“We, the CDU/CSU parliamentary group in the Bundestag, are opposed to the unwarranted monitoring of chats. That would be like opening all letters as a precautionary measure to see if there is anything illegal in them. That is not acceptable, and we will not allow it.”
The EU is not a single person. There are some people among the EU elites who fight for an open Internet, and some who want to control the Internet. They are not the same people.
So actually one of the thing that attracted me to the RV2 is the PCI Express slots. I was able to add a SATA controller and an NVMe drive to the same unit.
LineageOS is just fine if you have a well-supported device. If you need to run proprietary apps, you'll need MicroG (which runs just fine as a user application) and the Aurora store.
Unfortunately, now that CalyxOS has died, the other choices are all forks of LineageOS (Iodé, /e/). The long-term hope is for a non-Google Linux system with all of Android running in a sandbox (something like Waydroid), but that's not ready for everyday use yet.
LineageOS, iodé and /e/ are in a much different space than GrapheneOS. They greatly reduce the privacy and security of the Android Open Source Project rather than greatly improving it. They do not provide current privacy/security patches or keep all of the standard protections intact, let alone providing similar privacy and security enhancements to GrapheneOS.
CalyxOS was not a hardened OS either, it just didn't roll back privacy and security quite as much as LineageOS.
> The long-term hope is for a non-Google Linux system with all of Android running in a sandbox (something like Waydroid), but that's not ready for everyday use yet.
GrapheneOS is a non-Google Linux distribution. Google heavily contributes to the Linux kernel and is responsible for a massive portion of the security work upstream. The same goes for LLVM, GCC and many other projects. If you have an issue with using lots Google code including as the biggest driver of security in these projects, you're going to need to avoid Linux too.
Waydroid uses an ancient Android releases and largely disables the privacy and security model. Android apps running in Waydroid are much less sandboxed than in the standard Android app sandbox. It's not a sandbox for running Android but rather a partially working way to run an insecure fork of Android on top of a less private and secure non-Android distribution at a huge cost to privacy and security. It's not a good approach and moving to a much less private and secure OS is not progress in those areas.
They do not provide current privacy and security patches. They don't do the bare minimum to protect user privacy and security.
> That's going to depend on your threat model. Many people don't feel that having an unlocked bootloader is a significant threat.
Not supporting verified boot is a small part of how they reduce privacy and security. Lagging many months and even years behind on basic patches for vulnerabilities is a far bigger problem.
Information from the founder of the Divested projects:
Article from Mike Kuketz about /e/ including covering user tracking in their update client, still using Google services with privileged integration into the OS and major delays for important privacy/security patches:
Apple and Google both provide support for offline speech-to-text using local models. Apple uses it by default Users can configure it to be fully offline. /e/ sends the user's audio to OpenAI which is hidden away in their terms of service:
> Even you seem to agree that we're relying too much on Google's goodwill.
That's not what the post says at all, and it's not clear how it relates to talking about other AOSP-based operating systems.
GrapheneOS is on the 2025-10-01 patch level and has access to the Android Security Bulletins for October, November and December with the option to ship the patches early via special release channels where sources are published once the embargo ends. We'll also have early access to the quarterly and yearly releases soon, with the option to release previews of those too once that process starts. We didn't have early access to quarterly and yearly releases in time for the Android 16 QPR1 port but should have it for Android 16 QPR2. We're going to be significantly less impacted by AOSP delays than others. We can still complain about a delay in something which was supposed to be pushed on September 3rd not being done yet. It wasn't the topic here.
If you are fine running an OS with horrible security and privacy, then LineageOS and it's forks are fine. If you want the best privacy and security, then GrapheneOS is the best option.
> If you get a new phone, you cant just pop your physical sim in. You need to go through your provider to transfer
Which, at least with my provider, you cannot do while roaming. So if I break my phone while travelling, I cannot access my online banking until I get back home.
> If you're in a 5-person peer-to-peer webrtc video call where you receive 4 streams of video, you also need to send 4 streams of video. This is scalable in a sense; the uplink and downlink requirements are equal.
The issue is not with the throughput: a typical videoconference requires 700kbit/s per stream, so even 12Mbit/s upstream should be enough for 20 streams or so. The issue is with having to encode the video separately for every receiver.
WebRTC adapts to the available throughput by encoding the video separately for every receiver, with different parameters. If you're in a five-person peer-to-peer conference, you decode four videos simultaneously, which is fine, but you're also encoding your video four times, which is not.
An SFU works around the issue by not reencoding the video: the SFU merely decrypts the video and reencrypts it with the public key of every receiver. Since AES is implemented in hardware, the reencryption comes essentially for free.
(Of course, that implies that the SFU needs to use other techniques for bandwidth adaptation, such as simulcast or scalable video coding (SVC). See slides 10-12 of https://galene.org/galene-20250610.pdf if you're interested.)
Is WebRTC being blocked by China? I'm wondering whether it'd be worthwile to implement an VPN that uses WebRTC as a transport. With cover traffic, it could likely be made to look just like a video call.
WebRTC is not blocked. I do see some protocols trying to masquerade as WebRTC, but for some reason it is not popular.
A primitive way to bypass the censor is just to connect to your VPS with RDP or Chrome Remote Desktop (which is WebRTC underlying) and then browse the Internet there. But it needs a very powerful server and is quite slow.
Due to the specific ISP environment in China (massive NAT abuse, very limited public IP access, ISP actively dropping anything that does not look like HTTPS to ensure QoS), any P2P based protocol in China is generally unusuable. They are not blocked per se, but they are mostly non-existent.
Yes, I know BitTorrent network in China is huge thanks to the weak DMCA law enforcement towards individuals, but having no practical legal consideration does not mean it's enjoyable to use.
It's super convenient storing your payment card in your phone securely though and not having to carry around another card which can be stolen or lost at any time, it's nice simply taking your phone out and holding it to a reader than taking out an entire card, yet again another useful device functionality purposefully neutered under the guise of security.
one of my banks requires an app on my phone or desktop. the android app does not work on /e/OS, it needs an original google android system. the desktop app runs only on original windows (tested wine, it doesn't work) for any payment i make. only withdrawing cash from an ATM doesn't need 2FA.
Yes, I mean explaining to your bank advisor that you cannot run their app, and asking whether they can recommend any solutions other than switching banks. They must have a number of elderly customers, and they most certainly have something to propose to them.
It worked for me, in a European country with very high smartphone usage (you can pay on the bus by scanning a QR code). Twice.
Reported by Patrick Breyer, <https://www.patrick-breyer.de/en/citizen-protest-halts-chat-...>