Hi NMGLUG folks, I've been wanting to have more security and privacy on my phone for a while. I guess I'm not alone. I heard about LineageOS a while back. More recently, I heard that CalyxOS is more feasible to get to work. I recently bought a Google Pixel 4a with the idea that I might one day put CalyxOS on it, and that it will work great. Now, I heard about political sides wanting to protect us from big tech talking about FreedomOS. Does anyone have tech insight into the security of these and feasibility to use on a phone? Thanks to all of you, LeRoy -- There is something glorious birthing within all of us. (New for 2021) I am the Love of God, no matter what. LeRoy Diener 213-LEROYIZ 213-537-6949 www.leroydiener.com/
FreedomOS and the Freedom phone sound like a big grift to make money off gullible folks. The only reports of "political sides wanting to protect us from big tech talking about FreedomOS" I've seen seem to be PR pieces for the phone itself or else far right-leaning sites stoking fears about "big tech censorship." The hardware of the $500 Freedom Phone itself seems to be a budget Chinese phone available for about 1/4 the price on AliExpress. It also looks like Android pre-loaded with an American flag background and apps like Parler, Newsmax and OAN, so you can be racist right out of the gate at first power up. If anyone can find the source anywhere, I'd be interested in looking at it, but I'd bet it's just re-skinned LineageOS with some pre-loaded apps and a skinned Aurora app store. Their goal here is clearly to fleece the gullible. I wouldn't trust them at all. Making money is their priority, not user privacy. I've had good luck de-Googling my phone by installing LineageOS without Google services (and Cyanogenmod before that). I'll have to dive in and try CalyxOS sometime as they seem to have a better security model and AOSP is their upstream, not just a re-skinned LineageOS. I've been tinkering around a bit with a Pine Phone but I'd still say it's not ready for prime time. Getting there, though. On Mon, Jul 19, 2021 at 1:19 PM LeRoy Diener <leroy@choosetherightside.com> wrote:
Hi NMGLUG folks,
I've been wanting to have more security and privacy on my phone for a while. I guess I'm not alone. I heard about LineageOS a while back. More recently, I heard that CalyxOS is more feasible to get to work. I recently bought a Google Pixel 4a with the idea that I might one day put CalyxOS on it, and that it will work great. Now, I heard about political sides wanting to protect us from big tech talking about FreedomOS.
Does anyone have tech insight into the security of these and feasibility to use on a phone?
Thanks to all of you, LeRoy -- There is something glorious birthing within all of us. (New for 2021) I am the Love of God, no matter what. LeRoy Diener 213-LEROYIZ 213-537-6949 www.leroydiener.com/ _______________________________________________ nmglug mailing list nmglug@lists.nmglug.org http://lists.nmglug.org/listinfo.cgi/nmglug-nmglug.org
By the way, "Freedom OS" on the Freedom Phone does not seem to be the same as the old FreedomOS rom: https://gitlab.com/Nevax/FreedomOS On Mon, Jul 19, 2021 at 3:10 PM Paul <pahool@gmail.com> wrote:
FreedomOS and the Freedom phone sound like a big grift to make money off gullible folks. The only reports of "political sides wanting to protect us from big tech talking about FreedomOS" I've seen seem to be PR pieces for the phone itself or else far right-leaning sites stoking fears about "big tech censorship."
The hardware of the $500 Freedom Phone itself seems to be a budget Chinese phone available for about 1/4 the price on AliExpress. It also looks like Android pre-loaded with an American flag background and apps like Parler, Newsmax and OAN, so you can be racist right out of the gate at first power up. If anyone can find the source anywhere, I'd be interested in looking at it, but I'd bet it's just re-skinned LineageOS with some pre-loaded apps and a skinned Aurora app store. Their goal here is clearly to fleece the gullible. I wouldn't trust them at all. Making money is their priority, not user privacy.
I've had good luck de-Googling my phone by installing LineageOS without Google services (and Cyanogenmod before that). I'll have to dive in and try CalyxOS sometime as they seem to have a better security model and AOSP is their upstream, not just a re-skinned LineageOS.
I've been tinkering around a bit with a Pine Phone but I'd still say it's not ready for prime time. Getting there, though.
On Mon, Jul 19, 2021 at 1:19 PM LeRoy Diener <leroy@choosetherightside.com> wrote:
Hi NMGLUG folks,
I've been wanting to have more security and privacy on my phone for a while. I guess I'm not alone. I heard about LineageOS a while back. More recently, I heard that CalyxOS is more feasible to get to work. I recently bought a Google Pixel 4a with the idea that I might one day put CalyxOS on it, and that it will work great. Now, I heard about political sides wanting to protect us from big tech talking about FreedomOS.
