I hear many people say that the Google Pixel is good for privacy, but is it?

I’m asking this because I find it weird, of all the companies, Google having the most “privacy”.

    • monsters@lemmy.ml
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      Graphene only supports Pixels officially because of how easily you can unlock the bootloader

      • N4CHEM@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        That’s not the only reason, you can also unlock the bootloader of a FairPhone very easily and they’re still not supported.

      • zwekihoyy@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        it’s because of the Titan M chip, not because of ease of bootloader unlocking. Pixel’s have much higher hardware security with only iPhones and their secure enclave matching it afaik.

    • A1kmm@lemmy.amxl.com
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      Xiaomi phones used to be good for custom ROMs, but now they try to stop you unlocking the bootloader by making you wait an unreasonable amount of time after first registering the device with them before you can unlock. Many of the other vendors are even worse.

      So from that perspective, Pixel devices are not a terrible choice if you are going to flash a non-stock image.

      • jose1324@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Waiting a bit has been normal for years already. And it’s not a big deal at all. It’s to stop reselling the phones

        • A1kmm@lemmy.amxl.com
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          1 year ago

          Wait times are as high as 2 months (depending on how old the phone model is, etc…), and even as a regular Xiaomi customer, their support never seem to allow anyone to skip the wait, even if for example they broke their old phone and want to set up a new one like the old one (ask me how I know). During that period, MIUI is like a data collection honeypot, sucking up your PII and serving you ads.

          It might be ‘normal’ now to Xiaomi customers to wait to be able to unlock the phones that they have paid for and own (perhaps in the same sense someone in an abusive relationship might consider getting hit ‘normal’ because it has been happening for a while), but the idea that the company who sold you the phone gets some say on when you get the ‘privilege’ of running what you like on it, and make you jump through frustrating hoops to control your own device, is certainly not okay.

          If they just wanted to stop reselling phones with non-Xiaomi sanctioned malware / bloatware added, making the bootloader make it clear it is unlocked (as Google does, for example) would be enough. Or they could make a different brand for phones that are unlocked, using the same hardware except with a different logo, and let people choose if they want unlocked or walled garden.

          However, they make money off selling targeted ads based on information they collect - so I’m sure that they probably don’t want to do any of those things if they don’t have to, because they might disrupt their surveillance capitalism.

          • jose1324@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            Ok, wall of text aside. Now I’m sure you’re bsing. It’s never been 2 months or even longer. Literally every Xiaomi or Poco is that you register and then you wait 1 week and then unlock with the pc. No weird ass wait times. You don’t even have to use it. I have done this for like 8 models old and new already. The Mi unlock app doesn’t even have software for other times.

            Also the bootloader does display that it’s unlocked. But even with a ‘warning’ most people wouldn’t care and that’s what Xiaomi still wants to prevent.

            • A1kmm@lemmy.amxl.com
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Here’s another source about 2 month wait times sometimes, if you don’t believe me: https://www.xda-developers.com/xiaomi-2-month-wait-unlock-bootloader/. It has never personally been 2 months for me, but it has been over a week before for me, and their support team refused when I asked nicely to shorten it despite the fact my daily driver phone was broken and I couldn’t restore my LineageOS from backup - I just had to wait. That’s why I don’t buy Xiaomi stuff any more.

              The wait time is determined by their servers, which sends a cryptographically signed certificate specific to the serial number of the device that the bootloader reads. The key to sign the certificate stays on their servers, and the client just calls to the server, and either gets a response saying to wait for this much longer, or containing the certificate. Xiaomi explicitly call it ‘apply for unlocking’ (e.g. see the title of https://en.miui.com/unlock/index.html), as in, they think it is their right to decide who gets to decide what runs on my hardware I’ve bought from them, and us mere consumers must come begging to them and ‘apply’ to unlock.

              You don’t even have to use it

              The bootloader is designed not to boot anything except MIUI without the certificate from the unlocking tool. While there are open source clients (like https://github.com/francescotescari/XiaoMiToolV2) they still work by calling Xiaomi’s server to get the unlock code, so if you want to run anything except Xiaomi’s MIUI (which is a bad idea from a privacy perspective), you kind of do have to use it (at least their server). The only way around it would be if someone found a vulnerability in the bootloader or the processor itself that allows for the ‘treacherous computing’ aspect of the boot to be bypassed without the certificate - and as far as I’m aware there isn’t a reliable approach yet for that.