pranqster

Yeah, updating every 3 years is not something that everyone can afford. Newer Pixels are up to 5 years of security updates, though. Hopefully they can keep pushing this limit.

Yeah, I totally hear that as well.

The reason that Graphene doesn’t do this is because the device is no longer receiving upstream security patches for firmware, bootloader, etc. If all you care about is privacy and simply having a deGoogled device, then by all means. But, security-wise, you are potentially running a vulnerable device. ROMs like Lineage and Calyx continue to roll the security patch counter, but aren’t actually able to apply patches to those components. Security-wise, microG is also not an implementation I would recommend. Thus, Graphene is probably the only one I would recommend.

I’ve been using Knoppix for this purpose for like the last 2 decades.

Brave uses Chromium code, but it is not a Google product. And I believe you are conflating security and privacy. The Chromium codebase is in fact more secure than Firefox in many areas. There is only so much hardening you can do security-wise before you are limited by its codebase. From a privacy perspective, though, you can definitely make the argument against Google. Brave, however, removes/replaces most of the Google stuff.

There are a couple of reasons. For starters, the applications and all of their files/dependencies are contained in a single location, making them easier to manage/remove and help avoid any dependency hell. They’re distro agnostic, which makes it easier for developers and distro maintainers to troubleshoot. The applications are also somewhat sandboxed, which essentially doesn’t exist otherwise on any distro. Not a perfect solution by any means, but I install all of my main applications this way. Permissions can be further tweaked/restricted with Flatseal. Only thing I’d be wary of is installing any Chromium-based browser this way as it replaces Chromium’s layer-1 sandbox with Flatpak’s, which is inherently weaker.