Comment by jrexilius

Don't you have Lineage OS on you phairphone?

I work for IPinfo. What is the context mentioning us here? I'm unsure if graphene uses our data. We process trillions of requests at the moment. I have no clue which services or software even use our data, let alone identifying individual IP addresses.

Is making a connection to our API a cause for concern? If that is the case, we welcome OSS projects to user our local IP databases, which includes our free IPinfo Lite database that we primarily designed for firewall and privacy applications.

GrapheneOS may give a computer user all the control they want from Android

However it does not remove Google's control, e.g., ability to pull the plug

Google controls the hardware and the source code for the default browser

Some users might want more control, less dependence on Google

"Paternalism" is a belief by developers that they "know better" than the computer owner what choices should be made for someone else's computer

For example, pre-installing software, or connections to remote servers, and enabling these choices by default

Paternalism dismisses any idea of personal autonomy

Providing a computer user with choices rather than "defaults" could mean loss of control by the developer and any associated revenue

When viewing the "Show log" screen in Netguard, under the top right, three dot menu there are checkbox options for "Show names" and "Show organization". Netguard sends requests to ipinfo.io to get information about IP addresses. These requests to ipinfo.io do not show up in the Netguard log.

There is no cause for concern necessarily. These are design choices, nothing more.

Users have no idea what happens to the data that leaves their computers. To quote from another story currently on the HN front page: "It's incredibly easy to give information away. But once that data is out there, it's nearly impossible to take back." https://news.ycombinator.com/item?id=44689059

Promises made by developers are reassuring to some, but rarely if ever legally enforceable in the event something goes wrong, and the harm already caused may be beyond redress. As a proactive measure users can, among other things, seek to minimise the amount of data they send. For example, some users might want the _option_ to stop their phones from constantly trying to ping or connect to remote servers _without any explicit user intent to do so_. Maybe they do not want their phone to act like a beacon to someone else's remote server.

The point of the comment is that sometimes there are remote connections being made to servers chosen by developers that are assumed to be OK with all users, e.g., connections to Graphene servers, IPinfo servers, or myriad other examples. Meanwhile there is no option for the user to disable this behaviour. There may be some users who prefer _zero_ remote connections except the ones they themselves choose to initiate or enable. The possibility of such users often seems to be overlooked or deliberately ignored.

Like Firefox constantly sending HTTP requests to remote servers to check for "connectivity". Even when the user is not trying to connect to any server. The requests are sent in the clear. This is not optional behaviour.

> Except the default browser is Chromium with some changes

Chromium has vastly superior security compared to Firefox. https://madaidans-insecurities.github.io/firefox-chromium.ht...

> It tries to copy Google paternalism > > It swaps a Google mothership for a Graphene mothership

Nonsense claims. All network connections made by the OS are well documented on the official website: https://grapheneos.org/faq#default-connections

There are only a few services GrapheneOS devices connect to:

- a time server (securely, over HTTPS, not insecure NTP)

- the OS update server (obvious; it's just plain HTTP requests, no user identifiers other than the IP address, which can easily be masked by using Tor or a VPN)

- the GrapheneOS App repository, which provides updates for preinstalled apps like Auditor, as well as the Vanadium browser and WebView (it's critical to get security patches for your browser in a timely manner)

- network connectivity checks (required to sign in to public wifis that use captive portals; can be entirely disabled in the settings)

- SUPL and PSDS through GrapheneOS proxies for A-GNSS because there is no network location service enabled by default

> Can connections to Graphene servers be blocked, i.e., are these connections optional or mandatory

You can block all the connections. You don't even need to, since they can all be disabled in the settings. If you disable the System Updater app, you're gonna have to adb sideload your system updates https://grapheneos.org/usage#updates-sideloading.

> If the concern is apps that only require internet connection for ads, Netguard solves that problem without root

You don't need Netguard, GrapheneOS has a built in network permission toggle, which offers even better protection than a firewall, since it completely blocks access to the underlying network socket (https://grapheneos.org/features#network-permission-toggle)

> The user-hostile design of Android is that apps keep running in the background after they are "closed"

You can deny apps running in the background, even on stock Android. This isn't unique to Android btw, I'm sure you've come across the system tray in Windows before. Those are all apps running in the background. Android basically has the same thing, it's in the notification center, and you can also stop background apps from there.

For those who don't want to root the phone, you can still avoid most of the ads by using a filtering DNS server with the Private DNS functionality on stock Android ROMs (or only at browser level if your favorite browser support DNS over HTTPS).

It comes with some minor usability issues with captive Wifi portals sometimes, but the trade-off of not having ads in app or while browsing is way worth it IMHO.

> For those of us who aren't ready to cut the umbilical cord to the mothership

You can use Google apps and apps depending on them on GrapheneOS via sandboxed Google Play. The vast majority of Android apps can be used. You don't need to stop using Google apps/services or other mainstream apps to use GrapheneOS. It's likely nearly all the apps you use or even all of them work on GrapheneOS. There's a per-app exploit protection compatibility mode toggle (and finer-grained toggles) to work around buggy apps with memory corruption bugs. We avoid turning on features breaking non-buggy apps by default and hardware memory tagging is temporarily opt-in for user installed apps not marked as compatible due to how many memory corruption bugs it finds.

