Pancake Club

I have not linked this blog to any other projects for you to explore using this link, and I have no idea where that link goes if you click it.

This page has been brought to you by Bisquick, “if it’s thicc, it’s Bisquick”.

GrapheneOS as a Replacement for iOS

Written in

by

Pancake Chef

iOS is Apple’s mobile operating system. It’s closed source. Android is Google’s mobile operating system, but it’s open source. GrapheneOS is a version of android that doesn’t use a key google component which is called “Google Play Services”. Google Play Services is the main tool Google phones and apps use to send your data to Google.

The problem is that apps need Google Play Services to work, especially Google apps like the Camera or Maps.

So Graphene’s developers initially put in a mini Google Play Services type app that allowed most apps to work but wasn’t perfect, so over time they figured out a way to allow a phone to install full Google Play Services but to keep it sandboxed so that apps can talk to it, but it can’t access the entire Android system and hoover up data from every app, folder, and sensor on the phone. Additionally Google rolled out User Profiles in Android. That made it possible for a user to install Google Play Services on one profile but keep another Google free. I chose to install Google Play Services in the non-root profile. This isolates Google Play Services to a secondary profile with limited permissions and limited stored data.

I tried Graphene back in the good old days, and the camera heavily relied on Google processing to make passable photos. Today, even without google play the Graphene camera app is pretty good, but with full google play installed it is exactly the same camera as I would find on a regular Pixel phone with all the software magic Google includes in it’s famous Pixel Cameras.

Graphene has some other great features, they are Contact Scopes and Storage Scopes. These features allow an app to think it has full access to your contacts or files but in reality it just has access to a small subset.

Graphene uses per connection MAC address randomization which means that every time my phone connects to a wifi network it generates a new MAC address. This helps prevent tracking of the phone as it rolls around town in my pocket shaking hands with every wifi network it comes across. If you are on a public network with a Graphene device, every time you connect it the same network or another network your phone looks like a different device to that network.

Bluetooth scanning is off by default. Both Apple and Android phones prevent users from using Bluetooth and leaving scanning off. Bluetooth scanning is used by Apple and Google for contact tracing, journal suggestions, and for their mesh network functions in their software as well as their find my networks. Most people have no idea that if your phone has the wifi and cellular off, it can still talk to other phones over Bluetooth and those phones will transfer your data to Google or Apple. With iPhone, you cannot participate in the Find My Network without leaving Bluetooth on constantly, which leaves your device open to Bluetooth attacks and constant detailed tracking of your whereabouts.

In Graphene OS and like in stock Android, the camera and mic can be disabled from the control center without unlocking the phone. When done this way, even the operating system can’t access this mic or camera, and pixel phones have a fingerprint scanner for unlock. On iOS, the only option is to leave the camera and mic on all the time, even when you don’t need them.

This is unacceptable to me, because we do know apps likely use wake words and listen in the background and use that info for ad targeting and for designing our feeds on social media apps and news sites. The process is not transparent at all, most users do not need to use their microphone 24/7, and the same goes for the camera. On Android and on GrapheneOS, you can turn the camera and Mic on when you need it and off when you don’t and you can feel sure that it is really off.

So Graphene is secure and in many ways more secure than Apple’s iOS, but there are still some great iOS apps that do not come stock on GrapheneOS.

How I’m Replacing Apple’s Stickiest Products

iMessage

I am going to use Zello. Zello is a walkie talkie app designed for business and community. It supports voice, text, and media messaging. Its messages are end to end encrypted. It’s free for personal use and has no ads. Zello makes their money with commercial and enterprise clients. They do not sell user data.

If Zello is too cumbersome just about everyone I talk to daily has WhatsApp, and while I distrust Facebook, I trust them about as much as Apple. WhatsApp’s encryption scheme is fairly secure and well researched.

Maps

I’m going to use OSMand Maps. It’s a free or paid mapping tool built with Open Streetmaps Data. It’s in some ways even better than Apple’s maps. There are other mapping apps that are less private but that don’t belong to Big Tech. One such mapping tool is Here, which is owned by a conglomerate of Swedish automakers. Worst Case, with Google Play Services installed I can run regular Google Maps in a more secure way.

iCloud – Passwords, Files, Private Relay, Mail

Passwords: I use passwords for Apple but I also use Bitwarden, which is open source and self hosted on a private server I rent in the cloud. Bitwarden encrypts my passwords at rest and requires two factor authentication to access. iCloud is a big target, and one that’s had issues before. My password data is hidden someplace where nobody is looking for it, but even if someone wanted to spend the time trying to crack it, it would be pretty difficult. Self hosting bitwarden is a major improvement over iCloud password managenent but that’s not to say Apple’s scheme is not acceptable, it just means that I’m not giving anything up by switching to Bitwarden.

Files: I do use Files, but not for anything critical. I can just use Mega.io where they give 20gb for free anyway and it has better encryption and a snappier interface. Apple’s iCloud for files is trash, it’s extremely slow and always gives me problems. This is another huge improvement. I have a server where I keep music, and movies and even photos, so I don’t need files for storing much.

Private Relay: This is some of Apple’s tracking protection. Private relay isn’t a VPN, but it routes traffic through just two different networks to obfuscate browsing history and location. Apple claims no one. Not even apple can de-anonymize the traffic. I use a VPN, which is different than Private Relay, but still masks my identity online by encrypting all of my traffic and forwarding it through another server. This makes it look like all of my data is coming from a server farm in a nearby city, rather than from my physical home. VPNs are not as good in some respects as Tor or Private Relay, but it is a good base level protection. For Apple, Private Relay works primarily in the Browser and it’s not possible to know what apps or background services it’s working to hide my identity from. Apple provides some metrics in their privacy report but it’s not useful information, since it just shows me which connections were blocked but not the app that tried to make them or which ones were able to go through.

