committed the crime. Locking up criminals implies by necessity that you will also lock up some innocent people. No government can solve both of these problems simultaneously which means they are all "bad".
Even the most competent "good" government ultimately has to select among which "bad" things it is going to allow to continue and which it will solve.
> Sure, you can tax more up to a point, but eventually that tap runs dry and you're forced to reallocate existing resources.
Since the 1980s, we have been consistently taxing less. If the tap is dry, it isn't because of over-taxation - it's because there's a reservoir of wealth hoarded by the relatively few.
A even cursory glance at the trajectory of wealth distribution will make that clear.
> Since the 1980s, we have been consistently taxing less
Who is "we"? We're talking about governments in general ("good" vs "bad" ones), and I have no idea what jurisdiction you are referring to.
In any case, I didn't say the tap is dry. I said if you keep raising taxes it will eventually run dry. Or to put it another way, taxes are not an unlimited resource that you can keep increasing as much as you'd like. At some point you'll hit a ceiling where raising taxes any further doesn't produce additional tax revenue.
For example, as you raise income tax rates, people have less incentive to advance their careers (e.g. by chasing promotions or improving their skills), and people have more incentive to leave the jurisdiction and go somewhere with lower taxes. Up to a point, the increase in tax rates produces a net extra revenue for the government. Above a certain point, the number of people who stop paying taxes (e.g. by leaving or by working less) outweighs the gains from those who continue to pay. This is why you'll rarely see any government with excessively high top-bracket tax rates (e.g. 60 - 100%), because it results in tax losses.
How are you coming to the conclusion that it will run dry? For example, in the US, arguably the most prosperous period here was in the first half of the 1900s. It is when Roosevelt's New Deal went into place and the US experienced extraordinary growth and prosperity. Do you know what also coincided with this? The marginal income tax rate. From wikipedia:
> For tax years 1944 through 1951, the highest marginal tax rate for individuals was 91%, increasing to 92% for 1952 and 1953, and reverting to 91% 1954 through 1963.
Since that time, the income tax rate has declined, especially for the higher brackets. From my perspective, it kinda just sounds like wealthy people got greedy and they were able to advocate for income tax changes. Back then, they couldn't pull as much funny business as they do today with high compensation modalities ($1 trillion for Musk?) so they opted for marginal tax rate reduction. But there's no evidence from what I can see that the the money was about to "run dry." Quite the opposite it seems. Even in nordic countries, the money is not "running dry". They have great support systems in large part because of the high marginal tax rates.
Consider what would happen if the tax rate was 100% across all tax types, and you'll probably see then how there's an upper limit to how much tax revenue can be raised by a government. Would you get up and go to work if you got to keep 0% of your earnings? How about if you got to keep 1% of them? 2%?
Surely we can agree that there is a threshold, even if we don't agree where that threshold is. That's all there is to the point I'm trying to make: tax resources are limited and therefore all governments must ultimately allocate those limited resources and cannot simply spend unlimited amounts on any "good" projects that they'd like.
> tax resources are limited and therefore all governments must ultimately allocate those limited resources and cannot simply spend unlimited amounts on any "good" projects that they'd like.
That's a strawman. There are no proposals for a 100% tax across tax types. There is an argument for reversing the direction of the last several decades in which taxes on the wealthiest have been dramatically cut.
> Since the 1980s, we have been consistently taxing less.
Assuming "we" means the United States, this isn't really true. Tax revenue as a percentage of GDP has been remarkably stable, not just since the 1980s, but since the end of World War II [1].
The long-term average since 1945 is 16.85%, the average in the 1970s (i.e. the decade before the 80s) was 16.76%, and the average in the 2020s is 16.96%.
[1] https://fred.stlouisfed.org/series/FYFRGDA188S
Since the 1980s, we have been consistently taxing less. If the tap is dry, it isn't because of over-taxation - it's because there's a reservoir of wealth hoarded by the relatively few.
A even cursory glance at the trajectory of wealth distribution will make that clear.
Others have attempted to refute your above statement, but it's not really relevant. Your response does not really align with the parent post, because at no point did the post you replied to say "We need to tax less all the time!" or even "we need to tax less!" or "we cannot have better health care".
None of these things were said, advocated for, or espoused as a position.
Instead, they said "you cannot solve everything ever, and everything has tradeoffs", along with "because if you try, you run out of money no matter what".
This seems like a fair statement. Would you care to address that?
> Instead, they said "you cannot solve everything ever, and everything has tradeoffs", along with "because if you try, you run out of money no matter what".
> This seems like a fair statement. Would you care to address that?
Sure. That's like saying fire is hot and water is wet. The fact that tradeoffs obviously exist doesn't mean we can make meaningful changes to improve things.
I think you mean "doesn't mean we can't", but you seem to be hyper-focusing on the summary statement I wrote, of the original author's post. That summary statement was in place to explain why your original post wasn't addressing the issue.
But that statement was summarizing a portion of the original author's post. If placed back in the context it came from, you can see the original author was not saying we cannot make meaningful changes. At all.
Instead, the author was said:
Aside from the fact that there's a subjective definition problem here (how do we decide what people "need"?), I think this an unrealistic view. By this definition, every government that has ever existed or ever will exist is a "bad" government because no government can ever tackle every single problem 100% of the time. Many problems are extremely difficult to solve (e.g. global warming), and others simply cannot be solved without creating other problems.
