#grapheneos

lorenzoancora@pod.mttv.it

📹 Why I deleted GrapheneOS

video by L. Rossmann

Synopsis:

Micay, the lead developer of GrapheneOS accuses the F-Droid project of harrassment:

All I posted before their outburst of bullying and fabricated stories which started in their developer chat room was information on the Android permission model, how F-Droid presents it incorrectly to users and how that harms users by misleading them in 2 different ways about it. I stated we intend to add a disclaimer screen to GrapheneOS on this incorrect information in the F-Droid app if they won't fix it, which has been planned for a long time. F-Droid has multiple serious security and usability issues which they have downplayed and refused to fix. In many cases, F-Droid has downplayed and refused to acknowledge or fix security issues. They've started making posts with the explicit goal of downplaying the issues and misleading people about them. This will only increase the priority of replacing it and moving users away. Engaging in harassment and libel towards people reporting and publishing information about serious issues in their software is one of their main approaches. Several people other than myself have posted blog posts and videos explaining issues, which F-Droid has attacked with lies. [...]
I have irrefutable proof that multiple core F-Droid and Calyx developers (substantial overlap) have engaged in bullying, harassment and libel targeting me to advance their own interests. 1 2

In the aftermath, Rossman, right to repair activist and interpreneur, has to confront the state of distress of the talented developer, who feels isolated and mistreated. The stress reduces the capacity to communicate correctly, leading to even more isolation. On the spectrum of autism and victim of cyberbullying since 2018, in the end Micay's mental wellness is at risk. In addition to contacting the authorities and asking for help, he takes the wise decision to use the social networks in a safer way:

I've stepped down as lead developer of GrapheneOS and will be replaced as a GrapheneOS Foundation director. I'll be ending my use of public social media. I'm unable to handle the escalating level of harassment including recent swatting attacks. There will be a smooth migration.

Cyberbullying can happen at any age and dealing with it can be hard. Wish you a serene recovery.

Lesson learned:
if we want to enjoy free software, we should also keep in consideration the wellness of who develops it. The aggressivity of some open source projects goes beyond healthy competition and we should all see it as the exterior manifestation of a toxic environment. Open source developers should stick as much as possible to a code of conduct, ensuring emotional detatchment and professional behaviour at all times.

Tags: #opensource #foss #os #grapheneos #fdroid #mobile #android #ungoogled #smartphone #customrom #privacy #mentalhealth

https://web.archive.org/web/20230601062933/https://twitter.com/DanielMicay/status/1651377352469880833
https://archive.ph/j7qql


caos@anonsys.net

📲 Wer wird denn evtl. beim #UpcyclingAndroid -Workshop in #Köln zugegen sein??
Das ist eine tolle Gelegenheit, um mehr übers #Flashen von #CustomROMs zu erfahren, es ohne Risiko auszuprobieren und/oder sich darüber mal persönlich auszutauschen...

#Nachhaltigkeit #CustomROM #Android #ungoogled
#CalyxOS #GrapheneOS #LineageOS #DivestOS #eOS @caos


Free Software Foundation Europe - 2022-12-20 13:10:54 GMT

Upcycling Android Workshop

Jedes Jahr werden weltweit 1,5 Milliarden Smartphones hergestellt und genauso viele mit Ablauf der Updates nach kurzer Nutzungsdauer weggeworfen. Wenn wir unser aktuelles Telefon weiter benutzen statt ein neues zu kaufen, tragen wir dazu bei, die Zunahme von Elektroschrott zu vermeiden. Und wenn nur jede*r dritte ihr Handy 1 Jahr länger nutzen würde, könnten wir uns die Rohstoffe für die Produktion von 100en Millionen Handys pro Jahr sparen.

Mit Upcycling Android zeigt die Free Software Foundation Europe auf, wie mit Hilfe der Installation Freier Software Betriebssysteme Telefone durch Flashen länger genutzt werden können. Es werden Telefone bereitgestellt, bei denen im Anschluss Freie Software Betriebessysteme ausprobiert werden oder auch selbst von Teilnehmer*innen geflasht werden können. Währenddessen beantworten wir Fragen rund ums Flashen und zeigen mit F-Droid und microG zudem eine Welt voller Freier Software.

