Decentralized Social Media

When I abandoned Facebook, I also decided to abandon all centralized social media platforms. In their place I opted to make use of decentralized services instead. To that end I joined various Matrix chat rooms on multiple servers and spun up a few of my own. I recently joined a Mastodon instance and have been enjoying the community on that instance as well as interacting with people on other instances through federation. Although not technically a social media platform (nor a decentralized one), I also participate in and even run a few group chats on Signal.

This setup takes me back to the days before Facebook gobbled up half of the Internet. Before Facebook, online social interactions were spread amongst a dozen or more chat clients (ICQ, AOL Instant Messenger, MSN Messenger, Yahoo Messenger, XMPP, etc.) and thousands of forums. Most forums had a theme. If you wanted to discuss guns, you would join any of the many gun forums. If you wanted to discuss video games, you would join any of the many video game forums. There were forums for the most niche of subjects.

For those who missed those days of the Internet and only know the post-Facebook Internet, what I just described probably sounds like chaos because you needed a separate account for each chat platform and forum (and this was in an era before password managers). However, the chaos came with many upsides. The most notable of which was that getting banned from one platform or forum didn’t result in you being banned from every other. People today often complain when they receive a temporary or permanent ban on Facebook, Twitter, or other centralized social media platform because it means they’re banned from interacting with all of their friends. To make matters worse, the number of rules and therefore the number of reasons you can receive a ban continues to increase. And since many bans are completely automated, you can find yourself barred from interacting with all of your online communities because an automated moderation system took an innocent thing you posted the wrong way.

Compare that with the decentralized social media experience I described in the first paragraph of this post. If I’m banned from one Matrix or Mastodon instance, I can sign up for an account on another instance. In the case of Matrix, you can choose to encrypt all messages in a room, which prevents the administrators of your Matrix instance from reading any of your comments (and therefore banning you for it). Signal actually forces encryption on all rooms so the same is always the case on that platform. Federation on Mastodon and Matrix means that you can continue to interact with your acquaintances even if you migrate to another server, which fixes the biggest issue with pre-Facebook chat clients and forums (if you were banned from one, you couldn’t interact with your acquaintances on that platform unless they also used another platform).

I’ve also discovered that I prefer to keep a lot of my social media activity isolate from my other social media activity. It wasn’t uncommon for me to post something on a public Facebook group just for a friend who didn’t like the topic of that group to show up and try to engage in a fight. This was even more common on Twitter, which is just a public forum. But when I post something on a Mastodon instance, only users on that instance and anybody federating with that instance (who are usually federating because they’re interested in the topic(s) found on that instance) see it. This cuts down on the bullshit from the peanut gallery. This is even more true for Matrix since most rooms are topical and the only people who join those rooms are interested in the topic.

Whereas I found centralized social media aggravating because everything I posted was visible to all of my friends, decentralized social media has been very pleasant. I can post anarchism content to anarchist rooms and not have to argue with statist friends. I can post gun content to gun rooms and not have to argue with anti-gun friends. I can post online privacy content to online privacy rooms without my technology illiterate friends taking it as an opportunity to seek free technical support. While trolls do pop in from time to time, they’re rare and generally more fun since they’re not my friends and I therefore don’t give a shit about their feelings.

While decentralized social media may seem inconvenient compared to centralized social media, I strongly urge you to give it a try. You may find that what you currently perceive to be an inconvenience, such as not all of your friends being on one platform, is actually beneficial.

They’re Called Dumbbells for a Reason

Before I begin my rant, I want to note that the etymology of dumbbell is more interesting than “stupid barbell,” but I’m allowed a bit of artistic license on my own blog. With that out of the way, let me get into this rant.

I still don’t (and likely never will) understand the modern obsession of taking perfectly functional things and making them dysfunctional by connecting them to the Internet. Nike still holds the crowning achievement for its “smart” shoes that became bricked by a firmware update. But the quest to match or exceed Nike continues. Nordictrack is obviously gunning for the crown with its “smart” dumbbells:

There are two things that make the iSelect dumbbells “smart.” The first is that these use an electronic locking mechanism, as opposed to pins or end screws. The second is that you can change the weights using voice commands to Alexa. Though, fortunately, you don’t have to since there’s also a knob that lets you change the weights manually.

[…]

Setting up the dumbbells is easy. All you’ve got to do is download the iSelect app for iOS or Android and then follow the prompts to pair the dumbbells over Bluetooth and Wi-Fi. (The latter is for firmware updates.)

Perhaps I’m showing my age, but why in the hell would anybody want to take perfectly functional weighted chunks of metal and complicate them by adding wireless connectivity, voice commands, a phone app, and firmware updates? Changing weights on adjustable dumbbells isn’t complicated or time consuming. And if you, like the author of the linked article, are concerned about the ruggedness of a physical retaining mechanism, why would you have any faith in a mechanism that is electronically controlled?

If you want adjustable dumbbells, there are a lot of excellent options on the market. Rouge Fitness makes dumbbell bars that accept plate weights. Powerblocks are oddly shaped, but built like tanks. There is also the Nüobell, which maintains a classic dumbbell profile. All of these options are within $100 (after the addition of weights for the Rouge bell and assuming you get the 50 lbs. version of the Nüobell) of the Nordictrack iSelect, are built significantly better, and won’t stop working because the manufacturer pushed out a botched firmware update. There are also adjustable dumbbells on Amazon that are much cheaper than any of these.