Apple also really inhibits the use of Tor which hides traffic in the same way as Private Relay but it does a much better job. Tor is a networking protocol that routes traffic anonymously through random computers all around the world. Remember, Apple’s Private Relay only uses two hops, one is Apple’s network, the next network is Apple’s partners, probably one of the following: Akamai, Cloudflare, and Fastly. Tor and Private relay both ensure that websites can’t determine where a connection came from or where it goes after, but with Tor, the connections are much more random and obfuscated.

On iOS there is a tor browser but it’s not possible to turn Tor on as designed, which is to pass all network traffic through Tor. So, on iOS I can browse the internet on Tor, but all of the apps I use in the background are capturing my ip address and building user profiles based on the data that leaks from iOS.

Tor can be slow, and Private relay is basically unnoticeable but Tor on android has been snappy as it seems that network bandwidth across the board has gotten pretty quick.

For my VPN provider, I use Mullvad. Mullvad charges $5 a month, they operate out of Sweden. They maintain zero logs, and that is provable in court documents and police raids. In fact, Mullvad is the only VPN provider that I know of that does not require an email address to use the service, instead users login with an account #. You can pay for Mullvad with bitcoin, or buy a giftcard on Amazon, which makes linking an account number back to a person nearly impossible. I buy $15 or $20 worth of bitcoin and send it through to Mullvad using Munn Wallet which is a custodial wallet that requires no personal information to use. Typically I transfer the bitcoin through two Munn Wallet addresses one being a lightning transaction to further obfuscate the payment to Mullvad.

Mail: I have my email hosted with Apple after my private email server’s back end provider scrapped the service. Apple has probably the best email system available, and has great tracking protection, but I do not use email for anything but registering for websites, I’ll continue checking my email on my iPhone.

Safari Browser

Safari is probably one of the best browsers ever made and it’s fingerprint and tracking protection are actually really good. Graphene has a browser based on Chromium (Google’s browser engine), it’s called Vanadium. It too has pretty good fingerprint protection and both systems hide advertising IDs from apps and websites making cross app and site tracking difficult. Since I do have a VPN that can run constantly, I can block common tracking tools built in to many apps using my VPN’s integrated DNS.

On iOS apple’s schemes work well on paper but any time you try to use a different method for achieving better protection than Apple provides you are unable to without breaking something important. Apple forces users to use their systems for everything and these systems are closed source, that makes them a black box in which users have no idea what is actually happening inside of the software, and forces users to blindly trust that Apple hasn’t been abusing all of the data they have. Since Android is open source, its code is being examined by thousands of people online who are looking for bugs and making changes to how the software works.

That being said, I think it’s only disputed by Apple that they are involved in warrantless mass surveillance programs on behalf of our government and other governments, but they do a pretty good job of protecting data from their own competitors like Google and Facebook.

How GrapheneOS Keeps Data More Secure

With Apple or stock Android, both companies keep a lot of data about users, from credit card info to location data. With Graphene, I don’t need a google account to use the operating system. Most apps can be downloaded anonymously from the Aurora Store, a front end for the Google Play Store, and some apps that do require a google account to access are few and far between. When I use Graphene OS, google is not able to access my browsing history, location, sensor data, photos, etc.

The google account I use on my Android devices is not anonymous but it has all of the tracking and privacy protection options google provides turned on. This means that should someone get into it, there are no emails or user accounts tied to it, no location, search, or watch history, and no files stored in that cloud. I could just as easily spin up another google address and move on with my life.

In conclusion, android and iOS offer very similar user experiences. To get off the teat of big tech is no longer such a huge compromise. Open source software like GrapheneOS creates the best of both worlds by allowing wide access to a world of apps and enhanced protection against big data and mass government surveillance.

At the end of the day, you and I aren’t reporters, revolutionaries, or super spies. We’re just regular folk, so why care about privacy? It is true that merely being aware of surveillance alters people’s behavior. We will self censor in order to avoid invoking the government’s ire, or public scorn. This in effect creates a chilling effect on free speech. It is problematic, but the real problem is that big tech has created algorithms that watch each of us constantly and take us by the hand down one path or another by artificially creating an illusion of reality where everything is related to our own interests. These algorithms slowly change our minds about how the world works, and creates the potential to become completely radicalized. For example, people who are concerned about global warming may become inundated with doomsday messages about global warming that makes it appear to be a much more imminent threat than it really is. This can have real effects on people’s lives and we do see as a society that there are unprecedented numbers of mentally ill people operating in society or online. I believe that algorithms create mental illness by putting people into an artificial metaverse online that deviates enough from reality to make that person appear mentally ill to anyone not inside the same filter bubble.

A good example of this would be to look up Spoonies, people who despite all medical evidence suggesting they are in normal health, believe they are dying, are too ill to function, have mystery illnesses etc. While they may genuinely feel unwell they often cannot be diagnosed in many cases with any disease or may instead be over diagnosed or will self diagnose with every illness in the book, and that is just one such subculture we find online. There are many such cults. If we wish to avoid being sucked into a cult, we do well to avoid algorithms completely. This is why I choose not to use social media or mainstream news sites or search engines, and why I take great care to limit tracking of my physical movement and web browsing history, and I’d encourage you to do the same.

Tags

Pancake Club