Hi everyone,

Currently looking at either a Pixel 8 or a S23 as a replacement for my Zenfone 8 that is slowly becoming a hindrence due to (primarily) the battery. I would replace it, but as it costs a lot to do that here and I have needs for a non-compromised water protection DIY feels like a dangerous option.

So S23 vs Pixel 8, what would you guys recommend assuming I can get either for the same price?

I like the S23 hardware a bit better on paper, but as Pixel phones generally are very flashable my anti-Google sentiments might (ironically) push me there.

I would get a fairphone 5 for the hot-swappable battery etc if they weren’t so expensive for what you get, and as Im buying second hand reuse is better for the environment anyways.

  • Pantherina@feddit.de
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    10 months ago

    Android is Linux, and every custom Android is just using AOSP (The Android open source project) ans putting some stuff on top, adding apps, thats it.

    GrapheneOS is the only project adding substantial hardening, security and privacy improvements.

    They will also never do something that doesnt work well. For example they have an internet permission, while LineageOS has a different method that may not be as secure and thus privacy friendly.

    Phone companies often use the same manifacturers. No those were about the wages of the workers in the factories in china. Everyone produces in China basically, they are the best and have the most advanced tech too.

    Yes I also think Fairphone is trying to be sustainable. They are doing good stuff, but they are too small to have their own factories etc.

    They have the best repair documentation

    This video from Our Changing Climate was my source

    • Varyk@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      10 months ago

      I guess I didn’t make that very clear, I want a non-closed system.

      Apple os is obviously a jail, but Google is getting worse and worse at controlling their environment, what you’re allowed to do with your phone and bloatware and so many of their featured updates encumber my phone.

      For instance, I can’t remove the date and time from my home screen?

      Or Google still won’t tell me which devices are connected to my hotspot?

      That is absolutely ridiculous.

      Fair phone on the other hand, is deliberately providing an open source Linux operating system for phones that allows actual privacy and customization of your phone if you choose that route.

      I vastly prefer that option to any corporate environment OS I’ve tried so far.

      China does not have the best tach, Taiwan is far and away leading the charge in chip tech, even Intel is ahead of chinese chip tech.

      China has been the cheapest factory country for a couple decades, but that does not mean that they manufacture the best products.

      And I haven’t heard any reports about workers jumping off the roof of fairphone buildings in China, not to mention that apple works very hard to obscure their manufacturing base and organization, while fair phone does not.

      I’m not convinced that Apple, who uses child labor and sweatshops to build their phones specifically to cut costs, treats their workers better than a company focused on transparency and ethical manufacturing and supply lines.

      I’ll need some sort of evidence if you’re going to insist on that point.

      I do keep hearing about graphene OS, and I will look into it has an alternative because this stock OS is as frustrating to use as any I’ve ever had.

      • Pantherina@feddit.de
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 months ago

        I am not advertizing for apple, I hate that company. Just as perspective on how much Fairphone pays the workers.

        FairphoneOS is fully FOSS?

        I am comparing GrapheneOS against Fairphone, not Googles Pixel BS.

        Agreed AOSP is a Google OS with actively restricted capabilities. But it is the best we have.

        • Varyk@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          ·
          10 months ago

          I get that, and I wouldn’t trust any numbers Apple puts out there, seeing as how they constantly fudge their numbers in every aspect of their business, and we know they have no regard for workers rights at all.

          I don’t think Murena is strictly foss, but a lot of it is open source and it is degoogled, so you have a lot more control over your environment and all of the fundamental features apparently can be switched out according to your whim.

          And murena explicitly doesn’t send data to Google or any third party, by design. There are apparently specific tools in Murena that allow you to track permissions and exactly which apps are exporting data and how much, with the option to enable or disable those permissions and data uploads as you see fit, data sending is not pre-installed or checked by default.

          As far as I understand, there aren’t any apps that are “Oh no. Sorry you can’t uninstall this. It’s way too important. Also, you can’t disable permissions and you can’t stop sending data back to us”, which are practically all Google services now.

          So it’s not the perfect solution, but it’s a very large practical step in the right direction, and I don’t want to take part in these giant unethical, money grubbing slave using companies anymore if there is any viable alternative.

          I’m very happy there is finally a third option.

          • Pantherina@feddit.de
            link
            fedilink
            English
            arrow-up
            1
            ·
            10 months ago

            GrapheneOS was the first one to proxy SUPL and DRM leasing.

            Also they selfhost connectivity check and attestation servers.

            Maybe Murena copied their code.

            Degoogled doesnt mean using AOSP or Chromium. Google products include Google everywhere.

