I’ve just "finished" (as much as it can be finished) a project to migrate out of the Apple ecosystem. I’ll share with you the why and how, what I gave up, what I gained, and what privacy really costs.

How I got here

Apple has lost a lot of luster for me in recent years, for many reasons I’ll leave to your imagination and for others I’ll describe here. I recently made the decision to exit the ecosystem, nearly all at once. I had an iPhone 13 and an M1 MacBook Pro, so I probably could have stretched another 4-5 years of usable life out of my Apple devices.

That’s generally not how I do things though. I’m not interested in watching the sand fall through the hourglass, hoping the last grain lands at the moment the planets align for me to make a change. I prefer to get ahead of it, figure out what’s next for me, and get there so I can get back to doing the things I want to do.

Aging hardware is just one small reason I’m ready to change. I’ve become more aware of how invasive and destructive surveillance capitalism has become in modern life. That’s impacting me right now, even if I only see the effects of it on my psyche. That’s the most sinister aspect of surveillance capitalism: if it works well, you’ll be exploited by it without even knowing it.

I started waking up to Apple’s role in this due of their lip-service privacy commitments and ads. For a while, Apple looked like a privacy champion when they were pissing off Mark Zuckerberg by breaking (some of) Facebook’s privacy violation techniques. They didn’t wait long though before they revealed why they were so concerned about your privacy: they didn’t want other ad companies invading your privacy because they wanted to make the money doing that themselves. Apple is the big brother who won’t let bullies beat you up at school because he’s going to do it when you get home.

I had already stopped buying new products from them. I had stopped updating my OSes because the new features are for them, not for me. I was still being subjected to their surveillance though. Those aforementioned factors and the fact it was starting to become time to think about replacing my batteries (both phone and laptop) had pushed me just past my tipping point.

The replacement computer

But what about my computer? It’s got a ton of cycles on it, but the battery still lasts as long as I would need it to. Flagship phones are fairly similar these days in terms of hardware so that’s an easy swap if you’re ready to learn new software and leave the old ecosystem, but the same can’t be said for the computer. There’s really nothing comparable to my 4-year-old M1 MacBook, even today. I can get the performance, but the battery life will suck and the fans will be loud. I can get the battery life, but I won’t be able to run comparable workloads. No matter what other compromises I take, the build quality won’t be as good.

No, I didn’t find the holy grail Linux laptop that was as good a MacBook Pro, but I’m happy with what I ended up with. I’ll tell you all about that in just a minute, but first, here are the options I didn’t take.

• I had already made my decision on Framework until they aligned themselves with politically problematic projects. They weren’t able to, to my satisfaction, thread the needle and convince me that they were both apolitical and extremely political at the same time. The prices of their laptops only make sense on the basis of the embedded politics of their repairability, but they are somehow otherwise blind to any political stances of the projects they support? C’mon, folks. You can’t have it both ways.
• I really wanted to support a company that built for Linux exclusively, but the user testimonials I found were all over the place. (Sorry I didn’t save those, but search for people’s experiences with System76, Tuxedo, and others like them. I’m confident you’ll find the same.) Half of the users were coming by to say everything worked almost perfectly and support was amazing for everything that didn’t. The other half were coming to say that they got a lemon and support was slow and ineffective. I wasn’t prepared to roll the dice.
• Reddit would have you believe you’re an absolute fool if you buy anything for running Linux that isn’t an old Thinkpad. I had one as my job-issued machine back when I was in IT for a public school system making peanuts to prop up ancient Windows 98 labs. They remind me of that time, but also they’re just so boring. I get that’s part of the appeal, but it just isn’t for me.

It was at this point in my research that I stumbled into some novel options. The AMD Strix Halo platform offered some similarities to Apple Silicon. It has similar qualities to even the later Apple Silicon system, so it would have easily outperformed my M1, which is the benchmark I’m shooting for because honestly, it still does everything I need it to.

ASUS has the ROG Flow Z13, which is a gaming tablet intended to run a full desktop operating system. As cool as it looks, I decided against it because I do think I want the laptop form factor. HP has a ZBook Ultra G1a on the same platform. Both of these systems can game, which was appealing, and both can be specced with a monstrous 128GB of RAM (which, I guess, is apparently worth about as much as a car these days 😅).

