If you don't bother to click, the linked phones are the Google Pixel 6/Pro with Graphene OS and some (optional?) hardware modifications.
I know it's probably not in their best interest, but I really wish they specified the source of their features individually (whether something comes from the Pixel 6 Titan chip, Graphene or their own custom hardware or software). It makes it difficult to evaluate their value-add over buying a Pixel 6 and throwing Graphene on it.
All the description seems to be just generic Pixel 6 (Pro) + GrapheneOS. The one addition I found was that they would remove the hardware if you ask them to:
"Optional: For very high security requirements, both microphones and acceleration and rotation sensors can be removed. Indeed, acceleration and rotation sensors can be misused as microphones. This physically prevents conversations in the environment from being recorded. Phone calls can still be made with an external headset."
Why do you need to insert a man in the middle vector?
I mean GrapheneOS even provides it's users a web based installer. I really hate these marketing schemes based on privacy buzzwords.
Right? How do I know this isn't a CIA front shipping bugged phones to the users with something to hide? [0] NitroPhone's target demographic is very paranoid^B^B^B security conscious types, they should at least have a FAQ convincing me they're not the feds :)
> NitroPhone's target demographic is very paranoid^B^B^B security conscious types
Let's not add anymore stigmatization in an area where it would serve us all to be a little more paranoid about the amount of spying and corporate+government intrusion that is now the norm in our lives. So many things I would have thought were conspiracy theories a mere 10 years ago are now true. The slippery slope is not a fallacy anymore.
apologies for making my sarcasm too subtle, as evidenced by my wa-po link, I'm well aware that intelligence agencies really do set up fronts to sell bugged goods to a person of interest. Hell, if nothing else works they'll even arrange a vaccination drive for all the kids in your village to try and suss you out.
Just found their "About the company" page: https://www.nitrokey.com/about
They say that they are totally self-financed and produce their Nitrokeys only in Germany to prevent supply chain attacks.
I wondered if Crypto AG (the swiss company selling backdoor'd hardware) would have said the same thing and looked up their old about page. [0] In light of the CIA's involvement I find it exceedingly cheeky:
> We are present around the globe in all cultural environments. The threats, challenges, and fears you are likely to encounter are known to us; they are the source of our innovative thrust.
Thanks to our world-wide network and regional offices, our presence and services know no borders or limits.
I can be conscious of my health, but unless I make healthy choices it doesn't help much. Same with security. If you can't be bothered changing your bad habits, you may be security conscious but it isn't going to help much.
I think you either underestimate your own ability with tech or over estimate the general user. I still get calls from my parents when Firefox updates and a "new box" shows up. This is an extreme example, but this phone could be used by finance or hr team members who are also not expected to really be tech focused.
Just a idea, but support could be a reason to pick a 3rd party to manage these kinds of devices instead of installing the original project. You do open up extra avenues of compromise, but rolling out an OS project you are not really an expert in to staff is a big risk for usability. I can see a value proposition of "locked down devices, more secure than stock, 98% as secure as possible, 24/7 support" being an attractive tradeoff for some companies or people.
People are unable to install the OS. If you go to the matrix room, it's a constant stream of installation questions. Like most things, this is a skill/time/money tradeoff. If you lack in one or more, you can make up with the others.
> "NitroPhone is a much better product than we did with Blackphone." Phil Zimmermann, inventor of PGP
Hard to believe this is some sort of Anom[0] type scenario when it's endorsed by Phil Zimmermann.
The only potential issue would be if the device entered a clandestine facility to be backdoored as it gets delivered to a customer. Supply chain attacks are real and plausible.
Serious question; not trying to be snarky. Other than just personal privacy preferences what would are some practical reasons for why someone would use this phone?
In terms of user experience, it's pretty obvious that GrapheneOS suffers by comparison. For example, the camera app isn't as amazing as it is on Pixel with full Google Android, and it probably never will be. You can install apps from the Google pay store with Aurora -- even things like Google maps and Gboard for swipe typing, but you will probably prefer them to be more secure and so you'll lock them down as much as possible, lessening their utility.
So, in "practical", non-privacy/non-security terms, it's crazy to want something like this instead of the "real" Pixel 6 Pro experience (or Samsung S21 Ultra, or iPhone 13 Pro Max, etc), or perhaps until you read e.g. the shockingly bad Samsung privacy policy.