Thus, they are not defining this as a "we cannot improve things", but instead "if we improve things, some will see that as bad" conjoined with "in other cases, we improve things, but not as fast/completely as desired".
As far as I can see, there is not a single point that the original author said we cannot improve things. They don't even hint at that.
> Since the 1980s, we have been consistently taxing less.
In the US at least, that’s the perception because the tax cuts get a lot more publicity than the increases; everyone know that Reagan passed what was, to that time, the biggest (at least in aggregate nominal terms) tax cut in US history, fewer know that he followed it with the biggest increase.
But what has actually happened is a series of tax burden shifts (often, downward from the wealthiest, though some have been the other way or largely orthogonal to wealth.)
sure, but does government prevent wealth inequality, or maybe the very cause of it?
(research hint: inflation, and that millennia old quote/insight: the more numerous the laws, the more corrupt the government...)
Everything is bad if we simply redefine "good" to mean "immaculately perfect and infallible in literally all conceivable scenarios"
Sure. But the original commenter's point that whether a government is "good" or "bad" is subjective because it's dependent on people's views. Other commenters objected to that and appear to see it as objective: a government is either clearly good or clearly bad, and there's no debate to be had.
The reality however is that all governments are a mixture of good and bad, and different people will see that mixture in different proportions. One person might overlook the fact that their government funds the Israeli military because their government does plenty of other "good" things to make up for it. Another person might find that to be a completely unacceptable compromise.
There is no man-made global warming crisis. The earth is in fact one of the coldest periods in history.
Thoroughly explained here: https://youtu.be/KDwCUAueLUU
What the "man-made global warming crisis" is, is an example of how a corrupt/captured state will overreach and control the people for its own gain through manipulation. Many governments are captured by the now global financial system that has almost unlimited power due to its money printers. It charges interest on money that it prints out of thin air. By leveraging its existing power to steer the governments to spend money it is able to effectively spend printed money (governemnt loans) on itself and then receive interest on that money as a bonus. A positive feedback loop that ends in global domination by the unelected financial system with the national and international central banks at its heart. Even worse is that it's power obtained essentially through fraud - it's all based on lending out something for interest that isn't theirs. It started with them lending out gold that people had given them to safely look after in their vaults.
I disagree strongly with you on this, but nonetheless I think you've proven the point that the original comment was making i.e. that what constitutes a "good" or a "bad" government is subject to people's views.
In my view, a government that does nothing to tackle global warming is "bad". In your view, a government that spends resources on something you think is a fraud, is also "bad". We can't both be right.
We can both be right - when man-made global warming isn't actually a thing.
I agree that
> a government that does nothing to tackle global warming is "bad"
and I think you would likely also agree that
> a government that spends resources on something you think is a fraud, is also "bad"
The only difference is that it has managed to convince you that man-made global warming is real, just like it did me for a long time.
Nonsense. The Earth used to be a boiling lump of magma at once point before it cooled, but guess what -- humans can't live on liquid rock. Warmest or coolest is irrelevant over the lifetime of the Earth. What matters is "modern humans".
Global warming is indeed real. Effective change doesn't have to cost a dime. An example is forcing people to buy electric cars at some point. The government spends nothing, people just buy new cars when their old cars expire, now people are driving new cars. Solved.
(you may notice that incentives are gone in most countries now)
And if the weirdos would stop trying to crush every tiny part of carbon emissions, dams provide an immense amount of cheap, clean power once built. We can even make concrete using low-emission methods. Regardless, dams are far better than coal or gas (yes they are random anti-concrete weirdos), so moving on a path to 'better' is laudable and helpful.
(Yes, anti-concrete weirdos are either useful idiots or secret lobbyists. Why? Well, my city puts more concrete into new basements in a single year, than go into a dam that lasts 50 years. Yet I only hear people blather on about dams, which would save immense pollution from coal, the worst polluter it would replace. Also, I've now out-conspiracied the conspiracy guy I'm replying to.)
Power plants expire, whether gas, coal, etc, and instead of revamp you slowly build new, and expire the old.
None of this has to cost. There is no cabal to enact global warming related change.
To clarify I meant over the last 5 million years.
There has been no man-made climate change during the period of "modern humans" either.
It's not a conspiracy as such - it helps to think of government and corporations as an AI. A hive intelligence with constraints and goals. The constraint is to operate within legislation and keep the people on board, the reward/goal is to acquire money/power.
At this stage the financial system (which we gave a money printer!) has obtained enough power to steer legislation in its favour and keep the people on board though manipulation of the mainstream media and education.
Show me the incentives and I'll show you the outcome.
I completely agree that there's no reason why we can't replace power plants with more environmentally friendly ones as they are retired, but ask yourself why Germany then has shut down it's fully operational nuclear power plants. Even with energy shortage and the many of the plants ready to be turned back on tomorrow, the state refuses to.
Requiring people to watch a 1hr+ video to understand your argument is a big red flag.
Why's that? A topic as big as this takes quite a lot of refuting.
If you're interested in finding the truth, then you'll at least begin watching it to see if it offers any promise.
The trouble with videos is you can just... choose not to include stuff that obviously refutes your argument.
The reality is that global warming is definitely happening, and also the Earth is definitely not flat. But it's pretty easy to make a super convincing argument that the Earth is flat - you just don't mention any of the math behind why the Earth is round and then you can have a 5 hour long video filled to the brim with evidence the Earth is flat.
