this post was submitted on 02 Nov 2023
44 points (94.0% liked)

DeGoogle Yourself

8609 readers
7 users here now

A community for those that would like to get away from Google.

Here you may post anything related to DeGoogling, why we should do it or good software alternatives!

Rules

  1. Be respectful even in disagreement

  2. No advertising unless it is very relevent and justified. Do not do this excessively.

  3. No low value posts / memes. We or you need to learn, or discuss something.

Related communities

!privacyguides@lemmy.one !privacy@lemmy.ml !privatelife@lemmy.ml !linuxphones@lemmy.ml !fossdroid@social.fossware.space !fdroid@lemmy.ml

founded 4 years ago
MODERATORS
CrypticCoffee@lemmy.ml
CrypticCoffee@lemm.ee
Byereddithellolemmy@lemmy.world
chevy9294@monero.town
44
graphene VS calyx (lemmy.ml)
submitted 11 months ago by kaliban@lemmy.ml to c/degoogle@lemmy.ml
49 comments fedilink hide all child comments
 

I dont want to start a fight or anything like that, I have to decide between these 2 and cant figure out which is the best and why, mostly because if you ask on X they just start swearing to each other without giving any real explanation, can anyone help a person who want to embrace privacy and anonimity?

all 50 comments
sorted by: hot top controversial new old
[–] Decentralizr@lemmy.world 25 points 11 months ago (3 children)

GrapheneOS is unmatched when it comes to security features including hardening. Don’t get me wrong calyx is great and when you like to use microG then it’s there. With graphene you can also install google play and framework (if you wish so) but in a different approach. It’s like a normal app. So you can do it with network access given or not even etc… it’s worth to test out also the profiles and separate your life into profiles… you can have on one google service on one not etc… and all getting push notifications. Most banking apps work (to be honest very had any issues.)

With calyx like I say it’s a privacy but not security hardened approach. And calyx been back in security updates what been pushed from google sometimes for months. For me it’s a clear choice but it’s your call…

[–] kaliban@lemmy.ml 5 points 11 months ago (3 children)

I still dont understand how the graphene sandboxing is better than microG that is a randomized ID more or less, why I should install feds apps on my phone? even if they're sandoboxed

[–] jet@hackertalks.com 15 points 11 months ago* (last edited 11 months ago) (1 children)

its down to your threat model, microg runs as root, sandboxed play runs as a normal app.

There is one philosophy that says the less privileges the better, the smaller the risk surface

[–] kaliban@lemmy.ml 6 points 11 months ago

oooh ok, now its all clear, thats why people blame microG for security stuff, thats right didnt thought about that at all, damn dumb me fr, thanks man, thanks for the help

[–] LoveSausage@lemmygrad.ml 5 points 11 months ago (1 children)

You can choose not to use it at all. My main profile does not and all work fine. Non privacy respecting/ goggle dependent apps I keep in a separate profile.

You can't do that on calyx.

Since play on GOS is toothless , while microG is a hacked up job yea it's better. Microg is ofc amazing , but still a have issues.

[–] krolden@lemmy.ml 2 points 11 months ago (2 children)

If you're not running play services youll have to set up push notifications with something like ntfy or use background sync which uses more batteries.

[–] ninchuka@lemmy.one 2 points 11 months ago

Ntfy for apps that support it

load more comments (1 replies)
[–] Cheradenine@sh.itjust.works 5 points 11 months ago

There is some more reading here from the DivestOS site about why Graphene Is better.

https://divestos.org/pages/patch_levels

[–] illi@lemm.ee 4 points 11 months ago (1 children)

When I was looking into Graphene people said the issue is lack of notifications. Is this outdated info?

[–] iSeth@lemmy.ml 3 points 11 months ago (5 children)

Any android without google play. Many apps lack notifications outside of firebase.

load more comments (5 replies)
[–] ExtremeDullard@lemmy.sdf.org 15 points 11 months ago* (last edited 11 months ago) (6 children)

There are 3 important factors that drove me to CalyxOS rather than GrapheneOS:

1/ There's no way in HELL I'm buying a Pixel phone and giving my money to Google for the privilege of not being tracked by Google. That's really too rich for me.

2/ I want a repairable device.

Therefore I bought a FairPhone 4 (repairable and not Google), and only CalyxOS supports it - of those two that is.

And finally 3/ The GrapheneOS community is toxic. Although in fairness, now that the Chief Toxic Officer is gone, maybe it's gotten better. At any rate, the Calyx community is completely peaceful and exemplary compared to Graphene.

This may not matter to you, but it seems to me like a sane thing to do not to trust software made by someone who talks that much shit.

