I hate google but what's the alternative?

Graphene or calle?

*Calyx*

Or did you mean what phone from the outset?

Hardware support for a hardened custom OS has reduced to just a few phone brands and types these days. Check the supported devices list on the official site/github to avoid bricking your phone. Even though a bricked phone is very private, it sucks ass if you then discover you did not make a backup and have nothing to restore your phone back to a working one. Don't attempt to flash a hardened OS if not on the supported devices list. Rather start fresh with a new phone that is on the supported devices list, flash the new OS, and build from there. Backup before you do anything and then after you did a thing ;)

this is a great write up and I love @GrapheneOS I would love your take on mobile privacy from the actual network provider. from what I understand, there are two major attack surfaces here. 1: your IP address and all your traffic metadata, which can be 'easily' solved by running a good VPN. 2: your SIM is constantly pinging cell phone towers and building a constant historical record of your whereabouts with quite good accuracy that your SIM provider has. this is tied to the SIM card phone number (or other SIM related identifiers). while one can purchase a SIM non-kyc, linking a phone number to a person is usually trivial to a large actor given most people's contacts upload your phone number and name into various databases (either apps like whatsapp or into contact backup/sync solutions) Fighting number 2 is what I'm most concerned about and it seems to be harder to do on graphene than on iOS. Largely because a high quality, cost effective, reliable VoIP app (which solves problem number 2) is hard to get to work on graphene. Do you have any thoughts or solutions about this concern? Perhaps the concern itself is just overblown and I shouldn't worry about that?

I have no idea what your threat model is. You would have to decide what amount of friction you are willing to live with. The most effective fix is to not own a phone in the first place. This is a bit extreme if you are just trying to avoid surveillance capalism but absolutely necessary if a state actor is after you. You are right that there are more and easier apps for iOS than graphene but NOT for the right reasons. If you are looking for a magical app or device to accomplish this it is just not possible. Even if you cloak your traffic with a perfect VPN chain, your radio modem still screams your location to the nearest towers every few seconds. That signal is tied to your IMSI (SIM identity), and your IMEI (device ID) gets swept up too unless you've spoofed or blocked it somehow (which most phones won’t let you do without deeper firmware-level games). If you are a activist and doing activist things or going to meetings then do not take your phone with you. Only communicate with burners on secure channels. Most people don't need to worry about this but if you have a elevated threat model then Compartmentalize. Have a personal phone at home that's wifi only and a burner that stays in a faraday bag. I have a old article on how to use a burner phone posted on nostr. I will dig it up and put it on the blog.

Thoughts on a separate android profile used for google things? Banking apps and government ID apps wont work without google services. As much as I hate that they are necessary, they just are - for most if us mortals at least.

100% this is a good tool for those who just want to create some distance between their data points and the collection machine, which is most people. Have several: banking and bill pay, crypto, research, personal communications, etc. Compartmentalization is just good cyber hygiene.

Agree. I've been unsure whether the isolated android profile with google services and logged into google "destroyed" the privacy for the other android profiles. Sounds like u think this is fine? I guess one could avoid logging into google and using Aurora but with google services installed might work thus avoiding the log in? I have an aurora profile for google apps that work without google services and a full on google profile where I just gave up. Obviously all this is on a graphene pixel phone.

What are your thoughts on using fingerprint reader and facial recognition on a graphene pixel?

They tracking your location at every second even if it is closed

Hero shit. Thank you.

My banking app works fine on graphene

On graphene the profiles are completely sand boxed. You can have your normie profile with Gmail, banking app, and LinkedIn, then have your dissident profile

I saw that you mentioned DivestOS towards the start of your article. Is someone still maintaining that project?

It’s stupid none of these can be used on my shitty droid…

Then leave it at home. Take a burner instead

It is my burner…

I still haven't found a solution for a tablet. I think I'm going to buy a cheap galaxy tab & drop LineageOS on it.

With google services I assume?

With an unlimited budget is there even a solution? A tor on mesh network layer before connecting to cellular networks? Fully modular an interchangeable phone hardware? Or maybe some new form of internet altogether?

I don't use anything google