And it's not even lying. We're not saying anything that's not true. We're just choosing to omit data and evidence that proves us wrong. We can even include fake data and evidence, if we want, and refute that - ie build a strawman.
But surely that holds true for any evidence? Much of the video is showing how (and why) the government-funded evidence for global warming is wrong.
Videos are a terrible way to convey logical arguments. It's much harder to skip back and forth, search for specific bits, etc ... . They're for entertainment, which encourages a suspension of critical thinking. If you're confident there's a solid argument to be made, make it in text so it can easily be analysed and challenged.
Thoroughly debunked here: https://www.lse.ac.uk/granthaminstitute/news/fake-graphs-and... And here: https://science.feedback.org/review/review-climate-the-movie...
That film is full of misleading nonsense. Like, charts that have been altered to apparently suit a narrative.
The 50s~70s are idealized by many as an American golden age, despite higher reported crime. Law enforcement back then did not have AI-powered surveillance camera networks, widely deployed IMEI stingrays, private data-brokers, or the ability to remotely activate any phone's microphone with 0-click RCE.
What's the 0-click RCE thing?
A type of exploit (Remote Code Execution) that can be used to secretly infect your device with spyware without requiring any interaction from you (0-click).
Pegasus [0] and the like — commercial spyware updated with the latest exploit chains, developed in-house or purchased from markets like Zerodium, sold as terrorism-prevention tools to such trustworthy states as Russia, UAE, and Hungary.
[0] https://en.wikipedia.org/wiki/Pegasus_(spyware)
This sounds extremely simplistic. Countries are isolated universes. Actions of a government in a country affect other countries. Some problems require multiple governments to work together (see global warming and supply chain issues). Different governments have different priorities at any given time even if they all have roughly the same absolute list of issues
Agreed. There are problems that governments solve and if a government can't solve them it's a bad one.
Maybe consensus shifts (or goes away) about which problems are the domain of government, buy ultimately it's about efficacy against those. The rest is a distraction.
"people" being their own citizens. Many governments do not limit their activities to their own people and they have almost opposite rules for their own people vs others. Not that the picture is so clear for their own people either.
> there's no point on having a government
Can we just use this as our point of agreement?
> therefore we must not blissfully put our data into govt hands
Extending this reasoning, we should not blissfully put our data into anyone's hands.
Government mission at least have a veneer of public servants, as opposed to private hands whose only real motivation is fiduciary obligations towards the shareholders.
it's about the interests of each party.
The interest of a government is to control its citizen, either now or at some point in the future.
The interest of a private company is to make more money.
Between the two, I certainly prefer a private company attempting to monetize my data rather than a government trying to control me either now or in the future. And let's stop the bs about "public servants", even in the EU which is maybe the most democratic bloc in the world, governments are trying to impose a chat control (among other laws restricting freedom). It's just in the nature of governments to control its population
It's an interesting argument in theory, but in practice the government in my country of origin actively searches through people's phones to find evidence of wrongthink (e.g. donations or incriminating social media activity), for which they sentence people to incredibly long prison terms.
The latest example: https://en.zona.media/article/2025/08/27/irin
That said, no matter how secure GrapheneOS may be, for this particular threat a permanently clean phone is a necessity.
If the reaction to "I'm not unlocking my phone" is being beaten and put into a gulag, no technical solution will help.
But countries that have fallen that far off the path are not worth saving anyway.
You're being willfully dense, I do not believe it's up for debate.
Governments that public force to kidnap, torture, murder, "disappear" their own citizens, are bad. Plenty of examples to go around, both historically and currently: China, Russia, México, North Korea, Belarus, the balcans, plenty of African governments, etc.
It shouldn't matter that "34% of my neighbors" want me sent to a concentration camp, personally I wouldn't want to end up there.
The example you're giving, the whole "it really depends on people's views, ..." is a bad government.
And the truth is that it's easy to be a good government: don't be bad.
Edit: fixed a word.
You’ve got quite a list of examples there. In 2025 that list of examples should include the US and Israel
Try earlier than that for the US:
>In 2015, the Guardian revealed Chicago Police had allegedly employed torture and days-long unlawful detention at the secretive “black site”-like Homan Square facility
And the federal government knew and participated.
>“When we’re doing joint operations with the federal government, it’s generally — it’s under the supervision of an Assistant U.S. Attorney and they’re merely using our facility because it’s more convenient."
https://thegrayzone.com/2025/03/15/feds-used-chicago-black-s...
Ok, so how do you categorise a country like Norway (typically viewed as a "good" country by most people) which knowingly invests money from its sovereign fund into companies which are linked to the Israeli military which (in many people's view) is currently causing genocide and widespread starvation?
At what point does the "good" cross over into the "bad"? Is it ok that having a highly regarded government comes at the price of dead children? How about the sizeable group of people (e.g. in the US and Israel) who don't believe there is any genocide at all? Doesn't that make the whole thing subjective?
No.. If one follows that absolutism then people deserve nothing better than the worst government anyway because of social slippery slopes like the popular worship of Charles Manson.
There are obviously a lot of dimensions and clusters within those dimensions and we can't always say exactly which nationalist fascists to beat to death with hammers for the global good, but we can say Norway is a bit removed from them.
If you go by examples like that then there are a number of nations you cannot support at all - consider for example that China has the Uyghur concentration camps, US has Guantanamo Bay and now the new prisons in partnership with El Salvador. Belgium got away scottfree with their genocide in Africa, Turkey carried out a genocide in Armenia, France still collects fines from its previous colonies etc.
