this post was submitted on 25 Nov 2024
72 points (97.4% liked)
Open Source
31679 readers
751 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
- !libre_culture@lemmy.ml
- !libre_software@lemmy.ml
- !libre_hardware@lemmy.ml
- !linux@lemmy.ml
- !technology@lemmy.ml
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
If it isn't divestos or grapheneos the privacy gains over stock are going to be minimal compared to the comparability issues you will face.
Simply not having google play services installed is a massive privacy win. Any custom rom (without google) will offer that. Divest and Graphene offer some extra security features.
The compatibility can be usable if you don't rely much on closed source apps or their notifications. If you do, you'll need either microg or full google play services.
This is just not true for a multitude of reasons.
The obvious being that most other custom ROMs are not actually degoogled (ie proprietary blobs, still communicating with google) and/or they try to do it in ways that provide no privacy benefit such as replacing google with MicroG which has the exact same issues (ie privelged access to your phone).
The majority of these custom ROMs break any semblence of their security model (rooting, not locking the bootloader etc) to bring these privacy measures, which makes them almost moot in and of itself.
Also purely focusing on removing yourself from Google (especially while ignoring all of AOSP, and to an extent Android in general, is Google centric) when there are tons of other large data gatherers (many of them with far less recognizable brands) that your probably ignoring is useless.
Aside from vendor firmware, LineageOS is mostly deblobbed by default afaik. The remaining bits that connect to google (by default) like AGPS or captive portal are significantly less information than full google play services.
Replacing google play services with microg might have the same security downsides as regular google play services (privileged access), however, MicroG is open source. It still connects to Google, but sends significantly less data, and you can see exactly what it sends.
Rooting is one example, but access to it is often left up to the user. Keeping the bootloader unlocked has some major security downsides, but they're entirely for when an attacker has physical access. The privacy downsides of an unlocked bootloader do exist, but they're hard to exploit even with physical access.
Yes, this is something you are forced to ignore with any custom Android ROM. Graphene, Divest, Calyx, etc all suffer from the same issue. Sending data to Google and privacy is not the same as being independant from Google developed software.
On an AOSP or LineageOS based rom without preinstalled bloat, this is almost entirely up to user choice. You can choose to only install FOSS apps without trackers, or use Aurora store and install proprietary apps. You can choose to block network access for apps with trackers, or isolate them to a work profile and kill them in the background. It isn't good to focus only on Google, but it's a good starting point to use a rom without standard google play services.
While I agree that a hardened and privacy focused rom is better for privacy than regular LineageOS, privacy is not black and white. MicroG sending significantly less data is better than full access google play services sending all data. Not sending data is better than MicroG. That doesn't mean every user is able to use an entirely degoogled rom. Each person should decide for themselves what they're okay with and what they absolutely require on their own device. When someone is trying to get some privacy back, MicroG is a great option "in the middle" where as little functionality as possible is lost while sending as little data as possible. Discouraging that someone takes steps to improve their privacy just because it isn't perfect is not good, as that often results in someone not taking any steps towards privacy.
On the compatibility, while MicroG has some issues with specific apps, it does generally work (from what I hear from others). Not having google play services (or MicroG) can work, but it requires missing out on some google services like notifications for proprietary apps. For me personally, that's not a big issue, as I only use FOSS apps.
Tldr after realizing your a lineage os stan
its always lineageos users that can't handle the fact their OS isnt very private.
Here is some fun reading for you
"LineageOS stan"?? The same arguments go for any custom Android rom that doesn't ship with Google Play Services or MicroG.
FYI, Since I personally prefer absolutely zero connections I didn't approve of, I'm using a privacy-focused rom. I'm not even on LineageOS.
I love the complaining about privacy, after which you immediately share a google translate link. Was it that hard to find an English source stating LineageOS connects to Google?
Anyway, this doesn't dispute any of my arguments. LineageOS connecting to Google by default does not mean it sends the same amount of data as a stock rom with Google Play Services. A user shouldn't be discouraged in taking steps to further their privacy because it's "not good enough".
I think you're confusing privacy and security. Some of us aren't really worried about the NSA hacking our phones. We would just like for it to not constantly be selling out every minute detail of our personal information to a mega-corporation. Sure, you still have to pay attention to what apps you install and all of that, but a de-googled android phone is still a massive upgrade in terms of privacy even if it isn't super secure, as long as you aren't being individually targeted for some reason.
Greatest case for Graphene. Yes I find the need for a Pixel hilarious but it works soooo