"I have refused to carry any sort of cellular phone" -rms

I had a brief back and forth with Richard Stallman this week (he’s one of my heroes and has cancer, I wrote him to tell him he is the man). At the bottom of an email reply he said this (we were talking about my kid):

Soon he will be tempted to demand a snoop-phone full of nonfree software.

I have refused to carry any sort of cellular phone, because they have nonfree software that can be changed remotely.

I think he is right Having tried many combinations suggested here and some not (iOS, Pixel w/ Graphene and Without, Lineage etc…) I feel I’m always giving some actors the keys to my private kingdom… namely:

  • My Phone Carrier They have all of my calls and texts, my rough location (even with location turned off)
  • Google via Google Play Services For me, GrapheneOS is unworkable without Google Play Services (if you manage to use it without, God Bless you!)
  • Proton via ProtonMail and ProtonVPN etc… I’m not mad about this one, I like proton, but they know a lot about me, most is encrypted though, so I’m good.
  • Bitwarden Not worried about this one either, but worth saying

If your threat model includes the Government (US in particular), Google or Apple, then you better not use a phone

Apple or Google, choose one You can avoid giving data to Google (generally) by getting an Apple device (but you’ll probably get pwnd by Israeli Pegasus shit, who knows closed source code), and you can avoid giving data to Apple by using Google devices (probably the safer bet)… but practically can’t avoid picking between the two… GrapheneOS is as close as we can get, which is why it’s recommended, and it CAN be used in a way that leaks nothing to Google, but I doubt many of us here have successfully used it in that way. I have tried my best and it’s very very hard. My favorite tools (Proton and Signal) even require Google Play Services to run, and must be downloaded from the Play Store (or Aurora, which for me is an unnecessary extra step).

If you are using a Phone, the Gov’t can probably snoop (see the thread about the Jan 6 Dragnet)

I think the site does a good job discussing Threat Modeling particularly:

If you wanted to use the most secure tools available, you’d have to sacrifice a lot of usability. And, even then, nothing is ever fully secure.

But it seems sometimes in the forum we shit on each other if we use Stock Android or iOS. Both are not perfect… but no phones are. And in my experience most GrapheneOS setups with Google Play Services will still leaking Google in practice, not quite as much as Stock Andriod… but enough.

My Setup:

  1. Stock Android on a Pixel 6
  2. Google Play Store (not Aurora, no need for a man in the middle) and Obtainium
  3. RethinkDNS (USE IT!!)
  4. Proton Suite
  5. Cromite and Tor Browser (w/ ProtonVPN connecting via Rethink and wireguard)
  6. Kagi Search w Unlimited
  7. Other Apps are either Trusted (full internet access minus dns blocklist), Have no Internet Access (Simple Mobile Tools, or apps like LM Playground Where I can have an LLM convo without leaking it to the internet) or connect via VPN (only Tor Browser at this time, I’m willing to sacrifice privacy for speed).
  8. Google Maps, because Google is not in my threat model because they can’t be removed (SAD), plus OSMAND and Organic Maps can’t search addresses well still (SAD!)

My Recommendations:

  1. Read the threat model decide whether your goal is really to cut out Apple/Google and the Government… and if you are willing to do what it takes to cut them (either use GrapheneOS ‘fully’ or not carry a phone)
  2. Read the Android or iOS guides if you end up using those devices
4 Likes

I don´t get it. From one side you complain about Google and even Sandboxed Google Services are much, on the other hand you use Stock with Pixel 6?

6 Likes

Yeah, doesn’t make sense.

3 Likes

Just relegate your secret communication exclusively to secure E2EE communications such as Signal. If you don’t want your cell service provider to be able to identify you, use an anonymous payment method and provide a fake name if required. Keep your phone on airplane mode when at home, so your cell provider doesn’t learn your approximate home address. In general, don’t give info, or give false info.

Aurora isn’t any more of a man in the middle than Obtainium is. Aurora downloads directly from Google Play. Obtainium downloads directly from Github (and other sites).

As we’ve discussed here, Kagi doesn’t offer privacy benefits over free search engines like Brave and Duckduckgo.

