Volatile161

  • Joined Jun 21, 2023
  • I'm debating getting a Pixel Tablet to install GOS on, as it would fit perfectly into my workflow and fill a role I currently don't have an alternative for. However, the Pixel Tablet has been released quite some time ago and a potential V2 would likely have MTE support, improving security by a lot. I'm not rich, and I'd like to avoid buying the Tablet shortly before the new model drops, just to (probably) loose lots of value and have a device that's less secure with way shorter support duration.

    Maybe some of you can help me, or may even find yourself in a similar situation. Does waiting for Pixel Tablet 2 make sense? Do you think there will be a V2, and when?

    • de0u I believe this is known not to work in GrapheneOS at present

      Oh ok, that‘s that then. Thank you!:)

      TrustExecutor It rrquires acces to some kind of back-end system that compromises privacy.
      Maybe there are some kind of self-hosted option for this?

      There‘s no need for that, it‘s not that important^^ Just wanted to know which of the two options is better.

    • In the settings, there‘s an option to automatically turn off Wifi once you‘re not connected for a certain amount of time. In theory, I‘d like to enable this, as to my understanding your device scanning for Wifi is something that can be used to track or identify you. In practice, when I enable this, I forget to reenable Wifi when getting home.

      There‘s also an option to automatically enable Wifi if you‘re at a specific location. Location services need to be turned on for this to work. If I turn both options on, I‘d automatically have Wifi turned off when not home, but turned on when home.

      My current configuration is to have an empty owner profile with pretty much no permissions (including location disabled) and maximized security. Everything I do, I do in specialized User Profiles. Inside of those I also have location services turned off, unless I actually need them to navigate somewhere.

      While I can generally tell whether something (like Wifi scanning) is good or bad for security/privacy and why, it‘s often hard for me to judge exactly how bad something is. This makes it hard for me to judge what‘s preferable between two non-perfect options, like this. My question is, whether enabling automatically turning Wifi on and off, in addition to allowing location services in my owner profile, would net increase or decrease my privacy and security. If you have other ideas, feel free to tell me as well:)

      • I recently made a post asking how to best help & support the GrapheneOS project as someone without money or coding skills. The best suggestion seemed to be to simply advocate for it and hopefully get other people to support it monetarily or by contributing. This also has the positive effect of helping more people increase their security and privacy. I'm already trying to achieve this by making contributions to different forums, helping new users, or recommending GrapheneOS when appropriate.

        However, I'd like to hear your input on what you think the "average person" can do that would be most impactful in spreading awareness, helping GrapheneOS and advancing its goals. Thank you:)

        • Thank you for all the comments!:)

          Windows

          final Here are some Windows comments:

          Thank you so much, this was a great read! I'll probably still not use Windows, but knowing this is still extremely useful. There are plenty of people who will have to keep using Windows, and being able to help them improve their security is great.

          ChromeOS Flex

          ujjayi Two layman cents in here since you mention two distros I've tried recently, and you also mention Chrome OS Flex. Some differences in potential security aspects with the latter are listed here: https://support.google.com/chromeosflex/answer/11542901?hl=en

          Great, that page is going straight into my bookmarks! No surprises, though. Even if I was willing to accept the problems that come with ChromeOS because of its security, that tradeoff would fall apart with Flex.

          NixOS

          N1b [Nix] has a really interesting USP that your entire setup is summarized in a single config file which makes changing or cloning devices a very easy experience, maybe that's interesting for you.

          For some reason, I never really considered NixOS even though I knew about it. It's still not as good as immutable openSUSE or Fedora for me, but for others it might be better, so good to have that in mind.

          openSUSE vs Fedora

          ujjayi Some things felt buggy and slow with Kalpa

          Yeah, that's my experience as well. As I said, I used Fedora Workstation for a few months and switched to Kalpa yesterday. I'd like to go back to Fedora (Silverblue or Kinoite), but I'm determined to use the most secure option in the range of what's possible for me. Mainly because I want to be able to recommend people in a similar situation an OS, and feel only comfortable doing so if I have experience using it.

          I'll have to look into how big the difference in security between them is from openSUSE being rolling release. If it doesn't make that much of a difference, maybe I'll return to Fedora.

          Whether GNOME vs. KDE makes a difference in security is also something I haven't seen conclusively answered, although I think they are close enough where it doesn't matter much. So much research to do… but it is what it is. I think I'm close to finished when it comes to desktop. And that choice of words is deliberate.

          GOS Pixel Tablet

          N1b ever since I started using GOS on my phones it gets harder and harder to get satisfied with anything else.

          Yeah, same. It's hard to accept that the combination of usability, freedom of choice and security that GrapheneOS offers knows no equal. Choosing a desktop OS feels like desperately looking for the least bad option. In comparison, using GOS almost doesn't seem to have downsides.

