is it worth it?

I’ll try to be objective.

The Pros:

1. Graphene gives you more “control” over your data “out of the box” than any other custom firmware. Yes, you can patch and mod your favorite firmware to your liking, but graphene “just works”
2. It’s rock solid and reliable. It only supports one hardware family. I’ve never had graphene lock-up, crash, camera stop working, etc
3. The installation and upgrading is amazingly easy (compared to other cfw) and streamlined. After the initial setup, it behaves just like any ofw.
4. You’ll see just how much of an intrusive cancer Google has become (Google play has a “feature” where they’ll dynamically load code and try to run it - graphene blocks this kinda crap).
5. Going back to stock Google (with locked bootloader) is rather easy. So you don’t have much to lose (other than a few hours) in trying.

The Cons:

1. Some apps will crash. Graphene hardens how applications behave (in terms of accessing memory, for example) some apps are buggy and will not work. Not many apps (may 1 or 2 out of 30+) but it does happen and you can fittle with the app settings to try to fix it, but it’s tedious through trial-and-error
2. Some apps won’t work, like maybe your bank because it will never pass the “Google integrity” checks. The fear and concern is that more and more apps will start to block cfw. So expect that you might need a second device.
3. Any apps/processes that deal with money (tap-to-pay, Google wallet) probably will not work (again, it fails the “Google integrity” checks).
4. (personal preference) I don’t like the graphene launcher nor their store nor their (boring) default icons. However, graphene empowers you to change/replace all this.

You would need to create yet another version of HTTP to handle that…

We’re going down the rabbit hole, but I’ll play along:

I don’t think we’d need a “new http” version to support this. It could all be done with http headers.

Disclaimer: I’m spit balling here, there are probably more efficient ways to do this.

Anyway, when you go to your bank, included in your banks response header would be a “challenge” (a blob of data in as X-Age-ThinkOfTheChildren-Request).

Your browser would pick this up and generate a “response” and send this as part of all future requests to your bank, like an http-cookie (X-Age-ThinkOfTheChildren-Response).

The “response” was created using the banks challenge plus using the unique age certificate stored on your pc (in your TPM module), which was generated (and “officially digitally signed”) during your initial “age registration process”.

The bank looks at the response, verifies that it was probably signed by the “official age verification organization” (simply using the same technology used to verify ssl certs are valid).

Of course, this entire process depends on a “chain of trust”. The bank needs to trust that you didn’t hack your browser to forward these challenges to another pc. However, this is realistic. As part of the initial age verification process, you can only use “trusted vendors” (ie: Red Hat, Ubuntu) - this means they are required to prevent you from installing “hacked” apps. This could be in the form of preventing certain browser plug-ins and only allowing distro provided versions of your web-browser.

Banks are the slowest companies to handle that kind of modification.

True, but this also depends on the bank. Fintech banks like Revolut were the first ones to start to blocking access to phones that are rooted or running custom firmware (… because they care about security /s)

Most of the effort to implement this will be at the OS and browse level, but this would be a univeral solution. Meaning, it would be trivial for your bank, email service, porn site to support it as it’s simply generating a challenge and verifying the response.

With microslop forcing tpm 2.0 as a hardware requirement into windows 11, all the pieces are in place to pull this off - it just needs the software and the legal requirement.

Back in the day, you went dumpster diving for PC parts.

Now, you just sift through the rubble of data centers in war-torn countries.

“They” have also been trying to prevent consumers/us from taking ownership of our devices and data for the last 2-decades.

… and, ya know what? It’s working.

Because Linux distributions can be created free-willy. Just check out Linux From Scratch, Gentoo, etc. Same with live boot from USB, same with stripped down server distros like Alpine — you have the same issue.

I don’t want to be “that person”, but here’s how it could play out…

The “free-willy” distros would not fulfill the “trust” requirements needed to pass the “certification process”. You can still use them, but think of it like running custom firmware on your cellphone: you’re not going to be able to access your bank, but somethings will still work.

Larger distros (Red Hat, Ubuntu, etc) would pay to pass the “certification process”, but this would come by making certain concessions:

1. The kernel would not be allowed to be tainted. Which means you can only use official kernel modules provided by your vendor (no self-compiling)
2. Certain kernel modules would needed to be removed (or nerfed). For example the Fuse filesystem.
3. You could probably keep root access or at least a nerfed version of it.

Then with theses concessions, your PC world be deemed “reliable” to perform the necessary age verification and have this confirmation passed through your browser to your favor porn site.

