And i get your frustation with that @jonah it makes sense. I just don’t think these phones w/ calyxOS are the solution. They are not available either in countries in Asia f.x. where I think this problem is more significant.
For what’s it worth, I would like to see CalyxOS listed if it qualifies. @jonah’s point about referencing a qualifying OS as long as it’s not worse than the AOSP is a good rule of thumb. By not recommending an option, especially when so few options exist, the implication is that the one that’s mentioned is not private enough to be trusted. Instead of interpreting Privacy Guides as being the best options that exist, it can be interpreted as being the only options that one should consider.
To the argument of not wanting to bog down users with too many choices, that doesn’t seem to be bogging down other pages that may list several options to consider. Also, I don’t think increasing the number of options from two to three is going to add too much analysis paralysis.
But also it seems to hinge on whether the the security updates keeping coming at a good rate.
Would it help at all if there was a reseller that shipped to countries google doesn’t sell in with a minimal markup? That way we don’t have to compromise on what OSs we reccomend, and more people get to use Graphene OS.
Since this thread is still going, I’d like to point out that Chromium 112.0.5615.101 was released two days ago with a zero day fix and CalyxOS still hasn’t updated to it despite being a simple version bump.
The Privacy Guides website is well developed but I feel its current treatment of Calyxos is unfair.
It contributes towards pitting Open Source projects that respect and promote the privacy of the end user against each other and spreads information that is false about the operating system. I will be making a 3 pronged criticism of the Privacyguides.net stance on Calyxos.
First, the signature spoofing on Calyxos is more secure than any other implementation across all roms since it only works when using microg. No other android package other than microg and fakestore can enable signature spoofing making this feature safe and secure for the end user. This change is open sourced and can be verified on the Calyxos Gitlab.
Second, Calyxos has more user friendly privacy features than any other rom. During install the user is prompted to install a free VPN provided by Calyx, Tor and several other open source apps that add privacy to the operating system. Also, Calyxos is patched to allow the Hotspot to use the system VPN so connected devices can be secure. And lastly, Calyxos has a firewall app built in that links the system firewall settings into an easy to use application.
Third, unlike its other open source compatriots Calyxos only uses open source projects to provide its software support. Microg, Seedvault, even the browser are all open source unlike some of the compatibility features of other open source projects that offer the option to install closed sourced play services.
I hope Calyxos can be reconsidered as a suggested operating system for Privacyguides. While its not hardened like its compatriots it is more private in many ways and enables user privacy by not using Play services. It also, maintains the security model of android and is consistent with its monthly updates.
I guess the biggest issue that’s been mentioned on the forums before is microG - here’s a discussion from the DivestOS dev on why there’s issues to consider with microG vs GOS’ sandboxed google play.
Also I’m not entirely sure if they still use it (the calyx website says they do at least but if they no longer do this point is moot) but the Bromite browser hasn’t had an update since December last year (as per the bromite github repo) which is Not Good At All considering it’s what’d be used for the webview. Having an outdated browser is really bad and I hope that the site is just outdated and they’ve actually moved to e.g., Cromite.
Providing the provisions to “easily” install private applications is kinda moot when there are issues with that - I don’t have a source for this beyond remembering a discussion from the GOS matrix rooms, but if I’m remembering that discussion correctly, the included apps with Calyx are sometimes outdated. If you have to update the apps basically immediately after installing, then you might as well go to the up to date source anyway?
Blindy suggesting Tor usage without proper thought is not a good idea.
So does regular android. We think the ‘INTERNET’ permission, is more intuitive, and has had less issues in the past with by-passes. The main thing is that Calyx doesn’t really run anywhere GrapheneOS doesn’t (except for a couple barely supported devices anyway).
And yes, @pinkandwhite does point out, that you might as well install the other apps from their source where they are up to date.
Microg, is still google services, it’s just an open implementation that might be lacking at times it really has no bearing on privacy however. Also: Privileged eSIM Activation Application, is another reason we prefer the sandboxed play services approach.
The microg vs sandboxed google play services debate is moot because both rely on google binaries and communicate with google. But I the user trust microg’s open source implementation of those binaries more than I trust google’s closed source implementation because I can control which apps use microg via an in app toggle. I can also control whether my device is registered with google via a toggle. Microg also, doesn’t send device identifies afaik whereas sandboxed google play does.
Calyxos uses their own chromium fork with the patches from Bromite, now chromite, added ontop which means the base browser/webview was always secure even if bromite was no longer being updated.
Your final point about preinstalled apps is moot when considering that even on stock preshipped apps are out of date and require an update. But usually nowadays they ship the most up to date apps.
I can list multiple features of Calyx that aren’t on Graphene. But my point is comparing the two does a disservice to what each has to offer. Calyxos is still better than stock for privacy. This website is called PRIVACYGUIDES not SECURITYGUIDES. Multiple options should be included to accomadate multiple use cases. Also, the apps at startup like tor browser, orbot, riseup vpn, calyx vpn are not preinstalled. Its all user choice.
Features Calyxos has:
VPN over Hotspot
Microg which doesn’t send identifiers to google. Hence no advertising ID or tracking unlike sandboxed google play services.
Datura Firewall. Literally a frontend for hidden system settings with more customizable network options like mobile network, wifi, background data and vpn access.
An android work profile that doesn’t rely on trusting another app to be a device administrator.
Honestly, I have spent time using both graphene and Calyxos. Both are very different projects and picking one over the other is honestly ridiculous. Also, how is divestos listed when half its builds are untested? Calyxos should be listed before divestos.
I understand CalyxOS enabling the proprietary Google app by default is a problem, but how come GrapheneOS requires installing the full (albeit sandboxed,) Google Play Services just to add an eSIM? That is also very wrong in my opinion.
Have you seen this table? CalyxOS seems to fall behind compared to GrapheneOS and DivestOS in a ton of aspects. I definitely wouldn’t consider it on the same level, I agree with PG not recommending it. There’s really no reason to when GrapheneOS and DivestOS exist and are just simply better. You’d be much better off using those 2 any day IMO.
The argument being that the Motorola G32 is a ~$150 option brand new, whereas Pixel devices are $350 at minimum from a trusted source (Google Store), $499 minimum for a current-gen product, and still ~$200 minimum even on the used marketplace.
The real question is: All this being the case, do we prefer CalyxOS over DivestOS? Previously we did, which is why our ranking was GrapheneOS > CalyxOS > DivestOS, and we only removed CalyxOS once their device support was identical to GrapheneOS.
That being said, I’m not sure if this is actually wise in the present day, DivestOS might be preferable to CalyxOS in all aspects anyways, and then this doesn’t matter as much.
That seems to be the general agreement above, although not unanimously [1, 2]. In which case I’d ask, what phone would you recommend someone with a $100-$300 budget buy? Maybe that can be a separate thread.