Ever wanted to degoogle and not have it be too much of a pain in the behind? Ever wonder what your loosing by spending too much time on social media? Digital health is important. I think one of the partial solutions to digital health is to degoogle.
Let’s examine this but first a link to the rest of community posts on it
Im sure there is more. so without further ado my mobile device is a Google Pixel 3XL. I would say to degoogle you have a ton more choice than you used to. You have OnePlus (great choice for flagships), pinephone (search the forum for content), nexus (older devices but solid ask @Adubs about his nexus 6P), and of course the Pixel line up. The best pixel phone for this operation are the Pixel 3 XL and the Pixel 3a XL.
I plan on keeping the 3 XL until 5G is mainstream and they are getting ready to beta test 6G. The way I have done this is I have gotten an armor case and a 5 pack of oleophobic thick tempered glass screen protectors and a camera lens protector. I purchased a wireless charger and wireless IEMs so to minimize the use of my phones port. This phone will remain pristine so long as I have it. (Before the stop being poor comments come. Its not because I cant afford its because I have no need for more.) Untill I can no longer access 4G speeds (which suffice) or can no longer update and exploit mitigate android, there is no need for excess. Its a gorgeous phone with a beautiful camera. It has excellent specs and its the 128 GB version. I will never use that much storage ever.
So whats it like to use the botnet (Google). I loved it. I have zero shame admitting the convenience of those features however I have realized their impracticality and I dont really want them spying on me for security and privacy reasons. I want people to know what I tell them and not much more. This isnt to avoid cell tower based tracking as one can never avoid cell location and GPS. These services always no where you are but at least this can turn off any capability of turning on the device remotely etc mainly due to the ROM used.
De-Google Step 1: Identify a ROM.
The objective is clear either find a hardened ROM or find a AOSP ROM easy to use a base. This gave me two options. Lineage OS or https://grapheneos.org/ to which I have built lineage from source but graphene allowed me an interesting path to take my phone. A non SU enabled ROM from a security standpoint is better and this used and leveraged the Titan M chip to verify the boot process. So graphene it was.
De-Google Step 2: BUILD IT FROM SOURCE! woot!
So nobody ever accused me of being a sane individual. Lets build this security focused for my phone. You cant build this for other devices easily because of a few reasons. Not to completely rip off the author but this ROM needs devices need to be meet the standards of the project in order to be considered as potential targets. The developer himself has made this a stricter set of characteristics to which suprisingly google held them selves up to in the PIXEL line and NOT THE NEXUS line. In addition to support for installing other operating systems, standard hardware-based security features like the hardware-backed keystores, verified boot, attestation and various hardware-based exploit mitigations need to be available. This is actually what the Titan M chipset is for and google is offering a bounty to who can hack it: https://www.wired.com/story/google-titan-m-security-chip-pixel-3/
The devices also need to have decent integration of IOMMUs for isolating components such as the GPU, radios, media decode / encode, image processor, etc. as if the hardware / firmware support is missing or broken, there’s not much that the OS can do to provide an alternative. The Pixel 3XL is built to this rather crazy standard. You can utterly isolate any part of the board if you want to. This is what made the Pixel 3XL my choice of phone. Its one of the more secure phones out there and few people realize this on a hardware level. As we should all know hardware, firmware and software specific to devices like drivers play a huge role in the overall security of a device. The goal of the project is not to slightly improve some aspects of insecure devices and supporting a broad set of devices would be directly counter to the values of the project. A lot of the low-level work also ends up being fairly tied to the hardware. So lets build this software shall we
I am build for : aosp_crosshatch aka the Pixel 3 XL. (I love its nickname, crosshatch, someone was a car nut). This will take a lot of bandwidth and space. Few people realize what it takes to compile a ROM. Have at least 16 GB of RAM and 75+ GB of space just to be safe.
The author gives instructions just find the latest version and compile.
IF youve ran arch linux you can SO build android for your device. Its a very enlightening experience. Then go OTA from there.
De-Google Step 2 (LOL): Acquiring and installing the ROM
So your likely already downloading your ROM. Flash it using TWRP and what you need to. My guide here applies only to the Pixels.
