Go cheap, and go second hand if possible
Privacy
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
what kind of risks are there with buying a second hand phone? I don't know so much about how phones work. But for example with a laptop they could in theory implant all kinds of hidden spyware and backdoors in the firmware and it would be impossible to find it and remove it. The only protection against that is that we believe it's so unlikely someone random would do that. So that is just an example what I'm talking about when I ask about what the risks would be when buying a second hand phone?
The main concern is going to be hardware reliability from wear and tear. That's the value of buying refurbished, for which there are several reputable retailers online (some of which selling degoogled phones with their own OSes). On the software side, since I'm presuming the focus of this discussion is installing grapheneos, its not really a concern since you're going to be reflashing the device
I recommend using https://swappa.com to buy used phones since they have quality assurance and returns. Much safer than eBay because you could accidentally buy a phone that has its IMEI blacklisted, which shouldn't happen with swappa.
Phones are ridiculously expensive now. I was always buying the best phone growing up, but now it's absolutely not worth it. People pay for great cameras, essentially, and then post most of their pics on social media where they are compressed and converted from the original image anyway.
cameras aren't really about resolution or detail these days though
I find phone images too always look overprocessed, specifically sharpened and denoised.
I have the 8 Pro, and honestly, with another 6 years of updates ahead for it, I see absolutely no reason to take the leap for such a premium. Go with the 8, the "upgrade" isn't worth all that money.
The new version also hasn't been around for that long, so it might face issues that will be worked out over time. We already had a post on a Lemmy android community about moisture issues
That's also true. I only got the 8 Pro after the complaints died down almost a year after launch precisely because of that.
Fuck all that noise, Pixel 6a + graphene £130. Why waste so much money!?
Pixel 8 Pro — minimum 7 years support and hardware memory tagging support
These devices aren't even constructed to last 7 years. I don't see that either of those things are worth £600 personally.
Well if the support ends, GrapheneOS support ends too. That's why more years of support is important here.
What relevance does that have to what I said? If the physical phone isn't going to last that long then I'd argue it is of little importance.
Well if you recommend getting an older phone because it's cheaper, GrapheneOS support may be a concern. Also I think a phone usually can last for 7 years with 1 battery replacement, good ambient temperature and careful use.
I mean, the 6a still has 3 years of support left so whilst it is older it is hardly at the end of its supported life.
Not everyone can change a battery in a phone, I can but I would still rather not do it on a phone that isn't really anything special and whilst yes they could feasibly last that long I think in practical everyday use application by the time you are getting to three years of daily use it will be beaten up and physically not in great shape any more for your average user.
3 years is not that much unless the user doesn't mind changing phones rather often and beating up a phone in such a short time is just a massive skill issue tbh.
I don't know what your doing but with a case and screen protector, I have never ended on a phone looking worse than factory new.
Battery is a good point. I can have a phone shop change the battery for me.
My pixel 6 is about 3 years old and the only wear I can see on it is a single little micro scratch in the top right corner of the screen that I can't see without a light reflecting off of it. I don't bother with a screen protector, just a thin silicon case. Battery is fine for about 2 days of normal use even though I regularly use a wireless charger.
Whatever idea you have to phones, you‘re wrong. They can easily make 5 plus years if you treat them right. The more problematic part is daily use and battery degradation/repair.
But google sucks anyway so I‘ll stay with postmarketOS on my oneplus6 and wait for my camera to come to life some day (hopefully).
Why not DivestOS on the OnePlus 6.
Because android. PostmarketOS is linux (based on alpine linux)
Interesting. I have a vastly divergent opinion on linux for mobile, mostly that it is not secure. This is true for Desktop linux but is more important considering the threat model necessary for mobile device Security.
Feel free to elaborate. Everything I have read over my life (couple thousand pages I guess) suggestd that linux can be a lot more secure than windows and ios.
