CalyxOS (Android ROM)

As mentioned by others, CalyxOS supports almost the exact same phones as GOS, so why would you use CalyxOS?

Well, almost. As I said I have Fairphone 5 now, I know CalyxOS will support it. GOS will not. (and DivestOS will, I want to first test it on my other device though).

The lead developer of GOS being a dick is definitely a downside, but seeing as (to my understanding) the builds are reproducible and every commit is public… I don’t think the risk of him screwing people over is very high.

“The risk is not very high” means its not 0. How high, we can only guess, but I think we can safely say that the risk is higher than with CalyxOS. Since this whole privacy and security idea is about mitigating risks (threats), we should count this as well. Heck, a vast number of security breaches is nothing more than social engineering. People, their reliability and mental stability plays a huge role in threat control. Some companies often forget that and then you hear this and this company was breached… Maybe as a p&s community, lets not forget that as well.

1 Like
  1. Daniel is not the lead dev anymore
  2. Just because you think he is not psychological stable means nothing. It’s just your impression, which might not be true. Even if he was, why would that concern you? Many people have psychological problems and still the vast majority of them don’t do bad things to other people. They go to work and do their job.
  3. GrapheneOS has been developed by a team of full-time and part-time devs for years. Sneaking in malicious code would be very difficult.
  4. GrapheneOS is well known for its security and expertise and is used by security researchers and high-value targets, which evaluate the tools they use much more thoroughly.
  5. It has contributed a lot of code to AOSP, the Linux kernel, LLVM, Rust and more. You very likely use code developed by Daniel or other GrapheneOS members without even knowing about it.
  6. It has a flawless track record with regards to security and privacy.
  7. Which is contrary to CalyxOS which had quite a few serious security issues like repeatedly falling behind for months on security updates or weakening security aspects of their OS
  8. GrapheneOS overall does a much better job at security and privacy than CalyxOS, so why choose a inferior solution?

Daniel is not the lead dev anymore

He is

Just because you think he is not psychological stable means nothing. It’s just your impression, which might not be true. Even if he was, why would that concern you? Many people have psychological problems and still the vast majority of them don’t do bad things to other people. They go to work and do their job.

There is distinction between (e.g.) a person suffering from depressions and people creating conspiracy theories. I am not a psychiatr, its ok, I don’t need to label it, what I wanted to express (the main point) is that the behavior is not acceptable and doesn’t inspire trust.

GrapheneOS has been developed by a team of full-time and part-time devs for years. Sneaking in malicious code would be very difficult.

Fair. Difficult. But not impossible.

GrapheneOS is well known for its security and expertise and is used by security researchers and high-value targets, which evaluate the tools they use much more thoroughly.

This is a good point, I won’t argue about that (same for 5 - fair point)

Which is contrary to CalyxOS which had quite a few serious security issues like repeatedly falling behind for months on security updates or weakening security aspects of their OS

That’s all I read: they are falling behind with updates and do not inform properly about pitfalls of some solutions. Both of these is far more acceptable in my book* than the unpredictable aspect of some people.

*Granted both are acceptable because I do a proper research myself and I know these pitfalls.

GrapheneOS overall does a much better job at security and privacy than CalyxOS, so why choose a inferior solution?

Well, people have different preferences. That is why. For me, people aspect is a valid security checkbox. This threat vector is constantly underestimated.

1 Like

While I can understand and vibe with your points @whoami4 I am still going in the direction of of GOS…
Someday, not a priority atm.
While what happend makes me sceptical, but honestly I only cross read here, won’t get into it more than that, time is money, it is not important for my decision(s).
My decisions are based on facts, like this:

Facts regarding the software in this case
All the other stuff is irrelevant (for me)…

2 Likes

The issue there is that those comparisons are valid for existing builds, not future ones. Youll install updates before many people had a chance to review the code, thats the problem.

Like you, I dont particularly appreciate the added entropy when one starts to consider non-technical factors but by doing so I can arrive at a more rational decision

2 Likes

This is getting ridiculous. You didn’t bring up a single technical reason to choose CalyxOS over GrapheneOS. All you did is speculate about things which you have no insights into and hypothetical consequences which are very far fetched. And you put these above all the technical reasons. That’s not how to make a rational decision and especially not something to base a recommendation on.

Sir, there are people with vastly different preferences than you. Your and mine threat model may be quite different even if we both do want increased p&s. I understand some people like hard data over the soft ones, doesn’t mean the risk is not there. And this is not “technical hard data based privacy guides dot net”. I already saw that they consider even soft issues that doesn’t even have anything to do with p&s, for instance whether or not users may find themselves frustrated with the software or not. I doubt there are hard data for that somewhere.

I originally didn’t want to mention it here, because its not supposed to be an argument (and its not!). I just want to show you where I come from when I speak about security. I do have experience with assessing threats and implementing solutions, soft and hard ones, as I work in large international financial institution as a security engineer. World is not black and white and data is not all we have. Sometimes threat mitigation is speculative. Deal with it.

I would appreciate if you kept the discussion to the topic without calling things out. I may be speculative, but your last post whole point was just calling me out for having different opinion and different set of preferences (and speculation for what I have insights into and and what not, for that matter).

2 Likes

The Fairphone is not a recommended device for several reasons that have been extensively discussed before. If you decide to go with it anyway you should not expect a suitable recommendation. The recommendations are there to provide the best and only the best. Basically what you are saying is let me differ from what you have extensively and collectively researched, but I still demand a solution. NO you won’t get it. Either take the recommendation or don’t. If you decide to do something different that is totally fine but don’t come here to complain and demand a solution.

