Inkjet printers are good for furry artists who sell prints at conventions. Hmm… that’s actually so specific that it reinforces your point.

Everyone already had the choice to use this before. You can visit any site with a search box, and add that site as a search engine to Firefox.

This is forcing it down people’s throats.

How do I prevent new antifeatures from being added? How do I even know about the new antifeatures as they are added? Does Mozilla publish an RSS feed of each antifeature like this that they add, that gives a quick explanation of how to undo it?

Removed by mod

Qualcomm won’t send you a datasheet unless you can promise an order of 100,000. Arduino has always been open specification, and this is totally incompatible with Qualcomm.

I would never subscribe to Crunchyroll, because they use DRM.

Usually it’s this, but sometimes the Recaptcha doesn’t even load (looks like an IP ban). I just submit the form, and then get an error message saying I must complete a Recaptcha, but there’s no evidence in the page of any Recaptcha to fill out.

I’m on a residential ISP. I’ve checked every IP address reputation system I can find, and see no problems (except from “Clean Talk”, but they’re so small that I doubt Google uses them).

Also, I hate knowing that I’m doing unpaid labor to help train an AI that will make the world a worse place.

I can’t make an account, because I can’t complete a Recaptcha. Google Recaptcha is used on every ubuntu.com signin page. (This means I also can’t submit bug reports.)

Is this sarcasm?

I ran Steam on Wayland just fine for several years.

I got GOG Galaxy working in Steam, through Proton, as an “Add a non-Steam Game”. I’ll have to try Heroic Launcher.

Even if you can buy it, you can’t file a warranty return if you are outside Fairphone’s small support area.

Fairphone has guaranteed 0 years of support in my country.

Swapping out random parts of the OS will certainly lead to breakage and dependency hell in your package manager (unless you just replace files without using the package manager, which might make all of this even worse).

I’ve done it, and it works. I’ve built packages of libraries and binaries before, at higher version numbers than Debian had, and deployed them to multiple Debian sid systems. They worked. When Debian caught up, I seamlessly upgraded all 3 systems with no problems.

Even in the worst case scenario of dependency hell, you would be able to downgrade to the Debian supported version. But I never had to do anything like that.

I’m not going to respond to all the rest of your post, because I don’t think it will help with anything. It seems that we have very different ideas about device ownership.

Some apps resist being backed up. “android:allowBackup=false” was one way. Apparently that can be overridden, but there are other ways apps can resist backup that can’t be overridden. It’s not clear what those are, but some of my apps definitely aren’t being backed up by Seedvault, even though they aren’t using keystore.

The apps using keystore can only ever be backed up by installing a backdoor in the TEE.

They do provide instructions for compiling from source, they just don’t support you at all afterwards. If you compile GrapheneOS and put it on your phone, they say “you are not running GrapheneOS” at that point. Unlike Debian or Ubuntu, where every package can be replaced by a hand-compiled version, and it’s still Debian or Ubuntu.

need to charge it in a public space? You better hope no one had modified the charger with something like an RPI to silently exploit your phone

Any secure Android device should be starting each USB session in device mode, set to charge only. It is usually not possible to change this mode without unlocking the screen. I don’t know what this has to do with sandboxing or unlocked bootloaders.

Crossing a border into a country and they suspect you’re some sort of threat?

How does this attack work? Are you saying they’d replace the operating system by using the unlocked bootloader? There are plenty of ways to prevent this with full disk encryption. Of course you need to check for modifications when you get it back, but that’s true even if you have a locked bootloader, because of hardware modifications and leaked keys.

Not running software that updates the hardware’s proprietary software drivers? One text message and you’ve got a rootkit.

In any of the open source Android distros, like LineageOS or GrapheneOS, those updates come as part of the operating system. The updater is open source, and doesn’t care whether your bootloader is locked. I assume a Linux Mobile system would be closer to Debian’s Apt system, which is also an open source updater than can install proprietary drivers, and also doesn’t care if your bootloader is locked.

didn’t really need an “um ackshually” about people who don’t want a secure os

This is pointlessly condescending.

Comprehensive backups, which can only be done after rooting. You can do this, but only after disabling verified boot.

They literally have a whole instruction page for it on their official website: https://grapheneos.org/build

I’ve asked, and they don’t support you at all after you build it. You can’t get updates or packages from GrapheneOS. Compare to Debian, Ubuntu, RHEL, etc., where you can compile your own newer package, install it, even replace core operating system components, and then seamlessly upgrade to the OS vendor’s version when they catch up.

What they don’t support is making modifications to GrapheneOS, compiling it, and then still calling it GrapheneOS. It’s not. You changed it, so it’s something else. It’s your own fork of GrapheneOS, so you should name it accordingly.

Even if you don’t modify it, they tell you not to call it GrapheneOS, and don’t offer any way to install patches, besides building it again.

Uh that’s by design? Do you even understand the purpose of a secure element and trusted execution environment, and how they work?

Yes, I understand it. I’ve opposed TPM from the start, and this is just TPM for Android. I don’t want a device that keeps secrets from me. I do want comprehensive backups, including all cryptographic keys. I should be able to access the TEE from my authenticated PC over SSH.

I’m fully aware that Widevine won’t run on a device where the owner has control over the whole device.

The code is open source, you can freely modify the OS, compile it, sign it with your own keys…

I don’t have the resources to do this (PC nor effort). They recommend 100GB+ storage and 32GB RAM for building it, and you seemingly can’t do it incrementally, since you have to flash an entire operating system at a time. I want to modify one file, like the call recording xml file. (That file is from a previous operating system I had, but I can’t provide an example of niche cases like that for GrapheneOS, because I only ever used GrapheneOS for a few days, so I don’t know what kind of small modifications I would want to make.)

Can you please explain how rooting adb only, not any apps, makes it less secure? Use concrete examples, not abstract.