Now that DivestOS is dead, what is the most FOSS Android phone option?
- Inicie sesión ou rexístrese para enviar comentarios
I'm guessing it's between GrapheneOS and CalyxOS.
Doesn't look dead to me:
https://infosec.exchange/@divested
This mentions security fixes as late as December 3rd.
GOS means funding Google, giving them money.
No way for me.
I'm considering compiling my own LineageOS ROM without some packages but I'm still a rookie compiling :(
I am a translator!
GOS means funding Google, giving them money.
Are you saying this because GrapheneOS only works on Google devices, or for other reasons?
I'm considering compiling my own LineageOS ROM without some packages
For an Android phone, from a perspectice of software freedom, isn't LineageOS as good as GrapheneOS? Of course, it is good it you can further deblob LineageOS, similarly to what DiversOS was doing.
-> Are you saying this because GrapheneOS only works on Google devices, or for other reasons?
Indeed.
-> For an Android phone, from a perspectice of software freedom, isn't LineageOS as good as GrapheneOS? Of course, it is good it you can further deblob LineageOS, similarly to what DiversOS was doing.
LineageOS is better, as far as freedom is concerned, because it allows root easily, unlike Grapheneos:
https://github.com/chenxiaolong/avbroot/issues/213#issuecomment-1986637884
https://github.com/topjohnwu/Magisk/issues/7593#issuecomment-1839971337
Regarding deblobbling LOS, I'm having a look at this:
https://codeberg.org/divested-mobile/divestos-build/raw/branch/master/Scripts/Common/Deblob.sh
But I need time to understand these packages.
As owner and user of a phone running GOS I have to agree that funding google is painful. Buying the phones second hand helps a bit but avoiding their devices would still be preferable.
However, I generally don't mind paying with money. That feels incomparably cheaper than paying with privacy.
(Yes, I know about replicant and have used it for years).
What bothers me the most is that they used to attack libre software/open source programs/systems that can compete with them.
GOS developers and users has criticized F-Droid, Firefox, Bromite, CalyxOS, LineageOS, Linux kernel and many other projects.
They, and different media "echo chambers" like privacyguides, promote that they are the only solution due to all alternatives are ridiculously insecure. Their motto is, without security there can be no privacy.
For instance, recommending Brave, a closed source browser (like Vanadium):
https://divestos.org/pages/browsers#chromium-based
On the other hand, one of the latest examples about their behaviour:
https://grapheneos.org/articles/attestation-compatibility-guide#apps-banning-grapheneos
Requesting compatibility with them and only with them, in addition to stock, instead of uniting and fighting together:
https://www.europarl.europa.eu/doceo/document/PETI-CM-757267_EN.pdf
What is worse, they try to avoid you root your device, a freedom that belongs to us and finally, and as I said before, you have to fund Google, giving them your money.
To sum up, I prefer LineageOS or even CalyxOS instead of them, but that's only my opinion.
I am a translator!
> They, and different media "echo chambers" like privacyguides, promote that they are the only solution due to all alternatives are ridiculously insecure. Their motto is, without security there can be no privacy.
I saw a post of Daniel Micay advertising that the best security on a mobile phone after GrapheneOS was iOS, which shows that he is absolutely fine with using non-free software and perhaps GrapheneOS could at some point add blobs that are not needed by normal Android with the excuse of "security". Nevertheless, apart from GrapheneOS disabling rooting the device, it still seems as good as LineageOS from a free software perspective, but maybe it won't always be so.
Also, while GrapheneOS advertisement of installing Google Play is highly annoying, if you get in a situation where you are not healthy enough to find solutions to avoid using some non-free app that won't work without Google services, doing it on GrapheneOS is probably the least harmful solution.
> you have to fund Google, giving them your money
I am not a fan of Google (I stopped using all their services a while ago) but are other Andoid phone vendors any better? Google are certainly good at selling their user information for money but they still make a lot of free software. Aren't the other vendors trying to make money the same way but without even making any free software at all?
