This is not a very good article.

It’s full of very weird qualifiers: “not a programmer,” “studied computer science,” “tech writer.” This person is not an average user, and they kind of do everything they can to make sure the reader knows that. Then, while trying to say Linux is for average users, the author suddenly is claiming to be just that.

Linux is easier to use now than when I started using it, a little over six years ago. But it does require at least a basic curiosity to learn.

I think that’s a good baseline. Not placing unnecessary trust is definitely a priority. The idea is definitely to remove as much of the need as possible for trust.

You have good goals and they are attainable. I wish you luck.

Your logic doesn’t escape me but in point of fact, when we’re talking about GrapheneOS we’re not talking about volunteering usage data to Google. GrapheneOS does a better job of protecting user privacy than any other mobile option I can think of.

The problem I have is treating security and privacy like they’re opposing forces. They’re not. You don’t need to make security concessions to ensure privacy and that line of thinking doesn’t make sense when you examine it.

Genuinely curious: what your privacy metrics (what does this actually mean to you) and what is an organization that you trust?

I’m sorry, but that’s just not how security works. Most of the “security” features exist because of patching known vulnerabilities. What this means in real terms: vulnerabilities and how they work are published to the public. There are people who specifically write and sell malware to exploit these known vulnerabilities. This is happening all the time. If you have a permissive security model, you are opening all of your information up to compromise

You cannot reasonably expect privacy on a system that makes major concessions to security. Security is necessary for privacy. The two are not the same thing, but one is needed for the other.

But also… GrapheneOS is in fact a very privacy-friendly operating system. I would consider it the most privacy-friendly in fact.

I don’t think it’s ironic. Google benefits massively from their projects like AOSP or OpenTitan being open source, and they even benefit from projects like GOS doing some heavy lifting for them in developing bug fixes that get integrated upstream.

The fact that their mobile phones are relatively friendly to alternate operating systems is of pretty significant benefit to them.

Google is invested in security research, albeit usually for reasons that don’t benefit users.

I find the criticisms of the founder pretty seriously overblown. My interactions with him have always been positive. He’s on the spectrum and a lot of people engaged in pretty serious abuse toward him and the project he created… so I’ll give him some slack.

I’ve used GrapheneOS for 5 years. It’s good, the project has integrity, and there really isn’t anything that meaningfully compares in meeting its goals. It’s proactive in that they actually do meaningful security research and implement solutions. People who troll on the project are either straight up bad actors or just stupid.

There is nothing more permanent than a temporary solution that works

deleted by creator

deleted by creator

Signal releases their own self-updating apk on their site, and this release doesn’t use Google services for push notifications. There are legitimate reasons why publishers sometimes avoid f-droid.

Also there’s Molly, which is a signal fork that allows database encryption; or Session, which doesn’t require a phone number for account registration and is decentralized. Both of these forks have repos that you can add to f-droid.

I do understand the hesitance to use a platform that has its infrastructure in the US, but I will say that international compliance with the US is a problem even if the infrastructure is located elsewhere. Session is a really promising option, since it’s decentralized, and I’d love to see more people using it.

I have no problem with creating drm-free copies of ebooks, and absolutely hard no on stealing from libraries.

But I wasn’t even saying that. I’m just saying borrow and read the books as per the usual method from libraries. Libraries are awesome and there to be used. I love that public and private funding still gets directed toward the free sharing of media in libraries, reducing (not erasing) the actual need for piracy through their existence, especially for books.

Now what I’m betting is that this is for an overpriced textbook, in which case by all means create copies and sideload them onto an ereader that allows this.

Getting an e-reader that allows for sideloading is probably the easiest and cheapest workaround for this problem. You can often get them used for quite cheap. It doesn’t give the physical copy, but is more than likely a better reading experience than trying to print out volumes yourself.

Then you can also “borrow” digital books from libraries, among other things.

Or, for that matter, you could just go to a library in person.