A small number of apps are unavailable due to checking for a Google certified device/OS via the Play Integrity API. These are mostly banking apps, but most banking apps do work on GrapheneOS. There are tap-to-pay implementations which can be used on GrapheneOS in the UK and European Economic Area. Several banking apps recently explicitly added support for GrapheneOS via hardware-based attestation as an alternative to the Play Integrity API. We're pushing for more apps to do this and for regulation disallowing Google from providing an API to app developers for enforcing devices licensing Google Mobile Services. Play Integrity API often portrayed as a security feature but Google chooses not to enforce a security patch level. They're permitting devices with years of missing important privacy and security patches but not a much more private and secure OS. Only their strong integrity level has a patch level check, but the check is only done for recent Android versions and only requires they aren't more than 12 months behind on patches which serves no real purpose.

> you can also root/firewall on normal android

This is different from our Network permission which not only blocks direct access but also indirect access via APIs requiring Android's low-level INTERNET permission. Our Network permission also pretends the network is down through many of the APIs. For example, scheduled jobs set to depend on internet access won't run.

Graphene has a really great sandboxed google servicen implementation, so barring a handful of banking apps not working, switching to graphene is a very gentle cutting of the mothership. For me it was very subtle, with better battery life!

The Netguard app worked well for me for that on vanilla burners and such. No root, "VPN" that I had block pretty much everything but the browser and Signal.

Even without root, a VPN-style firewall will work against all non-system apps. The downside of this approach is that you can't combine one with another VPN app.

Root, while more efficient, isn't strictly necessary. AdAway (FOSS, F-Droid) can run without root using the stock Android VPN backend.

Laptops, desktops, smartphones or tablets are closed source hardware with closed source firmware in general. There are products marketed as if they're open source devices which are in fact closed source hardware with almost entirely closed source firmware. The software on top being open source is frequently misrepresented as the device itself being open source, which isn't the case. Not shipping important firmware updates in the OS provides assurance of insecurity while not changing the fact that the hardware and firmware is closed source. It has to do with a loophole defined in a certain ideology around software, not open hardware or privacy/security.

FSF RYF certification is anti-freedom, anti-privacy and anti-security. Pretending hardware is open because there aren't closed source components which are / can be updated doesn't make sense. They certify closed source hardware with closed source firmware. In many cases, privacy and security has been crippled to obtain the certification by preventing important firmware upgrades. Not shipping firmware updates in the OS doesn't mean the firmware isn't there and doesn't make the hardware or firmware open source. GrapheneOS wants to have actual open source hardware and firmware, not what the FSF is peddling. We certainly don't want to block people getting important firmware upgrades needed to defend devices. FSF heavily misleads people about these topics for ideological reasons.

Anyways, we as informed consumers are hopefully all agreeing on striving for an open mobile OS and open hardware. For those of us, who consider themselves democratic, that is even an imperative.

Not sure what the situation is with Librem, Pine and Joola/SailfishOS, maybe those qualify?

Replicant was the last time we had fully open Android devices. We have regressed.

Plenty of laptops exist you can get away with running fully open source and auditable firmware, and a few that are mostly open hardware too, by the MNT Reform team.

The Precursor is the only pocket computer platform that is maximally open hardware, software, and firmware but you revert back to the 90s in terms of power as a consequence with alpha quality software today. If Bunnie is successful with his IRIS approach and making custom home-user-inspectable ASICS then maybe a middle ground path can be forged in the next few years.

For now the only modern computing experience with fully open hardware and software I am aware of are the ppc64le based devices by Raptor Engineering, but at a very high cost due to low demand, with huge form factor and no power management. I still own one anyway because we have to start somewhere.

For those that want this story to get better, please buy and promote the products of the few people trying to break us out of dependence on proprietary platforms.

Yes, which is a huge problem. This is a big part of why Android phones suck so much ass - you're often stuck on old versions of android because the hardware vendors are too lazy to update their proprietary bullshit blobs that barely fucking work.

And now you're running a two year old phone and it's effectively obsolete.

If they would just upstream their firmware into the Linux kernel, you could upgrade these phones for years and years. Until the hardware is actually physically incapable of running the latest features.

Some vendors, like Google, promise to provide updates for a long time. But it's just that - a promise. There's no technical guarantee or mechanism for this, it's purely based on trust.

> As opposed to using what, hand gestures

As opposed to "being free in all senses of the word", which is what the comment was talking about.

People go through all sorts of weird mental gymnastics about this. The FSF at one point took the position that binary blobs were cool so long as they could not be upgraded, because then you could pretend they weren't software at all, but just part of the wiring. I've seen this odd line of thought attributed to RMS himself, but here's an FSF statement, from when he was running it: https://www.fsf.org/blogs/community/task2-openmoko

No production ready -mobile- hardware, I would agree.

