mikedilger on Nostr: RE: GrapheneOS I made a thread and got some pushback and very mixed reactions. I ...
RE: GrapheneOS
I made a thread and got some pushback and very mixed reactions. I replied to a lot of separate posts, but I thought I should state my main points together in a cohesive post.
TO BE CLEAR:
- I didn't say GrapheneOS is compromised or is a honey trap.
- I don't think there is a more secure operating system available for a smart phone on a technical level (except some that are so dysfunctional you won't want them anyways), so I don't expect people to ditch GrapheneOS in fear of Google hardware.
- I still might use GrapheneOS as my next phone, I'm undecided.
- My security model puts Google in the "untrusted" box, and google products and services are suspicious to me, DESPITE technical superiority or being more open with their hardware specifications.
- I wish there was an OS like GrapheneOS (or actually GrapheneOS) on hardware produced in a country I wasn't so concerned about, like maybe India (Lava) that seems more neutral to me, or at least not at all interested in my politicial dissident ideas (which are never about India). Then I wouldn't have to worry about this.
- Maybe you run a bitcoin wallet on your phone, and so every country is untrustworthy to you (anybody might want to steal your bitcoin). But that's not my security model.
- The fact that none of the privacy and security android phones support any hardware produced outside of the US orbit anymore is I think a fact worth considering.
- The odds that there is a security backdoor in the hardware or software is many orders of magnitude greater than the odds that someone breaks your cryptography. So our concern should be that much greater. But we nitpick the cryptography and in cases like this we say "Ah well, he has reasons. Must be secure."
- Technology is so ridiculously complex now that there is almost no way to have security and/or privacy on computers, especially on a smart phone.
- Reasons given for why only Google Pixel is supported might be honest. Or they may be post-facto. And not being the ones who made those decisions, we cannot know which case is the true one. If you let "reasons" assuage your fears, that's not very intelligent of you. In the case where someone intelligent sets up a honey pot, they are going to create lots of benign-sounding reasons why it's not a honey pot.
You are all free to consider me a paranoid nut job.
Here was the original thread:
I made a thread and got some pushback and very mixed reactions. I replied to a lot of separate posts, but I thought I should state my main points together in a cohesive post.
TO BE CLEAR:
- I didn't say GrapheneOS is compromised or is a honey trap.
- I don't think there is a more secure operating system available for a smart phone on a technical level (except some that are so dysfunctional you won't want them anyways), so I don't expect people to ditch GrapheneOS in fear of Google hardware.
- I still might use GrapheneOS as my next phone, I'm undecided.
- My security model puts Google in the "untrusted" box, and google products and services are suspicious to me, DESPITE technical superiority or being more open with their hardware specifications.
- I wish there was an OS like GrapheneOS (or actually GrapheneOS) on hardware produced in a country I wasn't so concerned about, like maybe India (Lava) that seems more neutral to me, or at least not at all interested in my politicial dissident ideas (which are never about India). Then I wouldn't have to worry about this.
- Maybe you run a bitcoin wallet on your phone, and so every country is untrustworthy to you (anybody might want to steal your bitcoin). But that's not my security model.
- The fact that none of the privacy and security android phones support any hardware produced outside of the US orbit anymore is I think a fact worth considering.
- The odds that there is a security backdoor in the hardware or software is many orders of magnitude greater than the odds that someone breaks your cryptography. So our concern should be that much greater. But we nitpick the cryptography and in cases like this we say "Ah well, he has reasons. Must be secure."
- Technology is so ridiculously complex now that there is almost no way to have security and/or privacy on computers, especially on a smart phone.
- Reasons given for why only Google Pixel is supported might be honest. Or they may be post-facto. And not being the ones who made those decisions, we cannot know which case is the true one. If you let "reasons" assuage your fears, that's not very intelligent of you. In the case where someone intelligent sets up a honey pot, they are going to create lots of benign-sounding reasons why it's not a honey pot.
You are all free to consider me a paranoid nut job.
Here was the original thread:
quoting nevent1q…mz87Why does GrapheneOS run only on Google Pixel phones? Super suss if you ask me.
Because Google was founded as a DARPA/CIA operation, and Google is all about spying, control and censorship (google jigsaw). I am HIGHLY suspicious that GrapheneOS would only support Google phones. This maybe made a bit of sense initially if the Google phones had certain new security hardware features that other phones didn't have, and fully documented specs, but at this point that excuse is getting ridiculous. I suspect there is some hardware "watcher" in those things, low enough that you'll never detect or disable it, and they see everything though it. Huawei phones probably have a similar "watcher" that reports back to China.
I think we need another fork of AOSP, geared to run on different hardware from a neutral country: https://en.wikipedia.org/wiki/List_of_mobile_phone_brands_by_country
https://rumble.com/v4ub3pu-youll-going-to-get-killed-mike-benz-exposes-cia-secrets-like-never-before-s.html