[–] LoveSausage@lemmygrad.ml 7 points 11 months ago (1 children)

While I am agreeing somewhat, and I haven't been active in the community much. The few encounters I had was in the matrix chat . Yea toxic af . Checked in too see now , scrolled a bit but quite civil atm.

I repair pixel phones as an hobby / side gig and yea not comparable withe fairphone, but still repairable , better than a lot of others but depends on models.

I buy second hand in bulk and repair whats needed. Bonus of no trail to Google as well.

[–] jet@hackertalks.com 1 points 9 months ago* (last edited 9 months ago)

Off topic: but about repairing pixels as a side gig.

For the Pixel 5A5G, the screens not being responsive issue, it appears to be widespread. The discussion forums, and the Google forums, simply refer to it as a "motherboard issue".

In your experience is that more likely to be a bad BGA join coming loose over time? Is the most likely repair option for those devices reballing the BGA on the CPU?

[–] ninchuka@lemmy.one 5 points 11 months ago

Graphene community isn't toxic at all, there's some people who you really shouldn't listen to seriously for advice but other then that it's like all community's with some good eggs and bad eggs

[–] CrypticCoffee@lemmy.ml 4 points 11 months ago

I went with GrapheneOS and it is my preference, but we need all this software to mature. We want choices and a hardened more complete feature set, so I really want CalyxOS to succeed also. That and Lineage, /e/os, Linux Mobile options etc.

[–] Devjavu@lemmy.dbzer0.com 4 points 11 months ago (1 children)

Also, privacy fruendly esim activation anyone? (Am aware of privacy issues with sim)

[–] mojo@lemm.ee 1 points 11 months ago (1 children)

Confused on what you mean by that

[–] Devjavu@lemmy.dbzer0.com 7 points 11 months ago* (last edited 11 months ago) (2 children)

Well, if you want to activate an esim on any other Android rom, you need to use Google services and have an internet connection. DivestOS is the first rom to implement an open source version of eUICC, which is used for activation, called OpeneUICC. It also does not need an internet connection, so nobody knows that the esim is installed on your device. That is, until you actually use it, of course. This is in line with DivestOS actively trying to "deblob" (remove binary, closed source parts of) Android.

The second part, about why sim is not very private, well it has a unique identifier and the technology was specifically designed to pinpoint your location, as this helps keep a good connection.

Also, why did my comment get downvoted?

[–] LoveSausage@lemmygrad.ml 2 points 11 months ago (1 children)

GOS also have esim implementation without google

[–] skuzz@discuss.tchncs.de 1 points 10 months ago (1 children)

The second part, about why sim is not very private, well it has a unique identifier and the technology was specifically designed to pinpoint your location, as this helps keep a good connection.

SIM cards contain authentication keys for the cellular network so it knows who to bill and which cells to send a paging signal over to ring a call. The use of SIM cards does not pinpoint your location, and SIM cards have absolutely nothing to do with keeping a good connection (pSIM or eSIM). The network and handset are constantly re-evaluating signal strength across various bands and modes and the network tells the handset to switch to what works while moving about the network. The SIM just auths the user account. It is ostensibly a key to your service, nothing more.

All the network band/mode hunting will continue with or without a SIM card, the phone would just be limited to emergency calls in that state.

load more comments (1 replies)
[–] JackSkellington@lemmy.world 2 points 11 months ago (1 children)

Is it possible to re-lock the bootloader on the phairphone with calyxOS?

[–] ExtremeDullard@lemmy.sdf.org 2 points 11 months ago

Absolutely. It is recommended in fact.

[–] Maoo@hexbear.net 9 points 11 months ago

If you have a pixel I recommend graphene and if not I recommend calyx. Graphene has some lower-level security primitives and their sandboxing between profiles is very good. I recommend not installing Google Play Services on your main profile (ideally in none but you might not have that luxury).

Security and privacy require diving into the topic, though. You can still easily do non-secure, non-anonymous things in either case. Sometimes people even seem to do riskier things when they think their privacy tools are there, and end up being less private and secure as a result of not knowing how the threats work.

[–] LoveSausage@lemmygrad.ml 9 points 11 months ago* (last edited 11 months ago) (1 children)

I use calyx on a spare phone, graphene on my regular. Graphene is better security wise, and better privacy wise.

If your device can run graphene is go for it.

Graphene for example are using a sandbox Google play that's not have any special privileges. Which you can choose to use or not. Or use in a separate profile. Calyx comes with microg from the start. Which still uses proprietary stuff. Just the hardened malloc and other stuff under the hood on graphene makes it a better option

[–] kaliban@lemmy.ml 2 points 11 months ago (1 children)

what about battery life? I heard that calyx can stay on for a long time without any issues because there are no actual background apps but I didnt heard anything about that for graphene, can you confirm that since you use it as daily drive?