There’s no reason to make dumbbells “smart.” The feature set of the iSelect demonstrates that. The only thing the “smarts” let you do is adjust the weight of the dumbbells with Alexa voice commands (and brick the dumbbells with a bad firmware update, of course). And according to the article, the voice commands are slower than using the physical knob on the stand so that single feature is more of a hindrance than a benefit.

As another aside, I chuckled when the article listed “No mandatory subscription” under the pros. The prevalence of tying “smarts” to subscriptions is so great that a “smart” device can earn points by simply continuing to function if you don’t pay a subscription fee. That tells you more than you might realize about “smart” devices.

Ode to the Dumb Car

I own three vehicles. The newest one was built in 2008. They’re all dumb vehicles. They have gauges on the dashboard and the only “screen” any of them have are primitive segmented LED displays on their radios. The clocks only know how to display hours and minutes and need to be manually set whenever daylight savings time changes (or the battery is disconnected).

To me a vehicle is a long term purchase. When I buy one, I assume that I’ll be driving it until is stops functioning. I want at least a decade and always hope for more. Because I tend to drive vehicles for a long time, I avoid vehicles that have built-in navigation, touch screens, or infotainment systems. Vehicle manufacturers are notoriously bad at software. Not only do they tend to write software poorly, they also don’t provide updates for very long. That can lead to awkward situations like your clock rolling back 1024 weeks:

The Jalopnik inbox has been lit up with a number of reports about clocks and calendars in Honda cars getting stuck at a certain time in the year 2002. The spread is impressive, impacting Honda and Acura models as old as 2004 and as new as 2012. Here’s what might be happening.

If you scroll through a Honda or Acura forum right now, chances are you’re going to run into a bunch of confused owners. When they hopped into their cars on January 1 they found the clocks on their navigation systems frozen at a certain time. And the calendar date? 2002, or 20 years ago.

[…]

Drive Accord forum user Jacalar went into the navigation system’s diagnostic menu on Sunday and discovered that the GPS date was set to May 19, 2002, or exactly 1024 weeks in the past.

Global Positioning Systems measure time from an epoch, or a specific starting point used to calculate time. The date is broadcasted including a number representing the week, coded in 10 binary digits. These digits count from 0 to 1023 then roll over on week 1024. GPS weeks first started on January 6, 1980 before first zeroing out on midnight August 21, 1999. It happened again April 6, 2019. The next happens in 2038.

Synchronizing time with GPS is an intelligent choice. But you have to understand the specification. Since the week counter for GPS rolls over every 1024 weeks, you need your system to take that into account and adjust accordingly. Honda didn’t take that into consideration so now the clock on a bunch of their vehicles is stuck 20 years in the past. Making the matter worse is that Honda hasn’t provided a fix and, if history is any indicator, may never provide a fix (or at least not provide a fix for vehicles past a certain manufacturing date).

This problem is just another on the long list of what I like to call software based obsolescence. Software based obsolescence isn’t necessarily planned obsolescence. I doubt anybody at Honda implemented a plan to cause this issue. In all likelihood the software developers were ignorant of the fact that the GPS week counter rolls over every 1024 weeks. Because they were ignorant of that behavior, the didn’t take it into consideration when they wrote the software (in fact the developers may have been using a third-party library for syncing time with GPS and that library didn’t take the rollover into consideration).

As a general rule software doesn’t age well. The more complex a piece of software is, the worse it will age (obviously exceptions to the rule exist). So software written to control a specific process in your engine may age fine, but software that handles time synchronization (a surprisingly complex task) will likely age poorly. This is why software patches exist. However, when you combine increasingly complex software with systems that cannot be updated or will not be updated after a specific period of time, that product, if it’s dependent on software, will have the same life expectancy as the software. In the case of the Honda vehicles mentioned in the story, the rest of the vehicle is able to operate properly even if the time synchronization is broken. But if a system depends on an accurate clock, then improper time synchronization will break that system.

This is why I prefer to avoid systems that are reliant on software unless I only plan to use the platform for a specific period of time or the platform is open to user modification and the software it depends on is open source.

It’s a Tracking Device, Not a Smartphone

I like to refer smartphones as voluntary tracking devices. Cellular technology provides your location to the network provide as a side effect. Smartphones can also leak your location through other means. But location isn’t the only type of information collected by smartphones. Android has a sordid reputation when it comes to data collection. Part of this is because Google’s primary business is collecting information to sell to advertisers. Another part is that handset manufacturers can bake additional data collection into their Android devices. Another part is that Android lacked granular application permissions until more recent versions, which allowed application developers to collect more information.

Apple on the other hand has enjoyed a much better reputation. Part of this is because Apple’s primary business model was selling hardware (now its primary business model is selling services). But Apple also invested a lot in securing its platform. iOS provided users more granular control over what applications could access earlier than Android. It also included a lot of privacy enhancements. However, Apple’s reputation isn’t as deserved as one might think. Research shows that iOS collects a lot of information:

“Both iOS and Google Android share data with Apple/Google on average every 4.5 [minutes],” a research paper published last week by Trinity College in Dublin says. “The ‘essential’ data collection is extensive, and likely at odds with reasonable user expectations.”

Much of this data collection takes place after the phone is first turned on, before the user logs into an Apple or Google account, and even when all optional data-sharing settings are disabled.

“Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this,” the paper adds. “However, Google collects a notably larger volume of handset data than Apple.”

I can’t say that this surprises me. Apple is a publicly traded company, which means its executives are beholden to share holders interested almost exclusively in increasing the price of their shares. That means Apple’s executives needs to constantly increase the company’s revenue. User information is incredibly valuable. Mark Zuckerberg made a multi-billion dollar company out of collective user information. So it was unrealistic to expect Apple to leave that kind of potential revenue on the table. Even if Apple isn’t currently selling the information, it can start at any time. Moreover, if it has the information, it can be obtained by state agents via a warrant.

This brings up an obvious question. What smartphone should individuals concerned about privacy get? Unfortunately, Android and iOS are the two biggest players in the smartphone market. They are also the only two players readily available to consumers who aren’t tech savvy. GrapheneOS is an example of an Android version that offers better privacy than the stock versions found on most devices. But using it requires buying a supported Pixel and flashing GrapheneOS to it yourself. There are also phones that run mainline Linux such as the PinePhone and Librem 5. The problem with those devices is the state of the available software. Mainline Linux distributions designed for those phones are still in development and likely won’t meet the needs of most consumers.

Right now the market looks grim if you want a smartphone, are concerned about privacy, and aren’t tech savvy enough to flash third-party firmware to your phone.

Before and After First Unlock

If you’ve used a desktop operating system, you may have encountered full-disk encryption. The name is self explanatory. When full-disk encryption is used on a desktop or laptop, the entire contents of the hard drive (minus whatever is needed to properly boot the system far enough to enter the decryption key) are encrypted. The contents are only accessible after the decryption key has been provided during boot up.

iOS and modern versions of Android use a different model called file-based encryption. Rather than encrypt the entire contents of the device, files are encrypted individually per a policy. This is why you can make a call on an iOS or Android phone after is has been booted but before it has been unlocked. But like with full-disk encryption, the encrypted files are only accessible after the device is first unlocked after a boot up.

The states where encrypted data is inaccessible and accessible are referred to as before and after first unlock respectively. Before the first unlock data is considered at rest. The device is unable to decrypt the encrypted data because the necessary decryption key hasn’t been provided by the owner. After the first unlock the device stores the decryption key so it can decrypt and access the encrypted data. How the keys are stored varies. Many devices store the decryption keys in memory, but the more secure method is to store decryption keys in a secure chip such as the Secure Enclave hardware on iPhones or the Titan M chip on Pixel devices (technically the decryption key is usually derived by the secure chip using the provided decryption key and other inputs, but I’ll skip over those details in this post). Using a secure chip adds a barrier between the decryption key and malicious software or hardware able to gain unfettered access to system memory.

When you read stories about law enforcers extracting encrypted data from a device without the owner’s cooperation, they are almost always extracting the data after the first unlock:

The main difference between Complete Protection and AFU relates to how quick and easy it is for applications to access the keys to decrypt data. When data is in the Complete Protection state, the keys to decrypt it are stored deep within the operating system and encrypted themselves. But once you unlock your device the first time after reboot, lots of encryption keys start getting stored in quick access memory, even while the phone is locked. At this point an attacker could find and exploit certain types of security vulnerabilities in iOS to grab encryption keys that are accessible in memory and decrypt big chunks of data from the phone.

Based on available reports about smartphone access tools, like those from the Israeli law enforcement contractor Cellebrite and US-based forensic access firm Grayshift, the researchers realized that this is how almost all smartphone access tools likely work right now. It’s true that you need a specific type of operating system vulnerability to grab the keys—and both Apple and Google patch as many of those flaws as possible—but if you can find it, the keys are available, too.

When law enforcers confiscate a device, it’s common practice to both prevent the device from powering off and to isolate it from any network access. This prevents the device from entering before the first unlock state and from being remotely wiped. Mobile phones have their own batteries, which increases the time law enforcers have between confiscation and connecting it to a secondary power source. Placing the phone into a Faraday bag isolates it from network access. Once a device has been prevented from powering off or being remotely wiped, law enforcers can work to decrypt the contents of the phone at their leisure.

Before continuing I will note that law enforcers aren’t the only individuals interested in gaining unauthorized access to the encrypted contents on a device. I’m highlighting them because they receive the most press coverage. Keep in mind that many unauthorized parties such as abusers and stalkers have the same interest albeit for different reasons.

The safest state for encrypted content is at rest. This is why I always recommend people power down their devices before entering airport checkpoints or border crossings. Those are situations where encounters with law enforcers are guaranteed and the chances of devices being confiscated is higher than average. I also recommend people power down their desktops and especially laptops when not in use. That way if the device is stolen, the contents remain inaccessible to the thief. However, powering down devices isn’t always practical, especially when the device in question is a smartphone. If you’re meeting somebody at an airport, you might need to keep your phone powered on in case the party with whom you’re meeting needs to contact you (although I will argue that proper planning can avoid this scenario and, if not, rebooting the device and leaving it in before the first unlock state will allow you to be accessible while keeping your data at rest). If a mugger demands your smartphone, they probably won’t allow you to power it down before handing it over.

