Taking beginner experiences into account in the privacy community

“Nothing is good unless you play with it.” -George Clinton

It was very exciting for me to ‘break’ the commercial model and take a step away from Google/Apple on my own. This feeling was and still is a significant motivator in my privacy journey in general. This is why I think it is helpful for mainstream users to tinker with cheap or unused second hand equipment first, because doing this opens all kinds of doors to better practices.

The model that PG proposes would create a mass dependency on third party privacy experts, who know how to set up a phone securely and privately.

I am grateful for projects like /e/OS because it and it’s forum members helped me learn how to tinker with devices that I assumed were locked into commercial systems, where I had a choice of two companies. Linux has done the same for me.

As for browsers, search engines, password managers - all of that is a given and it’s a red herring to throw that into this particular argument, which is about learning that you can do things like flash a ROM or open a laptop on your own, when you never thought you’d be that person. You can see on my blog all the things that has led to for me and the people I live with.

Sorry, what I meant by this is that it’s ok to take baby steps in general in your privacy journey, not that one should take baby steps that would lead to a less secure experience. Someone can take baby steps in trying Brave or making a new Proton account as like a secondary account, but in other areas like installing an OS you really shouldn’t “take a baby step” that would result in a less secure experience unless you have something specific in mind.

I agree, that’s what I meant.

It’s just a weird spot where I agree with Jonah but then I understand and agree with Privacy Dad lol

This sounds a bit like your taking experiences that are specific to your privacy / tinkering journey and trying to repackage it as a more broad template for a beginner.

I’d caution that using experiences that have a chance of teaching bad habits like installing non private ROMs as some quasi beginner step when non is needed, could be far worse then relying on third party experts. Which is objectively a prudent thing to do and a criteria in a lot of recommendations already.

Mainstream users will never do this in the first place. Tinkering and installing alternative operating systems is by definition an enthusiast’s game. Personally I’m not against people first installing a non GOS ROM to a cheap throwaway device if they are that worried about the process (though as others have said, they shouldn’t be since the GOS install process is quite simple and risk free). But the only way something like GrapheneOS has any chance of winding up in the hands of mainstream users is if we start seeing more phones selling with it preinstalled. Hopefully their OEM partnership will make this a reality.

I understand your point and it’s certainly a legitimate view.

However, for example, I’m more grateful for the way PG approaches the project (despite some disagreements, but we always have the possibility to propose and discuss in this forum), for the following reason: you can’t gain privacy, security, autonomy, or awareness without knowledge and without these “experts.” It’s true that it’s unfair because many people aren’t able to understand the reasons or don’t have the time to learn, but unfortunately, the situation is what it is. Oligopolies, surveillance, and constant attacks on our rights as citizens and consumers. This is where philosophy and politics come in: when we’re able, thanks to educational projects like this one, or Techlore’s, or activists of all kinds, to create laws that protect citizens from the start, they won’t need quality information or to protect themselves anymore.

And I say this as someone who was completely ignorant about technology at the beginning of this year. I had to dedicate many hours to learning: Techlore, PG, PrivSec, GrapheneOS, Secureblue, Linux communities, etc. I realized that many times things were recommended that were actually harmful to users. You need to learn to use Linux. Maybe if I only use the browser and LibreOffice I don’t have to dedicate as much time to it, but the thing is that a lot of knowledge is implicit when using certain services: updates, downloading from trusted sources, etc.

I mention this without diminishing the fact that taking small steps is essential: installing Brave or changing the search engine is already an achievement, no doubt.

I should clarify I meant that I meant a dependence on third party experts for the actual installation of GrapheneOS, or indeed buying pre-installed phones. Having experts who share knowledge and information is always a good thing, in my opinion.

Good discussions here – at the end it all comes down to clear communication.

Speaking of which, I think I was a bit unclear earlier. I wasn’t just talking about beginner-friendliness, but overall a more holistic view on choices. You see, I think Fairphone + Iode was the best choice for me, as it wasn’t only about me and my security. It was about:

• European OEM
• Repairability and upgradability
• More ethically sourced minerals
• Degoogled ROM

Sure you could say that buying a used Pixel would be more ethical than a new Fairphone, but that also leaves out the opportunity to “vote with your dollar” and to normalize lesser known brands. Sure I wish that it was possible to have it all, but since it’s not, this made the most sense to me. Who knows, perhaps the upcoming GOS OEM collab could change things.

This will change a lot of things. Next year should give us more options from all kinds of tools and software to tackle the barrage of infringes on our rights.

Fair enough. You’re trying to make good moral choices based on your views, while also trying to optimize for privacy and security.

Iode is not really degoogled though although then we can talk about “shades of degoogleness”. You’re still using Google with extra steps via Aurora (technically illegal) and microG. There’s an ongoing thread here about Iode and it doesn’t sound that great to me (ex. older Android version that doesn’t get the full security updates).

I think it’s outside of the scope of PG to give recommendations based on morality + security + privacy. That would be incredibly hard and subjective imo. Would make for some fun forum debates though.

Yeah or course I’d like to fully detach from google, but have had to settle with good enough. “Shades of degoogleness” is a good way to put it. In my books google is breaking my personal terms so I don’t mind breaking theirs. What I’m worried about is that google is surely working on shutting Aurora down in some way.

When it comes to Iode versions, the article I was referring to earlier had some false info. But I’ll try to find that thread and see what’s been said.