However, there are some other benefits derived from the privacy aspects that aren't strictly privacy benefits themselves:
* Hobby enjoyment
* Trusting (to a degree) your device
But, for me, I love my GrapheneOS phone and it's all of the above. I can live with the limitations, for the most part, and I've also purchased a wonderful Fujifilm camera when I really want to take amazing photos, which of course blows away any phone camera system anyway. The Pixel itself is still a really great smart phone experience, and way beyond my Pine phone (current generation) in terms of both security and usability, even without the few things that are taken out when you switch from Google to open source Android.
> In terms of user experience, it's pretty obvious that GrapheneOS suffers by comparison. For example, the camera app isn't as amazing as it is on Pixel with full Google Android, and it probably never will be. You can install apps from the Google pay store with Aurora -- even things like Google maps and Gboard for swipe typing, but you will probably prefer them to be more secure and so you'll lock them down as much as possible, lessening their utility.
GrapheneOS recently added our own modern Camera app replacing the legacy AOSP Camera. You can also use the Google Camera app included in the stock OS on GrapheneOS if you want more features. It only depends on GSF which can be installed alongside it as another fully sandboxed app. They work the same way as any other apps. There's a guide on the camera at https://grapheneos.org/usage#camera. GrapheneOS has the same camera quality and features as the stock OS. It's the apps which are different, and you can use the stock OS camera app.
It's also possible to use Play services (GMS) and the Play Store as fully sandboxed apps due to the sandboxed Play services compatibility layer on GrapheneOS. You might be choosing to use it without that but it does have broad app compatibility for users who want it. You don't have to give up much to use GrapheneOS anymore. Not every Play services feature is available but the functionality that's available is steadily expanding as we make extensions to the compatibility layer.
The compatibility layer enables using GSF, GMS and the Play Store as fully sandboxed apps with exactly the same restrictions and permission model as any other user installed app. That includes the improvements offered by GrapheneOS such as the Sensors toggle, Network toggle, stronger sandbox and other privacy/security improvements protecting the OS from apps.
> For example, the camera app isn't as amazing as it is on Pixel with full Google Android, and it probably never will be.
I haven't used Graphene but I assume most users do what most Calyx users do, which is extract the gcam apk before flashing, install it, and completely block its internet access with the firewall. We can and do use the stock camera, and it's great.
1. I think that I have a right to participate in the digital commons without selling my soul to my choice of two possible corporate masters (Apple or Google).
1A. Corollary, the digital commons necessarily includes the ability to interact with the Internet in a mobile way.
2. There are mobile applications that have such a marked and clear positive impact on my life that doing without them is not merely an issue of convenience, but an issue of capability.
2A. These applications, through market forces, are only available on mobile devices running common mobile OSes.
3. My means of income requires me to fit as much as possible a societal mold that includes availability during reasonable hours via a mobile device.
3A. My employer is not one of the corporate masters, and they have no right to interject themselves in my relationship with my employer that I entered into voluntarily.
When put together, these leave you only one viable option which is running secured hardware with a de-Googled version of Android. I don't see why /this/ device is any better than a Pixel + GrapheneOS done yourself, but the above explains why someone would want a Pixel + GrapheneOS.
You are welcome to disagree with my reasoning, but it is sound.
I agree with this answer, but I'm not sure how to express the question. I mean something different when I say "practical."
It's like a person who buys a gun because he wants to exercise his second amendment rights versus a hunter who buys a gun to hunt or a cop who buys a gun for law enforcement.
I think I understand your point, but I'm not sure how anyone could formulate an answer to satisfy it. The split is fundamentally philosophical, because there's no new capability gained by regaining your privacy vs simply accepting the status quo of letting Google interject itself into every aspect of your life. The absence of something cannot add any new capabilities.
On the flip side, I think the mere existence of people who are successfully living a 'normal' life in the current era while regaining some reasonable measure of privacy is enough evidence to support the use case, beyond merely theoretical philosophical ideals.
I was thinking there could be use cases like plausible deniability when doing illegal stuff or maybe these phones are useful for the same reason in espionage? Maybe these phones are required in the defense industry for secret or top secret clearance? Stuff like that was what I was guessing maybe these phones are useful for.
I'm sure those use cases do exist. I know that there are already special secured handsets made by defense contractors like that for use by top officials, generally in partnership with other companies. I believe Halliburton supplied specially modified Blackberries for years to the White House and Department of State, and the last I heard was that a different org was modifying Samsung handsets for similar purposes. Given that shift to Android, it would not surprise me if there was a market here for government officials working on confidential work to need secured handsets running Android where their government could lock the device to only a whitelisted set of apps. The US government for instance already has published STIGs for Android handsets.
