> NB: Since I'm on GrapheneOS now I haven't looked back

Not to suggest GrapheneOS has become the new "standard" given it currently only supports Pixels, but I hear a lot more about GrapheneOS as the custom Android build than LineageOS, so I wonder if a lot of people have moved there from LineageOS.

The other reason for a decline in custom ROMs may just be that apps are becoming more and more locked down. Banking apps are getting stricter all the time, so even the ones that work with custom ROMs today aren't guaranteed to work tomorrow. And more people probably use Google Wallet than ever, which also rules out custom ROMs AFAIK.

I agree on the locked down part. Ever since I bought my first smartphone (HTC Desire) I've been flashing custom ROMs pretty much the day I bought it. In the beginning it was a hastle, then it became much easier. In 2021 and 2023 I bought a Xiaomi and it required registering before bootloader unlock was allowed. I didn't like I had to register, but did it anyway.

The real problem for me were the hard to come by blobs that needed flashing after certain updates. And the fact no official supported LineageOS build as available. That last one is mostly on my part for not checking before buying. But still, in the past pretty much any popular phone had one or more official builds supported on XDA. Nowadays you need to venture into Telegram groups scrolling over endless linear conversations of people asking the same issue over and over again. Maybe I'm just getting old, but what was wrong with using a (well structured) forum?

For me, I'm not that concerned with having contactless payments work. Although I did switch banks just to not have the Google Services/wallet requirement. That was short lived though, pretty much every contactless payment now only works with Google Wallet (ridiculous), I just gave up on it and pay by card instead.

I just want to get away from the fact Google Services is integrated into everything you do on your phone. The fact Google Wallet has access to not only the payments you make using NFC, but also the last x transactions on you bank account 'for fraud detection purposes' is quite insane if you ask me.

That's why I just run plain without Google Services (not even the sandboxed one by GrapheneOS) and accept the fact certain conveniences just isn't available for me.

I don't even miss rooting, which I mostly did in the past to have (non VPN based) add blocking on OS level. I just replaced most apps by their browser-based alterantives and use an add blocker there.

About 250k devices were getting GrapheneOS security updates two years ago[1], so it is approaching the number of official (and opt-in reported) installs of LineageOS.

[1]https://discuss.grapheneos.org/d/12281-how-many-grapheneos-u...

[flagged]

Can you give examples of what you consider "nasty attitude" on their part? All criticism of other project I've seen was either cold, clinical technical criticism, or defense against slander propagated in the media against GrapheneOS.

I haven't seen GrapheneOS folks going out of their way to attack anyone.

[deleted]

[flagged]

Could you please share some examples?

I often see them being on point and highlighting important details. Majority of custom roms aren't taking security seriously, so I don't think there's anything wrong with calling them out on that.

[flagged]

I find it to be pretty reasonable, and also consistent with what GrapheneOS previously said. They were consistently against company-owned verification. I don't see anything offensive here: they aren't attacking individuals or projects, but rather attacking an approach that is harmful.

That's because Unified Attestation is unsalvageable. It's basically the same scam as Google's, with different owners doing (or wanting to do) the extortion.

[flagged]

[flagged]

[flagged]

> suspicious sponsors

GrapheneOS is entirely funded by donations. It doesn't accept strings attached sponsorships. We list companies sponsoring infrastructure for GrapheneOS on our website to encourage more companies to make donations and for transparency.

https://grapheneos.org/sponsors

Which of these companies do you claim is suspicious and what's the reasoning for that? Server sponsorships are how many Linux distributions including Alpine, Arch and Debian host their update mirrors and other infrastructure.

> force users into opaque hardware

Computer hardware and firmware is nearly universally closed source. The devices we currently support are among the most open including using Trusty OS for the TEE and secure core, OpenTitan as the basis for the secure element and littlekernel for the late stage boot chain on the main SoC.

GrapheneOS is coming to more devices but those devices need to meet our hardware security and requirements and provide the driver/firmware updates we need. We have a partnership with Motorola Mobility that's working towards new devices meeting our requirements with official GrapheneOS support.

> just the other day they were also promoting the usage of government sponsored VPNs

This is utter nonsense. Answering people's questions about how to use Tor on GrapheneOS is not promoting government sponsored VPNs. We don't even specifically promote Tor but rather explain how to use it. We also recommend people carefully consider using it to access the public internet via exit nodes since it makes people using it into targets and anyone can host an exit node.

Is this some kind of FUD?

Shady sponsors (if there is any) doesn't matter when transparency is in place. Want to reveal malicious intent? Provide a PoC.

Only hardware that supports bootloader relocking are Pixel devices. There are no others to consider development effort - plain simple. No, you can't use an unlocked device as a daily driver. Up to a minute out of your hands (or triggered reboot from public power outlet, due to outdated Lineage firmware) - and your bootloader is rewritten with one that collect your FDE secret and sends it to a remote server.

Opaque hardware? Which hardware are better and more transparent than Titan and upcoming OpenTitan? Bruteforce protection which considers current ambient temperature - what more do you need?

I can't say anything about VPN affiliation, but everything else is complete bollocks.

They're making inaccurate attacks on GrapheneOS to mislead people. We have sponsorships for our server infrastructure with those companies listed here:

https://grapheneos.org/sponsors

We also list the sponsors of specific servers in our server documentation:

https://grapheneos.org/articles/grapheneos-servers

Four of our sponsors are dedicated server companies and one is a VPN company sponsored 2 dedicated servers for us via one of their dedicated servers providers where they have a large discount on the hardware and traffic.

IPinfo is a well known GeoIP company. They provide open source projects including Alma Linux and GrapheneOS with free access to geolocation database downloads. We use it to implement GeoDNS on our self-hosted anycast DNS clusters. They get most of their GeoIP data from crawling the internet with over 1300 probes which makes it far more accurate than the more traditional options based on WHOIS and geofeeds.

What's sketchy about any of these companies? They also don't receive anything more than being listed on our site which we would do for transparency regardless.

GrapheneOS is entirely funded by donations but other donations by both companies and individuals are informal rather than official sponsorships. For example, Proton and Cape have both repeatedly made donations to GrapheneOS.

> Only hardware that supports bootloader relocking are Pixel devices

That's not quite right, but Pixels are the only devices providing all of the hardware requirements for GrapheneOS listed here:

https://grapheneos.org/faq#future-devices

GrapheneOS will also support future Motorola devices meeting all of these our requirements and providing official GrapheneOS support. Those will likely be available in under a year.

> I can't say anything about VPN affiliation, but everything else is complete bollocks.

Mullvad and Proton have both sponsored GrapheneOS with donations. All they wanted was us to say they donated to us which we would do for transparency anyway. We have no obligation to ever post about it again or to say anything positive about either company.

They're describing Tor as a government sponsored VPN and are claiming we promoted it because we answered people's questions about using it on GrapheneOS and have a small amount of documentation on using it. We don't specifically promote using Tor. We regularly caution people about the risk of making themselves into targets with it by accessing the public internet via exit nodes. Tor makes sense for some situations but we generally recommend using a traditional VPN for most people's use cases.

[flagged]