Apple Photos app corrupts images

You couldn't pay me to go back to using anything made by Apple or Google. I use a GrapheneOS Pixel and my self-hosted "cloud" with Nextcloud, HomeAssitant, and my own email server and the control and performance are unrivaled by any of the Big Tech crapware. I could start self-hosting an AI chatbot I suppose, but these do not seem to have reached the point of enshiffication yet as relatively new services.

It may be a bit pedantic but Pixel is made by Google. I know you de-Googlefied it by using Graphene but it's still running on Google hardware.

I wonder if there are any viable alternatives though.

I may be out of the loop, but can't google just kill GrapheneOS anytime it wants? I never tried it out because I assumed that in the near future it won't be compatible with banking and messaging apps. Do they have a long term plan to exist in 5-10 years?

You could use a Linux phone, but that would almost certainly mean worse hardware and/or worse compatibility with Android programs (emulator). But for all intents and purposes, when running Graphene Google has no power over you and can't enforce arbitrary bans on sideloading, call recording, etc.

They are working with an OEM to make aGrapheneOS phone with all the security features they require like the ARM Memory Tagging Extensions.

I assume GP comment is referring to their software, especially cloud-deployed software, which can change under your feet like quicksand. Hardware, once assembled and in your hands, is yours to a higher degree than that. Eventually each Pixel phone will stop getting firmware updates, but Google has guaranteed 7 years of updates for the newest models.

For the future, Graphene OS devs have stated publicly that they're working with an unnamed hardware vendor to develop a phone that will meet their list of hardware requirements. Currently only the Pixel line does. From what I understand, a few Samsung phones come close, but don't support bootloader re-locking... When you unlock Samsung bootloaders it burns out a fuse on the board which in turn completely disables Knox, their architecture for a trusted execution environment.

Google could conceivably stop contributing to the AOSP and make future changes private, but the FOSS licence won't prevent others like Graphene and Chinese OEMs from continuing development on their own. I believe Graphene made the deliberate decision to only support Pixel devices because these used to be "reference devices" and have unlocked bootloaders, but I saw somewhere that they are in talks with an OEM to make their own devices.

My banking app didn't work for a while on Graphene OS, but now it does again. In the interim I was able to use the bank's mobile website in a pinch. Password manager apps (I've tried Bitwarden and KeePassDX) integrate with the hardened Vanadium browser and made signing in a breeze. I lost immediate transaction notifications, but it was at least tolerable.

I suspect banks won't ever be able to take their web portals down and go app-only, though Google is now trying to ram through technologies in the Chrome browser to "verify the computing platform" that will have a similar effect to the Google Play "integrity" checks for apps.

Enduring solutions to these vendor lock-in efforts must ultimately be legislative.

The walls of the Google garden have been slowly going up.

And how much time left do you have for your job and loved ones?

Personally, I am not too interested in the "security" features of Graphene. There is at least a subset of Graphene users who only care about "security" and go as far as recommending the use of sandboxed Play Services over F-Droid because of it. They despise rooting, sideloading and other mods that give user control.

Flashing GrapheneOS on a new phone took 10min tops. Setting up Nextcloud using their Docker image does not take much longer than that. Setting up my email server took the most effort, but I did this in hard mode using bare Postfix and Dovecot on Linux. A dockerized email server could be up in a matter of minutes. There is no maintenance beyond sudo apt upgrade.

How do you deal with deliverability issues on the self hosted email server. I've always heard that's a hard or at least finicky problem.

Yeah, that's fair enough. Security and privacy aren't totally mutually excluse, but there are absolutely tradeoffs. And security in a modern threat environment and customizability (at root level) are pretty much non-overlapping circles on a venn diagram.

My perspective is that I want one or two devices in my life, ideally one phone and then either a tablet or small laptop, which are maximally secure and almost never leave my direct custody. I am willing to give up root on these devices to achieve that level of security. Though I'll note that sideloading apps is absolutely possible on Graphene OS.