The reality is that for me, at least, government use cases don't interest me for a number of reasons, and I don't necessarily think they align with your clarification to the questions either. I think drawing the parallel to firearms is fuzzy, but if we go with that, there are obvious use cases a government has for firearms that don't support an argument in favor of civilian ownership, but there /are/ arguments that support civilian ownership. Perhaps nothing else makes me more anxious than that thought of a world where privacy and crypto are considered to be something only allowed for elites and government officials, where all of us normies have to be surveilled 24/7. This is already a reality in some parts of the world and fast becoming a reality in the West. Hence, I am not really concerned with how useful this may be to government, I am /only/ concerned with how useful this is to normal every-day people who just don't want to be spied on. Most of the modern surveillance isn't even done for a reason, it's just dragnet surveillance on everyone "because they can", which is the worst type.
4.5 years also isn't that much. I just replaced my 5 years old phone, but only because it's not actually my own, but paid for by work. Had it been my own, I'd get the battery replaced and the charging port cleaned instead. The battery replacement isn't even that expensive.
Using a five year old phone isn't an issue anymore, they are fast enough that it doesn't matter.
I honestly hope they fund the Graphene OS project if they do this or if nothing else, make it clear that you could also do this yourself. /e OS tells you that you can install it if you havr compatible hardware or buy it from them, same for Calyx OS.
For those wondering why you'd want this - I use Graphene OS on an old Pixel 3 and battery lasts 2-3 days easily. I dont have to constantly fight all anti-patterns in modern day Android, but I can still chat, email, text, browse and watch videos...
€250 to solder off components seems steep. It takes me less than 30min, i can imagine it takes a lot less to disassemble+desolder+reassemble if you do it all day. Can't see this taking up more than 1 manhour. If they added a switch instead of desolder the price would have been more reasonable (but still steep, it can buy a usable phone on its own)
I wouldn't see it that much about how long it takes once you know how to do that. Its time it takes to learn how to do it.
E.g. I bought cheap phone and I wanted to debloat it/ install lineageOS.
After week or something, 2-3 soft bricks, and constant issues I have semi-debloated original OS phone, with a bit more control but far from what I wanted.
To get somebody the same as I have now? 2 hours max. Would I overpay somebody else to give me the same thing, if I knew how long it takes to do from scratch? Definitely
It takes some skill, entails some risk (can fuck it up or the customer could be a tool), takes some time. Between skilled labor and risk, sounds about fair to me.
If you're in the market for such a phone may I ask, without judgement, why? I'm very interested in whether this is aimed particularly at certain professions, if more and more people fear violation of personal privacy, etc. Again, no judgement or preconception - I'm asking in good faith.
People say they have nothing to hide. Yet would you hand your unlocked cell phone over to a stranger? People give away all kind of personal data for free to adtech.
If you have serious privacy concerns phones like this makes sense.
What if those strangers were going to attack your friends, neighbors, or elderly parents with every scam and shady advertising/phishing scheme that they could invent?
I'm probably vaguely close to the market for this. My reasons would be privacy and security concerns. Phones are creepy, they have access to _everything_, are carried everywhere, and we have little knowledge or control of what they're doing.
Maybe they grow/sell marijuana or shrooms and want to learn about things like that without worrying about being put on some list, or just have concerns about censorship or being flagged based on their political beliefs.
1. I don't want my data used against me politically - there are legitimate reasons to shield your personal data to protect yourself from political persecution from ordinary people to the government. E.g. A gay man may fear his homophobic colleagues will bully him, a migrant may fear that his right-wing boss may fire him if he knows his origins, a muslim may prefer to not grow a beard or a Sikh not wear turban to hide his identity to safeguard himself from unwanted hostile attention from strangers etc. etc. E.g. 2 - The United State government now demands that you tell them about all your email and social media accounts when you apply for a US visa.
2. I don't want my data used against me commercially - BigTech want more and more data about us to determine how to influence our behaviour. Preventing them access to my personal data protects and allows me to make rational purchase decisions, rather than those based on impulses influenced by BigTech overt or covert advertising.
Denying corporates access to our personal data does both, because BigTech now also sell our data to government agencies. Since the government is one of their target customer base with a big purse, BigTech have now also started using our personal data to try and influence us politically.