I think this sort of thinking is symptomatic of something very problematic: that if a government doesn't align with your views, it's a bad one. We've forgotten that, in order for a civilization to survive, with many, many viewpoints, we must compromise sometimes.
Only someone who never lived under a bad government would claim all governments are equally bad.
Only someone who never has seen war would think they need no defense
Or more likely, regardless of intentions, they will accidentally let it fall into a bad actors hands.
Maybe we should have no government, because they always have some information on us which can be abused
> There is no such thing like "bad government" and "good government".
Of course there is, compare the government of Finland to that of North Korea. Just because there are shades of grey and human institutions are generally susceptible to corruption greed an power politics doesn't mean there aren't governments that are different not only in degree but in kind.
It is strange how folks are refusing to admit they can even _evaluate things_ in a bunch of cases. We're seeing that here, but I've also noticed it in other posts on HN: a disagreement with the position of the article is framed not as a distinct examination which comes to different conclusions, but instead commenters claim the post author was foolish in even attempting to evaluate the thing the post is about.
To some degree it feels like bits and pieces of anti-intellectualism getting into folks brains: rejecting the idea that folks can think about things at all.
It feels like a nihilistic take partnered with the view that everyone has a valid viewpoint.
Finland will approve shit like chat control, age verification or covid lockdowns against civil rights.
Whataboutism is bullshit. Power corrupts. It doesn't matter if you idealize a government, it's still composed of people who get compromised by money, power and general corruption.
Time for a Bitcoin moment, but for governments.
DAOs?
DAO based maybe, yes.
> it really depends on people's views.
No it does not. It depends on peoples morals.
> > it really depends on people's views.
> No it does not. It depends on peoples morals.
Morals are a kind of views.
It's the fundamental principles of right and wrong. Morals. It's not just views or kind of.
Beliefs about what is fundamentally right and wrong are, in fact, views.
You can call them views, and you can call your tap water a solution of dihydrogen monoxide with contaminants. It isn't helpful.
then child rape is just a clash of views... you sure you really want to go down that road?
> then child rape is just a clash of views
Who said “just”? I'm arguing against minimizing conflicts of views as inherently insignificant, low consequence things.
In the past, whenever I read someone say stuff like what I myself say down below, I put them down as a crackpot:
But as time goes by and I travel the world, I find it's hard to deny that there are and always were distinct classes within human civilization, though the lines may be blurred here and there, and almost everything within every human society serves to preserve those classes, whether as the direct intentional goal or as a convenient side effect.
"Govern" is to "rule"
Other commenters mention the lack of government, and pockets of chaos where gangs/bandits/warlords/disasters run rampant, but those too are different classes versus each other, or vacuums where classes have yet to [re]form.
I really love Graphene OS but I _wish_ there was a version in which you could get a root shell and extract private data of apps you install when verified as the user. The developers are on record as saying that root blows a hole in their security model (it does!) but if there was _some_ way of doing it safely, so I can modify applications I as the user wish to, it would be my ideal OS. I know I could download and self sign it, but I'd rather not…
I wish this as well. I make a userdebug build myself to get adb root, which isn't difficult, but would be a lot nicer if it were officially supported.
That's interesting. Can you share a guide for doing that?
You can just follow the official build instructions with a single change: when specifying the build target, change it from -user to -userdebug:
https://grapheneos.org/build#setting-up-the-os-build-environ...
Hhmm that seems like a hassle, TBH.
One of the things I like the most about GOS is the web installer, and how easy it is to use. If I need a custom build, to run my own server, and sacrifice performance for it, it doesn't seem worth it. It would also be good to know what a debug build entails, how exactly it is "less secure", and so on. Since this is unlikely to be documented by the GOS team, a 3rd party guide would still be helpful.
> It would also be good to know what a debug build entails, how exactly it is "less secure".
Using software engineering terms, think of the official GOS as production release, and the debug version as test release. You deploy it by actiually building it, like building a linux kernel. This takes lots of reaources (RAM + storage). But also is quite flexible because you can compile and build it whenver there is a new update. And you can sign the build yourself. The reason why they say it's insecure is the same why your server sysadmin does not give you the root password. You can do some serious damage if you have no idea what you're doing. On Android, root allow you to peek on other processes and apps, so if you grant root to a malicious app, high risk of data leakage. That's it though. Been rooting and building roms since early android days, no issues for me as I tend to use open source tools most of the time.
This is well documented in AOSP, what do you mean?
You can enable root on GrapheneOS. It will erase your data, however, so make a backup before you do. But if you really want root you can save your data, root, restore, and leave root on.
How can I enable root?
You can't have a cake and eat it. A root access is a big hole, there's no way mainline will support it.
As for the possible way, you answered yourself already (custom keys and images) :)
> A root access is a big hole
How so?
On Linux, I can add an account to the sudoers list, and have the flexibility to configure the level of security appropriate for my use case. I have yet to experience any security issues (that I'm aware of). Why isn't this possible on my mobile device as well?
This absolute stance is not right. Security is not binary, but a spectrum. I should be allowed to have full control over my device without this being a security risk.
How so?
Root can access absolutely everything.
Malware capable of getting root can access / exfiltrate anything, use your network, flash your firmware, can persist permanently, can use you as a vector.
Shellshock, log4j, Heartbleed. Hundreds of the big profile vulnerabilities that can be exploited on the system in an attempt to obtain root. And then you're cooked.
