In theory, the law applies to everyone. In practice, it doesn’t apply to rich entities.

Using it since many years on many Pixels and loving it.

Main pros: zero bloat, efficient, highly secure and highly private (about as private and secure as it can get on any smartphone), and it’s an Android without any of Android’s typical weaknesses (privacy issues, bloat, etc.). You get to utilize the advantages of Google (its security) and completely avoid the disadvantages (its many privacy issues). You get to use all the advantages of an Android mobile OS while completely avoiding all of its disadvantages. It’s like getting your cake and eating it too. You’re much better off in terms of security and privacy than almost(?) all other smartphone users. According to leaked documents, Cellebrite for example can’t crack GrapheneOS on Pixels at all. They can crack almost any other smartphone if they have physical access to it. Most smartphones are really easy for them to crack. iPhones may pose some trouble depending on model/OS. And Graphene on Pixel is the literal brick wall. And even on top of that it has tons of great security features, like auto-reboot after X hours of inactivity, charge-only-mode for USB-C when locked, distress/duress PIN entry to immediately wipe the phone, many things like that. On the privacy side it’s looking great as well: Some folks have analyzed Graphene’s network traffic and there’s zero privacy issues from the OS or its built-in apps. And the few connections it does make (for updates and so on) are all documented and work exactly like they documented them, and they only transmit the exact least amount of necessary data without anything beyond that (guess what - that’s super rare). And on top of that there’s even more great privacy features, some of which are invisible but well thought-out, for example any SUPL request goes through a Graphene proxy server first (configurable) which strips all personally-identifiable data from the request and then redirects it to your provider’s SUPL server (which is most likely Google’s SUPL server in the end). I’m seriously impressed by the quality of the GrapheneOS project. Maybe you don’t realize how good and rare such things are nowadays. Also the documentation is very good and actually answers most of your questions and doesn’t contain any marketing blurb. The social media feeds and forums are a great source of info as well. On top of all that it’s even easy to install GrapheneOS.

Main cons: it’s only available on Google Pixel phones, so if you truly despise Google and don’t want to buy or use anything from them, it’s not the right device/OS for you (or maybe buy it used?). However, the reason GrapheneOS is on Pixel is purely a technical one: Pixels do offer very high hardware based security already (probably the most, although iPhones have good hardware-based security as well. As is known, Apple tends to be produce good quality hardware, not quite so good software) as well as a very high degree of “platform neutrality”, i.e. it’s supported by Google to flash a different OS on it or use more advanced tools like adb without any sort of tinkering or unnecessary danger involved. Also you don’t have to register to unlock your phone or anything, you only need to be online once to enable the OEM unlocking feature (I think this is because Google needs your IMEI to check whether the phone is carrier-locked (cannot ever be OEM unlocked) or can be unlocked, and they will immediately receive some device data including the IMEI as soon as you go online with the preinstalled Android OS once [of course they will receive some more device data than just the IMEI]), so it’s best to not insert your SIM yet (and not do anything with the preinstalled OS) before you’ve installed GrapheneOS on your new Pixel. Do the OEM unlocking step on WiFi only, best on a public WiFi so Google has much less of a chance to identify you based on your IP or related data. Then install Graphene, then insert your SIM and start using your new phone. Other cons exist but they’re rare or pretty much irrelevant in daily use. If you have to hear them, read an older post by me about some potential downsides: https://discuss.tchncs.de/post/19867254/12069767

Answer is correct, I just want to clarify a bit more:

“Password protected” in your case probably just means that you have a bootloader password or a user account password. Both would not matter in this case. If you put your drive or partition anywhere else, and it’s not an encrypted partition, it can be read. Independently of user access rights. Any other OS accessing the same drive/partition can literally read everything if it’s not encrypted. Provided, of course, that there’s a file system driver available for the OS.

Windows by default doesn’t have any Linux filesystem driver installed. I’m not sure if that’s still the case when you install WSL. And there are 3rd party Linux filesystem drivers available as well.

