I actually remember reading about this in a book “Life after cars”. Great read, would recommend !

<…> Tire companies like the one named after Sarah’s ancestor guard their chemical concoctions closely, veiling themselves behind a variety of regulations that protect “proprietary” technologies. (Fossil fuel companies do the same with the liquids they use for fracking.) The tire companies were not going to help figure out the mystery of what exactly was killing the salmon. So researchers at the University of Washington for years doggedly sifted through the dozens of chemicals they found in runoff until they isolated the one they allege is responsible for the salmon deaths. The culprit turned out to be a by-product of a molecule called 6PPD, which for the last sixty years or so has been used as a kind of tire preservative. The ground level ozone that cars give off (a dangerous pollutant that is distinct from the beneficial ozone layer in the atmosphere) can actually harm tires; 6PPD protects them against ozone-induced decay. In so doing, however, it degrades to create a different molecule, 6PPD-quinone, which turns out to be fatal to coho salmon. So the chemical that protects the polluting car’s tires from its own pollution creates even more pollution.

and

<…> Scientists say that 6PPD-quinone, along with the countless other toxic chemicals that run off our roads, could be captured by creating natural buffer zones of plants and wetlands that would filter out the poisons before they could reach the delicate ecosystem of, say, a particular stream that is vital to migrating cohos. Perhaps, like guardrails, this type of solution could be written into road engineering codes, mitigating the damage that roads do to the most sensitive habitats. No one thinks, though, that a scattering of human-engineered roadside filtration marshes could even begin to address all the harms—many of them yet unknown—that 6PPD-quinone presents to the natural world. A more systemic approach might result from lawsuits, which could pressure tire companies to find a replacement for 6PPD, but what are the chances that the replacement will be completely benign? In the meantime, the tires keep rolling along, their decay coating the asphalt that spreads across the land, mixing with rain from ever-morepowerful storms caused by climate change, and ultimately washing into bodies of water. There, the poisonous cocktail is metabolized by some of our planet’s most delicate and irreplaceable creatures, desperately trying to get upstream.

Cute blog, so unusual to see a text container left aligned these days.

If you want to do tracking evasion you don’t want to do a lot of tracking prevention as tracking prevention is finger-printable itself and that will undermine tracking evasion. Think of things like adblockers where your particular combination of blocklists and custom rules might be nearly unique to you or doing stuff like disabling javascript.

This is what the article talks about.

Thanks for taking the time to share

I don’t think so. From what I gathered, the only thing Play Services can see on GrapheneOS is the list of other apps you have installed. That’s it. They can’t see anything else unless you grant access to it. You’re not giving Google root access to your phone, you’re just installing an app that happens to be made by Google, and it’s locked down like everything else.

Edit: https://youtu.be/YB01HHFitFA?t=625 I just saw this video apparently apps can still communicate with each other so you might want to isolate if that’s something you’re worried about.

Edit 2 : Another relevant link https://discuss.grapheneos.org/d/28558-google-can-still-see-my-app-activity-on-grapheneos/2

I was thinking how the hell does an app track another apps’ activity? So they allegedly used AppsFlyer, which is a Mobile Measurement Partner (MMP).

Companies like Grindr use it for tracking ads, it basically tells whether a user that clicked on a Grindr ad on Tiktok lead to a successful install of their app. They have to install an SDK for that. Apparently it wasn’t just tracking that.

The threat level for google play services is different in graphene as it runs in what they call an “appbox,” which basically means Google Play is just another app that’s sandboxed like everything else.

One thing I haven’t understood properly I feel is how notifications work. They talked there’s basically 3 ways of sending notifications on android. FCM (googles system) , websockets, unifiedpush. Most apps use FCM so you need play services installed to get notifications, right?

How does that work through profiles though? Some commenter in this thread said you can forward them from another profile if that profile is running in the background? But if I have google play services installed on profile B but not profile A? Do I have to install them on every profile?

I may not fully understand how profiles work yet.

Yeah, as they said most banking apps now work, however, Google Pay doesn’t.

There are alternatives to it like curve pay but I haven’t done the research whether they’re trustworthy enough. EU company I think.