When I bought my MacBook Pro, I went way overboard and got almost the top spec they offered. That’s why it’s still more than I need, and I decided this time to reel it in. My general philosophy is to buy the thing that serves 95-98% of your needs and not to try to hit 100%. This was the perfect opportunity to practice what I preach. Besides, I just can’t justify $3-4k on a system nowadays as I’m in a bit of a career slump. Skipping Strix Halo did, however, lead me to another option.

I’d been reading about another HP system with great Linux compatibility on the Intel Lunar Lake platform. The Core Ultra 9 288V outperforms the M1 by a fair bit in some of the synthetic CPU benchmarks and it’s about 90-95% of the way to the performance of the newer M3 on those same benchmarks, so it should be more than good enough for any software development or other tinkering I want to do over the next few years. It’s 80% of the M5… but it’s also a quarter the price of my M1 MBP when it was new (and presumably of a similar replacement). Battery life is great compared to other CISC CPUs, even though it’s still not as good as the Mac.

Those traits together are how I ended up with my Omnibook X Flip 16. (Are any members of congress reading this willing to sponsor legislation to limit the number of characters and spaces in these model names? Holy crap, they’re so bad. 🤦‍♂️)

New laptop compromises

You can feel the difference in build quality. HP tells me the chassis is made of recycled aluminum, but my hands are desperate to convince me it’s made of plastic. Not the rough, hollow-feeling plastic of a Thinkpad but still plastic.

Now, tell me if you’ve heard this one before: Mac trackpads are very good and the HP trackpad isn’t as good. It feels fine, but it doesn’t work as well. The palm rejection doesn’t always reject my palm. (It had one job.) Multitouch doesn’t always track fingers so good. Maybe this is mostly software. I don’t know. I just know it doesn’t feel great, but it’s serviceable. The keyboard is similarly annoying, with very little travel and a space bar so loud you can’t really use it next to someone who’s trying to sleep. It still gets the job done though.

The absolute worst thing about the computer, with a bullet, is the audio. These speakers sound like I’m listening to audio on a VTech "laptop" I bought for a three-year-old at Target. The gap is enormous — so much so, I broke down and bought a little $100 Marshall Emberton II stereo bluetooth speaker I plan to just tote around with me in the event I need to listen to something.

Thermals are different. The computer is generally quiet and cool, but occasionally the fans spin up and the chassis gets warm, and for no apparent reason. It never gets as warm as my MacBook at its warmest, but the chassis itself is the heatsink there and the fans are never really audible so it makes some sense.

Software comes with compromises too. Obviously, your macOS software is off-the-table. The only thing I really can’t replace is the Affinity suite. I think there are ways to run the Windows version on Linux, but I don’t need it often and haven’t needed it yet. When I do, I’m going to give GIMP a spin and see if I can make it work.

Final Cut Pro is off the table, and DaVinci Resolve has been a problem for me under Linux in the past due to NVIDIA on a different machine. I found I like Kdenlive quite a bit though, despite it being a little grungy to look at. I could name a dozen or so other apps that are not quite as good as what I was using before but the gap isn’t wide enough for it to really matter.

The biggest software compromise is the macOS attribute I mentioned way back at the start: the ability to skip tinkering in favor of working. Both Apple and developers who write software for macOS seem to have a focus on selecting good defaults. This is subjective so I’m not going to try to "prove" it since that concept doesn’t make sense here. I will give you this one example of what I mean.

My macOS video player has a UI that stays at the same scale, as you might expect, without regard to the window size. MPV on Linux has a UI that, baffliningly, scales with the window, and it launches by default in a tiny window. This means that, in order to go fullscreen with my video after the player launches, I’m having to raise my mouse’s DPI like I’m trying to line up a cross-map headshot in Facing Worlds or something.

In order to make this usable, I had to find the exact combination of configurations (just a single setting won’t do) in a text-based config file that would keep the UI at the same scale. I then found the settings to change the default window size from 320x240 or whatever the wacky default was. I love that I was able to configure these problems away, but I hate that I had to. Linux gives me so much more flexibility to tinker and then puts a gun to my head telling I’ll take advantage of it or suffer. It didn’t have to be this way, but it is.