The current Iode OS 7.0 version is based on LineageOS 23, Android 16 QPR1 and comes with the November 2025 security patch. Sure it doesn’t compete with GOS, but again, I think it’s good enough.

And yeah I totally understand that PG recommendations are purely based on privacy and security. And it should remain that way, but I hope that there’s room to discuss these things here. Would certainly make for fun debates

Just throwing my two cents into the discussion.

PG wants to be a trusted source on privacy and security, and knowingly recommending inferior solutions, either directly or indirectly, hurts their bottom line. PG has the mentality of only recommending actual steps forward and try to steer people away from inferior (or unknowingly harmful) options. Which makes total sense.

But for some beginners, hearing the optimal solution, like using GrapheneOS on an expensive Pixel phone, feels enormous financially, technically, and psychologically. Telling them “just do it, nothing can go wrong” does not address their actual fear and lack of confidence.

PG believes that recommending sub-optimal solutions does more harm than good.

Other camp believes that meeting people where they are, even if imperfect, gets more people moving in the right direction.

Both sides are valid, but are very difficult to coexist. Which is why I really appreciated having separate forums where users can choose which they prefer: knowing what the best options are, or gaining confidence in actually continuing their privacy/security journey if that first option was too daunting.

Users being able to label themselves as beginners and being responded to appropriately is a great first step. As for how to respond appropriately, my take:

• We should be encouraging throughout
• Don’t shame their decisions (usually doesn’t happen intentionally)
• Maintain strict recommendations while being empathetic about why people can’t always follow them
• Acknowledge legitimate barriers (cost, skill, risk tolerance) without treating them as excuses

As a teacher, I’ve learned that even if I want to teach the “right thing” to everyone, for some students, they just need to be encouraged to keep taking steps, even if those steps are not the most optimal. Otherwise, I’ll just be hammering the “right thing” to them and then they shut down, which is arguably worse.

Well that might be a valid choice for your priorities that in no way is a good privacy recommendation and that is what we focus on here. This is the thing people don’t seem to get about the recommendations we give. It is not a must do all list but a list of the best options to the highest standards for privacy. We do not expect everyone to use what we recommend, but we won’t settle for bad recommendations because of other incentives people might have.

What are you talking about here exactly?

It doesn’t always but it can. That’s the point and that’s why. For example, if one’s threat model is high enough, using an inferior VPN can actually be harmful to their safety given the work they may be doing.

Yes, this is good advice. One should always be more mindful.

–

Welcome to PG from Techlore btw!

This seems like the initial decline of PG. It went from friendly to arrogant real quick. The know-it-alls have arrived and everyone is losing sleep because someone on the internet is wrong.

Do you want to elaborate on your comment and statements? I’m not sure I follow as you mean it.

3+ year old account, all activity in the last couple of hours…sus.

Thank you! It is nice seeing familiar usernames.

I know in this thread the idea of e/OS vs GrapheneOS came up often. I’m thinking of this other situation specifically in the Techlore forum where someone was venting his frustrations of switching to Linux and was considering switching back to Windows because of all the issues Linux was giving him the past 7 months. Majority of the comments were saying “I don’t have those kinds of issues with Linux… you’re doing something wrong… try starting fresh… try this other distro” etc. While well-meaning, I felt like they weren’t addressing his main concern.

I essentially encouraged him to go back to hardened Windows and give Linux another shot later down the line. While definitely the inferior solution, based on what the user shared, I felt that now was not the time to be pushing Linux onto him and it was important to mention that hardened Windows is a valid place to be for the time being.

I haven’t been on PG much, but the handful of posts I’ve seen on here in the past has given me the impression that that kind of recommendation would not fly as well as it has on Techlore. But maybe I’m mistaken and/or maybe things has changed. Looking forward to seeing how things progress here.

Just to supply another anecdotal perspective from a beginner (albeit one that’s never visited Techlore), I personally found that this approach resonated with me when I was starting out:

I haven’t been as fast in my switch towards more privacy preserving services and products as I otherwise might, but I’ve appreciated having clear ‘north stars’ to look into, which also made comparisons with other services easier down the line.

I also want to commend the current resources available. Between the recommendations, the knowledge base, the articles/videos, the wiki, as well as this forum, there’s a wealth of knowledge for someone starting out, and I’m enormously grateful. (In fact, I’d recommend for any beginner to read this very accessible ‘getting started’ entry in the Wiki):

That said, I still support the possibility of more guidance in the recommendations, such as the idea mentioned here:

From having lurked here the past two years, there’s been some wonderful insights into why one might (or definitely shouldn’t) go one way or the other that can only be found in forums, some of them requiring you to dig deep. While I agree the forums are for more nuance and discussion, having the recommendations fleshed out a bit more could be helpful for the ones daunted by either the size of the threads or the prospect of joining a community.

(And just to make this long post longer, I want to add a genuine thank you to everyone contributing here. The generosity found within this forum is immense.)

I wanted to follow up on this. PG is top notch with their Android recommendations here. Fairphone, and /e/ that its partnered with, sound terrible if you trust GOS: Hiroh phone? - GrapheneOS Discussion Forum

GOS is extremely critical of Fairphones in particular and it sounds like that company is just built on misleading marketing and lies:

”/e/OS changes the UI displaying the patch level to one which masks what’s actually being provided” is some of the craziest things I’ve read in a while if true.