With the discontinuation of Disroot(?) A couple years ago, and now CalyxOS on a hiatus that’s going to require reimaging if they ever do come back, GrapheneOS is currently the only project that is supporting Android within the last 3-ish generations and us a fully put together OS. Lineage is at least 2 versions back currently, and only that new on a couple devices. Additionally it’s not really a fully fleshed OS so much as it’s the basis for custom ROMs, which frequently see no security awareness or concern at all, and only get a couple releases before disappearing. /e/ is really one of the only alternatives, and is just based on Lineage but with some security awareness and an actual update history.

So sure it’s not the original intent of GrapheneOS, but they have some of the best build tools I’ve ever seen, and are one of the few actually put together OSes.

I’m willing to settle for having to buy a google pixel for instance (which is always a 2 year old design by the time it’s released), and wait a bit before it’s supported, but I’m never interested in a mid-range device. I dont care how much I support your mission, I’ll throw a couple hundred at you as a donation before I even consider that. And that’s assuming I’m buying the device at mid-range price. It’s out of the question that I’d ever pay flagship prices for it.

Let me know when you have something that’s closer to a 3 year old flagship and we’ll talk, otherwise stop throwing your time and money at making a phone for a market that doesn’t exist.

I’ll never understand why privacy companies do this: sell a thoroughly mid-range phone for a flagship price. The privacy OS market in my experience is largely either tech nerds with enough cash to splash out on a new/second unnecessary device just so they can play around with trying to get the new OS working for themselves, until it eventually becomes their daily driver, or poor students who got a beat up phone from their friend’s cousin’s neighbor’s ex-girlfriend’s roommate and are slapping this alternative OS on it to use as their main with all consequences be damned. Obviously there are people in the middle there, but tjoses eem to be the two primary groups. So the bulk of people you’re selling to are those who want a higher end phone primarily, and probably would be willing to pay for it. Instead, they make a mid-range device that has low margins, often in small quantities because they throw in some niche feature that costs a ton to add to the existing design like a hardware kill switch, and then charge flagship phone prices for a mid-range device.

I have bad news for you. From the specs on their site it appears to be a 6.5 inch FHD screen with a mid-range MediaTek processor. Really not much different from all the other mid-range phones offered in their site. For flagship price.

Though to be fair to the project, you don’t need to buy a phone from them, you can re-inage an existing device bought elsewhere as long as it’s one of their supported models.

FWIW, I also recently just found this Techlore table: https://techlore.tech/vpn/ If you click on the “History” column link in particular, you can see they have a pretty sketchy history.

Except so far the only time they’ve actually gotten any fines paid by anyone significant, the initial multi-billion euro fine on Meta was settles for only a few hundred million euro after half a decade of litigation and ended up including all subsequent fines in what was forgiven despite them continuing the activity. In theory it should dissuade them, but the companies being fined that really deserve it have annual profits greater than most countries’ GDPs. They can litigate indefinitely against the entire EuroBlock and keep making a profit from the activities while doing it.

This. It’s weird how a particular GrapheneOS supporter keeps arguing how awful /e/ and CalyxOS are/were, and how microG is the worst thing ever. But then offers only native Google or nothing for Play Services (sandboxed mind you). The very first fallacy you learn in Cybersecurity is that if it can’t do what someone needs, it’s not secure because it’s not viable. Having nothing for Play Services is often not an option for many people. And when Google itself is one of your threat actors, literally the world’s worst solution that provides the barest modicum of protection against Google is by definition more secure. Just allow Sandboxing MicroG as an option already for those of us with a bigger threat surface from Google than from Cellebrite-using nation-state actors.

Full disclosure: I’ve looked at using their absolutely excellent build tools to create a fork with MicroG allowed. But it turns out to be non-trivial to add the signature spoofing permission to the system and grant it to only MicroG, and conflicts with the custom Google Play config that allows Sandboxing.

Bluetooth protocol support for audio is a bit of a mess, and many Bluetooth devices (especially knock off or no-name budget brand headphones/headsets) skimp on applying the standard properly.

Absent the absolute latest Bluetooth standard support (5.3 or better), you’re usually limited by the protocol to very poor quality audio. It gets even worse of your device shows up as a headset inst4ad of heaphones/speaker since it has a mic return channel crammed into the very restricted bandwidth too. The way (mostly quality) vendors have worked around this prior to the latest Bluetooth protocol versions was to use raw data channels with negotiated compression formats and a special “escape hatch” protocol supported by Bluetooth (A2DP). Both sides had to negotiate a shared compression algorithm and implement it for sending the compressed audio so it could be decided at the destination. Poorer quality or older headphones, and older Bluetooth Linix stacks didn’t do this very well.

Not sure if any of that is applicable, but in general Bluetooth is always worse quality than wired because of bandwidth restrictions. And until Bluetooth 5.3 that added LE Audio and a related very efficient audio compression algorithm, it was a compatibility crap shoot.

WARNING: This varies by domain TLD. Some TLDs require public whois information because the country that owns the TLD has dictated it. Just pay attention when creating/obtaining new domains.

I had TorGuard for years, but the service just got more and more questionable over time. I stopped using it a handful of years back. I’ve more recently looked at them again, and their VPN-router product is just a whitelabeled device you can buy elsewhere that they did the trivial install of their VPN software on. Their actual VPN speeds are fine, certainly better than I’ve heard AirVPNs are, but you either get thrown in the pool of exit points that are all very well identified as malicious VPN exit points (so everyone blocks you), or you pay to upgrade to an individual “residential IP” exit point. That gives you a completely unique exit point so the minimal VPN “blend into the exit point crowd” simply won’t exist anymore, and it’s questionable what reputation those “residential IPs” might have (I’ve gotten blacklisted IPs from my direct ISP before, IP reputation is everything).
The service claims it has no/minimal logs, but they also have a privacy policy that seems to allow a good bit of data collection now (if I remember correctly).

If you’re trying to use it for geo-unblocking, a residential IP option might work for you. If you’re trying to use it to keep your privacy from your ISP, you might very well be trading one bad actor for another. If you’re trying to use it for hiding P2P activities it will probably function well, but I can’t speak about how well they’ll actually protect your privacy from DMCA requests (if that might be relevant to you).

Far and away the biggest thing I can recommend: Use the same distro yourself. If there ever are issues, you’ll almost certainly encounter them first and know how to fix them quickly. Ideally use it yourself for a bit before you put it on your mom’s computer so you can find any initial issues too.

I experienced that only when doing expert things on my system like trying to install new drivers. I’ve been using 4 different immutable distros for a few years and literally the only “breaking” thing was when UBlue distros moved to Fedora 42, which no longer allowed you to use the ostree admin unlock --hot-fix hack to directly modify your system and made you build your own modified variant using their GitHub template repo.

I’m actually moving my wife to a UBlue distros specifically because I set it up remotely and it just auto updates.

I will warn however that Flatpaks can be a nightmare for basic things like browsers if you want to do things like use a webcam, microphone, or, god forbid, a USB device. Make sure you manually set that up in the (probably flatpak) you’re using before handing it over (probably by using Flatseal).