You really think a malware with the root access can't do much?
Why do you think selinux (and similar) even exist?
This isn't absolute stance. This is just stating that having a root access on the proruction/daily system is the opposite of security.
Yes but root still exists in phones just like it does in servers. It's just not accessible by the user. The OS does run processes as root and it needs it for things like updates.
Also, the user having root access doesn't mean that every process they run has root rights. For rooted phones there's apps to control what it's used for. Anything else just runs with the limited rights as before.
Of course those 'sudo' apps would be an attack vector but a pretty niche one.
I understand the risks, but just because they theoretically exist doesn't mean that they pose an active threat in all scenarios, or that they can't be mitigated.
The idea of locking the system down completely and preventing anyone from accessing it is technically more secure, but it creates many practical issues for tech-savvy people who want full control over their devices, which is the vast majority of the GrapheneOS user base.
If SELinux can mitigate the risks, then sure, let's use that. I don't really care what the technical solution is to this problem.
I'm just saying that:
a) As a user of an OS I want to be allowed full control over my device and not have babyproofed functionality because "it's for my own good". That is the realm of walled garden OSs from most major corporations which I deliberately avoid by using GOS in the first place.
b) My personal threat model doesn't involve using a bunch of untrusted applications, and I'm fine with trading some security for convenience. If the risks from choosing convenience can't be mitigated, then my OS should be flexible enough to allow me to make that choice. Other OSs can do this, so why can't GOS? I'm inclined to believe that there's no technical reason for it, but it's something that maintainers simply don't want to support. Which is fine, it's their project and their prerogative, but then let's not pretend that this is a discussion about security.
Well, anyone with actual root on a secure (locked, verified boot on) Android phone can hard brick it with a single command. Yes, you can yell at the user telling them it's their fault. Still something you usually do not want to support.
I don't think having authorized temporary root is inherently insecure, but on the other hand making sure it is secure could be a huge time sink.
Now, the original request here, modifying user app (I'd assume it's not system app) data, is reasonable. Designing a properly authenticated way to allow doing so would be an interesting challenge.
Oh, I agree that the initial request is more than reasonable. Titanium Backup is something i miss every day.
Especially since Seedvault is.... ekhm, lacking.
> Designing a properly authenticated way to allow doing so would be an interesting challenge.
Qubes OS solved this problem. I don't see any flaws in their security model relying on vurtualization.
What is the threat model when enabling root on a phone and why can't it be mitigated? Root is enabled on most servers and desktops and we are surviving fine.
The way apps behave and the user interface to apps and the way they are used, the level of basic visibility and control that the user has moment to moment, is totally different on a phone than on a pc.
How so?
This is why most desktops and servers are comparably much less secure.
Check why Qubes OS was developed.
In practice, desktops and servers are quiet secure because you don't need to download random closed-source firmware and apps to use your device.
iOS and Android are a security nightmare. Downloading a random-ass executable to pay for parking is asking for trouble. Relying on millions of lines of proprietary Google code that you-don't-know-what-it-does is asking for trouble.
This code could have, and almost certainly does have, spyware, keyloggers, and various other forms of malware. You're simply trusting that it doesn't, because it's unverifiable.
And this doesn't even TOUCH on all the vulnerabilities associated with cellular networks, the baseband, SS7, etc. Good luck auditing that code.
At least on a server I can have some baseline guarantees about what software I'm running and what it's doing. Whereas on a phone, your location could constantly be triangulated, your phone identity spoofed, your cellular traffic sniffed, and on and on and you'd never know.
I mean, just this week we saw a post on here about ICE using fake cell towers to identify protestors. That shit is truly trivial to do, and people have been doing it for almost two decades. You wanna talk CVE? Start with that.
The user has real dom0 root on qubes.
Is Qubes resistant to forensics? I think its selling point is multi-level security and lateral movement prevention, not safeguarding data on a stolen laptop.
[2024]
And it looks like this is the draft, and it was published on the author's blog here: https://telefoncek.si/2024/05/2024-05-30-grapheneos-and-fore...
This kinds of make me want to get a pixel and install GrafeneOS there.
I'll admit that big companies may have some incentive to protect their users' privacy; but they are an easy legal target. If tomorrow the US or EU pass legislation that mandates a backdoor in all mobile devices, the entire world is screwed.
Very affordable to do.
I bought a cheap refurbished Pixel 7 Pro off eBay for $250 and installed GrapheneOS on it. Threw an eSim $20/m plan on it and use it as my phone when I leave the house and go IRL.
If I ever lose it or it gets taken while traveling, who cares, its secure af. I just cancel my eSim and buy another phone to install GrapheneOS on all while my main phone Pixel 10 Pro is still safe and at home.
What's your threat model for this kind of security?
1 - My main phone has a bunch of work stuffs on it and all my authenticator stuffs and etc
2 - I've been raided by the FBI before in my past (used to be blackhat in my 20s but now im whitehat :))
3 - I lose my phone sometimes. far better to lose a dinky burner phone VS my main phone.
What is your main phone and setup?
Also — how well/bad Graphene plays with Play Store (esp wrt safety net checks) apps?
The stuff that I notice not working are:
* Google wallet NFC payments
* Always on now playing
* Always listening OK Google
Android auto used to not work but they added support. Voice commands to Google while driving don't work for me, but may be possible to get working.
Google voice commands work, but you need to open the Google app.
Google wallet works fine for tickets, bar codes etc, just no NFC payments.