There are plenty of other general purpose computers at home on which I have root access and can use to tinker and experiment to my heart's content, and which I do not use for highly sensitive personal information (banking, primary email, etc).

The other important difference for me is that, whereas Graphene OS restricts root access for end-user security, companies making locked down devices withhold root from the end-user in order to keep control for themselves.

I'm 100% with you on this, but this only works if you've got a) The time and b) The knowledge to do it. I don't have a lot of time for my homelab stuff anymore. I mean thankfully things like Immich are just a "docker compose pull && docker compose up -d" away, which is fantastic, but even the knowledge to get to being able to issue a "docker pull" command isn't for everyone.

Also when you die that stuff'll go offline pretty quick I expect...

I think the deliverability issues boil down to i) IP, ii) domain age, iii) DKIM setup. The only one that is difficult to get around is i) I suppose; I am fortunate enough to have access to a clean IPv4 in a non-residential block. If you are facing deliverability issues, consider a relay service such as mailgun.

That being said, I mostly receive email, and the privacy benefits of running my own server would still be significant even without the ability to send email at all.

I think the question between the lines was "how much time did you take to the point where you know how all that stuff works?", or at least that's what I'd include in the spirit of the concern (as someone who knows all this too, and knows that the answer is 100's of hours)

Thanks for that answer.

Re: the privacy benefits, is it just that Google (or whoever) has no access to your mail, or is there another benefit? I'm not doubting, just trying to understand specifically what you protect against? And how much is the benefit diminished, if at all, if most of your correspondents are on a BigMailServer?

Tbh no one really corresponds over email anymore. And most email is sent via Amazon and other email services. So I guess Google can’t read your receipts and bills anymore.

But the main benefit of moving your email off Google is they can’t nuke your email account when the AI decides you are a bot or whatever.

What do you use for a phone provider? I have a Pixel and want to run GrapheneOS, but I'm on Google Fi and believe I'll lose some functionality if I do so. Wondering what plan you use and how it's working for you

Google not having access to your email is a huge privacy benefit. Even with email becoming less important, most online services still rely on email for sign up and things such as password recovery. You probably also still receive email receipts for flights and online purchases. These are all data points that I would rather Google/Apple/Microsoft not have.

Besides privacy, running your own server means you can create as many mailboxes/aliases as you like. I give each website/company a distinct alias; this allows me to revoke an alias that becomes problematic, e.g. due to spam. There are no storage limits other than those dictated by your hardware, no maximum attachment size, etc. I am immune to "terms and conditions" changing overnight that suddenly shrink my storage or put features such as IMAP access behind a paywall.

I use T-Mobile and phone calls, messages (SMS) and 5G data just work. Without Play Services, you will lose RCS probably. I haven't tested as I don't care about vendor-locked protocols. My suggestion would be to use Signal instead.

For those needing a clean IPv4 for mail servers with reverse DNS support, check out https://hoppy.network - I haven't had any deliverability issues, but my domain has been running for over 5 years now. Here's my self hosting blog series - https://www.naut.ca/blog/2020/05/05/self-hosting-series-part...

- Cofounder of Hoppy

And one shouldn't. Even if you use their devices and OS (and many people "have to!"), one should stay away from their app and services offerings.

Use third party apps/services which usually function on interoperable standards/specs.

It's been years since I have used any service by either of these companies where my personal data stays inside their ecosystem - email, notes, pics, videos et cetera.. nothing.

> I could start self-hosting an AI chatbot

I was surprised nextcloud has a whole bunch of ai plugins

https://apps.nextcloud.com/categories/ai

funny, I run nextcloud but don't add all these plugins because they require* you to install from the cloud.

* there's a way to install apps locally, but you had to install the app store and it quickly became very complicated.

>I suspect banks won't ever be able to take their web portals down and go app-only

Nowaday all my interaction with online bank is through their app.

Why is this relevant for this particular article?