I am due to upgrade my phone in October this year. I have been an iPhone user for close to 10 years, but have been moving further and further away from the Apple ecosystem for a number of years now. I am thinking of trying out Android this time around, but I have some concerns.
Now I know that Apple is all closed source and as such we are have to take their word for it that their policies on privacy are true, I do have genuine concerns about how Google’s business model relies pretty heavily on gathering as much user data as possible to sell things to you.
I have no doubts at all that Apple does collect user data to some degree, but the fact that their business model doesn’t rely on it as much has always offered me some comfort.
I have yet to see any Linux phones that act as reasonable replacements for the Android / iOS duopoly, so as someone who takes user privacy and data collection seriously, how do I move forward here?
So I would pick my phone by the support level offered at XDA
Find a phone that has a lot of Roms and recovery support and buy it off Swappa https://swappa.com/
Root and flash a custom recovery like TWRP then flash the “AOSP” rom of your choice.
Gapps is sometimes optional depending on the Rom. So if you don’t flash Gapps then google won’t be embedded on your Phone with all their evil telemetry.
My phones battery last for 2 days now. it’s crazy how much stuff is running in the backgound on android. And here is a list of App stores for your opensource needs https://alternativeto.net/software/android-market/?license=opensource
I’d recommend getting a Fairphone 4. They come with /e/OS which is a “complete, fully “deGoogled”, mobile ecosystem” and the bootloader is unlocked so you can always switch to something like Lineage. (edit: i’ve never used or looked into /e/OS, see: following comments)
They also have a removable battery. From a privacy perspective a screen turning off is pretty weak confirmation that a device is actually off.
If you’d prefer a mainstream Android phone, i’d recommend getting one pre-flashed with Lineage from the Brax store or another reputable source.
I’ve been flashing phones with LineageOS since it was called CynogenMod and the process has always sucked and each phone model has always been it’s own little unique snowflake to get flashed correctly. It’s time consuming (especially if the phone manu is fighting you) but it’s a very rewarding process and a good skill to have if you’re up for it.
There’s also CalyxOS which offers a lot of privacy options in a totally degoogled version, and a way to run Gapps to still use Google services if you need a weaning phase.
I also like the Lineage option! Just make sure you know what apps you HAVE to have, as there aren’t a lot of FOSS alternatives for some. That said, I’m totally FOSS (degogled, only get apps from F-Droid) and still keep up in the modern world.
I was trying /e/os out the other day. I find the deGoogled label somewhat misleading. As with basically all the ROMs.
I do have a fully deGoogled phone, LineageOS without any Gapps installed but this is problematic. Without setting up/self-hosting my own notification provider many apps don’t properly notify me. So I never get Discord or Slack notifications and some apps refuse to work at all, some apps do work but complain constantly that they won’t work without Google services.
There are two ways around this but neither of them are actually deGoogled.
Install OpenGapps: https://opengapps.org/ which are the actual, proprietary, google services.
or
Install microG: Home · microg/GmsCore Wiki · GitHub which is an open source rewrite of Google services. But these services still phone home to Google when required. They send much less data, less frequently though. This is what /e/os uses.
Either way you are still looping Google in somehow.
Using microG requires signature spoofing so the services can pretend to be authentic Google services when phoning home. This has some potential security side effects. LineageOS and GrapheneOS do not enable this ability so the proprietary OpenGaaps must be used on those ROMs.
Apple’s App Tracking Transparency initiative, which effectively kneecapped some fingerprinting technology heavily used in targeted-ad apps, may have been a wolf in sheep’s clothing after all; it looks like Apple is going to be rolling out their own integrated ads.
It’s too soon to tell how “personal” their ad program will be, but if you are concerned about your digital privacy I think moving away from Apple is a good move. They like to pat themselves on the back for protecting user privacy, but perhaps the emperor has no clothes.
I really think it is best to not own a smartphone and for that matter a mobile phone of any kind at all. But I am just dreaming and thinking out loud but the time will come where this will be my reality, I hope.
The regular Pinephone is my daily drive and i’ve been experimenting with on/off compromises for some time. I’ve found the social/business opportunity costs of having modem/wifi off really adds up over time even if there’s plenty of days it wouldn’t have mattered. Microphone/camera off hasn’t been an issue because i’m now a certified dip switch ninja so at least there’s that.
An obvious mitigation would be using an anonymous phone that does everything over an anonymous VPN (including calls) but it’s not exactly rocket science figuring out who someone is if cell towers see that device go home every night or that device is present at a store whenever someone uses an identifiable card.
The best I can think of is negotiating a relationship with a local alley cat that doesn’t mind carrying a phone around on it’s collar. Calls could be made by setting out tuna and if the ring tone was a cat call it wouldn’t seem out of place while the phone was being tracked down.
Wide open for answer here, that opportunity cost is just a big problem because i’m competing with a World that has few if any qualms about it.
Yeah I don’t know of anyone daily driving it either.
I have the regular 3GB convergence and the Pro with keyboard/battery shells for both.
I do not recommend the Pro. I’d give it maybe 12 to 24 months before i’d recommend it let alone consider daily driving it. It’s just not ready or well adopted and battery consumption is like having a Pinebook Pro laptop with a cellphone sized battery. It’s just going to need time.
The regular Pinephone is now a good experience “for a linux phone” and if you don’t mind learning it’s many personality quirks it can be daily driven if you use the keyboard case for more battery. My phone never sleeps so I can get SMS and calls so if i’d take a huge guess I think I get ~12hrs idle. Camera works and one of the pmOS devs is a camera enthusiast so it’s getting the royal treatment for firmware updates.
It’s a very rewarding experience using the Pinephone, it’s like like having a personal bond with a pet that you’ve had to learn how to take care of.
put the phone in a faraday bag and only take it out when you absolutely need it? That really limits the functionality.
No, maybe the real solution is to fight fire with fire. If companies insist on collecting data, then let’s just poison the data stream. I’m starting to think that this would be the easier solution.
I’m not sure if you are being serious or not, but I do this at home. I have a server that runs a Whoogle instance, but also runs a headless Firefox with the TrackMeNot browser extension set up. It constantly spams all major search engines with completely random queries at all times. Any fingerprint for our IP is bound to be complete nonsense because we have way more random queries than real ones.
The blue client “debian” with some 400-500 queries every ten minutes is the server running TrackMeNot:
Your data always end up somewhere. It’s much easier to turn your digital footprint into a mess of incomprehensible nonsense than to completely hide it.
Standard Pinephone: Decent and under continuous improvement by Martijn Braam of pmOS.
Pinephone Pro: There’s a fork of Megapixels you can compile that’ll allow the Pro camera to work (might also be in Arch repos?) but it needs a lot of work and the last update was ~2 months ago.
TrackMeNot sounds very interesting. I’ll definitely have to look in it.
I’ve used other tactics like random user agent extensions. That confused my bank so that I have to use MFA every time I try to login now (which I am good with). I’ve also played around with CanvasBlocker. I believe the more modern FireFox ports already have this feature (FireDragon, LibreWolf, etc).
Like hiding in plain sight !