Android song search works for me, there's a quick access file for it and it works great. I think pixels normally show what's playing on the lock screen, offline. I think this might be the same thing, triggered manually. Though I'm not sure if it's offline or not.
I'm in Ireland and any backing apps I've tried work fine, PTSB, AIB, revolut, IBKR, Trade Republic. I've had no issues there.
It's a very stable OS IMO, the extra user profiles, being able to choose whether to have Google play or not, and what level of access to give it. I've used it on a pixel 6, which died not too long ago, and now a pixel 9a.
I use it. No issue
The only app so far I've found that won't work is ParkMobile and you can just use their website
main phone is just a regular Pixel 10 Pro.
Depends on the apps. You wont be able to use a lot of apps like Chase Bank app and etc w GrapheneOS. Lots of errors bc it blocks a ton of shit your banking apps will need or want to use.
FWIW, the UK recently cited the Investigatory Powers Act of 2016 in an attempt to force Apple to create a backdoor, but Apple refused
> ...but as far as we know Apple refused.
Fixed that for you.
To be fair after that came out they disabled ADP for the whole country. If they were willing to go along with it then that would not be the course they would take.
Not to mention it's a colossally dumb move to create a back door into your system that anyone can access and can break things like government contracts. Apple is greedy but they aren't suicidal.
My last pixel (4a) started falling apart after about a year and a half. Is there an android device that's a bit more hardy? I switched back to apple as I was able to use an SE for YEARS. Would love to try running GrapheneOS, though.
My wife uses her Pixel 4a to this day. I moved on from mine after some problems, but a factory wipe of the 4a actually fixed all of the problems with mine too.
And you know what else is cool? If the screen gets cracked or something doesn't work, you can take it to an independent repair shop and they can fix it.
The sad part is even security updates stopped for my pixel 5a.
I want to get a Pixel just for GrapheneOS as well but Google is incapable of selling those things worldwide despite being a trillion dollar corporation.
I had issues buying my Pixel from Google. My memory is fuzzy, but I think after I activated my account they said great, We'll let you purchase in a month... A really cautious security model I suppose. I gave up and bought it on Amazon.
What account? You can just walk into a Google store and buy one. Most big cities in the U.S. have one.
The problem is step 0. Be in US
This feels like countering insinuations on the Internet with insinuations on the Internet.
Cellebrite doesn't publicly publish the latest support matrix so we have no real idea what progress if any they've made against recent iPhones and iOS versions, nor any real detail on how something like Lockdown Mode influences outcomes for their software.
Nor does this show anything about Pixel 9 or Pixel 10 and the newest variants of Android OS (which for Pixel 10 makes sense given (2024), but for Pixel 9 does it?).
What we do know as both companies disclose this is that Apple implements particularly with Advanced Data Protection enabled significantly more E2EE than Google, and both companies invest significantly through i.e. Apple's SEAR into the security of their hardware, software and platforms.
That GrapheneOS exists is great but I don't think this post helps much.
Documents have been leaked at the beginning of this year: https://osservatorionessuno.org/blog/2025/03/a-deep-dive-int... which do include the Pixel 9. They show GrapheneOS being pretty secure in comparison to other vendors at the very least, with GrapheneOS being marked as unsupported if patched beyond 2022. They also show GrapheneOS beating the stock Google firmware.
One reason GrapheneOS fights these threads is by doing what Google doesn't want to do out of user friendliness, like disabling USB in AFU mode. Unlike Google, Samsung, or Apple in non-lockdown mode, GrapheneOS doesn't need to deal with upset users when they need to unlock their phone before hooking it up to their car/display/flash drive/3.5mm jack converter/etc.
GrapheneOS also enables security features when compiling the OS that have a performance impact but mitigate security risks. They end up with a slower phone with less battery life that's protected better against extremely uncommon attack vectors.
GrapheneOS explained how these security features would've prevented at least one targeted attack from leading to exploitation: https://grapheneos.social/@GrapheneOS/114081909020398165
We don't know the current state of Celebrite's capabilities, but the fact they struggled for at least three years last time intel leaked out does paint a good picture for GrapheneOS. I'm sure the GRU and NSA have exploits that can hack even GrapheneOS, but at least they're not the type that makes it into commercially available exploit kits as of now.
> GrapheneOS also enables security features when compiling the OS that have a performance impact but mitigate security risks. They end up with a slower phone with less battery life that's protected better against extremely uncommon attack vectors.
Apps may take slightly longer to launch, which was more noticeable on older devices, but not so much on modern supported devices. I understand that some of the other exploit protections mean that apps and processes take up slightly more memory, but that's another thing that people don't seem to be affected by.
As for battery life, not really. Most people report having roughly the same battery life with GrapheneOS as with the stock OS. People who don't install Google Play report much better battery life. Sure, the exploit protections might use a small amount of extra power, but it's negligible as far as I can tell based on my own experiences and what other people report.
Some devices are listed with both "BFU Yes" and "BF No" under the "... BFU" column (for example, the newer Pixel devices table). What do these mean in combination?
There is someone who leaks Cellebrite's support matrix to GrapheneOS dev's and it confirms that they are still unable to exploit it.
"Their documentation has explicitly listed GrapheneOS for years due to the high demand from their customers for breaking into it. It shows they were last able to exploit a GrapheneOS release with a 2022 or earlier patch level.
