Imagine a day without dozens of geo-tagging cameras, wide spectrum microphones, and micro-location sensors monitoring everything that you do.
Imagine books, maps, and dictionaries made out of paper instead of super-retina displays. Imagine relationships made out of heart-beating humans instead of Tinder scam bots.
Believe it or not, all those radical things are still within reach.
Want more privacy? Then do more of what humans do. Human nature is naturally private.
But I digress. This is an article about phones. So let me start again with a humble caveat.
I’ve learned a thing or two about privacy over the years, but I’m no expert. This article may have inaccuracies and omissions. You may not like my views on some things. If that happens, don’t get your panties in a twist. Email me and change my mind.
Back to the question at hand.
How can we reclaim our privacy in a world that’s drowning in smartphones?
In theory, it could be as simple as getting rid of them, right?
But simple doesn’t necessarily mean it's easy. To survive and thrive without a smartphone you probably need to:
Live in a non-Westernized location. Billions of people are still unbanked in the so-called developing countries. Entire economies still run on cash. You can function in those worlds the old fashioned way. Even without Apple Pay.
Live away from big cities. Smaller towns and villages are easy to navigate and get to where you want to go. Even without Uber.
Have a fixed home base, so you can know your terrain and remember where everything is. Even without Google Maps.
If you meet these criteria, you can, and should, live without a smartphone. Keep a dumb-phone handy for emergencies and if you’re serious about it all, get a ham radio.
As it stands, however, the vast majority of people are beholden to their smartphone: their public transport needs contactless payments, their supermarket needs QR codes, their bank is mobile-only, and the vast expanse of their city needs Uber and Google Maps.
A smartphone is the price of admission to some parts – the ugly parts – of modernity.
So, if using smartphones is a necessarily evil, is there anything – anything at all – we can do to protect our freedom and privacy?
That’s a simple question, isn’t it?
See, most people out there are busy running their lives. They don’t have the time or inclination for technical deep dives. They just want simple answers.
The emergence of privacy phones is just that: a simple product in response to a simple market demand. But before you reach for your wallet, please understand:
A privacy phone won’t move the needle for you.
Not if you are on Facebook, Google, Instagram, Whatsapp, TikTok, Tinder, Uber, and so on. It really won’t.
Here is what a privacy phone is not: a magical solution to privacy.
“Okay, okay, I get it. Privacy phones are not a panacea. So what on earth are they good for?”
Glad you asked.
The makings of a privacy phone
Privacy phones are for those who are aware of what smartphones truly are: a rug-pull; a Trojan horse; a pill of tyranny, sweetened with some trivial utility for the unwashed masses. Yes, they help you order pizza, find a date, and pay at the supermarket, but all those niceties are nothing but cheese on a mouse trap.
The singular goal of smartphones is to track, monitor, and geolocate you 24/7. Airplane mode won’t help. Switching it off won’t do much either – no wonder you can’t remove the battery, right?
What privacy phones attempt to do is relieve those problems. Remember, they don’t solve them; at best, they mitigate them. Surveillance is a symptom of tyranny. Tweaking our smartphones is not gonna fix tyranny – just sayin’.
Ok, with our expectations set, let’s take a closer look at 3 types of privacy phones.
1. Disposable “whatchamacallit” handsets
Just walk into any physical store and buy an old smartphone. Switch it on, avoid logging into any accounts and you’re good to go.
“Wait a minute,” you say. “That doesn’t sound like a private phone.”
Hear me out.
Anonymity is way more important than privacy. Why? Because no product or app can guarantee your privacy. Indeed, privacy is compromised all the time.
Privacy breaches often happen under the guise of innocent software bugs that expose unintended yet very convenient backdoors which are exploited well before those bugs are discovered. It’s called plausible deniability and your favorite privacy tech is not impervious to it.
Don’t believe me? Just follow the money.
Many privacy projects are funded by the very entities they claim to protect us from. All you need to do is click on their funding page and keep pulling the string of convoluted foundations and non-profits. It’s all about human rights, until it isn't.
In any case, privacy is at best elusive. Anonymity, on the other hand, is under your control.
As long as you don’t tie your real identity to anything you do on that phone, then any privacy loss is not a showstopper. And because you are using old, second-hand handsets, they are semi-disposable too.