Linux is not security hardened. It does not properly sandbox applications (and there is nothing as secure as android's sandboxing on linux). In fact, most linux package managers do not feature any sandboxing of applications, period. Linux does not implement verified boot. It does not harden against physical port attacks. It does not use a hardened memory allocator. Privilege escalation is simple because of how straightforward it is to compromise a wheel user (sudo user). Linux does not harden it kernel flags by default. Alpine (and most linux package managers) are not secure (aka does not pass the TUF threat model). Most linux distros dont feature a read-only root filesystem, which would help to improve security. Also, Systemd is a bloated init system and has a massive attack surface. GNU's tooling is also bloated and freebsd's would make a good alternative (like what is done by Chimera Linux)
Here are some readings on linux security:
Article by one of the Whonix Devs https://madaidans-insecurities.github.io/linux.html and also are hardening guide from them https://madaidans-insecurities.github.io/guides/linux-hardening.html
Wiki page of Whonix considering many linux distros for whether they make a good base for Whonix's security distro: https://www.whonix.org/wiki/Dev/Operating_System#Alpine_Linux
Kicksecure's wiki: https://www.kicksecure.com/wiki/Documentation
Here are some Security hardened distros (Note that none meet the threat model for a mobile phone OS as they dont feature verified boot):
https://www.kicksecure.com
https://github.com/secureblue/secureblue
https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/hardened.nix.
Special mention which isnt hardened but has great potential: https://chimera-linux.org/
You do realize that this is bullshit, right?
Its typical fearmongering (in fact the same article too) that I have been sent a ton of times by low tech users that fanboy for graphene.
There is no such thing as „physical port attacks“. It also works very different on phones then on computers. You can for example use i2c on an iphone to crack it open which somewhat straightforward to do but still has zero implications for daily use. The linux apps are desktop apps and as such dont have any chance to get through all of the open source community‘s eyes undetected.
Its a completely backwards take that assumes using bad faith software written in the dark by proprietary vendors which just isnt real.
I only mentioned physical port attacks in a much larger list of things Linux MUST improve on. I am not a grapheneOS shill, nor did any of the supporting articles I sent relate to GOS, so I don't really understand your response. Read through the links I posted and learn more about the operating system you use. I am NOT saying linux is dogshit, I very much love linux. Why not just educate yourself on this topic instead of assuming things from a place of ignorance or constructing a strawman. I spend multiple hours per day reading and putting into practice Linux hardening techniques, I am not just working with a surface level understanding of Linux security.
Even open source is vulnerable. Two questions: do you examine all the commits on every app you use? Do you compile every update to the apps you use from source? Sandboxing is important because if an application is compromised it cant lead to privilege escalation or userspace spyware.
I‘m not that bad at rhetoric either but I avoid it when I can.
Your argument is empty. Privilege escalation attacks are plain old cves that get found, evaluated and fixed. You need access to the phone, mostly in an unlocked state to get anything to work like that, same as with a computer.
I know a couple of pen testers and I would definitely know if there were large differences between operating systems securitywise.
CVEs are often go mislabeled as normal bugs and dont get the attention needed. It also may take a bit for such vulnerabilities to make it downstream.
A simple privilege escalation attack on basically every system goes as follows: add a function into the bashrc file of a users that runs a script, have the script intercept the users sudo credentials and pass the command on normally as if it was just the regular sudo command. Now you have root. Nothing here requires priveleges beforehand. Anything, be it a script, appimage, malicious binary, etc can follow those steps and gain root access by compromising the wheel user. Even without compromising a user, it could simply add a Systemd user service that keylogs (keylogging is still possible on Wayland without security hardening)
A prerequisite of course is getting that file onto the user's computer. There are a plethora of ways. Simplest way is to learn what applications the user installs, find the weakest link, and compromise them.
There are of course much more sophisticated and better ways, some of which are detailed in the supporting links I sent. Every Security expert and researcher I have talked to can recognize that Linux has an outdated security model. The best links to read would be the hardening guide and "linux isnt secure".
I did quite some reading in my time, as I mentioned. The methods you are describing are riddled with ifs and buts. The reality is that even online systems arent hacked if they dont have obvious flaws like passwords in root ssh. on the other hand tools like john the ripper can break each and every common encryption given the right circumstances. Its no difference. Its all just marketing.
Neither of the methods I mentioned are hard. They have no 'if's or 'but's, only the same prerequisite as any bit of malware, get run. Do you know how to protect against either of the attacks I mentioned? You can poke some holes in them if you like.