Enable OEM unlocking in device developer settings and reboot to fastboot from the advanced menu.
Then when in fastboot mode unlock the bootloader by
fastboot flashing unlock
unzip crosshatch-factory-*.zip cd crosshatch-pq3a.190605.003 SUDO ./flash-all.sh
You must be in sudo to flash it. In my case I had built it and not zipped it so I had everything I needed to flash it already unzipped.
Make sure to LOCK the bootloader if you dont plan to root. I dont plan to root because of im security and privacy focused. Its why I use secure boot in the UEFI and sign my kernels
fastboot flashing lock
Then disable OEM unlocking and your back to a very secure environment and the TITAN M is preventing exploitation. If your bootloader is unlocked you lose ALL the security of this device.
Want more info on graphenes security see here: https://grapheneos.org/usage which talks about a part I especially like. Exec spawning and hardened malloc:
`You may notice that cold start app spawning time takes a bit longer (i.e. in the ballpark of 100ms) than stock Android, along with higher app memory usage. This is due to security centric exec spawning model used by GrapheneOS to provide each application with a unique address space layout, random hardened_malloc heap layout and unique keys / seeds for other probabilistic exploit mitigations like stack canaries, setjmp protection and future features like randomized memory tags. Exec spawning doesn't cause a performance cost after launching an app, and similarly doesn't cause any extra latency for app spawning if the app was already running / cached in the background. It isn't very noticeable on flagship devices with a high end CPU like a Pixel 3, and is a lot more noticeable on a lower end device like a Pixel 3a.
Alright now that I am on a firmly degoogled ROM. Lets acquire F-Droid our open source store and also a means of aquiring open source play store apps that doing have an Fdroid repo yet. Yes they exist and no they dont use GoPlServ
I needed a banking app which functions fine. I dont mind my bank intruding on my privacy. They already do it in so many other ways.
I need maps and a way to navigate so I grabbed OSMAnd~ which is an amazing offline and online maps navigation. You can do what most of google does save some updated address youll have to grab from duckduckgo.
This leads me to search. Duck Duck go is what I prefer. Its really just google but it does protect us more.
For cloud. Host Next Cloud 17. Its an amazing piece of software. See wendel’s video on it . The swiss army knife of having your calendar, contacts, etc all syncd to it. I use DAV with it. I also have the server E2E encrypted which is a solid benefit for cloud security.
I also use a few more apps. I still use spotify which is a little broke but still works for content discovery. I love the platform but hate how much it knows my music. I am in the process of migrating to this alongside my nextcloud
I needed a replacement for last pass. I really searched hard and found bitwarden. Its awesome. Your data is sealed with end-to-end AES-256 bit encryption, salted hashing, and PBKDF2 SHA-256. For me I love that they are open about their security like this instead of claiming little to no breaches like leakypass LOL.
What does my android setup look like? As black as possible without being too ugly. It really does help AMOLED conserve energy.
The project comes with Vanadium which is more secure than bromite if you need something based on chromium. Personally I like firefox better. Here are my plugins to keep it from being too broke on mobile.
You can use the advanced permissions of any good ROM to act like a firewall to forgo root for AFWall+. This rom allows you to deny access to connectivity for any ROM so its similar to a firewall built in. It also prevents the apps from accessing location in the background.
For email I use FairMail. I like this app because I can integrate GPG with Open Keychain easier. See you can still use google private. Just send GPG messages. Google cant read those.
Frost- As you saw in the picture is used for facebook however im considering decentralized social media if anybody is down to share.
BTW I never lost the Pixel Visual Core camera’s awesome image processing. Open Camera can use it
What to do if locked into other platforms
- evaluate why you use them and if you get the benefits suggested?
- Evaluate exit routes. Get out of using it. Migrate what you need and move away
- Find a way to use it without google?
- Dont switch now, wait until you have something that suits your lifestyle.
Journey In progress
At the end of the day its a journey of self and tech discovery. Evaluate your digital health. Should you be stuck to social media or should you read and strive to learn more and self better. This was my reasoning for going this route. My principles say tech shouldnt be this invasive. It should be a tool. To each their own on what that means.
Will update as I continue to use and discover new things. Thanks for stopping by and seeing what I do.