            Try to use googleteller with Chromium. Its a small tool that beeps if you connect to a google site. That shit was so scary

            • Varyk@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              1
              ·
              10 months ago

              Degoogling means not depending on Google apps and services.

              That’s the point of murena, they’ve replaced most google-dependent apps and services in the OS with foss apps/services.

              I’m not a zealot about degoogling, but I don’t want to use their apps or services, and with murena I don’t have to.

              I don’t use chromium, though I am well aware of the frequency and amount of data Google collects.

              Pretty sick of it.

              • Pantherina@feddit.de
                link
                fedilink
                English
                arrow-up
                1
                ·
                10 months ago

                You use Chromium and you use a Google product because you use Android.

                Please go to “settings - apps - show all apps” and enable “show system apps”.

                Do you have a webview? This is Chromium. Firefoxes Geckoview does the same but it is not feature complete and cannot be used as a webview.

                Google is everywhere.

                • updates
                • store, certification
                • safetynet, now play ingegrity to run banking apps etc
                • RCS messages
                • SUPL server for quicker A-GPS
                • connectivity check for switching between wifi and cell data
                • same server used to detect captive portals
                • some device authentification when booting up

                This is all AOSP. No Google apps on the surface, all FOSS. Then play services and frameworks are used for

                • location services (unifiedNLP is abandoned, only available as a privileged system app through microG which is extremely insecure)
                • displaying maps
                • push messages for most mainstream apps
                • google play games etc.
                • chromecast
                • RCS messages (play services and the Google Messages App needed)

                Those either dont work if you dont have any play services, or you sandbox them to be restricted, possible to disable, isolate in a seperate profile, uninstallable and behind permissions. Or you use microG which fakes values, runs unsandboxed and is still a bunch of proprietary Google stuff.

                I wonder how “degoogled” Murena is, please tell me!

                • Varyk@sh.itjust.works
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  edit-2
                  10 months ago

                  You mean pixels, not the fairphone?

                  Yes, pixels are Google phones and use Google apps and services.

                  iPhones are Apple phones and use Apple apps and services

                  But both of these companies by default send a lot of your user data to various third parties.

                  That is the reason I want a privacy focused phone, to avoid being tethered to a particular environment(you can use alternate OSs by unlocking the bootloader following the steps fairphone provides on their website) and permissions you aren’t allowed to customize and are designed to send data to third parties by default.

                  Murena is based on e/os, which is open-source, it doesn’t send user data out by default, they replaced Google apps with open source apps, trackers are removed by default, you can restrict tracking on any apps you choose to have that do track you, Google servers don’t check for connectivity, no Play store, location services by Mozilla,

                  this is the summary from the e/os site today:

                  https://doc.e.foundation/what-s-e#degoogling--ungoogling-in-eos

                  And this 2020 paper goes into a little more detail with the services that it blocks, although as you can see from the first link, they’ve obviously added more features that protect user privacy:

                  https://e.foundation/wp-content/uploads/2020/09/e-state-of-degooglisation.pdf

                  They replace Google services and apps with open source and privacy focused services and apps.

                  While privacy is important to me, the sustainability and general fairness of how fairphone treats their workers and customers and where they get their materials from are at least as important to me.

                  with fairphone, as far as anyone can tell, they don’t source their materials from slave labor, they pay a fair wage, the materials are as sustainable and recyclable as possible, and I can customize my OS and how it operates.

                  • Pantherina@feddit.de
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    edit-2
                    10 months ago

                    Pixels are Google Phones will full support for a custom OS like GrapheneOS.

                    Buy the phone, unlock it, flash a real OS onto it.

                    I think you didnt get that a phone can have a different OS?

                    you can use alternate OSs by unlocking the bootloader following the steps fairphone provides on their website) and permissions you aren’t allowed to customize and are designed to send data to third parties by defaul

                    You can unlock pixels easily. GrapheneOS extends those permissions, FairphoneOS CANT. Because otherwise they would lose their google certified OS status.

                    https://discuss.grapheneos.org/d/10712-what-are-stoppers-of-grapheneos-becoming-a-google-certified-os

                    Murena is based on e/os, which is open-source, it doesn’t send user data out by default

                    I hope I explained enough how AOSP sends a tom of data. Please prove that they actually replaced all those things like GrapheneOS did.

                    they replaced Google apps with open source apps

                    The Google Apps on AOSP are open source. What did they do with the preinstalled Chromium for example?

                    trackers are removed by default

                    What is that supposed to mean? Either they change the code or they still rely on Google Services. If they selfhost all those things I mentioned then yeah valid.

                    you can restrict tracking on any apps you choose

                    This doesnt work. Tracking is included in the APK files when building the App with Android studio. You have to decompile the app and remove it, then sign with your own key. You will need to do this on every update, as updates only work if the signing key is the same.