I use Magic Earth. It’s proprietary, but its privacy policy seems decent.

4 Likes

They have your calls and messages because you gave it to them, just use Signal or SimpleX.

I also highly doubt that you need to worry about cellular triangulation. Especially if you have purchased your phone in cash and use a prepaid SIM card.

And this is the part where you should elaborate, or you’re just spreading FUD.

Also, you complain about sandboxed Google Play Services while using the stock OS, where Google has privileged access to your hardware identifiers and the rest of your system.

This is literally the same regardless of what OS you use. In fact, it’s a lot better on a mobile device because of the strong security and permission model. Both of these things are basically nonexistent on desktop OSs.

Same as the above.

If your threat model includes the government, then you must use GrapheneOS. On desktop, you should be using Qubes OS and, preferably, Qubes-Whonix.

This is a bunch of FUD, will not even bother replying.

Again, elaborate.

I’m sorry to be the one to break it to you, but unless you’re using GrapheneOS or DivestOS which both allow revoking the network permission, you aren’t blocking apps access to the internet.

3 Likes

No, they don’t.

7 Likes

This is too excessive for most threat models, but could apply to this scenario.

If this is a true concern buy a faraday bag and store your phone when not using it. Only use it at busy areas where there are many other devices to blend in.

In terms of calls and texts, only use privacy respecting apps like Signal.

When you are home, you can use a computer with communications apps instead of your phone. (Prevents phone carrier from knowing your physical address, assuming you bought the phone and SIM cash).

The phone should be placed in the Faraday bag at a busy location before going home.

1 Like

I’ve given up trying to block Google. For me it can’t practically be done. GrapheneOS is close, but since most apps I use still require Google Play Services I don’t feel it’s worth it for me. (and yes proton doesn’t NEED GPS, but it does for notifications)

@Lukas not trying to spread FUD, I’ll say it this way. The way I use GrapheneOS and the Sandboxed Google Play, it seems as though I’m giving as much info away to Google as on Stock Android. PLUS I have to additionally trust the GrapheneOS team, which I don’t.

I disagree on the phone front. I think if your threat model includes the govt you better not use a phone, use a flip burner in a faraday bag or something.

agree!

In summary

  • I hate the privacy tradeoffs on phones
  • I don’t like GrapheneOS and the way I end up using it and the way it is still dependent on google (the way I use it)
  • I think Stallman’s advice is right for people with extreme threat models, it’s not “Use Graphene OS” it’s “Don’t use a phone”. Luckily my threat model isn’t exterme, so I’ve given up and am using stock android with the privacy tweaks I can live with (like trying to use signal and proton etc…
1 Like

For more context this is a common point of discussion over on the Free Sofware Foundation forums, they are mostly ‘freedom’ focused not (only) privacy but I think my questioning is reasonable and not just FUD… see Graphene Related posts below

“Living Without Mobile Devices” and “Graphene OS - Good or no?”

Airplane mode accomplishes the same thing as the faraday bag.

It should! But I’d rather trust physics and a physical bag than an ever-changing software stack… and anyone counting on radio silence should probably use both.

When you place the phone in airplane mode it pings cell towers stating this. Do you know if this is the case on GrapheneOS as well?

If you enable airplane mode on GrapheneOS then the cellular radio is completely disabled.

5 Likes

They can be. But its up to you to decide whether the tradeoffs are worth it for you.

I’d also encourage you not to think in black and white terms, its counterproductive in the context of both privacy and security. Its not useful to think of Google or no Google as a binary choice, There is a huge spectrum between Google’s proprietary stock Android + heavy use of Google apps and services, and zero Google. Not being able to get to true zero shouldn’t lead you to just throw up hands and go full Google (unless that’s your preference)

You are saying your hero is RMS, his whole philosophy seems centered around making hard choices, and being willing to give some things up when they don’t align with your values/ethics. With that in mind, it is surprising to see you so willingly opting for an OS that is neither FOSS nor private, just because the FOSS and private alternatives aren’t perfect or require some tradeoffs. I’m not trying to criticize I’m just genuinely surprised, and don’t understand the logic of choosing arguably the worst option for privacy (stock Android) just because the best options are not perfect. Don’t let perfect be the enemy of good.