New laptop advantages

Sometimes though that flexibility does work out to a net advantage where my needs are esoteric or where, on another operating system, I just wouldn’t be given an opportunity to fix a problem I’m having. In some cases, the opportunity to fix may actually be present outside of Linux but I’ve been conditioned not to look for it… or maybe it’s just that I’ve been conditioned to always look for it in Linux. Some examples:

• I installed the LTS kernel when my computer started, rarely but still annoyingly, rebooting spontaneously while I was working. (OK, it only happened once, but that’s once more than I wanted it to. 😅)
• I used keyd to do the keyboard shenanigans I do with my dual-repurposed capslock key, and that now works more transparently than any solution I’ve used on any other OS.
• I brought my beloved three-finger drag over from macOS via a wonderful script.
• I swap out the hosts file on my computer. When I’m connected to my home network, it points two key domains to services on my home network. This is already done via my self-hosted DNS, but that is bypassed when I’m connected to my VPN which imposes its DNS servers. This solution allows me to access those services properly while on my home network without having to toggle my VPN on and off.
• I used systemd-inhibit to keep the screen alive while KOReader is running even though the built-in setting in the app apparently doesn’t work, maybe because of Wayland?

Speaking of KOReader, my laptop can now function as an ereader! Sure, nothing was stopping me from loading up a book on the MBP (and I did do that), but the "Flip" in this system’s convoluted product name means that it is a 2-in-1 laptop, which is further marketing speak to indicate it doubles as a tablet. It’s a feature I didn’t go looking for, but it’s one I really appreciate since it can now replace my iPad as well. It is comically large for an ereader, but it works really well! I’m also running KOReader on my phone (which I will share more about later), and they sync progress via my self-hosted KOReader syncing server. Works flawlessly so far, and I’m reading even more than before.

It’s heavy for a tablet, but it’s actually about a half pound lighter than the MBP, which is an appreciable difference.

Maybe the biggest upgrade for me is that, even as much as macOS was just pretty, buttoned-up Unix, on rare occasions that buttoning-up meant things that worked on other Unix wouldn’t or not as well. Docker is the poster-child example here where on macOS Docker needs to run a whole VM in the background to do its thing, and you can feel that in the resource usage. Now I can do everything just like the other nerds do it.

Did I say that was the biggest upgrade? Maybe that’s true in terms of persistently visible user experience, but in terms of peace-of-mind, the biggest upgrade by far is being on an OS not driven by surveillance capitalism. Rushing around in macOS and Windows (on the rare occasions I’m forced to use it) to disable surveillance anti-features even as I know full well they had already gobbled up everything they can currently know about me in the 50ms after boot is a bad feeling. Knowing the next update will hide another dozen opt-out-if-you’re-lucky anti-features is one of the primary drivers for switching in the first place.

Ultimately, I haven’t found anything yet that I want to do but can’t. Most things I can do better. A few I can only do worse, but I can do them. The same can be said for my phone, although that required a bigger philosophy shift.

The replacement phone

The decision on my phone was much more straightforward. I wanted the most private and secure OS I could get while also maintaining usability. Based on my research, that meant GrapheneOS on a Google Pixel. I didn’t want to give Google money or data because that would be counter-productive. I also want the newest phone I can get because, as with first-party phone OSes, phones stop getting updates as they age. This worked out nicely because the Pixel 10s are relatively new and Graphene support hadn’t quite been ironed out yet when I was looking. This leaves the Pixel 9 as the newest I can buy, and they’re old enough that the second-hand market is relatively healthy.

I picked up a Pixel 9a on eBay. Actually, I started with a Pixel 9 which I returned and swapped for a 9a. (Through this process, I learned there are two levels of unlocking: carrier unlocking and factory unlocking. In that initial Pixel 9 purchase, I got one where, for Graphene and to be able to move freely between carriers, I would need both.)

The transition has been remarkably smooth, but let’s first look at the compromises.

New phone compromises

That philosophy shift I mentioned earlier? It actually started a while ago when I first decided I was fed up with Apple. Actually, it may have started even years earlier when I switched to a fully metered cell phone plan. For most people, the cell phone is the primary computing device. It was never that for me, but it had a larger role than it would settle into later. I was streaming music and occasionally video. Then, when I switched to Ting (I’m now on Mint.), I dramatically cut my data usage, and dropped my bill for two phones from $135 a month with Verizon down to $20.

I derived a lot of satisfaction from knowing that I would pay only for what I was using on a given month, so there was an actual incentive to reduce, unlike a traditional plan which only punishes you if you can’t guess your usage and never rewards you for using less. My current plan is slightly more traditional but still shares attributes of the pay-as-you-go plan: it gives me a very small allotment of data and allows me to pay more to top up. The new habits I built on pay-as-you-go stuck, so I’ve never needed a top-up.

