I had a brief back and forth with Richard Stallman this week (he’s one of my heroes and has cancer, I wrote him to tell him he is the man). At the bottom of an email reply he said this (we were talking about my kid):
Soon he will be tempted to demand a snoop-phone full of nonfree software.
I have refused to carry any sort of cellular phone, because they have nonfree software that can be changed remotely.
I think he is right Having tried many combinations suggested here and some not (iOS, Pixel w/ Graphene and Without, Lineage etc…) I feel I’m always giving some actors the keys to my private kingdom… namely:
- My Phone Carrier They have all of my calls and texts, my rough location (even with location turned off)
- Google via Google Play Services For me, GrapheneOS is unworkable without Google Play Services (if you manage to use it without, God Bless you!)
- Proton via ProtonMail and ProtonVPN etc… I’m not mad about this one, I like proton, but they know a lot about me, most is encrypted though, so I’m good.
- Bitwarden Not worried about this one either, but worth saying
If your threat model includes the Government (US in particular), Google or Apple, then you better not use a phone
Apple or Google, choose one You can avoid giving data to Google (generally) by getting an Apple device (but you’ll probably get pwnd by Israeli Pegasus shit, who knows closed source code), and you can avoid giving data to Apple by using Google devices (probably the safer bet)… but practically can’t avoid picking between the two… GrapheneOS is as close as we can get, which is why it’s recommended, and it CAN be used in a way that leaks nothing to Google, but I doubt many of us here have successfully used it in that way. I have tried my best and it’s very very hard. My favorite tools (Proton and Signal) even require Google Play Services to run, and must be downloaded from the Play Store (or Aurora, which for me is an unnecessary extra step).
If you are using a Phone, the Gov’t can probably snoop (see the thread about the Jan 6 Dragnet)
I think the site does a good job discussing Threat Modeling particularly:
If you wanted to use the most secure tools available, you’d have to sacrifice a lot of usability. And, even then, nothing is ever fully secure.
But it seems sometimes in the forum we shit on each other if we use Stock Android or iOS. Both are not perfect… but no phones are. And in my experience most GrapheneOS setups with Google Play Services will still leaking Google in practice, not quite as much as Stock Andriod… but enough.
My Setup:
- Stock Android on a Pixel 6
- Google Play Store (not Aurora, no need for a man in the middle) and Obtainium
- RethinkDNS (USE IT!!)
- Proton Suite
- Cromite and Tor Browser (w/ ProtonVPN connecting via Rethink and wireguard)
- Kagi Search w Unlimited
- Other Apps are either Trusted (full internet access minus dns blocklist), Have no Internet Access (Simple Mobile Tools, or apps like LM Playground Where I can have an LLM convo without leaking it to the internet) or connect via VPN (only Tor Browser at this time, I’m willing to sacrifice privacy for speed).
- Google Maps, because Google is not in my threat model because they can’t be removed (SAD), plus OSMAND and Organic Maps can’t search addresses well still (SAD!)
My Recommendations:
- Read the threat model decide whether your goal is really to cut out Apple/Google and the Government… and if you are willing to do what it takes to cut them (either use GrapheneOS ‘fully’ or not carry a phone)
- Read the Android or iOS guides if you end up using those devices