Taking beginner experiences into account in the privacy community

Continuing the discussion from Techlore shut down its forum:

Hi all,

Joined the forum just to chime in on this discussion

I do understand the PG perspective on being strict about recommendations and honestly that brings a lot of great value, but that does also influence the culture here in the discussions. I haven’t been very active on the Techlore side either, but I preferred it because Henry & co put a lot of effort into creating a culture that is welcoming and understanding of people’s different starting points.

When it comes to privacy and security it’s possible to pick options that are objectively better than the rest, but even those two can weigh differently for different people, not to mention all the other values that people hold. One could say that MacOS is more secure than basic Linux distros, but comes at the cost of privacy.

I’m using Iode right now simply because I wanted to get a Fairphone and GOS doesn’t support it. Iode is good enough for me and I understand that it’s not the most secure option out there. I find the seeming hostility toward projects like it a bit off-putting, even if there are some valid points from the security point of view, and especially when it also comes with disingenuity. E.g. this recent PG post about Iode includes some misinformation, although it could be just an honest mistake or even AI hallucinations. (“iodéOS is also limited by their usage of LineageOS 22 to Android 15 QPR1 and security updates up to November 2024”).

What I want to say here is that I appreciate PG community’s laser focus on privacy and security, but I agree with @ThePrivacyDad on that there are other realities that would be good to take into account here in these discussions as well. This is why I liked the vibe in the Techlore forum.

I understand other YouTubers and creators you’re familiar with have embraced AI like the plague, but that is a bold accusation to make around these parts.

Thank you for your feedback.

Sorry I didn’t mean that to come off as an accusation, more of an alternative explanation for the misinfo. When that post came out Iode had the security update from October 2025, and has since been bumped to November 2025 with Android 16 QPR1.

I don’t really understand this point. I don’t think anyone here would object to users flashing non-GrapheneOS ROMs on a cheap device just to get a better sense for what it’s like to flash a ROM. They would just tell you that you’re not going to get a private and secure device out of it.

From the responses above and just in general, I get the feeling the PG crowd would discourage this:

My point is exactly what you suggest: recommending a ‘trial’ path towards installing GrapheneOS, because for people with average income, flashing a Pixel feels like too high a risk.

They would definitely discourage using it as a daily driver, but I don’t think experimenting with ROMs on its own is something that would be generally discouraged

That is not what i suggest at all. The point is to not trial. Either use stock or use GrapheneOS. Flashing a pixel has 0 risk involved and really cant go wrong with the GrapheneOS web installer. Exactly posts like these make people fear for it while in reality there is really nothing that can go wrong.

Side Of Burritos tried (and failed) to brick his Pixel when installing GrapheneOS:

I’ll say this one more time and then I’ll have to leave it, because responders here are not seeing my point. It doesn’t matter how reassuring or not the gurus, the forums the people that have been there, done that are. Someone non-technical who is at the stage where they have never flashed a phone has no faith in their own ability not to screw things up, despite all fail proof reassurances. I know this, because I was in that position.

The comments here are disheartening to me in that they show just how big the gap is between people in the privacy scene and non-technical people truly new to it.

You have to understand that none of the assurances matter to someone who has never done something they are technically not supposed to. They feel very unsure about themselves, and this is where the price of the Pixel comes into play.

I hear what you’re saying. It’s just that your argument is flawed.

I’ve also been there. I’ve probably bricked 2-3 phones throughout the years. And when it comes to things like self-hosting I very much still am. Barely know what I’m doing. So I’m guaranteed to mess things up.

Which is why I only do it with old devices I’m no longer using. If I break something it doesn’t matter because I don’t rely on it. So what the device cost is irrelevant. But there’s absolutely no way I’m doing anything I don’t feel confident doing with a device I need. Doesn’t matter what it costs, whether it’s 50 or 5000. Having a working device is just more important than improving my privacy.

If someone just wants to mess around with flashing different OSs and ROMs, and they don’t have an old device lying around? Absolutely, get a cheap device and have at it. But if they actually want a device to use that improves their privacy and security? The safest option simply is Grapheneos on a Pixel. Both from a privacy and security point of view, as well as from a messing things up perspective.

I mean, is there any OS—for any device, phone or computer—that is as automated and foolproof as Graphene’s web installer? The only real issue with the guide is that it’s to simply formatted and has a lot of information, so that it looks overwhelming. But the actual steps the user need to do are dead simple. Compare that to the Lineageos installation for the Pixel 9 which has several active steps, and the user even has to use commands in a terminal. Speaking from my own experiences, that is not beginner friendly.

The actual issue I think you’re critiquing, is that we’re not communicating the facts the right way for a beginner, not the recommendations themselves. But that’s what the test with theBeginnertitle and please-eli5 tag is for.

Or I’m, as you say, not seeing your point and we’re still talking past each other. In which case, oh well. Either way, we all have the same goal—which is to make sweet love help improve everyones privacy.

(Apologies if I at any point came across as grumpy. It is all kindly meant, but I am alas quite hungry right now.)

Right. This is the disconnect I have with @ThePrivacyDad as well. There is no need for beginners to be “reassured” about installing custom ROMs because they should just not be installing a custom ROM in the first place if they have “no faith in their own ability not to screw things up.”

This is the gap I see between most privacy influencers and the non-technical people new to privacy, because most privacy advocates seem to think that the correct solution is to convince beginners that they need to test the waters and immediately install GrapheneOS, or worse, install some random custom ROM on a cheaper device.