Which brings us back to the advantage of anonymity over privacy. The former can be achieved for free; the latter not so.
Privacy may require tools, and money to pay for those tools even if they don’t work. Anonymity is different.
You’d be surprised at how far you can go without logging into any account on a smartphone. The iPhone comes pre-installed with Maps, Safari, and Camera, all ready to go without an iCloud account. On Android you can download software from alternative app stores. You can even sideload the installation files yourself.
And guess what: WiFi may be all you need. SIM cards are entirely optional. If you need it, however, you can get cellular service anonymously too.
In some parts of the world you can still buy prepaid SIMs without an ID. If that’s not an option, you can use eSIM services like silent.link. And if all you need is a number to activate an online account, you can get one from services like textverified.
Again, the entire premise of disposable handsets relies on using them anonymously. If you cannot do that – for example, if you need a banking app – then the calculous changes.
In the absence of anonymity, anything you do on and around your phone is tied to your identity. All you can do now is keep your activities as private as you can. If I was to use a real world analog: Your home address is now public, all you can do is close the curtains.
Keep reading to find out how.
2. De-Googled smartphones
For a phone to qualify as private it needs to rid itself from the constant tracking that happens in the background even when the phone is at rest. The only way to achieve that is by replacing the operating system. You cannot do that on an iPhone because, in typical Apple fashion, changing the OS is verboten. What we’re left with is Android phones, and that’s okay because there are billions of them out there.
Now, the reason why it’s even possible to de-Google an Android phone is because the foundation of its operating system is free and open source. If someone wants to build a derivative of Android, they can just reuse its existing code and tweak it as they see fit. From all this tweaking emerged a handful of operating systems (forks) that anyone can download and install on their handset.
The handset that is most compatible with those forks is – quite ironically – Google’s very own Pixel. The rationale being that those devices have additional hardware features that make them more secure than other phones.
I remain skeptical.
First, I really don’t want to spend my money on Google. I don’t trust them and I don’t want to feed the beast. Second, Pixel handsets are not exactly ubiquitous. Depending on where you live, your only option may be ordering from Google, eBay, Amazon and other big retailers. You can’t just walk into a store and ask for a Pixel.
On that last point, it's worth mentioning that a fringe industry of small, boutique providers has recently sprung up (check out Above.phone, and Mamushi for example). Those companies will, at the very least, de-Google a handset and organize a nondescript delivery to your doorstep. As you’d expect, most of them accept Bitcoin or Monero. And if you want something even more low key, then scour Telegram groups long enough and you will find enterprising folks who can sort you out for less. Your mileage will vary.
Okay, I hope you’re getting warmed up because we’re about to fall deeper into the rabbit hole. It’s time to take a look at the 3 types of privacy OSs you can run on your phone:
The “no-compromise” option: GrapheneOS
GrapheneOS doesn’t take any prisoners when it comes to privacy. As a result, some mainstream apps won’t work on it.
Your dating app relies on Google services to geographically match you with other dates. Your banking app relies on Google services to send you notifications. So does your messaging app. Indeed, Google has a symbiotic relationship with much of the app ecosystem. Getting rid of that is not easy or convenient but that’s precisely what GrapheneOS does.
Out of the box, GrapheneOS comes with a bare minimum of pre-installed apps. It doesn’t even have an app store. Why? Because convenience comes at a cost, even if that cost is not obvious.
The makers of this OS understand what’s at stake here, and because they do, they embody an uncompromising and perhaps even adversarial posture in everything that they do. This seemingly rigid approach has turned off some users and advocates over the years.
But it is warranted.
Why? Because this is war and there is nothing friendly about war. Pardon the dramatic language, but would you measure the effectiveness of a guard by how “nice” they are? Sure, they may appear intimidating but that’s intrinsic in the masculine “protector” edge of those who embody that role. If anything or anyone whose job is to defend you starts behaving all friendly and flowery all of a sudden, turn the other way and run, for it is them you need to defend against. History demonstrates as much.
Before we move on, I want to reiterate that GrapheneOS only works on Google Pixel phones. I've been using it on a Pixel 3a for several months now, and it's been smooth sailing from day one.