          As someone who knew very little about Privacy, Security, Linux etc. until quite recently, I really wonder how the desktop got to the state it is in now. Why is there no GOS-like desktop OS? Is it impossible for some reason?

          Anyway. I'll probably just give up on desktop once I can get a Pixel Tablet. Or only use Tails sticks or something.

          [deleted] at the moment use Fedora when, say, editing images.

          Yeah, if I could get a Pixel Tablet something like this might be the only thing I'd use desktop for – if that. I don't know what's possible on there, but GIMP and Inkscape might actually be some of the most problematic uses to replace.

          Tails vs. Qubes OS vs. GrapheneOS

          Having put a little thought into it now, a Pixel Tablet might be all I need in addition to my phone. This would be a dream in its simplicity. There is only one thing I'm not so sure of, as I haven't seen anyone going into the comparison in too much detail: How does the privacy and especially security of using GrapheneOS compare to either using Qubes OS or using (potentially multiple) Tails Sticks with persistent storage?

          Compartmentalization

          In terms of security through compartmentalization, I expect Tails to be hard to beat in theory. In practice, I expect Qubes OS to be safer because realistically, you'd compartmentalize your workflow better. Please, just picture some paranoid, sweating dude running 20 Tails on 20 laptops simultaneously in a crammed room.

          While Qubes has, well, Qubes, Graphene has user profiles, which might be used somewhat similarly. They can easily be deleted, and creating them is quick as well. You can even install the apps you need during creation if you have them on the owner profile. That means you can, among other things, turn off the ability to install apps for the whole profile. I've never thought about embracing this feature to this extent, but I don't really see why it shouldn't be possible.

          You might even have a separate user profile only for specific password managers, heavily isolating them from the profiles you use the passwords in. I don't expect copy & paste to work through switching user profiles, but when using randomized multi-word-passphrases, simply remembering them for 10s can work.

          When I began writing, I was sure Qubes should come out on top. Now I'm not sure at all anymore. I have never used Qubes, but GrapheneOS seems to hold lots of potential for this as well. I do remember a user on this forum complaining that a language change in one profile influenced an app in another profile, so if this was indeed the case and wasn't an outlier, there might be some problems with leakage. But even if the isolation between Qubes was stricter and harder to overcome than the isolation between user profiles, it's not decided.

          Every profile has GOS running as OS, which I expect to be generally more secure and have better internal sandboxing than every OS you can run in a Qube. If you use GOS in way that, for example, means a threat has to compromise the app, then break out of sandboxing, compromise the heavily restricted user profile, break out of the profile into the owner profile and then break into the other (encrypted!) user profiles... that should be reasonably secure. You might also have crossed into 5-dollar-wrench-attack territory. So which is better? No clue. Can Graphene be used in a way where the difference probably isn't that meaningful? I think so.

          Anonymous browsing

          Another important area is anonymous browsing. Tails runs everything through TOR by default, and Qubes has Whonix-Qubes. In GOS you could create a heavily restricted user profile with either preinstalled Orbot as permanent VPN with Killswitch and browse through your browser of choice (probably vanadium) or preinstall Tor Browser.

          I have no idea which would be best at anonymizing you. The only thing I can say is that Orbot + Vanadium should beat the security of Tor Browser on GOS, but I don't know about the anonymity.

          Anti-forensics

          How much evidence you leave matters as well. Assuming a threat actor captures all devices shortly after Tails (with persistent storage) was pulled out; after Qubes has been shut down; after all sensitive user profiles have been deleted and GOS has been shut down.

          Here I am completely unable to evaluate the options.

          Conclusion

          This completely got out of hand and I need to go to bed now. Maybe I should make this into another post tomorrow? Until then, I'd love someone with more knowledge/experience than me to destroy what I said here with facts and logic;)

          However, I do think that GrapheneOS is likely at least a usable option to adequately replace what I and many others have associated only with Tails, Qubes (and Whonix). I'll definitely go down this rabbit hole as soon as I have the opportunity to. If GrapheneOS turns out to indeed be a viable alternative, I'll be even more blown away.

          You people all have a good night (or day)!

          • N1b Those are great ideas:)

            Maybe you know people who could donate or code for the project.

            What skills would someone need to have to code for the project? Probably hard to answer, but is a huge amount of skill and experienced in coding for similar projects required, or can people with less knowledge also contribute code in some ways?

          • First: Thank you to the GrapheneOS-team and all that have contributed to it. GOS is an incredible product that has impressed me time and time again. Not long ago, I wouldn't have dreamed that one of the most private and secure devices in the world would be highly available, easy to use and free. What you have achieved has changed the world already, and I wish you all the best in continuing to push mobile privacy and security even further in the future. The hopes of so many people in need of what thus far only you have been able to provide are with you.