This is why I was happy to discover a feature in GrapheneOS. In the settings application under the Security category there is an option called Auto reboot. By default this is disabled, but if you tap on it, you’ll be greeted with a dialog box offering different lengths of time. If you select one of those options, the phone will automatically reboot if it hasn’t been unlocked in the selected period of time. This ensures that the device will return to before the first unlock state after you haven’t unlocked it for the selected period of time. If you unlock your device frequently and don’t mind entering your password when you wake up in the morning, you can select a short time period. If you don’t want to enter the password every morning, you can select eight hours (or slightly more than however many hours you typically sleep). This feature creates a specific window of time between when a device is confiscated or stolen and when it returns to before the first unlock state.

This is a security feature I would like to see adopted by other operating systems. Knowing my laptop had a finite period of time between when I last unlocked it and when it returns to before the first unlock state would give me the convenience of putting it in sleep mode rather than powering it down completely when transporting it (I fully admit powering down isn’t a huge inconvenience for me since I don’t transport my laptop frequently, but a lot of people transport their laptop between home and work twice a day).

My Thoughts on the Pixel 4a Running GrapheneOS

As I noted in my last post covering the fiasco that is today’s Apple, I ordered a Pixel 4a with the intention of flashing GrapheneOS on it. For those of you who are unfamiliar with GrapheneOS, it is an Android Open Source Project (AOSP) operating system that focuses on security. The list of security features included in GrapheneOS is quite long so instead of trying to summarize it, I’ll point you to the project’s feature list.

GrapheneOS only runs on Pixel devices. This is because Pixel devices implement several hardware security features including the Titan M security chip (a similar idea to Apple’s Secure Enclave). Pixel devices also support Android Verified Boot (AVB) 2.0 with third-party signing keys. AVB 2.0 cryptographically verifies that the operating system you’re booting hasn’t been altered. When properly setup, this allows non-Google firmware to boot from a locked boot loader. GrapheneOS supports AVB 2.0 and relocking the boot loader is actually part of the installation process. This is a GrapheneOS advantage since most AOSP operating systems can only boot from an unlocked boot loader. An unlocked boot loader is a majority security weakness.

Installing GrapheneOS is about as easy as installing a third-party operating system on a phone can be. There are two supported methods: a web based installer and a command line based installer. I chose the latter. Both are made straight forward by the step-by-step guides. When you boot GrapheneOS the first time, you’re greeted with a bare bones installation. I prefer minimal operating system installations so I consider the bare bones nature of the default GrapheneOS is a plus.

I installed the same applications on this device as I installed on my Teracube 2e. GrapheneOS doesn’t include a calendar application so I installed Etar, which is the calendar application included in LineageOS.

One of the notable features of the Pixel 4a is the camera. However, you probably won’t be terribly impressed by pictures taken with the camera application included with GrapheneOS. This is because the high quality pictures you see in Pixel 4a reviews requires a combination of hardware and software. The software is Google Camera. Google Camera applies software enhancements to improve the quality of pictures taken with Pixel hardware. Not surprisingly it requires Google Play Services. A recent addition to GrapheneOS is support for fully sandboxed Google Play Services. This allows you to install Google Play Services without granting permissions greater than any other app (normally Google Play Services enjoys additional privileges). If you need Google Play Services, I believe this is a better solution than microG, an alternative used by a number of AOSP operating systems.

I wanted Google Camera without all the additional Google cruft so instead of installing Google Play Services I installed Gcam Services Provider. Gcam Services Provider is a shim that implements just enough of Google Play Services to run Google Camera. GrapheneOS with Gcam Services Provider isn’t enough to run Google Camera though. Launching Google Camera with this configuration will only result in a black screen (information about this behavior can be found here. I resorted to installing a modded versions of Google Camera of which there are quite a few. I settled on this version because it works with Gcam Services Provider and allows me to use a gallery application other than Google Photos (the official Google Camera application is hard coded to display recently taken pictures with Google Photos and I have no interest in installing that).

The installation process for Google Camera that I just described is the only thing on my setup that feels hacky. GrapheneOS is polished. It actually feels like a first-party operating system on the Pixel 4a. It is a major improvement over the user experience of LineageOS on a Teracube 2e (because the version of LineageOS for the Teracube 2e is still unofficial, I didn’t expect a polished user experience, I’m just noting the comparison here because it’s the only baseline I have). I will go so far as to say that GrapheneOS offers a user experience comparable to iOS on an iPhone (and probably the stock firmware on the Pixel 4a, but I didn’t spend any time using that) with the caveat that applications that rely on Google Play Services may not work if you don’t install Google Play Services (thanks to sandboxing doing so isn’t as dangerous on GrapheneOS as it is on other AOSP operating systems). The user experience is so good that my wife, who is not a technical user, is happy with it.

GrapheneOS is a great option for iOS users wanting to flee the panopticon that Apple is dead set on inflicting on iOS users (and probably macOS users).

Apple Gives Users More Time to Migrate

After doubling and tripling down on its decision to integrate spyware into iOS, Apple has announced a delay:

Apple provided this statement to Ars and other news organizations today:

Last month we announced plans for features intended to help protect children from predators who use communication tools to recruit and exploit them, and limit the spread of Child Sexual Abuse Material [CSAM]. Based on feedback from customers, advocacy groups, researchers and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features.

As the Electronic Frontier Foundation explains, a delay isn’t good enough. However, the delay grants iOS users more time to plan their migration. I’m happy to say that my migration has gone well. I received my Pixel 4a and flashed it with GrapheneOS. My initial impressions are very good. I’ll post a detailed initial impression after a few more days of usage. With that said, there are a handful of options available to those wishing to flee Apple’s new surveillance obsession.