The Precursor is promising, but software is not there yet.

I sit down at my desktop computer and send emails and type messages like this one. Then I get up from my desk and spend time with my family offline and present. It's pretty great.

Laptops, desktops, smartphones or tablets are closed source hardware with closed source firmware in general. There are products marketed as if they're open source devices which are in fact closed source hardware with almost entirely closed source firmware. The software on top being open source is frequently misrepresented as the device itself being open source, which isn't the case. Not shipping important firmware updates in the OS provides assurance of insecurity while not changing the fact that the hardware and firmware is closed source. It has to do with a loophole defined in a certain ideology around software, not open hardware or privacy/security.

Indeed, mainline linux distros aren't free software either

It's a standard Android feature with various apps available for different use cases. Some are for setting a specific location, others are for using an external device. It's a very generic feature. GrapheneOS plans to add a different feature called Location Scopes similar to our Contact Scopes and Storage Scopes features for setting a per-app location. Android's Mock Location is global.

Can you give me one that works on a stock Android? I used to use one but it no longer works on newer Androids.

On the GrapheneOS forum you will see a lot of bad opinions about F-Droid, for example this:

> It doesn't matter that the app is trustworthy, because F-Droid are extremely incompetent with security and the apps you install from F-Droid are signed by F-Droid rather than the developer.

https://discuss.grapheneos.org/d/20212-f-droid-security-in-s... https://discuss.grapheneos.org/d/18731-f-droid-vulnerability...

They also say, if you use F-Droid, at least use F-Droid Basic:

> Dont use the main F-Droid client. Android is pretty strict about SDK versions and as F-Droid targets legacy devices, it is very outdated.

https://discuss.grapheneos.org/d/11439-f-droid-vsor-droid-if...

> If the app is only available on F-Droid / third party F-Droid repo, use F-Droid Basic and use the third party repo rather than the main repo if available. > > If the app is available on Github then install the APK first from Github then auto-update it using Obtanium. Be sure to check the hash using AppVerifier which can be installed from Accrescent (available on the GrapheneOS app store).

https://discuss.grapheneos.org/d/16589-obtainium-f-droid-bas...

By the way, while GrapheneOS recommends Accrescent, I don't use it anymore because they can't even add apps like CoMaps, while some of the apps they actually added are proprietary.

Work profiles are inferior to separate user profiles, which are built-in to GrapheneOS.

Also "private space" is now available with Android 15 and can provide the same separation within a single user profile.

Also check out Neo Store: ''An F-Droid client with modern UI and an arsenal of extra features.''

https://github.com/NeoApplications/Neo-Store

Just to add to that: Even some proprietary applications let you download their APK right from the website. WhatsApp is one such example (I don't recommend that you use it, Signal is much better, but if you require it, you don't have to use the Play Store).

I put them in the private space. Is there an advantage on putting them in the work profile?

It doesn't work for everything; one of the banks I'm forced to use checks for how it was installed, and Android for some incomprehensible reason is happy to report that to any application that asks (along with lots of other information like bootloader status and developer mode — you really have fewer rights to 'your' device than random applications).

After opening the application, it complains about being installed through an "insecure method", and bails. Reinstalling through Google Play magically fixes that.

These "security checks" are spreading like measles, so expect to see this sooner or later.

But than the apps you download (your banking app) require play services right?

So then what's the point of having a Play Store without Google Play services?

Banking apps are spyware, that's why they avoid open source OSes, not because they want to vendor-lock you. Smartphone data collected by a banking app is basically the most valuable in the world for advertisers, as they get the telemetry instantly crossed with a full(ish) picture of your spending habits and all the KYC identifiers too.

Depending on where you live, a burglary might be more common than a robbery. Why don't you just use the bank's website on your desktop computer (assuming you have a desktop computer)?

I'm concerned about losing phones too, so I don't bank on any phone.

Can you please clarify the Revolut part? Just to understand, you are saying that you are able to perform NFC payments via the Revolut app which you installed on your Graphene OS through the official Play Store? And you are based in Poland?

Can you use mobilepay? (Or is that not a thing in Sweden?)

You shouldn't root Graphene, it breaks its security model and is certainly the reason why Revolut doesn't work on your phone. It works like a charm on mine.

I can’t recall the switch, I believe it’s mem exploit protection. When disabled it typically fixes banking apps. You tried that?

GrapheneOS published a workaround for that in an update in January. https://grapheneos.org/releases#2025012600

https://grapheneos.social/@GrapheneOS/114772578787013282

Revolut works perfectly for me.

What kind of issues did you have? I think it does require google play services (which can be installed easily).

I have used GOS on a pixel 6 for the past two years with no issues. The phone finally died on me last weekend, so I'm in the market for a new pixel which will be getting GOS right away.

Revolut does work for me. They added support for GrapheneOS long time ago