Comment by ForHackernews
8 days ago
The main difference is that GrapheneOS prioritizes security hardening first and foremost (above usability or compatibility). /e/OS focuses on privacy (i.e. reducing data leakage to adtech) and usability over security.
To put it concretely, GrapheneOS recommends running all the proprietary Google apps in a locked "sandbox" so they can't read data on the phone outside the sandbox -- but obviously Google still gets to see everything you do in their apps. /e/OS tries to provide [largely but not entirely FLOSS] alternatives (e.g. their own Maps app, their own email, their own calendar) that make your phone usable out of the box without Google software.
> /e/OS focuses on privacy (i.e. reducing data leakage to adtech)
/e/OS literally sends STT data straight to OpenAI...
/e/OS uses priviliged MicroG, which connects to Google for some of its functionality
/e/OS doesn't keep up with updates properly, making its security suffer, making yoru phone easier to compromise, increasing the likelihood of amongs other things sandbox escabes which open up possibilities to data leakage.
> GrapheneOS recommends running all the proprietary Google apps in a locked "sandbox"
They don't recommend this. The user can choose to do so.
> but obviously Google still gets to see everything you do in their apps
Indeed, obviously. So, obviously, also the case on any other OS.
> e/OS tries to provide [largely but not entirely FLOSS] alternatives (e.g. their own Maps app, their own email, their own calendar) that make your phone usable out of the box without Google software.
You can install apps you need on GrapheneOS providing those alternatives yourself. Android has a large FOSS app eecosystem.
Much of the things /e/OS bundles for services are just using Nextcloud and their services have been very unreliable in the past, making people unable to access their data for months. Also, Nextcloud isn't end to end encrypted.
GrapheneOS also makes their own apps, like Vanadium, PDF viewer and Secure Camera.
> but obviously Google still gets to see everything you do in their apps
Well, the actually scary part of google services is that they have this quasi-elevated access in your phone where it can do a lot of stuff ordinary android services just can't do. E.g. google maps' location sharing works this way (but don't quote me on that).
GrapheneOS managed to "put it back into the bottle", and it runs as a regular android service anyone could write, with the same rules applying. So you have much more control on what you allow it, and this will also limit what data apps relying on google services can leak about you.
[dead]
> security hardening first and foremost (above usability or compatibility).
Right. Something that GrapheneOS boosters often fail to mention. It's not like those guys at Google are just idiots and don't know how to make a hardened allocator. Android uses a different hardened allocator that is much, much faster and uses less space. GrapheneOS is slower and uses more memory.
I assume this is all technically correct, but in practice I've not noticed any speed difference between stock Pixel and GrapheneOS. Maybe their Vanadium browser when tab switching, that feels slow, but I wasn't planning on being part of the Chromium monoculture anyway so this doesn't matter to me
That's great and, of course, only your experience matters to the choice of which OS you use. I just don't want people to get the impression there are no tradeoffs.
Another tradeoff GrapheneOS makes is because of the way they configure the USB port makes it more possible that you will irreversibly brick your phone by accident. You could say that the USB management is the only really material difference between Android and GrapheneOS when it comes to a law enforcement search threat model, but that also comes with a tradeoff.
4 replies →