LineageOS, CalyxOS, /e/ and other Android distributions essentially rely on the standard Android which only comes with its own selection of apps. GrapheneOS, on the other hand, is an elaborately hardened Android and should therefore be seen as its own operating system. In addition, security updates are often provided late by the distributions mentioned at the beginning."
Pretty low to call out other Android projects in a marketing release but falls directly in line with how the GrapheneOS project treats the community. Won't be buying this or recommending it.
First of all, I am fairly sure GrapheneOS is in no way affiliated to NitroPhone which just packages their work and sells it with no work done by themselves.
Second of all, the only accusation I see is on your part.
We don't have any issue with Nitrokey selling phones with GrapheneOS. They're one of several vendors providing users with a way to buy a phone shipping with GrapheneOS. Our web installer is very easy to use and even very non-technical users are able to use it with the help of our community. There are always many people in our Matrix room willing to provide lots of help to new users around the clock. Some people are still going to want to purchase a phone with it instead of needing to install it, and Nitrokey is a trustworthy vendor providing it. Our recommendation to most people is using the web installer and asking for help if they experience any issues. It's very easy to do from another Android phone, ChromeOS or macOS. It's a little bit more involved on Windows due to needing to install a special driver. The web installer works well for people with barely any technical knowledge. The main roadblock people experience is trying to use a non-spec-compliant USB-A to USB-C cable which is resolved by them getting a proper one or using the official USB-C to USB-C cable from another device like another Android phone.
joemazerino has been spreading misinformation about GrapheneOS including personal attacks and libel targeting our developers for years. You can see a bunch of it in their comment history among other gems like https://news.ycombinator.com/item?id=26974901. They've been regularly promoting a proprietary fork of GrapheneOS which falsely pretends to be the original project. It's barely maintained with the last release in September and almost zero development since they forked our project in 2018. That product is pure grift and very openly scamming people. It's unfortunate that a product depending on our work has invested substantial effort into harming us but that's the reality for us. A small number of people got duped by that and it snowballed into further attacks on the project which are worse than ever thanks to the help of an certain faux 'privacy activist' charlatan on YouTube. joemazerino made sure to spread a 1 hour hit piece with a whole bunch of fabrications about myself and the GrapheneOS project from that person. We're used to this and it comes with the territory in an industry with more scammers than people doing useful work.
Your defense of your project is to attack my post history and comment history which is par for the course. Graphene has a crisis in PR and leadership of which falls squarely on your shoulders. Try not character attacking people who have valid criticisms of your project, maybe, and take ownership of how you respond.
They do the work for you. You could just buy a Pixel 6 and throw GrapheneOS on it, but this is not financially viable if you count the hours needed, especially if you want to recommend a secure phone to non technical friends and not configure it for them.
https://grapheneos.org/install/web is easy to use and GrapheneOS has broad app compatibility these days via sandboxed Play services (https://grapheneos.org/usage#sandboxed-play-services). We're working on making the out-of-the-box experience nicer via a first party app repository and client which can be used to bootstrap installing other app stores too. There are over 6400 users in the GrapheneOS Matrix room with many experienced people always around at any time of day that are willing to spend lots of time helping new users.
I use Grapheneos. The Matrix room #grapheneos:grapheneos.org is everything strcat says it is: yet get used to OpenBSD or Arch levels of "RTFM" as responses to queries. To be fair the docs at grapheneos.org are fair (nothing like OpenBSD's), but without a good grounding in infosec terms of art, they will be between strange and unintelligible. Backscroll search is vital.
Why are they advertising 4.5 years of software updates? Is it because Android phones usually have an even shorter compat period than 4.5 years? How many years should I expect if I got the same model otherwise (Pixel?)?
I am using their FIDO 2 USB-Keys for 2FA. First I was sceptical too, but they are on the market for quite a while and I like their fully FOSS approach which Yubikey does not provide. Some of their products seem a bit overpriced, because you can do everything by yourself, but if I count all the hours and days spent with unlocking Bootloaders, searching ROMs and debugging them, this offer seems worth the price.
Physical kill switches are completely useless though. They provide no added benefit, if you can’t trust the OS you already lost. It is even possible to reconstruct speech from gyroscope data.
I know it's probably not in their best interest, but I really wish they specified the source of their features individually (whether something comes from the Pixel 6 Titan chip, Graphene or their own custom hardware or software). It makes it difficult to evaluate their value-add over buying a Pixel 6 and throwing Graphene on it.