TIL of RestlessOS, fork of GrapheneOS - GrapheneOS Discussion Forum
discuss.grapheneos.org
GrapheneOS discussion forum

I Installed a Graphene-Based OS on Non-Pixel Phones… Here’s the Catch

https://www.youtube.com/watch?v=-RjGjqBAAgQ

"I was watching youtube(Invidious) and notied RestlessOS . Have you heard of this and are there people actually tried this on non-pixel phone?

“RestlessOS is an unofficial, unaffiliated fork of GrapheneOS packaged as a Generic System Image (GSI) for Project Treble devices. It is not endorsed by, sponsored by, or in any way connected to the GrapheneOS project or its developers.”

https://github.com/cawilliamson/treble_restlessos

I’m very hesitant to give money to Google pixel so I’m going to experiment on this one."

  • whatiswrongwithyou@lemmy.ml
    16·
    3 days ago

    There’s a really good chance that a person running this would incorrectly assume they have some level of security and safety approaching graphene.

    It uses vendor kernels and relies on the user to monitor update channels and perform patches.

    If you need security and will not buy a pixel, you are most likely best served by switching to ios.

    That’s not because I feel that a person who will not buy a pixel is somehow less-than or stupid, but because ios is very secure when hardened and kept up to date.

    • furry toaster@lemmy.blahaj.zoneEnglish
      2·
      3 days ago

      I don’t see how using a fully proprietary OS is more swcuee than using a hardened derivitive of a FOSS OS even when stuck with using a vendored kernel

      I would not ever trust iOS with any of my data or to be reliable

      • whatiswrongwithyou@lemmy.ml
        2·
        3 days ago

        I am basing my statement on leaks from companies that sell phone hacking equipment to law enforcement, military, intelligence and government contractors.

        It’s worth looking into those leaks because they give you insight into what can and cannot be trusted without placing the burden of understanding how on your shoulders.

        Avoiding the necessity of deep understanding of hardware and software security details is important because the simpler and more straightforward security is, the more likely to achieve consistent process compliance you are.

        If you would like to understand, there’s a ton of resources out there. One recommendation to preserve mental health: never go down the arm derivative design process rabbit hole.

        I believe that the mit license is trash and only gpl and other viral licenses are worthwhile, but in case of safety or security the type of software or license isn’t the most important thing.