Yeah I apologize, I incorrectly assumed that GrapheneOS’s BFU state is more secure and requires you to enter your passphrase by default and not PIN and that this is not available on stock android which some people pointed out it is.

On a related note though, Graphene does have an interesting feature where if phone hasn’t been unlocked for some time it will force reboot to get into that BFU state. Metroplex sets it to 8 hours.

I think they also have some aggressive USB port control, but I haven’t looked into it. Where you can only charge phone in BFU state or something like that. Haven’t had time to read into it : https://grapheneos.org/features#usb-c-port-and-pogo-pins-control

Yeah they touched on this in the interview. Basically:

• Pixels allow unlocking the bootloader (most phones don’t)
• Pixels support alternate operating systems at the firmware level
• Pixels get long-term security updates
• The hardware meets GrapheneOS’s security requirements

In one part they mention Pixels Titan M2 chip, for example, which throttles how many unlock attempts you can make.

That being said they were critical of Google’s recent actions. Now Google gives OEM partners (Samsung, etc.) 4 months to implement security updates before publishing to AOSP. Prob one of the reasons why they wanted to seek an OEM partnership as they now get updates instantly with the caveat that for those 4 months they can’t publish the source code publicly untill Google releases it to AOSP. So they release 2 builds for every update (One with the embargoed security patches (binary/compiled version) and one with only public AOSP code (open source version that lags behind).

Also they had problems supporting Pixel 10 as Google removed device trees and didn’t push Android 16 QPR1 to AOSP until months after the Pixel release.

Thanks for the in-depth answer, I think I will try installing Graphene today.

This can not only be turned off entirely in settings, but you can actually modify it on a per-network basis!

Oh nice ! Makes it way more useful then as I saw forum threads of people saying there’s no point in randomizing on your home network and may cause issues.

GrapheneOS’s airplane mode disables the cellular radio entirely, whereas some OEMs don’t do that on their phones, even when you turn on airplane mode, meaning your cell provider could still triangulate your position regardless of if you have airplane mode on or off.

Did not know that, fascinating! Even Airplane mode is upgraded :D

I have similar experiences, have been using it for a year now, works … fine.

Nothing broke, seems stable.

I also had some problems with my nvidia gpu around a year ago when I switched over to linux.

I’m not sure whether this was wayland specific, but when the GPU’s clock speed would jump up after some time of inactivity it would cause this sort of stutter / lag for that 1 second of transition. Was really annoying, I had to change the minimum clock speed, it did help. I eventually switched to a AMD gpu and everything worked perfectly without me needing to do anything.

And in general I had a couple of more problems with some electron apps back then (Obsidian), that did not work well when forced to run wayland. Though this was probably not nvidia specific. Eventually I remember finding some sort of fix for it by setting some obscure environment variable that I found on hyprlands discord that was recently made available.

Privacy exists, complete anonymity on the internet is way way harder, however.

i checked out Threema that was mentioned in the article. It’s 6.50 eur. I would have trouble getting people to use Signal, how do people convince others to pay for a messaging app?

living the dream

Its not that bad to start with arch it’s not as hard as it used to be. I started with endeavourOS approximately a year ago and most things just work out of the box and you don’t need to do much and honestly i find it easier than having to navigate layers of abstractions.

Most of my time went into configuring stuff like hyprland, nvim and other stuff and arch just worked.

I came with 0 linux knowledge, the only terminal commands i knew were cd and ls and if not for arch I don’t think I would have been hooked on linux. That being said, I get it and sometimes it is frustrating but just putting it out there that it’s doable.

Yeah I noticed the main AUR package was last updated in June 2024. Thought they abandoned it but the GitHub shows the last release was around the same time. Downloaded sioyek-git instead and it works great.

I think I’m sticking with Sioyek. It checks enough boxes for what I need from a pdf viewer. Well documented, no performance issues, and it supports epub too.

The command line tools, portals, ruler for reading, keyboard text selection, searchable highlights, easy file opening, marking. Really vim-like. Need to customize some keybinds but otherwise don’t see a reason to look elsewhere for now.

Oh Sioyek looks interesting. Also the blog is great !