                    If you mean they use some kind of firewall this may be true. But most tracking goes to central servers (for reliability, these servers distribute the data) which may not be possible to block to keep functionality.

                    GrapheneOS has a network toggle and reduces the amount of data apps can collect (sensor permission, storage scopes, contact scopes,…), I suppose this is the best you can do.

                    no Play store

                    This will make the OS unusable for many people. Banking, insurance, state stuff all rely on Goofle. Their store, their service framework, their device verification.

                    Not having any playstore is bad. If they advise to use AuroraStore be aware that it is a legacy app and the “access all files” toggle is not needed. Also you should only use the session installer method.

                    Location services by Mozilla

                    This is nice, it uses UnifiedNLP and I already contributed a lot using TowerCollector, please do too.

                    The problem is just that unifiedNLP doesnt exist as a regular user app anymore.

                    You would need a minimal OS app that redirects location calls by apps to UnifiedNLP, unifiedNLP checks it and redirects it.

                    Currently it is embedded in microG only (the standalone unifiedNLP has no updates since years), which is an unsandboxed blob of Google Play services, ripped out various components, probably not up to date, with broken features and entirely relying on fake values to get the Play checks right

                    MicroG is insecure as fuck. I think they cant work with GrapheneOS’ses google play service “run as user app and still work” compatibility layer because they spoof values and more.

                    UnifiedNLP needs to become a standalone, modern android app again, running as a user app and getting the permission to serve location data by the OS.

                    GrapheneOS’ A-GPS works fine luckily, but GPS may just vanish if the russians decide to bomb our sattelites. Having NLP (Network location provider) is essential and also saves battery.

                    I think microG still sends unnecessary data to Google when just using UnifiedNLP but no source on that.

                    this is the summary from the e/os site today:

                    I like Mapbox and this is only in microG. Simply microG does not work reliably and should not be used until it is modernized and compatible with gmscompat from GrapheneOS.

                    They also use Quad9 by default when setting a custom DNS.

                    Default apps:

                    • QKSMS: not maintained anymore, I hope they use Quik or something else. But it is way too enhanced, has no encryption support and I dont see a reason to use it.
                    • “a fork of Chromium/Bromite.” I hope they use Cromite, Bromite is also unmaintained. GrapheneOS vanadium is most secure but relies on hardware features only on Pixel phones
                    • Magic Earth: if this is actually preinstalled as a system app that would be very bad. It is proprietary while there are OSMAnd and OrganicMaps that work fine
                    • F-Droid: I hope they use F-Droid basic but I dont think so. The old app is outdated, uses outdated libraries to support old phones, is insecure and only allows automatic updates through the “fdroid privileged extension” which gives it unnecessarily escalated privileges. Modern Android supports automatic updates without any of that. Seems they have their own store, no idea about that

                    They replaced most of the Google server stuff, sounds okay. No info about device attestation and DRM leasing which means you will not be able to use Netflix etc, but this is fine for many privacy conscious people.


                    So in the end after arguing with GrapheneOS people too, the problem is:

                    • having an OS that will not support a vast majority of “critical inftastructure” like transportation, ensurance and banking apps, because those developers suck and make the apps rely on Google, is bad. GrapheneOS uses their sandboxed play and everything works. But it is a regular user app. You have to install it through their store if you want, and you can disable and uninstall every user app.
                    • microG is not reverse engineered magic. It is a subset of the play services, running unsandboxed (it can read critical device IDs, app storage, all files, call history, contacts, sensors, etc)
                    • unifiedNLP and a custom map tiler are very cool but dont work as sandboxed user apps so they are insecure poorly
                    • bundling a lot of random software like QKSMS or Magic Earth is not nice. Having an easy straightforward way to get all those apps is (and GrapheneOS sucks at this, as they call every appstore insecure lol). But you should not bundle random apps in your system, that may be insecure, too big, or unmaintained.
                    • their hardening will be very weak, also because they cant use many hardware features that GrapheneOS can use.

                    GrapheneOS focuses on simplicity, keeping everything as close to “how it is meant to be” as possible, embracing and patching what android can already do, like more permission toggles or running the Play crap without being able to read your IMEI.

                    If you buy a new device, just dont buy a phone with that OS, I am sorry.

                    If Murena would support all the security features of GrapheneOS, or simply take their free code, make it less secure to run on that hardware and add their nice UI stuff on top, it would be acceptable.

                    But buying a new phone that uses some random chinese OEM model and bundles in a random mix of LineageOS, unmaintained apps and insecure “privacy optimized” play services, just no.

                    That took hell of a time to write, I hope you appreciate it.

                    Btw you find every source on github.com/grapheneos