I opted for a Google-free Android Open Source Project (AOSP) ROM. Android is a mature and widely support mobile operating system. It offers near feature parity with iOS since the two platforms have been copying from each other since their early days (both also copied a lot of the best ideas offered by Palm WebOS). The biggest flaw in Android is Google. Google-free AOSP ROMs such as LineageOS, /e/OS, GrapheneOS, and CalyxOS keep the good features offered by Android while removing the Google taint.

Another option is a mainline Linux phone like the PinePhone or Librem 5. Neither platform is mature enough to meet my current daily needs, but they might be mature enough to meet your daily needs. They’re worth investigating and I hope to eventually migrate from Google-free Android to a mainline Linux phone.

If you’re one of those odd ducks who uses their cellphone solely as a phone, an old-school dumbphone is worth considering. Because of how simple they are, dumbphones offer a limited attack surface (keep in mind that security updates on dumbphones are rare so if a major flaw exists, the only solution may be to buy a different phone) and aren’t capable of store even a faction of the personal information that smartphones can. They’re also dirt cheap and frequently more durable than smartphones. The tradeoff is they don’t offer any means of secure communications. You can’t install Element, Signal, or any other secure messaging application on them. But if you don’t use those, that’s probably not a deal breaker.

My suggestion to iOS users (and every other computing platform user) is to develop a migration plan if you haven’t already. I try to have at least one migration plan at hand for any computing platform I use. For example, when I was using a Mac, I had a migration plan for moving to Linux. It didn’t end up being an urgent need, but when I finally decided to upgrade from my 2012 MacBook Pro and Apple didn’t offer anything acceptable to me, I already had a plan. Now I use Fedora running on a ThinkPad and have a plan to migrate from that if needed.

When I ran iOS I also had a migration plan. My plan was to migrate to a mainline Linux phone. I knew this plan was a gamble because it would be a few years until such devices were mature enough for my daily use. Because of that I kept a list of Google-free AOSP ROMs and phones capable of running them. When Apple announced its surveillance plan, my migration plan to a mainline Linux phone wasn’t yet feasible. I had to bring myself more up to speed on AOSP ROMs and phones, but I was able to migrate away from iOS within a week of Apple’s announcement.

Apple didn’t provide a time frame for when it will introduce spyware to iOS. It could be months or years before Apple introduces it or the company could spring it on users with no warning. If you have a migration plan ready, you can react even if Apple gives no advanced warning. If Apple pushes back its surveillance plan indefinitely, you can continue using iOS (if you still trust Apple, which I don’t) knowing you’re ready to move if needed.

The Third Update on My Experiment Running LineageOS on a Teracube 2e

After two weeks with the Teracube 2e I decided that it’s not a good daily driver for me. Teracube has a 30-day return policy, but I’m going to keep the phone because I really like what the company is doing and having a sacrificial phone for experimenting with new Android ROMs appeals to me. However, there were a number of issues that made the phone unsuitable for me as a daily driver.

The first issue is the potato quality camera. I previously stated that I don’t need a very good camera, but I do need a camera that is at least good enough for me to document things. I decided to do more thorough testing with the Teracube 2e cameras during the week. I found two major issues. The first is that the autofocus is inconsistent. Sometimes I can get properly focused photographs, but other times the photographs turn out blurry even after the camera app shows that the camera is properly focused. It’s a crap shoot whether a photograph will be clear or blurry. The second camera issue is the flash. Since the cameras have such poor low light (really any light other than outside daylight) performance, using the flash is a requirement. But when the flash is used the resulting photograph is heavily blue tinted. This issue isn’t caused by the beta build of LineageOS. A number of users on the Teracube forum reported the same camera issues with stock firmware.

The second overall issue I have with the phone is the size. I’m an oddity because I like phones that are small enough to operate with one hand. The 2020 iPhone SE is acceptable although slightly larger than I like. The Teracube 2e is larger than the 2020 iPhone SE. When stacked on top of each other, the Teracube 2e doesn’t look much larger than the 2020 iPhone SE. But when you have the devices in your hand the size difference feels significant. The included case also adds some additional bulk. Moreover, the case has raised corners that like to catch on my pockets whenever I stow or take out the phone.

The third issue is the Wi-Fi and Bluetooth connectivity. Although rare the phone will periodically disconnect from my Wi-Fi network and Bluetooth devices for a brief second. It’s hardly noticeable. If you’re streaming a video, the issue manifests as a brief moment of buffering. If you’re listening to music through Bluetooth headphones, the music will stop and your headphones will indicate that they disconnected and connected again. This problem is most likely being caused by the unofficial beta of LineageOS that I’m using. Unfortunately, all of the Google-free ROMs I’ve found for the Teracube 2e are based on the LineageOS build and therefore exhibit all of the same bugs. I’m confident that this issue will be fixed if the problem is being caused by the ROM. But this does roll into my fourth issue.