But to protect yourself against robbery or a Windows which might in the future include a Linux filesystem driver, you should always encrypt all of your partitions. And when encrypting, use Bitlocker only for your Windows system partition, not for any data partitions, and certainly not for Linux partitions. For Linux partitons, use the integrated LUKS2. Bitlocker on Windows isn’t private encryption by the way, since a recovery key is being uploaded to MS’ servers automatically. That means MS has theoretical access, the US government has, and law enforcement has. As well as any hackers who manage to exfiltrate that key from somewhere. That’s why I’d use Bitlocker only for the C: partition, a 3rd party encryption tool like VeraCrypt for any other Windows partition, and LUKS2 for any Linux partiton.

Of course they do. It’s to be expected that big tech companies use all data they can gather for training AIs, tracking users, creating psychological profiles of the users and selling data to the highest bidders.

Microsoft is also known for creating tools and products which track employees and workers and provide nice looking dashboards and statistics for the employers. And they partner up with Palantir and other companies to create even more effective surveillance solutions for companies and law enforcement to use eventually. MS is a data company since a couple of years, just like Google or Meta is. Data is very valuable.

In the case of Microsoft Office and Teams, there’s also the issue of corporate espionage. Companies from all over the world are freely giving away sensitive data about their documents, employees and projects to a US-based megacorp. There was a time in history when this would be called corporate espionage which is supposed to be bad and illegal and so on. But, since they’re all doing it voluntarily, and there’s no definite proof of MS doing anything because it’s a black box and no one except MS can inspect what they’re doing, it’s apparently “fine”. It’s like we have collectively become dangerously naive.

So yeah, it’s all “fine”. Until it isn’t. Until it is revealed one day. Then we can all be shocked and say “how could they do this, how could they violate our trust like that, their marketing slides looked so nice and the consultant was so charming and said we needn’t to worry about anything they would keep our data safe”. Well, if you trusted them in the first place, that’s your mistake. You cannot trust a company like MS, Meta, Google, TikTok, and so on with a huge track record of privacy violations. Ever. Cloud = someone else’s computer. Host your own stuff. Prefer not to use software with proven track records of privacy violations. Don’t use products or services from companies with such track records. Prefer open source over proprietary because when the code is openly auditable that’s a plus for trustworthiness, and proprietary applications usually have a bad track record of privacy violations and other anti-user features, while open source software rarely includes such things.

And it’s only going to get worse. With upcoming things like Recall, that’s almost like having a permanent camera behind you recording your screen at all times. I feel bad for all Windows users, but on the other hand, I don’t actually have to care. Keep trusting them blindly, but please don’t be surprised when it will come crashing down on you one day.

Yes.

If you still want to play such “modern” games loaded with spyware, I recommend a dedicated only-for-gaming PC (running Linux of course*) using a different IP address than your main system (probably a notebook), for example by using a VPN on one but not the other. I’d recommend using the VPN for the gaming machine, it’s less of a risk there, it allows for easy circumvention of geo-blocking, etc. If you need to access some services (e.g. chat) from both machines, create a separate account for it. Don’t share account credentials between machines. In fact, act as if the gaming machine is permanently infected with random stuff “required” for modern games, and isolate it accordingly. This is just an idea how to mitigate those problems and don’t let them creep into to your real machine where non-game-related data could leak out as a result. But you’re still going to support the developer doing this which is not recommended.

*) Why still no Windows, in this isolated case, you ask? Well, because it’s important to fight MS’ monopoly on gaming machines, so don’t support it by running it and contributing to its marketshare. Instead, run Linux and enjoy watching Windows’ sinking market share. In fact, if you can, don’t support such games either by not playing them, that would be the ideal solution. But this is written under the presumption that you or your friends still want to play it and you kind of feel left out otherwise.

RethinkDNS is probably better, but I’m currently still using NetGuard Pro and kind of happy with it, but I will soon migrate to Rethink DNS. If you use NetGuard, make sure to use the Pro version, download its hosts file and use it in whitelist mode and display all contacted hosts/IPs for each app (block everything by default, allow only the technically necessary connections!). The more proprietary apps you use, the more tracking hosts you’ll see being contacted (lots of proprietary apps contact Google, Meta, etc.). Don’t allow these connections.

Yes. It’s basically about a ban or circumvention of E2EE, as usual. And as usual, this is not an option. Do not throw away your rights to strong, working encryption. Never.

deleted by creator