That means that most of my media usage on the phone is either local or on wi-fi. This already reduced my dependency on several apps I would have needed for streaming. On top of that, I started to wake up to the fact that doing anything of substance on my phone hampered my effectiveness. On top of that, it felt miserable and cramped. So, I basically stopped doing it. Now, I use my phone for communication, navigation, and some very light media consumption on the web, Mastodon, and Lemmy, along with a few select apps.

When I saw how Apple was abusing user trust to create an invasive ad monopoly on their platform, I further scaled back my phone use and eliminated even more apps. Mobile gaming was off the table for me (It was already in the toilet, but I made occasional exceptions.), and I got rid of everything I didn’t rely on.

All of that paved the way for me to be content with just about anything that would give me the privacy I wanted and those few core functions, so my list of perceived compromises may be smaller than a typical user’s. Here’s what I’ve noticed:

• I miss biometric unlock, and I kinda hate to miss out on a return to fingerprint unlock over FaceID, which I didn’t love. This is entirely self imposed. I guess all of these compromises are really, but this one isn’t imposed by Graphene. Graphene supports fingerprint unlock, but I have heard that law enforcement can force you to use a biometric unlock where they can’t force a PIN unlock. In pursuit of the greatest level of privacy, I’ll set up only the unlock method that affords me that. I do worry about my PIN being captured on a surveillance camera, but I’m not sure what to do about that. I think it’s less likely someone will be able to use that against me than force me to use a finger to unlock.
• I have decided to silo most proprietary apps into their own profiles. As you might imagine, this is inconvenient. Again, it’s entirely self-imposed. Graphene does not enforce it. The most inconvenient thing is that I don’t see notifications from those apps. Fortunately, they’re apps I don’t particularly need notifying me. I can check in once or twice a day, and that works perfectly well.
• I’m not sure of the ideal way to get apps. There are many stores and other non-store options. The OS doesn’t really walk you through any one of them or have an article where they recommend a best practice so far as I know. It would be nice if they did. As it stands, I’m just doing what I think is right and hoping for the best. (It does have an official store, but it only contains the bundled apps.)
• I excitedly installed an app that would let me run timers from the… control center? Not sure what it’s called. It’s the thing that drags down from the top of the screen. Anyway, those timers only work on Graphene when the phone is unlocked. I assume this is related to the feature that hides sensitive notifications, but I’m not sure. (You may notice that I don’t know which OS features are coming from Graphene and which are native to Android since I’ve never used Android in any other context.)
• Because you have so much control in Android, you can do some really messed up stuff and introduce a lot of jank. I’ve added an app called Lockscreen Widgets that does exactly what it sounds. Configuring it is very fiddly. I can place widgets anywhere on the lock screen. They can flow off the screen, overlap other elements or each other, be oddly aligned against themselves or other elements… I can commit all the design crimes I want with no enforcement whatsoever! Even when I do it "right," it’s a little weird. Widgets sometimes don’t appear when they should and other times they flash onto the screen after other elements have appeared. But it’s all worth it because the functionality it gives me is incredibly convenient. I get to make that call whether I’m willing to pay the jank tax to do what I want.
• It can be a bit of a puzzle getting some apps to work. Banking apps are particularly fraught since security theater says you’re safer if you’re in Google’s walled garden. Fortunately, this doesn’t apply to any of my banking apps, but I have to be aware that one of my banking apps could suddenly break. If I want to use a new bank, I need to make sure to check to see if the app works or if I can do everything I want to do via the web site. (Depositing checks seems to be a common sticking point.)

and the biggest compromise of the new phone:

• Navigation sucks. I’m sure part of this is my fault. I’m not entirely clear about all the various location service options and their implications.

I’ve tried my best to set up something workable with CoMaps. I tried to use it recently for the first time for walking directions (which is my favorite and most-used mode of travel), and it seemed to think I was several blocks away from where I was. I tried to trust it and turned around before realizing I actually hadn’t gone far enough. I frequently walk places I’ve never been to before, so navigation is pretty important to me. I could use Google Maps, but that’s counterproductive.

I also use public transit, and I haven’t been able to find an open source solution for transit navigation in the US. This pushed me toward a proprietary app I have used for years and really love: Transit.