>>> I saw a post of Daniel Micay advertising that the best security on a mobile phone after GrapheneOS was iOS, which shows that he is absolutely fine with using non-free software and perhaps GrapheneOS could at some point add blobs that are not needed by normal Android with the excuse of "security". <<<
Maybe. Who knows?
>>> Nevertheless, apart from GrapheneOS disabling rooting the device, it still seems as good as LineageOS from a free software perspective, but maybe it won't always be so. <<<
Sure. But precisely rooting is the most important feature, in my opinion, because it allows the device to be yours.
For instance, it is mandatory for me to access and edit hosts file in order to add Steven Black hosts file, antiGAFAM domains and so on. You could also disable, block or delete many system programs like DRM. An example of mine:
# Widevine DRM
vendor/lib64/liboemcrypto.so
vendor/lib64/libtrustedapploader.so
vendor/lib64/libwvhidl.so
among others.
Besides, I also add a user.js to Fennec with my personal changes. Mull was almost fine but I needed more specific stuff, like enabling fission, blocking remaining connections and so on.
>>> Also, while GrapheneOS advertisement of installing Google Play is highly annoying, if you get in a situation where you are not healthy enough to find solutions to avoid using some non-free app that won't work without Google services, doing it on GrapheneOS is probably the least harmful solution. <<<
There are 2 solutions about Google Services implementation; MicroG and sandboxed Play Store.
The first one has many flaws. Apps can use their propietary Google libraries and signature spoofing is a security concern.
Anyway, MicroG is open source unlike sandboxed Play Store, whose binaries are completely closed source.
In my view, MicroG is the lesser of two evils.
>>> I am not a fan of Google (I stopped using all their services a while ago) but are other Andoid phone vendors any better? Google are certainly good at selling their user information for money but they still make a lot of free software. Aren't the other vendors trying to make money the same way but without even making any free software at all? <<<
To be honest, there are likely no better vendors. My last device is a Fairphone because I consider them a bit more ethical than the rest.
However, you're right that none of them are making the amount of free software that Google makes.
The only free software version and replacement for Android is Replicant: https://replicant.us/
DivestOS is the only free software one other than Replicant and its still alive.
As for the others, there are ones that are mostly free software that exist, but beyond that... nah.
Anything however is better than android.
With the exception of iphone or similar
DivestOS is dead: https://divestos.org/pages/news#end
Hmmm... I missed that. Yes I suppose it is dead.
> DivestOS is the only free software one other than Replicant
I'm afraid to inform you about this, but DivestOS's FAQ on their website states that DivestOS does include blobs despite trying to reduce their number, so it isn't as libre as Replicant
Replicant also has blobs though doesn't it?
Albeit, very few. They do try to remove as much as possible.
I could have sworn though they were attempting to remove as many as possible but that they haven't made a fully free one yet.
According to their own website I read that once.
> Replicant also has blobs though doesn't it?
Replicant itself is fully free (libre) software, maybe the blobs you are talking about aren't from Replicant but rather from other components of the phone, as no modern "smart"phone is fully freedom-respecting and therefore one is running proprietary software even if the main operating system (Replicant) is fully free. From https://www.fsf.org/givingguide/v15/ :
> What makes matters worse is that all smartphones currently run a separate, nonfree OS commonly referred to as the "mobile baseband," which is responsible for most of the device's communications.
> According to their own website I read that once.
Replicant's website states that Replicant itself has no proprietary components. ( https://replicant.us/about.php#faq )
I am a translator!
> Replicant itself is fully free (libre) software
That is my understanding as well, based on explanations at https://replicant.us/freedom-privacy-security-issues.php. There is also a non-free bootloader in most supported devices.
I used a replicant device from August 2020 (first, Galaxy S3, then Note 2, much better), until one day, while on travel in an area where it used to work, I had no service at all. I had a spare phone running LineageOS, so I tried with my SIM card and it worked.
I was never sure what happened but I know that 2G/3G are being gradually phased out of mobile networks, I don't know whether they were removed or roaming on them was disabled. Unfortunately, replicant is not supported on any device with a 4G radio.
That makes sense that the hardware has blobs and not replicant. That must have been what I meant.