Plätze sind begrenzt, bitte treten sie dem Event hier bei um sich für den Workshop anzumelden. Für Fragen und Rückmeldungen können sie uns auch an upcycling@fsfe.org schreiben.#### Beginnt:

Freitag Januar 20, 2023 @ 4:00 PM GMT+01:00 (Europe/Berlin)

Endet:

Freitag Januar 20, 2023 @ 8:00 PM GMT+01:00 (Europe/Berlin)

Banner

kurt@pod.thing.org

Hilfe mit Graphene

Liebe Freunde, eine Freundin von mir hat Probleme mit iohrem Handy, sie hat mich gebeten das hier zu posten (weil ich ihr erzählt habe, daß es hier einige Leute mit alternativem handy-OS gibt). Ich mach das hiermit, wenn jemand hilfreiche Hinweise hat, freuen wir uns über Kommentare!

ich habe das handy #google #pixel 4a mit #grapheneos betriebssystem jetzt
seit ca 6 wochen in verwendung und wir haben sogar geschafft die esim zu
installieren ohne das betriebssystem neu zu installieren. bis gestern
nacht war alles toll...

ich bin gestern abend in berlin angekommen und gestern nacht hat sich
mein handy ausgestellt, weil die batterie wohl alle war, aber eigentlich
hatte ich vorm schlafengehen noch 40% akku. morgens war der akku dann
leer und nachdem ich es geladen und gestartet habe ging das internet
nicht mehr. es geht auch nicht über wlan, irgendwas scheint da zu
blockieren... vielleicht gab es nachts ein update oderso... bei
systemeinstellungen steht bei system update: aktualisiert auf #android
12, aber nicht wann die aktualisierung stattfind. jedenfalls jetzt geht
nur noch telefon und sms.

Das blöde ist eben auch, dass ich #internet in berlin nur über
handyhotspot habe, also jetzt auch kein internet zuhause. Habe schon im
computerladen meines vertrauens gefragt, aber die sagen damit kennt sich
niemand aus. weiss jetzt auch nicht, was ich machen soll. in foren
suchen?? vielleicht kannst du mal schauen oder in einen chat schreiben,
weil ich nur im cafe internet habe :(

hast du einen tipp für mich? vielleicht findest du ja was?

tom@pod.interlin.nl

GrapheneOS

Bildbeschreibung hier eingeben

GrapheneOS is a privacy and security focused mobile OS with Android app compatibility developed as a non-profit open source project. It's focused on the research and development of privacy and security technology including substantial improvements to sandboxing, exploit mitigations and the permission model. It was founded in 2014 and was formerly known as CopperheadOS.

https://grapheneos.org/

#grapheneos #mobile #android #opensource

lancelot_g@diaspora-fr.org

Une initiative #ecologique de la #FSFE :
upcycling Androïd
Il s'agit d'organiser des ateliers pour installer une ROM Custom sur un ancien appareil Androïd pour prolonger sa durée de vie.

Pour ceux qui ne savent pas ce qu'est une ROM, c'est un peu l'équivalent de système d’exploitation (ou OS) pour un ordinateur système d'exploitation par wikipedia

La plus connue de ces ROM custom est sans doute #lineageos :page wikipedia
Mais il en existe bien d'autres #sailfishos , #grapheneos , #ubuntu-touch ...

#upcycling , #degooglisation , #logiciel-libre

hackaday@xn--y9azesw6bu.xn--y9a3aq

Privacy Report: What Android Does In The Background

image

We've come a long way from the Internet of the 90s and early 00s. Not just in terms of technology, capabilities, and culture, but in the attitude most of us take when accessing the 'net. In those early days most users had a militant drive to keep any personal or identifying information to themselves beyond the occasional (and often completely fictional) a/s/l, and before eBay and Amazon normalized online shopping it was unheard of to even type in a credit card number. On today's internet we do all of these things with reckless abandon, and to make matters worse most of us carry around a device which not only holds all of our personal information but also reports everything about us, from our browsing habits to our locations, back to databases to be stored indefinitely.

It was always known that both popular mobile operating systems for these devices, iOS and Android, "phone home" or report data about us back to various servers. But just how much the operating systems themselves did was largely a matter of speculation, especially for Apple devices which are doing things that only Apple can really know for sure. While Apple keeps their mysteries to themselves and thus can't be fully trusted, Android is much more open which paradoxically makes it easier for companies (and malicious users) to spy on users but also makes it easier for those users to secure their privacy on their own. Thanks to this recent privacy report on several different flavors of Android (PDF warning) we know a little bit more on specifically what the system apps are doing, what information they're gathering and where they're sending it, and exactly which versions of Android are best for those of us who take privacy seriously.

The Real Research Confirms Suspicions

The report takes a look at six different "flavors" of Android and what each one is doing behind the scenes. The researchers studied operating systems from Samsung, Xiaomi, Huawei, and Realme which all also produce their own devices, but also looked at two alternative Android-based operating systems -- LineageOS and /e/OS -- that can be installed on some devices and customized for privacy if the user chooses. /e/OS is built with privacy in mind, while LineageOS is more of a drop-in replacement which doesn't specifically focus on privacy. It should be no surprise that the four Android versions customized by the device manufacturers report a ton of user data, or that any device with a Google Apps (GApps) package reports a seemingly unending stream of user information back to Google servers, but some of the specific results that the research team found are definitely worth noting.