I isolated it to a profile, but after testing it, it didn’t work at all. I learned that it requires Google Play services in order to function. (It launches otherwise, but it won’t do any navigation.) I had wanted to avoid Google Play altogether, but this was a function I needed on my phone.

I installed them only in this one profile, which has no other apps installed. I never use the web browser on it. I have never logged into any Google web site, and I did not need to log into the Play Store (The app was downloaded anonymously via the Aurora Store.) or Google Play otherwise. I can’t see a way Google can know who I am unless they can match me with my cellular provider.

This is a privacy compromise I don’t love, but it’s one I’m willing to make. I may end up switching to Transit for walking directions instead even though it’s not great for that. It’s still much better than my previous experiment with CoMaps unfortunately.

The list of compromises may be a bit long, but, apart from navigation, the actual impact of them on my phone usage is very small. If anything, most of the compromises have worked out to be advantages.

New phone advantages

I switched to this phone to avoid anti-features foisted on me by Apple. The biggest advantage is being able to avoid those, but apart from that, the compromises have shifted my usage patterns even further away from invasive proprietary apps and more broadly, further away from my phone. A proper computer is a much happier, freer place for computing, and I feel good about moving further in that direction.

Some other small perks:

• I have lighting controls on my home screen now, thanks to the aforementioned Lockscreen Widgets! This is a tiny change that makes a huge difference. I should have a switch on the wall and in fact I do, but it was a casualty of the switch from Apple. I haven’t yet figured out how to get it working in Home Assistant. As a stop-gap measure, the lockscreen controls are a huge improvement.
• I enjoy the way Android recycles the "back" gesture (dragging right off the left of the screen) to go back both inside and outside the current app. This gesture on iOS will usually take me back in the current app, but it will never take me between apps (unless that was added in a version I never updated to). It’s extremely convenient and matches perfectly with the way I want this gesture to work.
• Google doesn’t own my notifications! This is a massive plot hole in the major OSes’ privacy stories. Even if you’re using a privacy-focused app like Signal, if your messages are shown in notifications (which is the default), Apple will give up your messages with a subpoena. You can turn off showing the message contents in notifications, which you’ll need to do and then convince all your friends to do as well if you want messages to be truly private. You can encrypt all you want, and it won’t matter if Apple is just going to hand it over by way of the notification contents. As far as I’m aware, you can’t turn off displaying iMessage contents in notifications, so if you want privacy there, you’ll need to turn off notifications altogether, which, again, is not the default. Once you do that, you’ve effectively turned them into something more like email: less instant and more asynchronous, although even email notifies you. So, iMessage may as well not be encrypted although they are very vocal about how safe and private it is.
• My VPN connected icon is restored to the menu bar. I had this on old iPhones before every phone manufacturer insisted that the camera needed to be embedded in the screen. (Why?! 😖) My "upgrade" from iPhone 7 to 13 was in many ways a downgrade, including this one. I now needed to drag down the control center to see if my VPN is connected. Google still thinks it’s way better to cut the camera out of the screen, but at least it’s a smaller cutout that leaves room for my VPN icon.
• Almost all of my devices now charge with USB-C! 🎉 So convenient! (Note: I think newer Apple devices also have this, but my iPhone 13 didn’t so it’s still an upgrade for me.)

The impact profile of the phone’s advantages is the inverse of that of the disadvantages: they are small advantages with a lot of impact. I’ve been very happy with the switch.

The cost of privacy

Privacy can cost a little more money, but most of the cost is centered elsewhere. It costs:

• the expertise to know what to avoid and how to avoid it
• the cognitive load to make everything you do on your device intentional and to try to anticipate the many and varied methods corporations will use to pry your information away from you
• the resolve to keep learning and to keep thinking about every little thing you do, day after day
• the strength to know that, even if you don’t do everything right all the time and even if you can never be 100% private, doing what you can is still worthwhile

among others.

I’m no privacy expert, but I’m paying the costs best I can to preserve as much privacy as I can. Most people can’t pay these costs, and most people that can won’t. I hope that someday regulation can protect us against having our data harvested transparently, the reality of what’s happening buried somewhere in dozens of pages of an impenetrable privacy policy if it’s even made public at all.

For now, that regulation doesn’t seem to be in the cards throughout most of the world. It’s a tragedy that we have turned privacy into a luxury subscription service for those who can pay these costs. I’ll keep paying because, even though it sucks, it’s better than being exploited.