We have their June 2025 documentation and could obtain the newer documentation if we ask for it, but we have much bigger priorities than that right now and we would have been contacted by the main person providing it if anything relevant changed."
https://x.com/GrapheneOS/status/1965464817914831070
> Cellebrite admits they can not hack GrapheneOS if users had installed updates since late 2022.
So, how do I know that GrapheneOS is not a honeypot for the really big fish?
At this point it seems if you really want to be safe, you have to add obscurity (in addition to conventional best practices). Like changing the pinout on your USB port so the exploit device can't connect.
I thought about this for a moment, reminds me of ANOM company. But isn't GraphaneOS open source?
Changing USB pins layout sounds like interesting idea.
As mentioned in the link, Graphene has a lot of additional security feature. It can auto reboot after X hours without being unlocked. You can lock down the usb port to be charge only, or even completely disabled so that the only way to charge is with the device powered off.
>...because it is doing far more hardening than iOS against these attacks. iPhones also have security element, but the companies developing attacks, had successfully bypassed secure element throttling from Apple for years (and are doing the same with Samsung and Qualcomm
Is it true that Pixels are more hardened against brute forcing the security module and that iphones (and other phones) are easily bypassesed by these hacking tools?
I don't think I agree with this assessment; I have a lot of respect for GrapheneOS but they are very prone to this type of puffery, especially in face of criticism.
The information in this and other GrapheneOS articles comes from a leaked copy of the Cellebrite support matrix which is shipped with their end-user (law enforcement) devices, so it's a point-in-time look at one vendor's capabilities in one product line.
At the time this article was written, Cellebrite had brute force-based passcode access to iPhones before the iPhone 12 (prior to the Secure Storage Component), and supposedly had support for the iPhone 12 on iOS versions prior to 17 in development (vs. just under research), while they had no access to bruteforce on Android devices using the Titan M2 (Pixel 6 and later).
The general trust model is pretty similar: the user's passcode is entangled with (predictable) secure entropy and used to derive a key encryption key which can unlock the filesystem. Firmware running on a secure processor rate-limits passcode attempts.
Apple's implementation is well-documented here: https://support.apple.com/guide/security/secure-enclave-sec5... .
Google's implementation is called Weaver and I'm less sure how it works cryptographically, but it seems conceptually similar.
For more about the support matrix: https://osservatorionessuno.org/blog/2025/03/a-deep-dive-int...
Overall I would say that a modern iPhone running the latest iOS and a modern Pixel running GrapheneOS represent the absolute state of the art in protection, and seem to have pretty similar public support from forensic vendors. The article is right that essentially everything else is junk; hardware vendors by and large seem to really struggle to implement secure software (including ROMs and bootloaders).
Yes, except for "easily".
Those considering a switch from iOS to GrapheneOS might be interested in this migration guide and review:
https://blog.okturtles.org/2024/06/the-ultimate-ios-to-graph...
Slightly off-topic: how many people are maintaining GrapheneOS? Suppose Daniel Micay suddenly disappeared from planet earth - is there someone who has the knowledge, access and keys to continue immediately?
https://www.reddit.com/r/PrivacyGuides/comments/13spm4d/dani...
He stepped down as lead dev 2 years ago !!
Thanks, good to know. I was asking because the commit histories of some of the GrapheneOS components scream "mostly one man show".
https://github.com/GrapheneOS/Auditor/commits/main/
Surely there are competent Apple Photos and Google Photos alternatives like Ente. There are more.
As long as the USB port of your phone is used, you can not stop it. This is the backdoor the governments want without having to be tethered. Vote for privacy. Vote against the police state. Vote for freedom.
Libertarian rant aside. Governments fund these kinds of operations in secret so they can "effectively do their jobs". There's a ton of subcontractors working on AWS platforms that do analysis of this UFED "dump". (just a zip file of your phones directories). Emails, Phone logs, Carrier settings, Browser History, Text Messages, Cookies, Apps, App Logs, App Data, if it's on your phone, it's in the zip.
> As long as the USB port of your phone is used, you can not stop it.
According to TFA GrapheneOS can disable the USB port too
Which is the only defense when law enforcement takes your phone. GrapheneOS is the only ones that will let you.
> Vote
Sure... Vote "correctly" and then watch the world burn anyway when the politicians start spinning some nonsense about money laundering drug trafficking child molesting terrorists.
The only thing that comes to my mind is the so-called blobs, the closed source hardware drivers that are needed to make an Android phone work and that run at high privilege level.
If GrapheneOS is not tightly sandboxing them, then chances there are that a capable operator can use whatever backdoor each driver offers, mainly the wifi adapter, the baseband modem and the Bluetooth adapter.
No matter what GrapheneOS developers have done.
Imagine the wifi driver being able to spoof on pin entry procedure.
> If GrapheneOS is not tightly sandboxing them
It is. HN user strcat has posted extremely detailed comments on the matter.
https://news.ycombinator.com/threads?id=strcat
I am probably the only one but the geek in me would love to see an article where digital forensics are used against the most common operating systems in their most secure configuration - just to see how they compare with one another.
> most common operating systems in their most secure configuration
Air-gapped and turned off?
All is well
I've always found it strange that GrapheneOS only runs on Google hardware. Can anyone explain this choice?
AFAIK the Pixel devices are the only ones that reliably allow bootloader unlocking / re-locking, that is required to perform custom os installs.
There are others e.g. Motorola ones or Fairphone, that also allow this but it's a good idea to focus on a specific set of devices keeping maintenance as low as possible and security focus as high as possible.
