this post was submitted on 02 Nov 2023
44 points (94.0% liked)

DeGoogle Yourself

8799 readers
2 users here now

A community for those that would like to get away from Google.

Here you may post anything related to DeGoogling, why we should do it or good software alternatives!

Rules

  1. Be respectful even in disagreement

  2. No advertising unless it is very relevent and justified. Do not do this excessively.

  3. No low value posts / memes. We or you need to learn, or discuss something.

Related communities

!privacyguides@lemmy.one !privacy@lemmy.ml !privatelife@lemmy.ml !linuxphones@lemmy.ml !fossdroid@social.fossware.space !fdroid@lemmy.ml

founded 4 years ago
MODERATORS
CrypticCoffee@lemmy.ml
CrypticCoffee@lemm.ee
Byereddithellolemmy@lemmy.world
chevy9294@monero.town
44
graphene VS calyx (lemmy.ml)
submitted 1 year ago by kaliban@lemmy.ml to c/degoogle@lemmy.ml
49 comments fedilink hide all child comments
 

I dont want to start a fight or anything like that, I have to decide between these 2 and cant figure out which is the best and why, mostly because if you ask on X they just start swearing to each other without giving any real explanation, can anyone help a person who want to embrace privacy and anonimity?

you are viewing a single comment's thread
view the rest of the comments
[–] TCB13@lemmy.world 5 points 1 year ago* (last edited 1 year ago) (4 children)

Both are good solutions however if you're on a supported phone I would pick GrapheneOS every single day.

CalyxOS (and the supported devices) expose you to a classic “evil maid attack” applied to phones. There's also other privacy implications of mishandled stuff in CalyxOS.

If you want a detailed explanation read this https://lemmy.world/comment/4962467 and my comments bellow it:

As usual if you’re looking to have any security (Verified boot) GrapheneOS + Pixel phone is the only options. I really don’t get it how come people(...) are okay with having a phone with all their personal data and logins without verified boot. Stolen / lost phone and game over.

Doesn’t Android have file based encryption by default since a while now??

if someone can compromise your bootloader in an hotel or some other public place then they’ll get to your data either way once you turn on the phone. This is one very small and very important detail that all those tech youtubers pro-privacy, security and whatnot love to ignore as it is the really hard one that makes all the difference. Secure boot is a complex subject and it requires a lot of work and checks to make sure nobody tempered with your device and Graphene / Pixel are the ones that really give a shit about that (except for Apple that wants to block jailbreaking and pirated Chinese app stores at all costs).

switching to another ROM on a phone with non re-lockable bootloader is a downgrade from the stock ROM?

It depends on your goal. If you plan to have any kind of boot / data security and the device can't be re-locked with an alternative ROM you're essentially better with the stock ROM in a locked state. Now that's kind of personal choice, I believe the instant damage done by someone stealing your phone and getting your data (because your bootloader was unlocked) is considerably larger than the privacy implications of running the stock / vendor Android. For what's worth if you can root your stock Android and firewall everything that seems suspicious it might be better than running an alternative ROM without a secure boot. Even with an alternative ROM you can run into privacy issues, take for example here CalyxOS running on Qualcomm CPUs. What's interesting here is that this issue doesn't happen in Graphene because they're actually better.

[–] mojo@lemm.ee 6 points 1 year ago

That's immediately wrong because CalyxOS has verified boot.

[–] LoveSausage@lemmygrad.ml 4 points 1 year ago (1 children)

Not sure because I rooted my calyx spare, and it was a while back since I used it.. I thought calyx also had locked bootloader?

[–] noodlejetski@lemm.ee 6 points 1 year ago* (last edited 1 year ago)

yeah, Calyx does support relocking it.

[–] ubergeek77@lemmy.ubergeek77.chat 3 points 1 year ago

CalyxOS (and the supported devices) expose you to a classic “evil maid attack” applied to phones.

As usual if you’re looking to have any security (Verified boot) GrapheneOS + Pixel phone is the only options. I really don’t get it how come people(...) are okay with having a phone with all their personal data and logins without verified boot. Stolen / lost phone and game over.

But CalyxOS focuses on verified boot too?

[–] kaliban@lemmy.ml 1 points 1 year ago (1 children)

perfect I'll take a look thanks

[–] TCB13@lemmy.world 1 points 1 year ago

Just copied over the most relevant parts of the discussion with other users.