[GTALUG] Freedom and Graphene

Tue Nov 3 05:51:03 EST 2020

On Sunday, 1 November 2020, Evan Leibovitch <evan at telly.org> wrote:

> Thanks for the answers. Very helpful.
>

Thanks for the update. I don't need a new device just yet, but I was eyeing
Pixel after seeing much better battery performance with the Experience rom
on my Nexus 6.

>
> I think I'm going to just do a new $19/month minimum plan to check out
> Freedom's coverage. Thanks to warnings here I won't consider moving my
> existing service over yet. The OpenSignal app on my phone says that while
> connectivity is good where I am, speeds are almost a quarter of my current
> provider (Koodo/Telus). Freedom is making some noise about 5G and I believe
> they have either bought or are going after some 5G spectrum. But I don't
> know what to make of it yet.
>
>
>> I had never heard of GrapheneOS; interesting that it *only* runs on
>>> recent-ish Google Pixel phones.  As the battery on my OP5 starts to age, I
>>> suspect I'll be looking at a Pixel in the not too distant future, certainly
>>> of interest to hear what's up with alternative phone "firmware" these days,
>>> particularly as it's difficult for them to keep up with hardware
>>> evolution.  CM and LineageOS had history of supporting lots of devices;
>>> Lineage has been hurting in that regard <https://download.lineageos.org/>
>>> They used to support a wide variety of Samsung, but no models later than
>>> about 2017 have been supported, no LG past about 2016, and such.  If
>>> there's reason to expect better from GrapheneOS, that would sure be nice.
>>> (That tells you some of the kinds of questions I'd hope might get answered
>>> ;-) )
>>>
>>
> "Why just Pixel" is answered in the FAQ
> <https://grapheneos.org/faq#future-devices> and in more detail on Reddit
> <https://www.reddit.com/r/GrapheneOS/comments/htwm9t/why_is_grapheneos_supported_only_on_pixels/>.
> The main reason that I can extract is this is not your garden variety XDA
> alternate ROM, and not every phone can be locked down as they demand.
> GrapheneOS replaces boot and firmware code and requires you to relock the
> bootloader at the end of the installation; that's something I haven't seen
> before.
>

This relocking looks like a nod towards secure boot and SElinux, which I'm
still grappling with, mostly in  understanding audit and policy management.

>
> Customer service said I'd made that change from my phone when I enabled
>> phone over wi-fi when that was available instead of LTE over the sim and
>> they couldn't change it back. I even reverted to the original distribution
>> OS but no joy on incoming calls after that glitch.
>>
>
> Unlike Koodo, Freedom has some brick-and-mortar stores and I hope the one
> nearby may be more helpful than a call centre. That may be wishful thinking.
>
>> I notice in the GraphineOS downloads the pixel 2 walleye release is
>> supported. Thats the Pixel core base I'm running on my Nexus now, so I'd be
>> interested in hearing about your install experience, to see if I can
>> further kludge/extend the life of my own Nexus.
>>
>
> Because of the issues above (they replace far more than the system and
> user partitions) I'd be careful. I think they're looking for exact hardware
> matches, and note that there's no support for the Pixel 1 and only "legacy"
> support for the Pixel 2.
>

> I recently bought a used Pixel 3a for $200 just to try Graphene. This is
> part of a personal experiment to see how private I can get with a
> privacy-focused phone, no Google apps and a new Protonmail alter-ego email
> account just made.
>

Out of interest what android is your pixel built on Android 9 or 10. I
figure about 4 to 6 more months before the battery starts to fade on my
Nexus. I just checked Freedom's offerings and a budget 4a is not all that
bad at $480 outright and less with a plan but this is is a new and
interesting twist.

Graphines sandboxing of RF is a laudable improvement and I think I  learned
my lesson on carrier issues relating to VoIP and VoWiFi on the Experience
rom of the Nexus.

Part of my past issues with Freedom were my own switching sim cards between
devices and some miscommunications but, as a day to day they were fine for
me in the city and I'd use one of their plans again. I told staff that when
I cancelled but I forgot to mention that to you.

>
> Installation was fast and flawless from my Kubuntu box. it doesn't require
> TWRP or use recovery mode; everything is done using the "fastboot" comment
> and fastboot mode on the phone.
>
> Challenges so far are in setting up notifications, and to find apps that
> don't require Google Play Services to run. Still, there are some
> interesting finds, such as a hardened Chromium-based browser called
> Vanadium <https://github.com/GrapheneOS/Vanadium> (which is more
> lightweight than Bromium because it can take advantage of a hardened OS).  Users
> are warned that Firefox is way too insecure
> <https://grapheneos.org/usage#web-browsing> and should be avoided. I
> haven't yet set up email or calendar, but Signal and Telegram work fine. A
> few games that I've tried don't work. But there are two great apps, NewPipe
> and Aurora Store, that anonymize access to YouTube and the Google Play
> Store respectively.
>
> So far it's a battery beast, lasting many days on a charge. While it's not
> checking email or calendar updates yet, it's also not spending any effort
> telling Google where I am or what I'm doing.
>
> It's an interesting project to be sure.
>

I was actually astonished at how much better my Nexus performed with the
Pixel Experience rom. So much more So when the rom dissapeared from XDA
soon after the sale of motorola assets to lenovo. I had the rom on two
devices one moto and one leno until I fully fractured the screen on moto.
The leno is still going strong.

>
You have me window shopping now. Could you clarify ... when you say not
checking email, do you mean not setup yet and not that the client app does
not work?

I skimmed the keystore info and other x certificate generation tools on
Graphines site and a Pixel looks like a good next choice alongside
Graphines take on the O$I stack.

> - Evan
>
Russell
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20201103/8786d32a/attachment.html>