            Now that that has been said, let me ask: In which ways could I support you? I know the best option would probably be to simply donate to the project, but I really don't have any money to spare. Sadly, I'm also not by chance a computer genius that can aid you directly by providing code (if you want that code to work in the ways it should).

            Is there anything else I can do for you and the project?

            • Mwgg Security and privacy wise, I definitely might consider a Pixel Tablet with GOS in the future. But meanwhile, I still need to know what to do with the desktop PC I already have. One reason I need to know what's the best I could do with it is, so I can evaluate what I'm comfortable using it for (depending on the achievable level of security) or if I must buy something else.

              • [deleted] I thought I did, and now I searched again. There have been a few discussions on Linux Distros in general. Most of these are just broad questions and personal preferences, not going into so much detail. Others focus on Tails, Whonix or Qubes which for me, like for many others, can't fill the role of daily desktop driver.

                What I tried to do is to combine all the advice, links and opinions I've found here and elsewhere, analyzing the desirable attributes and trying to find the distros that match those best. If you think this is still too close, I understand. Still, I don't think the contents of my post and the questions I ask have been covered yet. If they have, would you please provide me a link?

              • For some time now, I have been looking into what would be the best OS for me to run on my desktop PC as daily driver. I think I have a good picture now, but I'd like your input to check whether I'm on the right path here. Critique is welcome!

                Requirements

                • The OS should run on my somewhat modern desktop PC.
                • The OS should function well as a daily driver and provide good usability once set up.
                • The OS should provide security and privacy, with security being more important.
                • Time investments into learning or maintaining the OS are acceptable, but only when justified by increased security, usability, or privacy compared to other options. Customizability or "user choice" aren't a good justification in and of themselves.

                Windows

                Initially, it seemed to me like Linux was the obvious choice over Windows or macOS. At least that's what so many people said. Having looked into it, I am not convinced that's necessarily the case. I'll link an article from PrivSec.dev and an article from Madaidan's Insecurities, which both go into why that is. I admit that I can't easily verify arguments from both sides if they are sufficiently in-depth. The reason I have come to trust opinions like Madaidan's more is that the people expressing them seem to have reliably better track records or closer involvements to security research and development. Anything I have been able to verify as I learned more about these topics has supported this as well.

                I still decided against Windows. I can't use it in S-Mode, which would provide the best security, and I still care about my privacy somewhat. I'm also concerned over what data Windows might hand over if requested to. It feels like fighting a loosing battle while supporting a company I have little sympathy for, to put it mildly. And all the while, having used Fedora for some time, going back to Windows doesn't even feel like a usability improvement anymore.

                Other OS

                Qubes OS would provide great security, and I might even accept the time investment to learn to use it. Sadly, my hardware isn't compatible, so it isn't an option for now.

                Tails and Whonix are both great and I do use them, but they simply don't fit the role.

                An option I'm not very knowledgeable about is Chrome OS Flex. Chrome OS is generally recommended as a relatively secure OS. However, I don't know how much of this depends on using it on a Chromebook and might be lost with Flex. I also don't know to what extent Google will just replace Microsoft as privacy and security problem. If anyone knows more about this, I'd be glad to hear.

                Linux

                So Linux it is. While sharing many of the same issues, different distros have made a different amount of progress and effort towards becoming more secure. Here are some attributes that I think I should be looking for:

                • Modern security-improving technologies
                • Proximity to upstream software
                • Immutability

                Fedora Workstation is often recommended, and I really liked using it during the last months. It has a six-month release schedule, staying reasonably close to upstream, and adopts modern technologies relatively fast. Fedora Silverblue is its immutable version, so it might be a little more secure. I like to use Flatpak as much as possible anyway, so the downsides do not seem to be much of an issue for me.

                What can still be improved, is proximity to upstream software. Arch Linux is a rolling release distro that might be great for people that are suited to using it. My understanding is that you can choose what you want, enabling a focus on security if the user wants. However, I'm definitely not suited to using it. The number of mistakes I'd make would negate any benefits.

                A rolling release distro better suited for someone like me is openSUSE Tumbleweed. Its updates are thoroughly tested, providing great stability for a rolling-release. It seems to also adopt modern tech quickly, and YaST provides a GUI for things most other distros don't have one for. There is also an immutable version, openSUSE Micro OS, in the variants Aeon and Kalpa for GNOME and KDE.

                Conclusion

                My conclusion is that the best choice for me would be openSUSE Micro OS. It provides good usability while being close to upstream, still stable, modern and immutable. For someone with my knowledge and requirements, it currently has the most to offer in the relevant aspects.

                Thanks for reading all of this:) What do you think? Is my approach correct? Am I misinformed about something? Is there something I'm not seeing? Are there alternatives I haven't considered that might be better?