Yeah but I have to like… function in society and go to work, of which I use my phone constantly and whatnot.
I mean if I didn’t, sure.
Yeah, but what if you get a call?
voicemail :D
Well yeah. In theory you could just not use the internet, not carry ID, never send letters and live your life but then you lose out on the benefits
Who are you hiding from? “Increasing privacy” means nothing without context.
My adversaries (well, when I’m not at a protest) are not likely to be tracking my phones location, and my phone is set up that no app or website can, so to me personally it’s a large sacrifice for no benefit.
But for someone else, it could be good advice!
@comfy @thursday_j Indeed you need context, but let’s limit the concept of “full privacy and security” to things that are in your control. E.g you might control the physical safety of your device but you can’t control how many man-in-the-middle are between your phone and the rest of the internet. As a regular technology user my threat actors are big-tech and establishments.
It sounds like you’re suggesting Linux phones are more private and secure than GrapheneOS. Given their current state and limitations, it is extremely unlikely that any of them are more secure than GrapheneOS against a typical hacker or malicious app.
with the downside that is limited to one single phone brand
In terms of security, this is also a benefit. It means they aren’t trying to aim at fifty different targets which may behave different or even unexpectedly. The software developers have far far far more confidence that their security features will work on your device if they test it on theirs.
Again, there is no such thing as “full privacy and security”. It is unpragmatic idealism. Not only does it misinterpret privacy and security as concepts, it is an unconstructive attitude for creating an effective security model, and just encourages burnout for no benefit. We don’t limit “full”. There is no full. There is no perfect answer. It’s an undefined and unachievable idea.
“[Someone made] a laptop, encased in foam in a full Faraday cage, wrapped by alternating metal foils, and finally covered by a 1” layer of reinforced concrete."
"It had been billed as the most secure computer ever. Right until two research papers had come out that showed it was possible to decipher processing by the amount of power being consumed and by pulling the slight RF signal being carried by the ground line. "
Now, I’m not saying you can’t effectively secure your device adequately against big-tech and corporate capitalism. I say you can! It’s achievable. But it’s unconstructive to hold the illusion that there is some absolute “full privacy” against them.
@comfy in terms of software linux phones still have a long way to catch android. Even when taking the desktop flavors, against windows, linux is still not a match. Thanks for sharing that article. Is good to know exactly which are the areas where linux must improve.
@comfy The hardware approach has already surpassed most of androids due to their open firmware nature. In my scenario, let’s say I’m going to a protest and enforce my human rights upon the establishment. I turn off cellular, WiFi, Bluetooth, BLE, NFC, UWB and just use my phone as a pocket computer to take video footage. Later I read a security article that the cellular modem in my phone is able to transmit data outside phone’s operating system.
@comfy Same like Intel ME is able to take full ownership of your computer without your approval or awareness. This can only happen due to the closed source firmware these devices are using. If I could electrically kill these components, or the possibility of having them removed, I would consider myself fully protected. Again, this approach might not be good for everyone. Maybe “full” is not the correct wording. I guess “ideal security and privacy” is what I was looking for. You are right here.
No problem :)
Linux is obviously the choice for my desktop, especially since I’m not defending against organized crime or a government, but like you said it’s important to understand its strengths and weaknesses.
@comfy @thursday_j GrapheneOS is the best flavour of Android that you can get with the downside that is limited to one single phone brand. But Android itself is far from being perfect. That’s when Linux phones step in. Currently they are just in development stage and not really intended as daily drivers. But that changes with adoption.
As a quick introduction to the idea of Linux phones vs. Android ROMs, this post (updated about a year ago) gives an introduction from a security perspective. Depending on your adversary’s capability, security can be an important dependency of privacy.
Defeats the purpose of a mobile phone
The simplest way is to not own one. Get a land line and an answering machine instead. It’s ok to not be reachable every minute of every day.
Is it really that much safer vs running Graphene? I’m sincerely curious as I don’t know the specific benefits of a landline vs a secure ROM.
It depends on what you mean by safer.
Active cellular devices are location tracked. That information is correlated and sold. There’s nothing GraphenOS, or any other on device software can do to stop that.
When you carry a connected cellular device, you’re not only reporting your own location, you’re being tracked in reference to other people that are also carrying a cellular device. Between the two, it’s a detailed map of your lifestyle and people you know or may know.
A land line reduces the tracking to a single location, and the people you communicate with on it. Personally I avoid the land line too unless there’s no other good option.
For private communication, there is Jabber (XMPP), Matrix, and other self hosted services that avoid the entire issue.
If you really need communication on the road, then there are a couple of services that provide cellular connectivity without personal information. It’s not ideal, but better than nothing.
I’m writing all this from the perspective of the US. Other jurisdictions may be different, but location tracking is ubiquitous as far as I know.
There’s not really that much you can do about it if you’re on a cell phone. Your phone is connecting to the cell tower, and at that point all bets are off on how metadata gets used.
Adding on to what Grouchy already said (good post) :
- Like they said, safer for what? Against who? A landline can’t get stolen from your pocket. A landline can’t use encrypted E2EE messaging apps like Jitsi or Signal. Words like ‘safe’, ‘private’ and ‘secure’ mean nothing without context. They describe situations.
- I use a phone for far more than calls, a landline wouldn’t change that
- Most of the benefits of a security-focused ROM are against hacking and untrusted apps. These don’t affect landline phones.
@shreddy_scientist @Grouchy Any device connected to a wireless technology lacks full security and privacy.
You might carry on your mobile phone with you as there are lots of other functions you can do on it. But, in order to benefit from full privacy and security you should disable: cellular modem, wifi, bluetooth, nfc, uwb. And you must run an operating system that is entirely open source to be sure that these components stay off after you disabled them.
@shreddy_scientist @Grouchy You might also have a look at mobile phones that offer electrically kill switches or can even have these components physically removed. E.g: Pinephone PRO, Librem 5, Fairphone 4
There is no such thing as “full security and privacy”. It doesn’t exist and it’s not a useful goal.
Security and privacy don’t exist as absolute values. Things are not universally more or less secure than other things. You need to understand things like the needs of a situation (e.g. you correctly pointing out a modern phone has more use-cases than a landline), who the threats are, and what their capabilities are. Putting a decent password on an iPhone makes it adequately private and secure against my parents. Using a landline is not adequately secure against a government agency. Know Your Enemy!
As for your advice, a quick counter:
- FOSS does not imply correctness. In fact, FOSS is great because we know for a fact it has and always will have bugs! That helps us know his much to trust it instead of being a mystery like proprietary junk. So while I personally trust GrapheneOS to do those tasks better than stock ROMs, that line of reasoning is dangerous and historically known to be inaccurate.
- FOSS is on the software level anyway, certain adversaries are capable of attacking at the hardware level. Typical scammers aren’t. Who’s your threat??
deleted by creator
yeah the next step is to just leave it at home, as there are many anti theft features that phone have to track it while it’s turned off. but at that point, why even have a phone?
privacy is about balance and forgoing certain pieces of data for specific services. you find what you feel comfortable with and then resist giving more information than needed.