• miss_brainfart@lemmy.ml
    link
    fedilink
    arrow-up
    28
    ·
    edit-2
    11 months ago

    Getting a Pixel just to have Graphene is not always an option. At least not a sensible one that factors in everything that’s important when buying something.

    My current phone still runs perfectly fine, so getting a new one feels like a massive waste, too.

            • Denatured@lemm.ee
              link
              fedilink
              arrow-up
              2
              ·
              10 months ago

              Didn’t they get some grant from twitter or something like that? Cuz calyxos did get a million dollar grant last year from that jak dorsie guy.

          • nossaquesapao@lemmy.eco.br
            link
            fedilink
            arrow-up
            4
            ·
            11 months ago

            That means shit, if someone can compromise your bootloader in an hotel or some other public place then they’ll get to your data either way once you turn on the phone.

            I never really understood how this kind of attack happens. Can it simply be done in any phone? What are the required conditions?

          • QuazarOmega@lemy.lol
            link
            fedilink
            arrow-up
            1
            ·
            11 months ago

            Ah I see, does that mean that in terms of security, switching to another ROM on a phone with non re-lockable bootloader is a downgrade from the stock ROM?

              • Onyx376@lemmy.ml
                link
                fedilink
                arrow-up
                2
                ·
                11 months ago

                Don’t you think it’s easier, due to inattention when installing a compromised app, a privilege escalation attack through root or actually an invasion due to the amount of bloatware from companies that take their piece of the pie in the Stock ROM (even though they do would cleaning via ADB) and even worse rooted to block these suspicious traffic be something more harmful for the user?

                Because the ability to steal the decryption password in RAM memory due to the unlocked bootloader is a little less likely for the thief to have.

                I use LineageOS and I feel much better, since my cell phone is Xiaomi, than using MIUI, which is from a chinese big tech company and has proprietary code.

              • MigratingtoLemmy@lemmy.world
                link
                fedilink
                arrow-up
                2
                ·
                edit-2
                11 months ago

                Tell you what: I agree with you on this. If one is truly paranoid and takes physical security into account, a rooted stock OS is a far better option in terms of restricting access to system files (not saying the CIA/MOSSAD can’t do it, but your random reddit-informed script kiddie definitely can’t). Indeed, rooting your stock OS, firewalling everything and deleting telemetry might be a decent idea (there are ways to install security patches on rooted mobiles, not to worry).

                Edit: on the matter of CalyxOS, I wouldn’t go as far as to fault them on it. Grapehene has taken a resolution to either block/use their own almanac servers. This requires a fair bit of work. Oh, and what domain do Google chips use for almanacs anyway?

                  • MigratingtoLemmy@lemmy.world
                    link
                    fedilink
                    arrow-up
                    1
                    ·
                    11 months ago

                    One could argue about funding/interest when there are other things to fix. Essentially, when someone develops FOSS, people don’t get to order them around on what to do. I’m very pleased with what Calyx and Graphene have achieved till date and support them wholeheartedly (speaking of which, I should get back to donating, money is a bit tight though). But yes, perhaps a disclaimer for the paranoid people on Calyx’s website could be a decent idea.

              • QuazarOmega@lemy.lol
                link
                fedilink
                arrow-up
                1
                ·
                11 months ago

                Thanks for the info! I agree, without being able to outright change phone, you can only choose your tradeoffs

        • nossaquesapao@lemmy.eco.br
          link
          fedilink
          arrow-up
          13
          ·
          edit-2
          11 months ago

          Brazilian here, used to people being robbed all the time:

          Almost 100% of the time, robbers just want quick cash, ant they will either 1: steal the phone and try to sell it (most robberies simply fall into this first category) or 2: point you a gun and force you to unlock the phone in order to 2a: force you to transfer money from all your banking apps or 2b: take it unlocked in order to send messages to your contacts asking for money.

          Most robbers don’t have enough tech skills to even understand what a bootloader is. We live in techy social circles and we tend to think everyone has similar skills, while in reality, most people can barely use their devices. Just to illustrate how low are most people skills, if you format a drive with something like ext4, most of the population will be unable to access it.

          The kind of situations where criminals will have high skills tend to be when they target specific people or companies, usually paid by crime lords or rivals. Such scenario is very unlikely to happen to the average joe.

          Don’t get me wrong here, I’m not saying that security measures are unnecessary. I’m just telling how most criminals operate around here, and highlighting how we tend to overestimate people’s tech skills.