The “easier” option: CalyxOS
CalyxOS is similar to GrapheneOS in that it only works on the Pixel phones [1]. But the similarities end there.
As I see it, CalyxOS is the antithesis of GrapheneOS.
Where GrapheneOS comes bare, with almost zero apps pre-installed, CalyxOS offers to install dozens of them right at the get go. Where GrapheneOS has restrictions, CalyxOS offers workarounds, giving you access to almost all the apps you’d ever want. And where GrapheneOS may be seen as antisocial, CalyxOS is more welcoming.
This disparity in ethos spills over into their respective websites.
The GrapheneOS pages are stark and brutally minimal. In them, you’ll find all the detail you’d ever need, outlined in unapologetically technical fashion. CalyxOS, on the other hand, has colorful illustrations, bold fonts, and prominent calls to action. Their documentation is in the form of FAQs, organized in clear, easy-to-find sections, but they avoid getting into the weeds.
Let’s discuss features for a minute.
What stood out the most when I installed CalyxOS was its built-in VPN service. I was impressed for two reasons. To begin with, it felt like it was integrated into the phone, connecting and disconnecting so seamlessly you could forget it was there. Ideally, that’s how you’d want a VPN to be: effortless.
And free.
What? Yes, believe it or not, CalyxOS comes with a free VPN (two of them actually).
But wait, there is more.
CalyxOS plays nice with most of the apps out there. This is achieved via an optional 3rd party interface that connects to Google services in a way that circumvents much of the tracking. Why not use Google’s mapping and notification services, for example, if we can do so with more privacy? It’s an accommodation many users will appreciate.
What's more, CalyxOS has a small performance edge over GrapheneOS. It has to do with security. CalyxOS inherits the Android security model as is. GrapheneOS adds some extra protections which come with a small overhead. I haven’t noticed a slowdown on my Pixel 3a, but others have.
All in all, CalyxOS seems like an offer you can’t refuse. Getting up and running is a walk in the park, it’s compatible with most of your apps, it has a free VPN that just works, and it’s a bit faster too. CalyxOS makes privacy seem like an effortless and fun endeavor.
But there is a catch. Because the cliché is probably true:
There is no such thing as a free lunch.
“Free” and “easy” are not the first words I’d associate with tools that protect me from trillion-dollar corporations and 3-letter agencies. See, I am not comfortable with the idea of a free VPN because I know that VPN services depend on expensive servers and costly upkeep.
I am not comfortable with the idea of “you can have your cake and eat it” when it comes to allowing Google services on a privacy phone. Also, I don’t know what to think about a “de-Googled” project that receives “in-kind donations of free advertising” from Google.
Bottom line is, if you find the convenience of CalyxOS features compelling, chances are a privacy phone won't move the needle for you.
The more you learn about privacy, the more you wake up to the inherent futility and diminishing returns of privacy tech in general. But if you do all this work and still feel you need a privacy OS for your Pixel, then GrapheneOS is the better option.
The “off-the-shelf” option: LineageOS
Relying on a single provider for anything remotely important is a single point of failure.
What happens if my Pixel phone breaks? Can I walk into a local store and get another one? Not really. Unless you live in close proximity to a US Walmart, your only option is to order it online.
This is a red flag.
In a world where supply chains are morphing into choke-points of control, the only way to build resiliency is by sourcing things locally. There are more phone stores than fruit shops here in Latin America, so you’re never too far from a second-hand Android unit. There is great freedom in that.
You cannot install CalyxOS or GrapheneOS on those phones, so this is where LineageOS comes in.
It is not the most feature-rich option. It is not the most private or secure option. Installing it is not that easy either. But what it has going for it is enough to overlook those shortcomings. LineageOS is compatible with many of the Android phones already out there. You could try this right now with an old handset lying around in the drawer.
As supply chains continue to deteriorate, LineageOS will attract more and more users.
3. Specialty hardware
Let’s take a minute to recap.
We began our journey by replacing all big brother apps with free and open-source alternatives. Then we went one layer down and replaced the operating system with one that doesn’t call home all the time. Are we good now? Have we attained privacy yet?
Not really.
Even though we cleaned up our software, nothing has changed about our hardware. Nothing.