First, the paper points out that all of these companies are trivially able to link devices to users. Companies match IMEI numbers and other identifiers of devices to other user data that makes linking these accounts together a simple game of connect-the-dots. Largely the reason for doing this is to target ads, but all of these companies will also share this information indiscriminately with various governmental agencies. They also aren't perfectly secure, so any black-hat attacker who gets access to this information will have it as well. This shouldn't be too surprising, but the new information here is that researchers also found this data is shared among companies. For example, Samsung and Google seem to share each other's data amongst themselves. Swiftkey, a popular keyboard app, also sends information to Microsoft via Google. It's quite a complex web of data sharing and services from one company to support another's data gathering efforts. Some of these data gathering efforts also include details such as timestamped app usage and personal contact gathering. While a lot of the information the operating systems are actually gathering is sometimes obfuscated, it's clear that anything done on any of these devices might as well be recorded as if it was a Twitch stream as there's evidence to suggest that literally everything could be monitored by someone (or some piece of software), right down to a user's keystrokes.

The researchers contrast this rampant data gathering activity with /e/OS, a privacy-oriented version of Android. /e/OS is a fork of LineageOS which is specifically devoted to privacy, includes no Google-related software, and gathers essentially no user data on its own apart from information about available updates and some other necessary information. LineageOS is only marginally better than the Android offerings from the major manufacturers when the GApps package is installed with it, largely because the Google system apps are so pervasive at gathering user data. It is possible to use LineageOS without the GApps package but the researchers did not take this approach and largely focused on /e/OS as the de-Googled version of study.

Beyond This Study

While /e/OS is certainly an excellent choice for privacy-conscious users of smartphones, there are a few others worth mentioning that were not included in the study. Drawing the conclusion from this research that the real privacy violator is GApps (as long as you can avoid the other spyware from Samsung et. al.), it is possible to install LineageOS on a wider array of devices than /e/OS currently supports. Since installing GApps is something that is typically sideloaded after installing LineageOS and is an optional step, this can simply be omitted.

LineageOS logoAdditionally, if you absolutely can't live without Google Maps or Gmail, there is a way of accessing Google services without actually installing them on your device. A software package called MicroG is available which is an open-source replacement for GApps and allows the user to access Google services that otherwise would be available but restricts tracking and gathering of user data by Google in key ways. There is a fork of LineageOS called "LineageOS for MicroG" which includes this package instead of GApps by default, although there have been squabbles between the maintainers of this project and LineageOS over concerns with the way that MicroG accesses the Google services by signature spoofing.

GrapheneOS LogoFor those with Google Pixel devices specifically, there are two other privacy options. GrapheneOS is the Cadillac of privacy-focused versions of Android and has a number of improvements to enhance security as well, such as app sandboxing, implementation of secure/verified boot, disabling of peripherals via toggles, and other enhancements. CalyxOS is based on GrapheneOS and is similar but does allow for the use of MicroG and has some less-intense security practices than GrapheneOS. The only downsides with these flavors of Android is that they are built almost exclusively for the Google Pixel and at a minimum requires trust that Google didn't build a hardware backdoor of some sort into their phones.

Android Isn't The Only Option

There are a few other options for improving online privacy when using a smartphone. Linux-only phones such as the Pinephone are available but are not as fully-featured as Android. Some versions of Linux are also available for phones that would otherwise run Android. It's also probable that an iPhone is a security and privacy improvement over a factory Android device from any major service carrier or device manufacturer, although the fact that their software is closed-source and behind a walled garden makes this extremely difficult to verify. Still, if a user isn't willing to jump through all of these hoops to install /e/OS, GrapheneOS, or Ubuntu Touch, or if their phone has a locked bootloader making it impossible to flash a new OS (or if their device just isn't supported), it's preferable to choose an iPhone only if all other options are exhausted. Of course, the only other option is to not own a smartphone at all, which is arguably the easiest way of improving the privacy concerns with these devices.

The paper goes into great detail on methodology and also includes information on how they determined what data was being sent for those curious about specifics. It's also worth noting that they point out that none of this research investigates any specific apps that might be installed on a phone and only looks at the operating system apps. If you install random freemium games, banking apps, or Facebook on your GrapheneOS install, for example, it's likely to void any and all of your privacy efforts. The paper itself is worth a read though even for those who haven't considered their online privacy before, even if they did grow up in the 90s.

#featured #interest #originalart #phonehacks #android #calyxos #gapps #grapheneos #lineageos #microg #privacy

fteacher@diaspora.psyco.fr

On pense que c’est difficile de se #dégoogliser, mais ça peut être super simple ! Plutôt que d’acheter un téléphone bien googlisé jusqu’au trognon, on peut tout simplement acheter un téléphone dégooglisé, qui arrive avec une #rom alternative. Dans cette vidéo je vous présente 9 téléphones dégooglisés, du haut de gamme au plus basique. Je ne parle que des #Android, pas des Gnu/Linux.
https://video.tedomum.net/w/9xAfYWURR9BLAS3m8R21YM
#gafam #logicielslibres #téléphone #lineageos #volla #grapheneos #/e/