[–] LoveSausage@lemmygrad.ml 5 points 11 months ago* (last edited 11 months ago) (1 children)

Amazing battery life , comparing a new install of calyx and graphene it's a ton of difference. Calyx looks bloated in comparison with graphene. There's basically like 5 apps on a new graphene install. Just running microg takes a lot of stuff to run.

[–] kaliban@lemmy.ml 3 points 11 months ago

perfect, thanks for the help.

[–] TCB13@lemmy.world 5 points 11 months ago* (last edited 11 months ago) (4 children)

Both are good solutions however if you're on a supported phone I would pick GrapheneOS every single day.

CalyxOS (and the supported devices) expose you to a classic “evil maid attack” applied to phones. There's also other privacy implications of mishandled stuff in CalyxOS.

If you want a detailed explanation read this https://lemmy.world/comment/4962467 and my comments bellow it:

As usual if you’re looking to have any security (Verified boot) GrapheneOS + Pixel phone is the only options. I really don’t get it how come people(...) are okay with having a phone with all their personal data and logins without verified boot. Stolen / lost phone and game over.

Doesn’t Android have file based encryption by default since a while now??

if someone can compromise your bootloader in an hotel or some other public place then they’ll get to your data either way once you turn on the phone. This is one very small and very important detail that all those tech youtubers pro-privacy, security and whatnot love to ignore as it is the really hard one that makes all the difference. Secure boot is a complex subject and it requires a lot of work and checks to make sure nobody tempered with your device and Graphene / Pixel are the ones that really give a shit about that (except for Apple that wants to block jailbreaking and pirated Chinese app stores at all costs).

switching to another ROM on a phone with non re-lockable bootloader is a downgrade from the stock ROM?

It depends on your goal. If you plan to have any kind of boot / data security and the device can't be re-locked with an alternative ROM you're essentially better with the stock ROM in a locked state. Now that's kind of personal choice, I believe the instant damage done by someone stealing your phone and getting your data (because your bootloader was unlocked) is considerably larger than the privacy implications of running the stock / vendor Android. For what's worth if you can root your stock Android and firewall everything that seems suspicious it might be better than running an alternative ROM without a secure boot. Even with an alternative ROM you can run into privacy issues, take for example here CalyxOS running on Qualcomm CPUs. What's interesting here is that this issue doesn't happen in Graphene because they're actually better.

[–] mojo@lemm.ee 6 points 11 months ago

That's immediately wrong because CalyxOS has verified boot.

[–] LoveSausage@lemmygrad.ml 4 points 11 months ago (1 children)

Not sure because I rooted my calyx spare, and it was a while back since I used it.. I thought calyx also had locked bootloader?

[–] noodlejetski@lemm.ee 6 points 11 months ago* (last edited 11 months ago)

yeah, Calyx does support relocking it.

[–] ubergeek77@lemmy.ubergeek77.chat 3 points 11 months ago

CalyxOS (and the supported devices) expose you to a classic “evil maid attack” applied to phones.

As usual if you’re looking to have any security (Verified boot) GrapheneOS + Pixel phone is the only options. I really don’t get it how come people(...) are okay with having a phone with all their personal data and logins without verified boot. Stolen / lost phone and game over.

But CalyxOS focuses on verified boot too?

[–] kaliban@lemmy.ml 1 points 11 months ago (1 children)

perfect I'll take a look thanks

[–] TCB13@lemmy.world 1 points 11 months ago

Just copied over the most relevant parts of the discussion with other users.

[–] Imprint9816@lemmy.dbzer0.com 3 points 11 months ago

https://eylenburg.github.io/android_comparison.htm

[–] jet@hackertalks.com 2 points 9 months ago* (last edited 9 months ago)

After having done some recent experimentation: from a usability perspective.

Graphene Exclusive:

  • sandbox google if you want it
  • can disable apps, so they never run, but still get updates. ( This is great for those apps you want on demand i.e. food, hotels, movie, banking, etc)
  • elegant cross user notifications, so if you're in your banking user account, you can see you got a text message on your social user account. And switch over quickly
  • security scopes for contacts, and media- you can choose exactly what to share with a app when they ask for access to media. This might now be a general Android 14 feature I'm not sure

Calyxos Exclusive

  • share VPN via tethering and profiles (lineage os too)
  • work profile for EVERY user account (normally only the owner account can set up a work profile. This is the only ROM I'm aware of that allows this.)

Honestly, I would like the vendors to incorporate each other's features. I don't see why not since they're both open source.

When traveling, the ability to share a tethered VPN is an absolutely killer feature. You don't need travel routers.

Sorry for necroing an old thread. But it's relevant