As much as I'd love to daily drive an OS like GrapheneOS, the risk of running into apps that use Google Integrity API thereby making it impossible to run those apps on Graphene is too much of an inconvenience.
I took a look at this curated list of bank apps[1] supported on Graphene OS and I'm glad that a large majority of them work on Graphene. However, just my luck that one of the banks I use on this list isn't supported.
In my country, the state is enforcing a lot of essential workflows to be digital-first (and in extreme cases digital-exclusive) and I dread to think needing these services at a crticial moment and the choice of my OS making it impossible for me. This is more of a commentary on my government's choices but it's a reality for me.
In any case, I don't think it's practical to go cold turkey and switch to a privacy focused phone without testing waters first to see which of your of workflows break and then reason about the tradeoffs/workarounds.
I do admire folks who use GrapheneOS as a daily driver, I'd like to chat them up if I find them in the wild.
I've seen a couple of apps try to use Play Integrity, get blocked by GrapheneOS, and keep on running. Maybe I'm being locked out of something, but it's not something I use anyway.
Note that I don't use banking or government apps. If I bank online it's via the web.
I worried about that too, but jumped in and it hasn't been an issue at all in two years. Including three bank apps. And it's usually so easy to reset to vanilla Android if you need to, that it shouldn't be your moat.
Agree that "control" is a much better framing, since it doesn't suggest a need for secrecy and therefore embarrassing/unacceptable/untoward behavior that needs to stay behind drawn window blinds. I'm also fond of "agency" and "digital self-sovereignty" as alternatives.
But fine, I'll be the one to say it: Cloudflare isn't one of the good guys here and as an entity it shouldn't be trusted. It doesn't matter how pure their stated motives appear to be now, or how unmarred their track record is so far. It's a corporation that has control over an ever-increasing share of internet infrastructure, and is susceptible to the same risks as any other tech monopolist basket that we all decide to put our eggs in. Maybe more risky than the others, given how deep in the stack its influence is buried.
What happens when a government forces it to NXDOMAIN porn or put nuisance captchas in front of dissident blogs? Is there some reason people think this one is different?
The only thorn in the opine is Cloudflare. Everything looks reasonable but CF. I get that DNS is free, it is OP's employer and registry being offered sans margin but it doesn't make up for the fact that CF is on its way to become the biggest gatekeeper and strangle the freenet if it wishes to do so.
What's the story for maps and POI search on GrapheneOS? I'm assuming using Google Maps is a non-starter since that defeats the whole point of all these privacy protections in the first place.
FYI: NetGuard is an open source rootless firewall for vanilla Android which also allows per-app network access control, for those unable or unwilling to go with other OSs. Works by leveraging Android VPN to block instead of tunneling packets.
> Tech workers: The only piece of technology in my house is a printer and I keep a gun next to it so I can shoot it if it makes a noise I don't recognize.
Who cares what the average person will go through and do though? We’re each responsible for ourselves and how we choose to go about life, even if vastly differs from the general population.
As much as I'd love to daily drive an OS like GrapheneOS, the risk of running into apps that use Google Integrity API thereby making it impossible to run those apps on Graphene is too much of an inconvenience.
I took a look at this curated list of bank apps[1] supported on Graphene OS and I'm glad that a large majority of them work on Graphene. However, just my luck that one of the banks I use on this list isn't supported.
In my country, the state is enforcing a lot of essential workflows to be digital-first (and in extreme cases digital-exclusive) and I dread to think needing these services at a crticial moment and the choice of my OS making it impossible for me. This is more of a commentary on my government's choices but it's a reality for me.
In any case, I don't think it's practical to go cold turkey and switch to a privacy focused phone without testing waters first to see which of your of workflows break and then reason about the tradeoffs/workarounds.
I do admire folks who use GrapheneOS as a daily driver, I'd like to chat them up if I find them in the wild.
https://privsec.dev/posts/android/banking-applications-compa...
I've seen a couple of apps try to use Play Integrity, get blocked by GrapheneOS, and keep on running. Maybe I'm being locked out of something, but it's not something I use anyway.
Note that I don't use banking or government apps. If I bank online it's via the web.
I worried about that too, but jumped in and it hasn't been an issue at all in two years. Including three bank apps. And it's usually so easy to reset to vanilla Android if you need to, that it shouldn't be your moat.
> Instead of "privacy" we really should be talking about "control".
Fantastic. This is what I have been shifting towards these past couple years. Hardly anyone likes to be controlled, right?
Agree that "control" is a much better framing, since it doesn't suggest a need for secrecy and therefore embarrassing/unacceptable/untoward behavior that needs to stay behind drawn window blinds. I'm also fond of "agency" and "digital self-sovereignty" as alternatives.
But fine, I'll be the one to say it: Cloudflare isn't one of the good guys here and as an entity it shouldn't be trusted. It doesn't matter how pure their stated motives appear to be now, or how unmarred their track record is so far. It's a corporation that has control over an ever-increasing share of internet infrastructure, and is susceptible to the same risks as any other tech monopolist basket that we all decide to put our eggs in. Maybe more risky than the others, given how deep in the stack its influence is buried.
What happens when a government forces it to NXDOMAIN porn or put nuisance captchas in front of dissident blogs? Is there some reason people think this one is different?
> Cloudflare isn't one of the good guys here
Came here to say the same thing, post was interesting until I got to that point.
> nuisance captchas
Try using the internet outside of the western world and major hubs. Cloudflare make it so painful with captchas and browser integrity checks
The only thorn in the opine is Cloudflare. Everything looks reasonable but CF. I get that DNS is free, it is OP's employer and registry being offered sans margin but it doesn't make up for the fact that CF is on its way to become the biggest gatekeeper and strangle the freenet if it wishes to do so.
What's the story for maps and POI search on GrapheneOS? I'm assuming using Google Maps is a non-starter since that defeats the whole point of all these privacy protections in the first place.
OSMAnd and others can do offline maps and POI search if you want.
You could also run Google Maps web through Tor if needed. Tor is easy to use on Android.
Yeah I think most people use Organic Maps or Magic Earth (with the latter being closed and not as privacy-respecting as the former).
FYI: NetGuard is an open source rootless firewall for vanilla Android which also allows per-app network access control, for those unable or unwilling to go with other OSs. Works by leveraging Android VPN to block instead of tunneling packets.
This reminds me of the old meme:
> Tech enthusiasts: My entire house is smart.
> Tech workers: The only piece of technology in my house is a printer and I keep a gun next to it so I can shoot it if it makes a noise I don't recognize.
excellent article, you've inspired me to get off Gmail finally (Google's been sending me angry emails about hitting my storage limit for ages anyway).
side note, your link to Tuta is broken - think it's an internal link by accident
They also wrote "Messanging"
The average person won’t go through even 2% of the trouble. Your self inflicted lockdown is a niche within a niche. I respect it though!
Who cares what the average person will go through and do though? We’re each responsible for ourselves and how we choose to go about life, even if vastly differs from the general population.
reminder - there's tech out there capable of reading your mind remotely and non-invasively