Basically what you are saying

No. Not what I am saying, what you are (or want to be) hearing

I am not demanding anything. This is a discussion about why people think CalyxOS should or should not be added. I stated my opinion, you do not have to be touchy about it just because it doesn’t correspond with your belief. Feel free to ignore me.

For your information I got the FP5 as a gift and I like it. I like the environmental aspect about it. There might be privacy minded people out there, who also like it and will come here looking for recommendation what to install on it, and they will not find CalyxOS mentioned even if its a valid option that may correspond with their threat model. World is not just black and white, what’s best for one is not best for another.

When you touched the topic of picking “approved” phone for privacy. You should also consider that by recommending a Google phone, (with each purchase) you are actually supporting one of the companies you fight against. And I know you might argument that perhaps even if all privacy minded people with Google pixel bought different phone instead, Google would actually not even feel it. Maybe, we can speculate. But there is also the other side. People may have different opinions than you, they may have different principles and would never buy a product from such a company like Google.

Oh and by your logic DivestOS should not be included too, because one of the reason why it is listed is because it includes phones that GOS doesn’t.

Incorrect. DivestOS is listed for those who have no access to the Pixel phones. Fairphone is of a similar price class as pixels and not available in more countries than the Pixel is. If that were different you would be correct, and I would not have approved the inclusion of divestos either.

The goal of PG should not be to outline all possible ways for you to do privacy because that’s simply chaos. For the record I have nothing against calyx nor do I have a certain belief. The facts just tell that grapheneOS is a better option. We should not recommend every other tool. I am not saying your choice is wrong given your situation, but it’s wrong to recommend this setup.

1 Like

About the google argument. This was discussed previously. off topic for this discussion. This has nothing to do with personal privacy but only with your personal choices.

Incorrect. DivestOS is listed for those who have no access to the Pixel phones.

This was discussed here before actually

DivestOS is there only because it has support for other devices as well and provides some hardening.

also this statement would suggest that availability is somewhat important

We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device’s compatibility with these operating systems.

And it is objectively better to install CalyxOS over having stock ROM. That is why people do not understand why the third option is missing.

Fairphone is of a similar price class as pixels and not available in more countries than the Pixel is.

This was also discussed above.


The goal of PG should not be to outline all possible ways

All right, then I misunderstood the point of the site. I thought they are recommending options for everyone who wants to improve his p&s. If I understand you correctly you say that it is recommending the final best state as perceived by the PG team, is that correct? I would then expect to be less alternatives in each category.

This has nothing to do with personal privacy but only with your personal choices.

discutable, but ok, lets not continue this thread

So uh… where did we end up with this, folks?

Again my understanding is that CalyxOS was removed because it had equivalent device support to GrapheneOS, which is no longer the case and hasn’t been for quite a while.

I also think that if you want to use microG, CalyxOS provides a more complete user experience than DivestOS given that microG is a first-class citizen and not expressly “unsupported” (nothing wrong with that though).

Do we want to purchase a Motorola phone to re-test CalyxOS? I think we are ~2 years out of date on the current state of things there :eyes:

:+1:

2 Likes

There is no reason to use CalyxOS over GrapheneOS if you have a Google Pixel.

Recommending phones with poor hardware and firmware security and short software support would be a huge disservice to the community. That’s not even considering that the hardware, such as the camera, screen, SoC, etc., will be a lot worse than even on budget Google Pixel devices.

I would rather add iOS to the recommendations over CalyxOS and these devices. CalyxOS has the resources to compete with GrapheneOS or even be better than GrapheneOS; they can do a lot better, but I’m not sure why they don’t. But for now, there is no real reason to use it.

1 Like

pls re-read discussion :rofl:

2 Likes

First paragraph is about using CalyxOS on a Pixel device. The second one is about phones like Motorola. Both add up to the conclusion that CalyxOS shouldn’t be recommended.

My understanding is not that Motorola would be recommended over Pixel. Rather, that Calyx would be recommended in the event that a Motorola device is more accessible to you. If both money and availability are not a factor, then Pixel/GOS would still be recommended.

If an AOSP operating system supports more devices than the Pixel and that ASOP is better for privacy than the stock version that would be installed, I think it should be recommended with the caveat that it only applies to those with otherwise unsupported devices and the real recommendation is to get a Pixel and use Graphene.

Lots of people are locked in contracts for their phones and are not in the position to buy a new phone for 2+ years, so if their existing device is supported by a better OS I think it should be recommended.

To me this is the same principle as recommending Windows software choices even though Windows is not a private operating system. It is certainly better than using non-private software.

Except that’s not the case for Calyx which is what this thread is about. In the past we haven’t recommended Fairphone for various reasons - the main one being support on firmware updates from Qualcomm which is something that effects all handset manufacturers using that SoC. The Moto phones there won’t be supported next year anyway.

Which has nothing to do with anything, because carrier locked phones generally have a locked bootloader as well, meaning you can’t put any other OS on there.

Don’t conflate things.

1 Like

The reason I framed it as I did was I was laying down criteria, not commenting specifically on Calyx being a good fit. In principle, an OS that is better than stock and compatible with more devices is worthy of consideration. I’m using Graphene and don’t have any hobby horse with Calyx.