You think you can be 100% private on a device chock-full of black-box electronics designed by Google, Samsung, and Xiaomi, and manufactured by suppliers in foreign jurisdictions? Think again. There is no such thing as 100% privacy.
Or is there?
Well, some newer entrants have taken it upon themselves to re-design the entire gizmo, starting from the hardware and silicon.
Take the Librem 5, for example. It has kill switches which mechanically power off the camera, microphone, and all wireless. It has a user-replaceable battery, and they have even launched their own SIM card to mitigate all the tracking done by Telcos. Finally, they offer a USA-made version of their phone. Its pricier, yes, but onshore manufacturing sidetracks any and all supply-chain vulnerabilities, and it scores higher on ethics.
You won’t find those features on conventional phones.
All this sounds compelling – I’d love to get my hands on a Librem one day – but there are significant caveats to building a smartphone from scratch. To begin with, the operating system on those phones is not compatible with Android and iPhone apps. And the question is, why would an app builder devote expensive developer hours on such a niche platform?
This lack of apps will eventually be resolved, as and when adoption increases. What is harder to fix is their supply chain challenge.
Small companies like Purism are competing against behemoths like Apple for access to a seriously crippled supply chain of electronic components. Trillion-dollar companies can absorb those challenges but smaller ones struggle. This leads to very long lead times and higher, much higher, price tags.
Speaking of which, I do not mind higher prices and here is why.
Over the last couple of decades consumer tech was deceptively cheap. It was cheap because of companies like Apple, who killed domestic manufacturing and outsourced the karmic debt of slave labor and earth-mineral depletion to other countries.
To give you an indication, the USA-made Librem costs $800 more than the conventional model. Only difference between the two is where they were manufactured in.
If smart devices were not so deceivingly cheap, they would not have permeated so deeply into society, and, frankly, we would all be better off.
So, no, I don’t mind the higher prices. Their supply-chain reliance, however, is a showstopper. The litmus test is, how quickly can I replace it when it breaks? In the case of specialty hardware like Librem, the answer is several months.
I wish those hardware solutions had launched many years ago, giving them time to find their audience and scale up production. Alas, here we are in 2022 with a full-blown Orwellian dystopia on our hands and no meaningful hardware tools at our disposal.
Given the worsening trend of global supply chains, I don’t see solutions like these playing a big role in the foreseeable future. I’ll be watching the space nonetheless.
Bottom line
Before you spend your hard-earned cash on privacy phones or any privacy tech for that matter, here are some general principles to consider:
Simplicity: Legendary investor Charlie Munger (Warren Buffet’s partner) is known to have said: “The best way to be smart is to not be stupid.” If you want to improve your privacy then don’t succumb to the impulse of acquiring something, an app, phone, or gizmo. And know this: A phone-free life is 100x more private than a life with a fully specced privacy phone.
Prudence: Most privacy-tech is not to be trusted. They are marketed in a way that creates a false-sense of security to their unwitting users. Don’t trust before you verify. And if you can’t verify, don’t trust.
Effort: Privacy is freedom. It cannot be granted by 3rd parties, governments, or privacy tech outfits. It takes work, so do the work, because your freedom depends on it.
Pace: Investing in a privacy phone is not the first step towards privacy. Not by a mile. Start with the obvious: disentangle yourself from big tech, leave the phone at home if you can. And take your time. Privacy, like freedom, is a practice, not a purchase.
What started as a personal journey for me, is now morphing into an urgent communication push. To be honest, I can’t produce this content fast enough.
The war we are in right now is not kinetic. Rather, it’s an all-out information war. It works like this:
Misinformed people act at their detriment. Why invade a country when you can poison the decision-making and meaning-making systems of their population?
We may not be in conventional warfare but the stakes have never been higher. As such, improving our privacy is not a hobby but a defensive move. Act on it.
Okay, time for some housekeeping.
Can you think of someone that may find this article interesting? Why not forward it to them? Better yet, why not post it on your social media page? Help me spread the word.
And if you enjoy my work and get value from it, you can buy me a coffee or send me some sats.
CalyxOS also works on Xiaomi Mi A2.
/e/ should be mentioned in this context: https://e.foundation
It is also completely de-Google'd but comes with a convenient app store that allows to download lots of apps anonymously.