The fourth issue is that this setup is a hack. What I mean by this is that the overall experience isn’t polished. This isn’t a surprise. I’m running beta firmware on a relatively new phone. I didn’t expect it to feel polished. And if I only had to worry about myself, I could run this setup without much trouble. But I’m also the technical advisor and support for my wife. I can’t hand her a buggy device and expect her to be happy with it. Especially because she’ll be comparing it to her iPhone (she wants to get off of iOS because she, like me, doesn’t like spyware running on her devices, but she’s less tolerant of bugs than I am). I could get her a nicer device and continue using the Teracube 2e myself, but I also don’t want to have a drastically different setup than her. If we have the same or very similar setups, we will likely run into the same problems. That simplifies debugging for me and means that when I figure out how to fix a bug on my setup, I also figure out how to fix it on her setup.

With all of that said, I really like the Teracube 2e. It has a lot of great features such as a removable battery, four year warranty, and flat rate charge for repairs. For the price the hardware is a good deal (minus the cameras). The device comes with a case and a screen protector, which are nice bonuses at that price range. I also like how transparent the company has been. I’ve dug through the Teracube forums and the company representatives who post on there open and honest. For example, Teracube released a tempered glass screen protector for the 2e. A lot of people who bought it reported issues with the edges of the screen protector not adhering to the screen. A company representative both acknowledged the issue and warned a few users inquiring about a better (than the included) screen protector about the issue. There is a thread about the camera issues. Rather than disappearing the thread, company representatives have been using it to collect information that may allow the issues to be fixed (or at least mitigated to some extent).

As I said at the beginning of this post, I’m going to keep the Teracube 2e. Both because I like the device and because I want to fund Teracube’s efforts. I will continue to experiment with it and test new builds of LineageOS as they are release (and maybe /e/OS as well). But it won’t be the replacement for my iPhone.

That brings me to the big question, what’s next? Will I stick with iOS knowing that Apple intends to install spyware on it? Not a chance. I ordered a Google Pixel 4a (actually two). Although the 128 GB of storage will be tight for me, it checks every other box. It’s affordable, about the same size as my iPhone, and has a good rear camera. Besides the lack of storage the other major downside is Google just discontinued it (which is why I bought two, one for me and one for my wife). So it’s not a device that I will be able to recommend to people in the future. Unfortunately the replacement, the Pixel 5a, is significantly larger and $100 more expensive.

My intention is to try GrapheneOS since it’s the most security focused Android ROM. If that doesn’t work out, the Pixel devices are officially supported by a number of other Google-free ROMs including LineageOS, /e/OS, and CalyxOS. I will report on my findings just as I have been reporting on my findings with the Teracube 2e.

Update on My Teracube 2e Running LineageOS

I’m almost exactly one week into my experiment of running LineageOS on a Teracube 2e and want to provide an update.

If you missed my previous post, this experiment is my attempt to migrate from iOS to Android. I’m leaving iOS because of privacy concerns. Jumping from Apple to Google because of privacy concerns would be nonsense so this experiment requires using Android without Google services and applications. So far I have been able to do that, with the exception of needing access to the Google Play Store to install applications that aren’t available in F-Droid. I’m using Aurora Store to access the Google Play Store with some semblance of anonymity.

SD Card

The first thing I want to touch on is the SD card. SD card support in Android is a hot mess. Inserting an SD card into a phone running LineageOS, assuming the card isn’t already formatted, will trigger a popup asking how to format the card. The two options are portable or adopted. Selecting portable will format the SD card in a way that allows it to be swapped between devices. The upside to portable storage is that the SD card can be removed from the phone and inserted into another devices such as a laptop. The downsides are that many applications have poor if any support for using a portable SD card (Spotify, for example, kept losing songs it downloaded and stored on the SD card) and the data stored on the card isn’t encrypted.

Adopted storage is poorly documented. The best explanation I could find is this Reddit post. Choosing to format the SD card as adopted storage will cause user files to be stored on the SD card. Applications can also be moved from internal storage to the SD card if it’s formatted as adopted storage… and the developer of an application specifically enabled the functionality. If the developer doesn’t enable the functionality, then the application cannot be moved to the SD card. See what I mean about SD card support being a hot mess?

Formatting an SD card as adopted storage comes with a few downsides. The most notable is that removing the SD card from the phone can cause all sorts of odd behavior. Since the SD card is treated as an extension of internal storage, the phone expects the SD card to be present at all times. Another downside to adopted storage is that the SD card can no longer be used by other devices. Inserting the card into another device, even another Android device, will result in the device seeing it as corrupted. The upsides to adopted storage is that the data stored on an adopted card is encrypted and applications that poorly or don’t support portable SD cards will likely work well with an adopted card since they will see the card as internal storage.

My needs have been better fulfilled by formatting the SD card as adopted storage.

Potato Quality Cameras

In my initial impressions post I noted that the cameras on the Teracube 2e are bad even when compared to cameras on many other devices in the same price range. The Teracube 2e has three cameras: a front facing camera and a wide angle and normal camera on the back. Most camera applications that I test detected and could use the front facing and normal rear cameras, but didn’t recognize the wide angle camera (which isn’t much of a loss because that camera is the worst of the three). Open Camera can detect and use all three. Moreover, I’m able to squeeze the most out of the cameras with Open Camera. Dropping the exposure compensation by 0.50 EV (so the value is -0.05 EV in Open Camera) has lead to the least terrible photos on the normal rear facing camera for me. I’m not a photographer so your mileage will likely vary (and if you are a photographer, you will be disappointed by the cameras on the Teracube 2e).