The attacks I mentioned (and even more in the articles and wiki's for the "Security focused linux distros" I shared) are often not possible on Windows or OSX because of the hardening present on basically every other modern OS. Linux just makes it easy. I don't really understand what you mean by "I did a lot of reading in my time", Security research is continuous and you can never get to a point where you understand everything or anything. I learn new things everyday, I suggest you expand your horizons and learn more about the topic you have such confidence in. Nothing that I shared is a long read, there are no tricks and I am not trying to tell you to stop using Linux mobile. Just that it isn't "secure", or more specifically it isnt as secure (out of the box or even with moderate hardening) as OSX/Windows/BSD/Android. Default Linux IS more private than any closed source systems, but when compared to other open source OSes like DivestOS (deblobbed hardened AOSP), Kicksecure (Debian Linux), Secureblue (Fedora Atomic), or hardened BSD, it is missing out on a lot of necessary hardening policies/changes.
I'd either get an older model for cheap, or get a 9 because of the satellite capability. I wonder if GrapheneOS supports the latter, and for that matter whether it supports the 9 at all yet.
Added prices to post title and looking up the satellite feature now, thanks!
Edit Does the satellite stuff work in the UK and could it be bad for privacy?
Does the satellite stuff work in the UK and could it be bad for privacy?
~~I'm not sure if it works in the UK,~~ (see below) but it's really only meant for emergencies. Like if you're lost in the wilderness with no cell phone signal and you've broken your leg. It really can only be activated when you dial 911 and don't have signal, so I don't expect that that's something you'd want a lot of privacy for if you wanted you be, you know, rescued and alive. I think I'd be willing to sacrifice info like my name, location, and the nature of my emergency to stay alive but that's just me. 😆
- This feature is currently available in the US only (except Hawaii and Alaska).
To contact emergency services when you don’t have a network coverage on your Pixel phone:
- Dial 911 immediately.
- If you don’t have a mobile or Wi-Fi network, you'll find an option to use Satellite SOS in the dialer.
- Tap Satellite SOS android satellite and then Use Satellite SOS and then Start.
- To describe your emergency, fill out the emergency questionnaire.
- To share your emergency with your emergency contacts, answer the on-screen questions.
- To notify your emergency contacts, tap Notify.
- If you don’t want your emergency contacts to receive your location and emergency information, tap Don’t notify.
- To connect to the satellite, follow the on-screen prompts to correctly position your phone.
- Connection and response times vary based on location, site conditions, and other factors.
- Once you’re connected, the emergency service provider should reply via text within a few minutes.
- To receive replies, stay outside with a clear view of the sky.
- When you would like to end the satellite text conversation, press the End button and follow the prompts.
Anyway I doubt it would be sending data to satellites without you knowing simply because that's costly and you have to align your phone properly to get signal for it to begin with.
you have to align your phone properly
Didn't think of this, thanks!
I found this (rather toxic) thread talking about turning it off. Doesn't seem like it's possible normally, but I'll be curious how GRAPHENE IS handles it.
https://old.reddit.com/r/GooglePixel/comments/1f66bzi/how_to_disable_the_satellite_sos/
Ah it's only available in the US too
Look on Starlink.com. I don't expect it's much worse than your typpical evil ISP or phone caerrier in terms of privacy. Certainly you could route everything through a VPN and that might help a little.
Edit: oh wait, I confused this thread with a different one when I looked at my inbox. Starlink is a high speed service with a roof antenna. For satellite phone stuff, look at https://skylo.tech.
route everything through a VPN
I can see it now:
"SOS I need help, I'm stuck in an underwater cave just outside Tulum, Mexico and I'm running out of air!"
"Finding your geolocation, we have determined your cave is in New Zealand. Dispatching rescue team to the Mines of Moria."
EDIT: Don't ask me how someone got satellite phone signal in an underwater cave lol.
Do you really need the pro? I mean, I got a 2nd hand Pixel 8 for a little under $450 last month and am perfectly happy with it (my last phone was a OnePlus 7t). It will get the same support as the Pro for much cheaper...
Also the size. My "a" was already at the edge of being usable with one hand, while Pro is even bigger. Plus - the "a"s don't have glass backs, unlike the Pro and even the normal ones.
I personally would go with the previous model, and the A version. When 7 came out, I got a 6A for £299 new. Wouldn't spend much more unless I had to.
My 7a being $300 was already very expensive for me. None of those prices are acceptable for a phone of all things.
Maybe a 8 - 8a?
I'm sorry for being slightly off-topic, but ONE THOUSAND clams for an easily breakable/losable thief magnet is just bonkers to me. my desktop, laptop, tablet and phones cost way less than that in total.
you sure you separated your "needs" from your "wants"?
Breakable, losable, stealable? Skill issue