- cross-posted to:
- chat
If you're concerned about privacy first and foremost, I'd say look in to LineageOS, you might already have a supported phone and you can throw it on your existing phone. It doesn't support Google apps out of the box but you can install the Google services to get the Play Store and other stuff you might be used to on an Android phone. If you want to take it to the next level from there, you can try microG out, which is an open reimplementation of many of the Google services on Android. There's even a community build that adds those bits into LineageOS.
For apps, @Pirate did a phenomenal job compiling a bunch of software that respects your privacy and is open source, give it a read! I have used a lot of the apps here for years, but I even learned of some cool new apps from this post.
If you need a new phone, I would say look into the Pixel 4a, it's a newer device and is well supported by LineageOS so with community support you can likely see that 5+ year lifespan without it really slowing down. If you're in Europe, you can look into the Fairphone. They're not the fastest devices, but they are designed to be completely repairable and have at least a 5 year lifespan, most recently with their efforts to bring Android 9 to their five year old Fairphone 2. They're also well supported by LineageOS so there's likely to be support for even longer.
This won’t save you, baseband and tower meta analysis hook into palantir’s tracking modules. This is the answer someone who like ricing their machines gives you, all it does is provide an illusion of control and a feeling of being smart.
It's possible you could get away from this if you trust your hardware enough, no? Like with Pinephone and switching all the hard switches off. I just mean for certain time periods where you may need a device but don't want it pinging off anything.
No, meta analysis is done off connections to upstream towers and connections to the cell network. The problem isn’t your device, but the fact the network itself is fully tapped. 4g also uses a symmetric cypher and doesn’t contain e2e communication so once you touch the tower all data is unencrypted within the carrier network. You have problems tracking off Bluetooth, WiFi and the carrier connections and with the carrier connections you have a blob of source code which isn’t controlled by the operating system and is communicated through via an abstraction layer to another device on the carrier side that logs all low layer communication and all high layer communication. Deviations from standard use that the majority of the population performs are also checked as unusual as we learned from the Snowden leaks about people who turn their phones off, so if you and your friend both turn your phones off at the same time for a secret communication it’s listed as an event and can be back correlated if/when you become a person of interest.
Our saving grace is the people using these advanced systems are idiots.
I'm still misunderstanding something. If I effectively make my phone a brick, remove the battery and everything, how is it still touching towers?
The absence of touching a tower is in itself an action and when compared to population averages stands out like a huge red flag that this person is performing suspicious activity.
The OP is looking for an introduction to free software, so I provided recommendations for what I would give someone looking for that. I wouldn't deride that as being an "illusion of control" or a feeling of "being smart" because of things the user cannot control. The same reason I wouldn't deride a user looking to use Ubuntu or Mint as their first Linux distro. You have to start somewhere, might as well learn in a friendly environment.
To answer your statement though on baseband monitoring, you're right, there's no way to avoid monitoring from the carrier or a third party with a stingray, short of using a phone without a modem in it to connect to a cell tower. No phone on the market has an open source modem either so you can only guess what it's doing since it's all proprietary code. Neither of these reasons would be a reason I would tell OP or any new person to privacy or security to prevent them from learning how to customize their phone or take their privacy back.
OP is looking for a phone focuses on privacy without specifying the target of who they are hiding from. If it’s just commercial entities, an iPhone is the correct choice, if it’s government then things become complicated, if they just want to learn how a phone works then lineage is fine and if they want to figure out how the cell network works they should be using osmoconbb. Their goal is nebulous, they never specified they wanted free software and the answer provided only provides an illusion of privacy and control.
Not specifying the target or not providing a threat model is something a beginner does. I'm trying to help build a bridge, to help the OP bring her power back as she mentioned in the post, and not deriding flawed but good enough options to get them them as "ricing" or acting like this answer is the end of the world because I didn't consider every single potential act of spying and privacy intrusions into my answer for a beginner.
If someone gets a Pixel I'd recommend that they use CalyxOS or GrapheneOS instead of Lineage, these two are better security wise.
Agreed. I think for intro to this stuff like the OP was looking for Lineage is a lot better UX wise since it's slightly friendlier, but down the line these are also great to look in to as well!
To add to all these great comments, get a Pixel and just flash CalyxOS on it. It's very easy to do and this way you'll have a completely degoogled phone (ironic)
CalyxOS is more user friendly than GrapheneOS.
Then you can rely on F-Droid with its libre apps and use Aurora Store to get the proprietary apps you can't ditch. Aurora Store is a libre app available on F-Droid and it lets you access Google Play without an account.
You should then look into using Linux if you haven't yet. Join the gang in !libre and let us know about any questions or concerns you might have :)
You could check out the /e/ foundation. They make an android distro that's completely degoogled and use f-droid for apps. It also has a small cloud ecosystem around it based on nextcloud. If you really need an app that's on the app store it has a version of the aurora store that lets you install apps from the play store without using the play store.
If you want something super secure I'd reccomend a pixel phone with graphine OS or if you really want to get serious and don't mind very early technology you could get a librem 5 or a pinephone which have hardware switches and a fully independent operating system from google's android and apple's iOS.
i agree with your grapheneos recommendation, however given their history i don't trust the /e/ foundation.
Like last time, using the Apps store results in traffic to/from “cleanapk.org.” We still don’t know who operates this domain.
There is now a website at info.cleanapk.org. It states: “Cleanapk.org’s aim is to provide a clean, generic and up to date repository of free Android applications (open source and not open source) that are official packages from publishers. We do our best effort to provide pristine, unmodified Android applications packages (APKs).”
That's sketchy...
All American privacy advocates should get a Chinese phone, even if they personally don't support China or think that the Chinese government won't spy on them.
The reason is simple: if the Chinese government goes into your phone's backdoor and accesses your data, what do you think they're going to do with it? The American government could do a whole lot of bullshit to you if they wanted to, but the Chinese government probably isn't going to do jack unless you have access to some kind of military or industrial secrets.
In any event, the real killer is the services your phone is connected to. Apple has a history of respecting people's encrypted phones, and it's easy enough to encrypt an Android if you have one of those, but literally nobody is going to say no to a police request for your cloud data.
Agreed on encrypting the phone and limiting what data you store in the cloud. Try to self host stuff where you can as well,, if the cops have to serve you a warrant that's better than them serving it to a third party on your behalf!
For the other comment, while you're not technically wrong, the problem is if there's a backdoor a government has in a phone, it won't stay secret forever, and that goes double for a well funded adversary like the US Government. It's best to advocate people get devices with up to date security patches and ideally running an open source OS and hopefully some day on an open hardware device. Open source isn't a cure all, but more people can look at and audit it, to look for bugs and backdoors, same with hardware.
I can't imagine the battery is happy about that, but fair enough.
I’m going to give you an answer and your not going to like it. Buy an iPhone if your concerned about commercial privacy requirements. If you are concerned about government privacy requirements nothing is going to fill your needs since you are going to get stuck with side channels being linked back to things like Palantir’s tracking system which is commonly rolled out to your local cops at this point.
https://www.documentcloud.org/documents/7219689-Intermediate-Guide-Ashx.html
https://www.documentcloud.org/documents/7219690-Advance-Guide-Ashx.html