Navigation

In the turn by turn navigation market Google Maps is the undisputed king. Apple Maps comes in second, but it’s a far second. Google Maps requires using Google, which I’m trying to avoid, and Apple Maps isn’t available on Android.

I had a three hour drive today and decided to test two applications: Organic Maps and Magic Earth. I came across Organic Maps in a Reddit post created by an individual asking for an alternative to Google Maps and Magic Earth when I was testing /e/OS (Magic Earth is included as part of /e/OS). For my test I used Organic Maps on the way to my destination and Magic Earth on the way back. Both applications use OpenStreetMap data, provide voice turn by turn navigation, and allow you to download maps locally on your device (a nice feature for me since I find myself in areas with weak or nonexistence cellular signal frequently).

Organic Maps is open source whereas Magic Earth is closed source. Even though it’s closed source, Magic Earth has a much better privacy policy than Google Maps (and probably Apple Maps) so it’s a step up in terms of privacy. Both applications chose nearly identical routes (I checked the route in both applications when I left and when I returned). The chosen routes were sensible. Magic Earth advertises that it uses crowd-sourced traffic information when creating routes, but I was unable to test that functionality since I was driving through rural Wisconsin and Minnesota where traffic is seldom heavy. However, it’s something to keep in mind if you’re driving somewhere that experiences traffic congestion. Magic Earth provided me superior search results. Organic Maps wasn’t able to find my destination when I entered the address, Magic Earth was. I also preferred the navigation interface on Magic Earth.

Neither application gives everything Google Maps and Apple Maps provides. But I found both to be serviceable for my trip. I give Organic Maps a point for being open source, but prefer the overall experience of Magic Earth.

Odds and Ends

SD card support, the Teracube 2e cameras, and navigating on Android without Google were the three major topics I wanted to cover. However, I want to close with a brief list and description of some of the applications that I’m using. All of them function without Google Services installed.

Aegis Authenticator is a one time password (OTP) two-factor authentication application. It’s open source, encrypts stored tokens, and backups encrypted tokens to a chosen destination (I configured it to backup to my Nextcloud instance). It can also be configured to require biometric authentication to open.

AntennaPod is an open source podcast client. Coming from the dumpster fire that is the latest iteration of Apple’s Podcast application, AntennaPod is like manna from Heaven. The interface is straight forward and it has so far done an excellent job of grabbing new episodes when they become available.

Bitwarden is my password manage of choice because it can be self-hosted. The Android client works almost exactly the same as the iOS client, which is to say it works well.

DAVx5 syncs my calendar, contacts, and to-do lists from my self-hosted Nextcloud server to my phone. Setting up the connection is a little janky because you need to start the process from the Nextcloud application, go to the DAVx5 application, and return to the Nextcloud application. But once the connection is setup, it stays running.

K-9 Mail is an open source e-mail application that supports PGP encryption.

KDE Connect connects an Android phone to a Linux laptop (I use GSConnect on my laptop because I use the GNOME desktop environment) and do things like send text messages from the laptop and sync the clipboard between the two systems. I highly recommend this if you use a Linux desktop or laptop.

OpenWeatherMap is a forecast application. I used to use Dark Sky, but Apple bought them and tossed the Android application down the memory hole. OpenWeatherMap has been a competent alternative.

QR & Barcode Scanner, as the name implies, scans QR and barcodes.

My Initial Thoughts on the Teracube 2e Running LineageOS

Since Apple decided to install spyware on iOS devices, I decided to finish my migration from Apple’s platform. I started my migration a couple of years ago because I didn’t like the direction Apple stared taking macOS (becoming more and more like iOS) or its computers (becoming more like iOS devices in that they lacked end user replaceable components). I planned to migrate from the iPhone once the PinePhone or another device capable of running mainline Linux matured. But as I noted at the start of this post, Apple forced me to move my timeline forward.

I started looking at available Android devices as soon as I read Apple’s announcement. I wanted Google in my life even less than Apple so my first criterion for an Android device was that it could be flashed with a Google free firmware like LineageOS. The most commonly recommended phones I came across for LineageOS were Google’s Pixel lineup. OnePlus devices were also popular recommendations. But both lineups tend to be higher tier, which means more expensive. My phone is really a glorified portable web browser, media player, and secure messaging platform. I don’t play games or anything else hardware intensive on my phone. Higher tier phones are wasted on me. The other downside to both of those lineups is that they cannot be easily repaired by end users. The FiarPhone lineup has always appealed to me because they’re designed to be repaired by end users. While they’re pricey, I’m willing to pay a premium for repairability. However, the FairPhone lineup is only supported on European carriers and I’m in the United States.

My search eventually lead me to a newer manufacturer called Teracube. Specifically the Teracube 2e. While the Teracube 2e isn’t as repairable as FairPhone devices, it does have a user replaceable battery. In addition to that it has a four year warranty and a flat flee of $59 for repairs (which includes screen replacements). The hardware specs aren’t great, but they’re appropriate for the asking price of $199.

There isn’t an official LineageOS build for the Teracube 2e, but an unofficial build is available. There is also a development build of /e/OS, which is a distribution built on LineageOS.

I tested /e/OS first, but I couldn’t stream audio over Bluetooth. My Bluetooth headphones would connect to the phone, but there was no way to make the audio play over them. Since I use my phone to play music in my car through a Bluetooth to FM transmitter (my vehicle predates built-in Bluetooth and also lacks an aux input), Bluetooth audio is an important feature to me. Besides the Bluetooth audio issue, I only have nice things to say about /e/OS. It’s worth a look if you’re in the market for a Google free Android firmware.