There are alternatives like /eOS/ or CalyxOS supporting more devices and I experienced exactly this "no longer supported" issue with my Xiaomi A2, which suddenly disappeared from the list of supported devices (see https://calyxos.org/news/2021/03/29/mi-a2-ten-firmware/).
Pixels are the only devices that are out right now that meet the project's requirements. The project is in talks with a major OEM to have some of their devices meet GrapheneOS's requirements and have official support for GrapheneOS. Assuming all continues to go well, the project has said they expect those devices to be out in 1-2 years.
They've clearly explained here. I'm not sure how many people would keep asking the same question without even doing a simple web search.
https://grapheneos.org/faq#future-devices
not sure if it is an explanation or a justification
what's the difference?
Someone clearly replied with the same link. I'm not sure how many people would keep replying the same thing without even doing a simple thread search.
They posted within a minute of each other, so likely did not see the the response and were typing theirs as the other got posted.
Curious if you've already read the comprehensive FAQ entry and are trying to imply something?
Kind of. I don't use grapheneOS and I'd like to, but de-googling your phone by buying a Google phone seems a bit sketchy. I don't want to take away from a privacy focused project. I'm super thankful for this option and I can't stand android or iPhone. But in the back of my mind I wonder if I'm being tricked.
As for why graphene uses graphene uses pixels - their FAQ does a good job explaining. As for why google keeps the bootloader opened and maintains (until recently) good enough device-tree support- I would guess mostly historical reasons? Before becoming as mainstream as they are now nexus and pixel phones used to be in part android development devices and certain creature comforts stuck. This seems to be souring though, so some of the people there may be in talks with an OEM for a graphene os specific device[1].
[1]: https://discuss.grapheneos.org/d/23886-partnership-between-g...
This is great info. Thanks.
most of the explanation from the horse's mouth will be found here:
https://grapheneos.org/faq#device-support
Thanks
> These devices meet the stringent privacy and security standards and have substantial upstream and downstream hardening specific to the devices
It still seems strange. A big part of GrapheneOS is to provide a safeguard from Googles data hoarding, yet it works primarily on Google phones.
That doesn't seem odd to me. Google's data hoarding is done in software, not hardware. Remove Google's add-on software and you have a more or less blank slate to work with. I don't see why we'd expect any different.
This is the answer. Google play services and related privileged components are the non-open source blob hoarding data, along with whatever backend services you use from Google. These components are part of the stock android image that comes on the device that's replaced entirely by GrapheneOS.
Naturally if you continue to use Google services then the data hoarding continues.
> It still seems strange. A big part of GrapheneOS is to provide a safeguard from Googles data hoarding, yet it works primarily on Google phones.
That's the most confusing part. IMO GrapheneOS is not mainly about "provide a safeguard from Googles data hoarding", instead this is more like a side quest.
GrapheneOS is about creating a mobile OS that is more secure against advanced threats [0] than anything else, including stock Pixel OS and iOS.
[0] Currently my rule of thumb is, anyone who can find and write exploits for new memory corruption bugs for the wanted attack surface, or who can buy such capability, qualifies as advanced threat. Hence Cellebrite qualifies as a borderline "advanced threat".
Yes, a situation that Google is steadily fixing.
Conspiracy theory time: GrapheneOS is a skunkworks project from Google, to sell more Pixel hardware.
Considering last years development and quite open Google hostility?
No.
GoS have provided a lot of patches upstream, Some of which were even applied. Despite that they wouldn't get early access to A16 just because. Access EVERY vendor promising to preinstall privileged Google services has.
Allegedly Google security team was very happy about that idea, but got vetoed by management.
I agree with you, it's a dangerous and suspicious choice, https://news.ycombinator.com/item?id=45100831
I'm suspicious of your comment. You got beef or had a run in with the people who run the project...?
I don't have and never had any connection to GrapheneOS developers, positive or negative, online or offline, nor am I working for any of their competitors. I only have the philosophical disagreement with their decisions explained in my link above.
Okay, I'll bite - what phone GOS should run on?
Remember the context is having a *secure* handset in hand.
The answer is in the above link.
> secure
Different threat models exist. For example: https://source.puri.sm/Librem5/community-wiki/-/wikis/Freque...
Also, what I predicted has just happened: https://news.ycombinator.com/item?id=45208925
He's not wrong from a computer freedom perspective. GrapheneOS is actively hostile to things like complete root access. It blows a hole in the security model. It's also very much enabled by the exact same sort of user hostile cryptography that corporations use to lock down their devices. Things like hardware attestation which protects apps from us. We can't easily do things like MITM an app to reverse engineer it.
I still it's superior to any stock Android OS but the risks associated with giving up freedom for security must be considered. The ideal is to have security while simultaneously maintaining our power as the owners of the machine.
I currently use LineageOS on my pixel. Is it worth trying Graphine OS?
I love the sandboxed Play Services. It works better than microg, and is more secure/private than installing Play Services normally which are your two options on LineageOS.
The main downside for me was the limited phone choice. I really liked being able to use a smaller Sony phone with LineageOS, but now that those aren't really available in the US, I had to move to big phone anyway and Pixels aren't the worst option out there.
Yes. LineageOS is an insecure mess.
It's widely supported
Both of these things can be true at the same time.
TL;DR:
> Cellebrite admits they can not hack GrapheneOS if users had installed updates since late 2022.
The post had some nice structural discussion about digital forensics