I 100% agree. Then there will be different (mandatory) verification services. Some will be paid, but the free ones (ran by Microslop and Google) that will sell all your personal data to their 500+ closest affiliates.

Ultimately, the end game will be certain websites (like your Bank) won’t trust your identity because your using some FOSS verification service and as “they take security seriously” will require you to use MS or Google.

Thanks for the clarification. I had no idea that Lenovo was so fractured. … and I’ll definitely not be buying another IdeaPad.

There’s a difference between ‘repairable’ and ‘upgradable.’

Absolutely! I’ve got a Lenovo IdeaPad Flex 5 (laptop/tablet thingy).

I’ve upgraded/replaced the ssd - no problem.

Unfortunately, this laptop has an issue with the keyboard: the left section/panel intermittently stops sending inputs. Meaning, keys like escape, a, w, shift, l-control - just stop (even in the bios). I’d read that they keyboard “collects” static which causes problems with certain sections of the keyboard.

I thought I’d see how difficult it would be to replace the keyboard. I watched a teardown video, and of course you need to remove everything… but I lost it when, the person in the video used a heat gun to melt “plastic rivits” that connected the keyboard to the motherboard case. Then with the replacement keyboard needed to remelt the plastic rivits.

This laptop is not repairable. In fact, I swore I’d never buy another Lenovo again as a result. … but if their focus is on making them repairable (and their recent partnership with GrapheneOS edit: oops, that’s Motorola and GrapheneOS) - I might be eating crow tonight.

Thank you for the well thought out response.

Plastic caps/lids make for the 2nd most common item (by count)…

I know you didn’t create this data, but wouldn’t “by weight” or “by volume” have a more meaningful impact on reducing the amount of plastic in our oceans?

I feel like it’s like going into an ice cream shop and claiming that “sprinkles are the most common thing being sold, by count.”. Yeah, it is but it’s dwarfed in comparison to the volume of ice cream being sold.

They’re [the caps] also much easier to lose, when not attached.

I’ll certainly give you this. If I’m on a ship, with an open plastic bottle and a gust of wind comes along. It’ll certainly blow the cap into the ocean before I’d lose my bottle.

On the other hand, I’m currently in a land-locked region - so the chance the wind will blow my cap into the ocean is low.

I did a bit more homework, which gives me a bit of a reason to pause. According to The Ocean Cleanup Project:

1. There are two classifications: plastic that washes up on (or near the beaches) and plastic in “the rest of the ocean”.
2. Plastic closer to the beaches is “higher” (in volume, but it’s unclear exactly how much) than plastic in the middle of the ocean.
3. According to this study, most of the plastic in the ocean comes from nearby rivers and streams. The study has also identified 1000 streams that contribute up 80% of the total plastic that washes up on beaches.
4. 80% of the plastic “floating in the middle of the oceans” consists of fishing equipment.

Other thing to note (from the link above):

If we take a PET bottle as an example; it is likely to sink as it fills up with water, but the cap, which is made of different type of plastic (HDPE), will stay afloat for much longer. High-density polyethylene (HDPE) products are most likely to travel long distances.

So, I guess the intention behind the tethering is that the PET bottle will sink, taking the cap with it, which means it won’t travel as far to get into the ocean (but is still sitting in in our waterways).

(rubbing my temples)… this seems like a really convoluted way to “fix” the problem and will only mitigate the issue, if you have these tethered cap near these 1000 rivers.

I’d like to up you one on this and include the EU law requiring soda caps are tethered to bottles.

From the link:

The European Commission estimated that plastic caps and lids represented around 13 per cent of plastic marine litter caught in the nets of fishing vessels between 2011 and 2017.

I don’t understand where this number comes from, but it seems suspicious. Does the mean people properly throw the bottle away and just say, “meh, I’ll go out of my way to throw the just the cap into the ocean” or does the bottle “breakdown” (into microplastics) at a different rate than the cap? If so, then having them tethered won’t change anything, right? Or maybe this is just some “feel good number” to make government officials feel like “their making meaningful change”, without actually changing anything.

Having Teams remind you that, during session recordings, your video and what you say can be used by Microsoft for whatever purpose they want, including (but not limited to) training AI.

This wasn’t the line that was crossed? Seeing/hearing your likeness in the next generated AI / copilot commercial, because you needed to consent in order to work. This is “fine” /s

… but having Microsoft know that you’re answering Teams messages while on the toilet… yeah, that’s where “the line gets crossed” (eyeroll)

We need to wake-up and drop this technological cancer.

edit: a word