Having more alternatives is not always better. I’m sure you’d agree some Linux distros are pointless. You could probably say the sheer number of alternatives is a detriment, because it’s daunting for new users to weigh their options (and most of them suck).
More options isn’t better. More competitive options is better.
Edit: it looks like this comment got turned into someone elses thread. To be clear, I haven’t called Calyx a grift, and I don’t like this thread’s title.
I daresay: I’m in the opinion that options are good nonetheless.
In my experience I’ve seen people that no matter what you tell them they will stick to a specific Option or a service has a specific appeal and that’s why I can confidently recommend it.
Granted
In a community like this I understand it and it’s best to recommend options based on an individual’s threat model and It’s nice to get a broader perspective. For example I definitely would not recommend Firefox on Android period but if someone like me has a niche unique case Exhibit A, Libredirect I could probably say “It’s fine just be aware of the drawbacks before doing so”
It’s honestly only annoying if you start shoving it down their throat after they have set their mind onto [As long as it’s not something harmful] or if you’re representing a bigger community making claims without any substantial evidence of such
as for the overwhelming options, Yes I can see your point however you know what’s worse? That alot of people tend to be in the “Things are black and white”
I know someone who actually felt overwhelmed because of this, not mentioning who unless they consent.
Finally, projects come and go, having alternatives is very very important in case it happens.
Having two or three decent options is always better than having only one. This is not comparable to Linux distros, of which there are dozens (hundreds?).
Calyx is not as private and secure as Graphene, but it’s much more private than stock Android. It may not be “competitive” for your use case but it is competitive for the use cases and needs of other people.
As another example, I use Firefox on Android because maximum privacy and security is not my only priority in life. I don’t think it should be recommended on PG, but it’s what makes sense for me.
If we can’t engage with the space between black and white then I don’t think we’ll see eye to eye here.
It was just a counterexample to show more alternatives is not always good. Of course it’s not exactly analogous to CalyxOS vs GrapheneOS.
I also use Firefox on Android to use an extension I count on. I don’t deal in black and white or see tools as either maximum security or awful trash (despite what you’ve repeatedly accused me of).
I’m still waiting for evidence that CalyxOS is competitive for the use cases / needs of some people. If it’s just the 5 non-Pixel phones they support, then I just disagree that’s substantial enough to be happy a non-profit is spending resources on that. Especially since I outlined how that benefit of broad hardware support could be much better achieved by forking GrapheneOS.
I have not repeatedly accused you of anything. I used hyperbole to make a point, as you did with your Linux example.
I provided you with multiple use cases for CalyxOS, as well as explained why (to my understanding) they don’t fork Graphene or work on it. If you don’t feel their work is ‘substantial enough’ then that is totally valid, you are allowed to have your own perspective and priorities. But please understand that your priorities are not everyone’s.
It was a counterexample, not hyperbole. Testing the extreme of a broad claim like “more alternatives are always good” isn’t hyperbole.
No you haven’t. I checked.
It’s not about my priorities, it’s about the Calyx institute’s stated priorities of making phones private. It’s a solved problem. GrapheneOS exists and is very good. It has shortcomings, like limited hardware support. An alternative option that addresses those shortcomings would be a “good” alternative. Calyx doesn’t focus on those shortcomings, and as a result fails in their own stated goal.
Say I had the goal to make phones private. I fork AOSP, work really hard reimplenenting a small fraction of GrapheneOS features, and start collecting donations. You could say I’m succeeding in making phones more private and bringing another option to the table. You could also say it’s a big waste of everyone’s time and money because GrapheneOS already exists and I could have just forked or used that instead. But if I port my work to a couple non-Pixel devices on a whim, suddenly it’s not a waste of anyone’s time and money. That’s roughly how I see this conversation around CalyxOS.
Please see:
Calyx supporting extra devices and preferring the community are two use cases for choosing CalyxOS.
Calyx’s stated goal isn’t “beat GrapheneOS,” it’s essentially ‘be more private than stock Android’. They succeed at that goal.
As far as I know Graphene asked Calyx not to use any of their code. Also, as has been discussed repeatedly, CalyxOS is not the only thing the foundation does.
In any case, I’m glad CalyxOS exists both for the rare cases where it meets someone’s needs better than Graphene and in case Graphene goes sideways or ceases to exist for some reason. I learned the ‘I don’t need alternatives’ lesson with Bromite a few years back.
Say I have the goal of implementing E2EE RCS on top of the signal client, I call it Signal-RCS, I make my first release, Is this considered doing my part to protect user privacy and security or is it considered grifting to you?
[Good] Options matters, especially in a world where the friction is already pretty high for as simple as a messenger app
In the thread
It is getting quite off topic than what the post is actually about so I’ve decided I wanted to make a separate post
This is the staff’s opinions:
The rest of the posts are a mixture of debates between they are doing something and no they’re not, so people which is it?
If it is possible for @staff could you merge these and similar Posts here if possible? I’ll edit the question out once it’s done…
We were debating the extent.
They are doing stuff, but many of us think its not enough or think its futile. Their OS has fallen so much behind Graphene that its absurd. It cant be recommanded in good faith unless someone has a specific motorolla device.
