The Pixel Tablet with GrapheneOS is the gold standard, but there’s even more than just the tablets with LineageOS support if you are adventurous.
I was gifted a Samsung Tab A7 Lite, which is without LineageOS support. However, I’ve been able to flash TrebleDroid Generic System Images (GSI), which are vanilla AOSP images modified to support as many devices as possible. They come with no Google apps or services.
Nearly everything works as expected, performance is much better, and battery life is unchanged. I can even run Android 15 smoothly when Samsung will end support for my tablet with Android 14. If anyone wants a writeup to the best of my memory, feel free to reply.
When maximizing uptime, Debian is the no-fuss way to go.
If you are flashing GrapheneOS, it is a very simple and safe procedure. I’ve even interrupted the flashing when my laptop went to sleep, got the system corrupt warning, and just flashed again without a hitch. All that’s needed now is a browser with WebUSB support and USB cable.
Organic Maps. Living in a somewhat walkable area, it gives me good walking directions. I might be a bit out of touch though since I just commit routes to memory if I’m driving.
For the occasional satellite map, Google Maps unfortunately. If anyone knows of a privacy-respecting map with satellite views, I’d be interested.
In my personal life and in communicating with family, there are few compromises. Most of my compromises come from work.
Phone: Pixel with GrapheneOS and FOSS apps only as my primary. Old Pixel 4a with GrapheneOS as my secondary, with the main profile as testing grounds for various apps and a second profile holding work apps. Whatsapp seems to be the lowest common denominator for practical communication with colleagues.
My workplace is BYOD, with MDM only for software licensing. Alongside my customary X230, I carry my lightweight, secondhand X1 Nano, where I have Windows, software licensed alongside said MDM, and Firefox logged into my work Google account.
Key aspect for me is having work and personal life on separate devices. Not completely airtight, but as good as I can get it without making work any harder than it needs to be.
Banking: Fortunately everything my bank has to offer can be done through a browser. My plan if a mobile app with play integrity ever becomes necessary is to buy a regular Android with a removable battery just to host that app.
Transport: If I’m on a business trip without access to my car (no spyware, it’s from the 90s) and there is no public transport, I’ll get a friend or colleague to call an Uber for me. I haven’t gone out drinking at night since college and I’m not inclined to do so in the future.
Maps: Usually Organic Maps suffices, I generally commit routes to memory before going out. For the occasional satellite map, Google Maps in a browser. I have gotten my family to use Magic Earth though.
Fitness: no actual stats, just a handwritten entry in my daily journal as to whether I followed through with my exercise routine.
Well said. LUKS implements AES-256, which is also entrusted by the U.S. government and various other governments to protect data from state and non-state adversaries.
Possibly overestimating the value of the data entrusted to me, but whenever I see that xkcd, I like to think that I at least have the option to remain silent and die with dignity if I really don’t want the contents of my disk out there.
I wish I found a guide like that back when I first made the move to FDE. Regardless, I was adamantly against reinstalling and painstakingly replicating my customizations, so I came up with a hacky way of tacking on FDE.
It went something along the lines of:
It’s been quite a journey:
How to avoid:
Work and networking (people) makes fully ditching Google, Whatsapp, etc. a practical impossibility for me. So I have a laptop, tablet, and phone dedicated to those purposes and nothing else. I check them on a schedule that my colleagues are aware of, at locations I consider safe. Otherwise they are stowed away, out of sight, and out of mind.
The text editor shortcut on my taskbar runs a sort of autosave script in ~/.drafts. I wanted my text editor to function more like the one on my phone so I can just jot down random thoughts without going through the whole ritual of naming and saving. It creates YYYYMMDD_text in ~/.drafts (or YYYYMMDD_text_1 etc. if it already exists) and launches Pluma, which I also have configured to autosave every 10 minutes.
The other thing extends beyond Linux itself a bit. I like to joke that I have the most secure NT 4 / Windows 95 lookalike ever put together. Aside from the encrypted and hardened Debian base (/boot is also encrypted), I was in part inspired by Apple’s parts pairing (yikes!). So my coreboot is configured to only accept my boot disk. If it’s swapped out or missing, or if I want to boot something else, it will ask for a password. In the unlikely event my machine gets stolen, the thief must at a minimum reflash the BIOS or replace the motherboard to make it useful again. Idk, it amuses me every time I think about it.
As someone who deals with Windows software and mobile apps of dubious provenance at a BYOD workplace:
If a phone or tablet (preferably with GrapheneOS) will suffice, go for it:
If the offender is your partner, practice good digital hygiene, never let them touch your devices, and good luck.
It’s nice getting a glimpse as to what fraction of Linux users are using disk encryption. Full disk encryption is becoming the default on mainstream OSes, but not in most of the Linux installers I’ve encountered. Always made me curious just how many people went out of their way to encrypt their Linux install.
I personally encrypt everything except for VMs already in an encrypted device or USB drives that need to work with non-Linux machines. It’d be interesting to hear what other people’s reasons to encrypt their disks or not are.
Biolinum O for desktop
Liberation Mono for terminal
I’ve used this Windows 10 live image to run the occasional windows-only diagnostic tools and firmware updates: https://github.com/VulpesSARL/MiniNT5-Tools
It doesn’t choke loading GUI programs like the install disc command prompt and doesn’t have any weird blobs except for windows itself.
The level of detail and control in the Properties dialog from the file explorer in Windows. Also its ability to easily search by metadata like the bitrate of media files.
When a colleague or new friend asks me to exchange contacts, I offer them the option to be part of my “main phone club” by getting Signal, Wire, or Element/Matrix.
I have a separate phone to handle SMS and Whatsapp. That covers 99% of cases, if they want something esoteric like Instagram/Snapchat/iMessage, then that’s too bad. I’ll turn off Airplane mode and check this secondary phone when I’m seated and comfortable like during my lunch break or when I get home. If, say, Johnny is running an event and needs me to text back whenever from 10 to 12, then I’ll generally leave my phone on for that time period. If there’s something sensitive but not particularly urgent, I’ll save it for the next time we meet in person.
If someone wants to message me at any random time of the day without prior notice and have a quick response back, they’ll have to join my main phone club.
Old hardware indeed, but 768 pixels ought to be enough for any window
A few years ago, when I cared little about my privacy, I would fancy buying a new car. Thanks to privacy concerns, I became proud to have my old car, which also happens to be highly repairable.
Agreed, but company does not provide us devices. Everything I’ve said applies to my second phone running GrapheneOS, which I am using as my work phone. I’m trying to avoid setting up and running Play Services just for nice-to-have notifications when none of my other apps require it.