After /e/OS I installed and tested the LineageOS firmware linked above. So far it is working well. Bluetooth audio works. Wi-Fi calling doesn’t work, but that’s a known issue that is being worked on by the developer (and clearly stated upfront). I live in the middle of nowhere so my cellular signal is crap at best and nonexistent in my basement. But I don’t make many standard cellular calls so I can wait for the functionality to be implemented. I also ran into an issue with the Android version of Apple Music. When I played music through Apple Music, it would begin stuttering horribly after a short while. Everything I’d read online lead me to believe that the Android Apple Music app was a shitshow so I wasn’t too surprised. I installed Spotify and so far it hasn’t given me any issues (I was planning to migrate from Apple Music to Spotify eventually because the latter provides an official Linux app, but that timeline has been pushed up too).

So far my experience, which only a week (hence this post is an initial impression, not a review), with LineageOS on the Teracube 2e has been positive.

The Teracube 2e hardware has so far fulfilled my needs. The device isn’t as fast as my 2020 iPhone SE, but it’s also not as expensive (the base 2020 iPhone SE is twice as expensive). There is 64 GB of onboard storage, which isn’t enough for me. However, it has an SD card slot (a novel ideal that no iOS device has). While the hardware in the Teracube 2e only officially supports SD cards up to 128 GB, I installed a 256 GB card (this one) and it has been working flawlessly (if you want 256 GB of storage on the 2020 iPhone SE, you will have to pay $549). Like the 2020 iPhone SE, the Teracube 2e also has a fingerprint reader that makes unlocking the device faster (but I have my doubts that it’s anywhere near as secure as the iPhone fingerprint sensors).

The Teracube 2e also includes a couple of features that I consider nice bonuses. First, it has an indicator LED. Rather than turning on the entire screen for a few second to show that a notification has been received (as my iPhone does), the Teracube 2e blinks an inoffensive (in other words it doesn’t light up the entire room) white LED. That takes me back to my Palm Treo days (I really miss Palm OS). Another added bonus is the standard headphone jack. You can plug in any set of headphones without needing a dongle.

I’ve only found a few dings against the Teracube 2e. The first and most obvious one is its potato quality cameras. I wouldn’t normally ding a $199 device for having crappy cameras, but there are devices in this price range with better cameras. This isn’t a major problem for me because I only use my phone camera for documentation purpose (for example, taking a picture of wires before disconnecting them). But if you rely on your phone camera for even semi-serious photography, you will find the Teracube 2e lacking.

Another ding against the Teracube 2e is the lack of a silence switch. This is a feature that I fell in love with back when I was carrying a Palm Treo. It has also existed on every iPhone that I’ve owned. Having a simple physical switch on the device that lets me silence the phone is convenient. The last ding against the phone is the design of the SIM slots. Inserting a SIM into the phone is easy. Getting a SIM out again is a challenge. I wish there was an eject button like the one that ejects the SIM tray on an iPhone. This isn’t a major issue though because I don’t regularly insert and remove SIM cards. But it would have been nice when I was switching between the Teracube 2e and 2020 iPhone SE on the first day.

I’ve been getting along well with LineageOS. I haven’t encountered any showstopping problems, which is somewhat surprising to me considering I’m running an unofficial beta build. It doesn’t include Google’s proprietary applications (although they are available separately if you need them), which includes the Play Store. This can be worked around though. First, there is F-Droid, which is a store for open source Android applications. If you need applications from the Play Store (which I do), there is the Aurora Store, which allows you to install free applications from the Play Store anonymously (it might work for paid applications, but I don’t need any of those).

One of my biggest gripes with iOS is that backups require either a computer running iTunes or an iCloud account. I used iTunes running on my 2012 MacBook Pro to perform local backups because I didn’t want to upload all of my data to Apple’s servers. Booting up a computer periodically for a single task is an annoyance. Fortunately, LineageOS solves this by allowing me to backup my phone to my self-hosted NextCloud instance using Seedvault. My NextCloud server is automatically backed up by my backup server so I get snapshot backups using this method.

I enjoyed some conveniences back when I ran both macOS and iOS such as the ability to receive and send text messages from my laptop. I lost those convenience when I moved to a Linux laptop. I’m happy to say that I’m enjoying those conveniences again with LineageOS, KDE Connect, and GSConnect. KDE Connect is an Android application that enables a number of features such as the ability to share a clipboard between a desktop/laptop and an Android device and the ability to send and receive text messages from a desktop/laptop. GSConnect is the GNOME plugin that interfaces KDE Connect on the Android device with a desktop/laptop running the GNOME desktop environment (for KDE users there is an application called, surprisingly, KDE Connect). I ran into a bug where leaving the Run Command option enabled in GSConnect causes the GNOME desktop to freeze for a second every few seconds. Disabling that feature fixed the problem (there is a bug report open about this and I did leave a comment on it).

Overall my initial impression for this setup is good. Google free Android builds are probably the least terrible option at the moment for smartphone users who care about their privacy. There are several Google free distributions of Android to choose from including LineageOS, /e/OS, GrapheneOS, and CalyxOS. The latter two are only support on Google Pixel devices though (technically CalyxOS supports Xiaomi Mi A2, but only for Android 10).