Does anyone have tech insight into the security of these and feasibility to use on a phone?
Thanks to all of you, LeRoy -- There is something glorious birthing within all of us. (New for 2021) I am the Love of God, no matter what. LeRoy Diener 213-LEROYIZ 213-537-6949 www.leroydiener.com/ _______________________________________________ nmglug mailing list nmglug@lists.nmglug.org http://lists.nmglug.org/listinfo.cgi/nmglug-nmglug.org
Paul writes:
I've been tinkering around a bit with a Pine Phone but I'd still say it's not ready for prime time. Getting there, though.
I've been hearing good things about the Pine Phone, but always from city dwellers who have their choice of carrier, so nobody seems to have solid info about how well it works with Verizon. Do you know, by any chance? What carrier(s) are you using, and does it get reception out in the wilds of, say, Abiquiu or Cochiti? ...Akkana (who sure would love a spyware-free phone that could run Python scripts)
Honestly, I've just been doing a little minimal distro-jumping and haven't even tried it with a carrier yet. But I have Ting as my carrier and will probably pick up a SIM card for it the next time they offer a free line, which they do occasionally. On Mon, Jul 19, 2021 at 5:43 PM Akkana Peck <akkana@shallowsky.com> wrote:
Paul writes:
I've been tinkering around a bit with a Pine Phone but I'd still say it's not ready for prime time. Getting there, though.
I've been hearing good things about the Pine Phone, but always from city dwellers who have their choice of carrier, so nobody seems to have solid info about how well it works with Verizon. Do you know, by any chance? What carrier(s) are you using, and does it get reception out in the wilds of, say, Abiquiu or Cochiti?
...Akkana (who sure would love a spyware-free phone that could run Python scripts) _______________________________________________ nmglug mailing list nmglug@lists.nmglug.org http://lists.nmglug.org/listinfo.cgi/nmglug-nmglug.org
Hi LeRoy, LeRoy Diener writes:
I heard about LineageOS a while back. More recently, I heard that CalyxOS is more feasible to get to work. I recently bought a Google Pixel 4a with the idea that I might one day put CalyxOS on it, and that it will work great.
I've used GrapheneOS as my sole phone OS for the last ten months, on a Pixel 3A. Have been very happy with it. GrapheneOS has a number of custom security features that make a real difference. The ones I care about most are: - sensors permission: I can prevent any app from accessing the accelerometer, which has been shown to be basically equivalent to a microphone. - multi-profile usability: It's easy to create and switch between separate profiles, each of which has no access to any information from other profiles. (For example, apps can't be prevented from seeing that other apps are installed, and they can use that for fingerprinting or data-gathering purposes. But apps can't see outside their own profile.) It's easy to log out of profiles and clear their encryption keys from memory, so they can't be grabbed as easily by a physical attacker. This is also really nice to avoid shoulder-surfing in public places: if I just need a web browser in the airport, but don't need access to my private information, I can open up an unprivileged profile without worrying about cameras or strangers observing my passcode. - strong malloc: The memory allocator has protections in it that trigger certain types of bugs to cause an app to crash. On a system where buggy apps don't crash, such bugs can be potentially be used to craft a user exploit. - remote attestation: GrapheneOS provides a service that uses hardware cryptographic features to periodically verify that the operating system hasn't been surreptitiously reinstalled or replaced. Aside from that, it has all the typical benefits of privacy-oriented Android variants, de-Google-ification and so forth. Even if you don't end up using GrapheneOS (although I highly recommend using it!), I do recommend following the lead developer, Daniel Micay: https://twitter.com/danielmicay He's a bit wordy, but watching what topics he focuses on is a good way to keep up with the cutting edge of Android and open source security.
Now, I heard about political sides wanting to protect us from big tech talking about FreedomOS.
Just read their privacy policy: https://freedomphone.com/pages/privacy They reserve the right to send you ads, analyze your data, and share it with their "affiliates". The hardware is serviceable from a computing perspective, but not from a privacy and security perspective. For secure hardware, it's hard to beat a Pixel or an iPhone. In general, I would avoid political sources that claim to provide privacy. Usually they have a financial incentive towards puffery. -- Anthony J. Bentley
participants (4)
-
Akkana Peck -
Anthony J. Bentley -
LeRoy Diener -
Paul