Specifics are useful, but I don’t think that the above is a particularly controversial thing to acknowledge. Correct me if things have changed but sandboxed play services, just means the same sandbox that applies to normal apps applies to play services also. If you’d be uncomfortable installing an app like Facebook or Whatsapp or something like that on your phone, I think installing sandboxed play services warrants at minimum the same amount of concern/discomfort.

IMO sandboxed play services is a huge step in the right direction for those who can’t or don’t care to use GOS in its default non-GPS dependent state, but I think the term ‘sandboxed’ can give a misleading sense of overconfidence. Unless I’m missing something sandboxed play services should be trusted more or less to the same extent you’d treat any other normally privileged proprietary app from a privacy hostile company.

4 Likes

@xe3 this is helpful.

I have lasted for a few months with Graphpene before I quit (I’ve tried a handful of times) here are the basic apps I need:

Apps that I like, are recommended here, but are not available to install outside of the play store, (or Aurora store, which is the play store with a man in the middle) and complain to me about missing Google Play Services when installed on GOS:

  • Proton Calendar
  • Proton Drive
  • Proton Mail
  • Signal

Do Not Require Google Play Services, I can get these easily with Obtainium and Github, which I like better than Aurora.

  • Bitwarden
  • Cake Wallet
  • Librera
  • Obtainium
  • ONLYOFFICE Documents
  • Rethink
  • RTranslator
  • Standard Notes

So, I’m willing to try again, what do I do? Just install via Aurora store and keep Sandboxed GPS off? Put Proton in a separate profile and install GPS there? Use Molly instead of Signal (yet another man in the middle?) Help me out and I’d be happy to give it a try and report back.

Aurora just feels gross and insecure… it’s a vibe and that’s not helpful maybe… but if all of this stuff didn’t complain about missing GPS and was installable from source with Github/Obtainium I would be all over it.

1 Like

Just FYI, but all proton apps for android can be download ed from here and if I remember correctly, fetching apks from the above URL with obtainium is relatively painless.

7 Likes

I see signal does the same thing Signal >> Signal Android APK

What a relief. Either I’m an idiot (likely) or they weren’t doing this last time I tried GOS.

Either way thank you @seize

GOS has an option for Sandboxed play services and sandboxes Google Play Store. You can use that. Also, instead of Signal, you can use Molly FOSS if you dont want play services. Its worked well for me so far

1 Like

@xe3 @Lukas I did it, so very sexy.

I am happy I landed here, but it felt pretty cumbersome to get here. GOS by providing no alternative seems to push users to download the cancer that is Sandboxed Google Play as if that’s the only way to get apps, The alternative being F-Droid (unsafe), and Aurora (maybe safe but gross to me). I can get all of this shit with obtainium (or just by hand-downloading APKs) directly from the source without extra men in the middle… so nice. so fun. so private. I’m not sure how many other people on the forum would benefit from a schooling on how to get apps without instantly downloading GPS, but this was definitely a helpful exercise for me.

I’ll still end up setting up an alternative profile that isolates the cancerous shit I might need to download (Android Auto for my newish car, unfortunately and a few other proprietary things I need maybe once a week) but I feel way more in control now. I’ll still probably end up sending a little bit of data to Google. but less than I was earlier today.

Thanks to the helpful folks quoted below:

2 Likes

Thanks for this! I was wondering where I would get all of their downloadable APKs for Obtainium since they don’t have everything on GitHub. I might use this.

One thing that’s stopping me, though, is the fact that some updates might be a bit slow. I noticed one time that they released updates for Proton VPN on the play store before GitHub, which I found odd.

Also, I am wondering if this website is officially operated and maintained by Proton? I am trying to look for a backlink on Proton’s official website but can’t seem to find any. I guess I could do something with the SHA256 fingerprints that they show on that website, but not tech savvy enough to know what to do.

edit: Actually, it looks like the download links are directly from official Proton sources, so it should be all good on that end, but the issue of slow updates remain. Probably won’t use it. The calendar download link, for example, is still using the old <protonmail.com> domain. I really wish they would open source the APKs.