The effort being spent by beginners installing something they don’t need like /e/OS could be instead spent on non-OS-related privacy improvements (while remaining on your stock ROM) which actually have higher impact and are more accessible to beginners in the first place, like cleaning up their data online, signing up for a new email provider, figuring out how to get their news from RSS feeds instead of social media timelines, etc.

When you put it like that, especially toward the end, I think the example of GrapheneOS did hamper the discussion. The broader point is about how gradual steps to improve your privacy, even when taking into account ones experience level, are still good and welcome. There is no shame in baby steps. Installing an OS feels like a big and scary thing to do to some one new, but that’s not to say that all steps to improve privacy are that scary, and in fact you can sometimes pocket the W by staying on your stock ROM. The other examples you gave I think are closer to what I think we all want to see, which is empathy for someone who is either just learning or knows that they do not plan on taking a more advanced step based on their threat model or knowledge.

I would disagree with most of the OP suggestion here. To me it reads like: Techlore was great because it justified my poor choices. There’s definitely a group of people here that like to claim that “security/privacy is a spectrum” (which is true) to justify sub-optimal choices, but the PG staff need to draw the line for what is “good enough” for its main site recommendations (which they have). I guess the concern in this thread is that, that current line is too high when compared to Techlore’s standards.

To me, the real problem with the main PG site is its presentation in that it lumps everything together and doesn’t separate well enough between the low hanging fruit that are likely to work well for most users/beginners and the more intense topics that are going to be off-putting. There should be a better visual separation between the two sides in the UI. As an example, it’s crazy to list Mullvad at the top of recommended desktop browsers as the vast majority of users/beginners will hate using it.

Nothing necessarily wrong with your comment but to add, I also see it as knowing how to use the right tool well.

For example: I can be a beginner and just be learning to cook but a chef’s knife in my hand will still be poorly and inappropriately/incorrectly used.

I think this is starting to change with the new content they’re putting out.

Well, the PG recommendations are listing the best tool for the purpose. That’s it. They are not promising that it is good for beginners and experts alike. This is another issue people on this thread and the other thread have in common is that a lot of people have their own expectations and views for what PG should be or do or recommend and how. I think that’s seeing it.. wrong almost.

Whether you are a beginner or an advanced tech savvy technical user, the recommendations and suggestions at least officially are simply meant to be the best for the category of the product for what said tool is supposed to be and do. That’s it.

Issues with it beyond this point is well… a personal qualm. I think we ought to evaluate it more holistically and not only accounting for why one feels a certain way but also understanding the larger what and why.

I don’t know if what I just said makes sense but that’s how I look at it.

Some of us see installing a ROM like LineageOS, etc., as steps backward, not as “baby steps” forward. As mentioned above, what do you gain in privacy? It’s better to continue with the manufacturer’s OS, which at least tends to be much more up-to-date. The only thing you gain is “losing the fear of installing a ROM,” and you lose quite a bit in my opinion.
On the other hand, iPhones are quite recommended on PG because they really are a good option in terms of usability and ease of use. That’s what I recommend to my loved ones.

I think probably both can be true, there’s only so much we can realistically do if we are unwilling to recommend clearly inferior products solely because they’re more beginner friendly, which we are; but we can also probably continue to improve the order things are presented in and maybe provide more of a basic “roadmap.” There are many ways to go about this though and it’s unclear which approach will make the most sense to the most people.

This is surely why this forum has become much more popular than privacyguides.org itself recently anyways. I hate this term “nuance” which has become very over-used recently, but there is just so much extra context people can give and receive in discussions like this forum than a static site like PG will ever provide

Nobody said you should start with grapheneOS. I do think it is the best step you could take to gain control but simple steps like moving to proton, ente, using ublock orgin are great simple steps to make.

I feel like this topic is similar to the lack of threat model issue. Its easy to jump from 0 to 100 and say that you will go from android/ios to grapheneOS or you’ll jump from gmail to proton overnight, but realistically it probably helps to take baby steps and move over slowly and do it right vs burning yourself out by diving head first into the 9ft deep end of the pool.

Rather you should assess your threat model and figure out whats important to you and focus on moving piecemeal as you prioritize what is important. I really like the forum for that type of discussion and reading through everyone’s experiences, but i also get you may want a step by step guide ( somewhat impossible) for you.

To be clear, I do not think the main site’s recommendations are bad in that way but people get stuck on tooling quite often over the goal of privacy.

I think the main PG site should identify the audience that it caters to and customize the UI/UX for that audience. Who is this “most people”? Beginners? How likely is a beginner to figure out how purchase and use Monero or use a browser with letterboxing that logs them out of everything on restart? I think these are hard questions for the PG staff to address as they’re not beginners and don’t see the world through that lens. Honestly these are tough questions for designers and I don’t know what the best presentation style is. Reading some other threads on here it seems like new users tend to suffer from analysis paralysis when an encyclopedia of knowledge is dropped on them like the current Recommended page.

I think in the end, because there is no clear boundary between what’s for beginners and not, there is no authority on how best to explain and teach something to someone (no matter their skill level), it would indeed be hard to make a directory of privacy tech related info that would cater to your boomer parent who wants better tech for themselves, a 16 year old who is becoming tech savvy by the day as they learn & grow, and everyone in between.

One site can’t do it all is what I am coming to realize as much as I would like quality info by trustworthy people to exist in a more centralized place online. That said, this can still be a reality - if an entity like PG can grow a lot more, dedicate more resources in different areas for different people (appropriate resource allocation). Scaling is the next logistical issue here once the limited resources no longer is; and not skill or anything else.