It wont be a grift if you dont mislead users. If you maintain it well and it becomes a viable option then its good sure. I wouldn’t say its bad if you just make an useless project in the end, but the problem is that the OSS market is already oversaturated with disposable projects.
Where privacy matters these days, one thing really matters and that is having choices. This could be GrapheneOS, CalyxOS, or even /e/OS. Not everybody is looking for the same thing. Some need hardened security, while others just want a phone that isn’t spying on them. GrapheneOS is a stronghold for the security hackers, CalyxOS is adequate privacy without it being a chore to use on a daily basis, and /e/OS is for individuals who just wish their tech were ethical and uncomplicated.
Maybe a good use case is starting with Calyx because MicroG is supported and your apps just work off the bat and then you can eventually make your way to Graphene when you’re far down the privacy rabbit hole or even might help them realize CalyxOS is just the right amount of security for their threat model. Privacy always involves trade-offs: convenience, app support, or complete control and it’s important to pick what aligns most with you.
Graphene furthers the security envelope for a robust protection with useability tradeoffs, Calyx maintains the user experience while offering a more hardened version of Android, and if one project ever falters, others will be there to carry the load. In all seriousness, having hundreds climb aboard something that’s good enough such as Calyx or /e/ does a lot more for privacy than a few perfectionists on over-hardened setups. That’s why choice isn’t just nice it is also what keeps the privacy movement alive and keeps it expanding.
Edit: IMO I find value in what CalyxOS is trying to do
GrapheneOS offers better usability and user experience, since it supports sandboxed Play Services and can pass Play Integrity, while half-assed implementations like MicroG
fall short.
More hardened version of Android by being months behind the standard security patches? You are way better with stock or Vanilla AOSP in that case.
Look, when I asked for use cases of CalyxOS I acknowledged the extra devices they support, and said that point didn’t impress me. I also saw your point about the community and didn’t consider it a use case; but I suppose for some it might be. Having a nice community also doesn’t impress me or justify the non-profit, though, if the technical merits of the project don’t measure up.
I didn’t say that was their goal. I said the same goal you did. My point is that it’s not a problem that exists. If a solution to a problem already exists, then it’s not a problem anymore. If that solution has shortcomings, then an alternative solution would be useful. But Calyx isn’t focused on addressing those shortcomings. The use cases that you bring up are incidental and don’t justify the non-profit in my opinion.
I know, and I’m willing to believe they do meaningful work outside CalyxOS. I personally haven’t seen it yet.
That analogy doesn’t track because you’re extending the existing best-in-class solution to have a clear differentiated use case. Even making a standalone RCS app would be useful because there’s a substantial need there. I haven’t accused Calyx of grifting either, by the way, because I’d have to know their intent.
It was to see how you would respond to it
I bet you would have a very different response with bringing back SMS (but I mainly want to bring E2EE RCS or maybe implement SMS but E2EE on top)
As I said earlier, you are allowed to have your own perspective and priorities. Your views on CalyxOS’s usefulness what about what a project must do to “justify” its existence are totally valid.
Please understand that your perspective and priorities are not everyone else’s. I provided you with some reasons one may choose CalyxOS. Those views and priorities are also valid.
If you can’t allow that then I don’t think we’ll be able to have a productive conversation.
The topic of this thread is an article about the work they do, like:
I don’t live in New York City so I’m not familiar with those specific initiatives but on first glance they seem meaningful.
No, no custom ROM can pass Play Integrity at the current moment. GrapheneOS also can’t pass Play Integrity.
And for what it’s worth, microG supports Play Integrity now as well (though it doesn’t really work, but it’s not like other implementations really do either).
Don’t mix between different levels of the Play Integrity API.
I didn’t say it can pass the meets_strong_integrity API.
But banking apps actively whitelist GrapheneOS, see here:
Remind me again how the MicroG garbage does it? Spoofing it came from Play Store?
On GrapheneOS, it really comes from the Play Store.
You made a blanket statement that GrapheneOS can pass Play Integrity, didn’t mention what levels it passes. And while some banks like the one you linked reached out to explicitly support GOS, there seem to be many others that don’t support GOS (or any other custom Android distribution for that matter).
Remind me again how the MicroG garbage does it? Spoofing it came from Play Store?
No? Why should it spoof that for Play Integrity support? microG’s current SafetyNet implementation is also signed by the official server.
And from the release page I linked :
This release ships with an initial implementation of Play Integrity based on our previous work on SafetyNet. You can enable it using the device attestation toggle in SafetyNet settings. Note that, just as SafetyNet, this feature currently requires running proprietary DroidGuard code on your device.
As for the question itself :
As a daily user of CalyxOS, and a person who has engaged with the devs, has made various bug reports and have been a user of the project since at least 2023 - I can’t agree in the slightest that the Calyx Institute is a grift. Their goals are clear - it’s to provide a deGoogled experience.
Is CalyxOS aiming to be an OS that is completely hardened against every threat vector, every class of exploits possible and what not? No, it has never claimed to be that.
Even if you want to believe that the CalyxOS is 100% grifting, you can not deny work they have done on projects like F-Droid. And you definitely don’t really fake things like this.
