@GrapheneOS

AOSP has not made any part of the cross-platform OS closed source. The only changes to what’s published was specifically for Pixels.

Thanks for clarifying - this detail wasn’t actually reported by most of the tech outlets.

Yes, I know that AOSP is still open.

But I expressed my concern that this will keep being the case.

We’re basically relying on the good faith of Google in releasing for free to everyone, and not only to commercial partners, the source code that they mostly develop in house - which I wouldn’t take so much for granted.

Devices disallowing installing another OS impacts any OS, not specifically ones based on the Android Open Source Project.

I’m very well aware of that.

That’s why in other posts we argued that true peace of mind can only come once we also have friendly hardware producers onboard who won’t lock up their bootloaders without notice.

Any other OS is still impacted by a dwindling number of devices supporting unlocking and many of those that do crippling functionality if you unlock. They’re even more impacted by a lack of compatibility and governments only supporting using Android/iOS. How do you think it addresses any of this?

As me and others on this thread already proposed, by working with hardware manufacturers who are not jerks.

Just like Graphene must rely on Google’s goodwill in keeping the AOSP open, it must also rely on its goodwill not to lock up the Pixel bootloaders in the next iterations. This is a liability.

Partnering together with e.g. Fairphone, Purism or Jolla for example could help. Sure, they aren’t perfect, but your deep knowledge of the Android ecosystem and the best hardening practices could provide invaluable insights on how to build 100% (hardware and software) FOSS devices whose bootloaders won’t be suddenly permanently locked tomorrow.

If instead most of your online activities focus on showing how much better your solution is compared to what everyone else provides, and how each other single hardware and OS manufacturer sucks, then these strategic partnerships are harder to forge.

Your first listed recommendation, SailfishOS, is a largely closed source operating. It doesn’t have an equivalent to the Android Open Source Project. You’re promoting moving from a high quality open source OS with strong privacy and security with lots of apps to a largely closed source OS with none of that.

To be clear, I’m a Graphene user myself, and I largely prefer it over most of the alternatives out there.

But we should also acknowledge that there are multiple dimensions to take into account when considering Google Android alternatives.

Some folks don’t want the full spyware package, but they are ok to accept the microG trade-offs if they come with the comfort of using some apps that rely on the Play Services. /e/, Iode or LineageOS could then be viable options.

Other folks don’t want to have anything to do with anything touched by Google, and want to have a stack as similar as possible to their Linux desktop. And maybe also easy root access. For those folks UBPorts, PMOS or Sailfish can be ok, even if of course it means less security.

Other folks want everything in their device to be FOSS. And for those, at the current state, an AOSP-based solution that doesn’t close up anything it builds on top of it is a better option than Sailfish (but hey you’ve also got PMOS that is actually open).

Of course if you want something that is simultaneously 100% FOSS, de-Googled, secure and always up-to-date with the latest patches you go for Graphene. But there’s a whole spectrum of alternatives that it shouldn’t be ignored just because it accepts one trade-off or another.

We discourage people from replacing a bunch of the core OS with a rootkit but do nothing which prevents doing it or makes it harder.

Sorry, I used “make it harder” instead of “discouraging”. But the message is similar. Stuff like LineageOS actively provides guides on how to flash rootkit. GrapheneOS discourages it and offers no support to users who do it. People usually choose one or the other according to their needs. If I want a device where I can run my Termux scripts as root I probably would opt for Lineage, not Graphene, even if it’s technically possible on Graphene. And, of course, I take full responsibility of running custom scripts as root on my device. No need for anyone to remind me that it’s very insecure if it’s a trade-off I may accept (and no need to criticize those who accept those trade-offs).

All in all, I love and I fully support what you’re building. But your aggressive interactions alienate people - and I don’t think I’m the only one here.

Most of your posts fall along the lines of “look how much better/open/secure/purist what we build is compared to X, Y and Z - and whatever everyone else builds is awful”. And of course I acknowledge that your points are 100% valid most of the times, but they ignore that different people who choose de-Googled products may have different reasons and may accept different trade-offs, and they also ignore some of your own liabilities (like your reliance on Google’s goodwill both for AOSP and Pixels). This isn’t the kind of constructive behaviour that empowers communities.