- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
Read the whole thread
However, we don’t have a “hardened security” approach, we aren’t developing a phone for pedo(censored) so they can evade justice.
You must log in or # to comment.
The full translation of the clip of Gaël Duval provided by GrapheneOS:
There’s the attack surface, on that front we’re not security specialists here, so I couldn’t answer you precisely, but from the discussions I’ve had, it seems that everything we do reduces attack surface.
However, we don’t have a “hardened security” approach, we aren’t developing a phone for pedo(censored) so they can evade justice. So there aren’t difficult things to check if the memory is corrupted, really hardened security stuff that could clearly be useful for executives, in the secret service, or whatever.
That’s not our goal, our goal is to start from an observation: today our personal data is constantly being plundered and that wouldn’t be legal in real life with the mail or the telephone, we want to change that. So we are making you a product that changes that by default for anyone.
As a french speaker, I can attest that the translation is fairly accurate.
While I don’t agree with the characterisation Gaël Duval makes here, I believe the statement from GrapheneOS here:
Duval and his organizations have consistently taken a stance against protecting users from exploits. In this video, he once again claims protecting against exploits is for only useful pedophiles and spies.
Is a bit disingenuous. It sounds like they do make some efforts to secure their device, but it’s not their main focus. Theirs is to improve privacy first and foremost.
I would take anything GrapheneOS devs says with a grain of salt, as we all know that they have quite an adversarial relationship with… well… everyone. But especially other OS makers.
It sounds like they do make some efforts to secure their device, but it’s not their main focus. Theirs is to improve privacy first and foremost.
I don’t have any issue with that: different OSes have different priorities and that’s okay. However, I feel like he’s basically saying that users of hardened secure devices are pedos, and I have a very big issue with that. I don’t know if maybe in French it doesn’t sound that way, but the English translation does for me.
That’s how it sounds. So, I’m a pedophile because I run GrapheneOS on my phone? I guess I better tell my wife, and my kids.
Pedophiles use their work emails and gmail. Making a secure phone OS won’t make a difference.
some people in this thread still dont get it, so:
you cant expect privacy while also having poor security practices. ideally you’d have both and most of these privacy projects are not much more than just a lineage fork with a dns blocker
apparently in duval’s mind, you can always trust even a fascist government to never try to exploit your phone and to give you privacy. or something idk
“anyone who wants privacy from their government is a pedophile” is a hell of a stance…
Honestly by now it’s becoming reasonable to assume “projection” as a baseline, to then change based on evidence, when someone has a take like this guy’s.
I don’t mean the political tactic, just the garden-variety kind of projection. “Probably ~everyone thinks the way I do, and boy, we better not give everyone the tools to act on that…”
Deeply wrong about how most folks think, because of how they themselves do, and believing they’re therefore helping. Likewise a self-admission, because they don’t realize they’re admitting anything.
Maybe not the case with this guy, I’m not gonna dive in.
But I do sincerely believe that’s a somewhat charitable take toward anyone making a claim like this today. Charitable in the sense of acknowledging a misunderstanding and desire to help.
The less charitable one being - just obviously complicit. Fuck this noise.
the privatized western govts & their tech boys literally are the infrastructure of the global pedos it’s asinine & dangerous to tell people to ignore that!
“Why did you lock your doors, what did you steal?”
More like, “Why did you lock your doors, are you diddling kids?”
Well, that’ll be another 100€ December donation to GrapheneOS.
I can see how one can interpret it like that, but it’s not how I read what he said. I think the point he’s trying to make is that hardened security protects the user from attacks, yes, but their focus is to provide services that can be trusted not to attack the user. He said: “really hardened security stuff that could clearly be useful for executives, in the secret service, or whatever. That’s not our goal”
I mean, I use GrapheneOS on my phone, but do I personally need all the hardened security? Not really. It’s nice theoretically, but mainly I’m just happy the OS itself isn’t spying on me. I’m personally not very worried about an evil maid attack or state level spying.
I think it’s fair they support way more phones than GrapheneOS, even if the security is way worse. But it’s a whole other thing to call people who want secure phones pedophiles.
Agree with your outlook, but I think it’s not too farfetched to give the benefit of the doubt to the speaker here and establish that pedophiles were used as an example (of people whose survival depends on their data not being breached), rather than a direct comparison. And he goes on to name being an executive to the secret services as another example (again, of people to whom hardened security of data is an imperative), but we’re not saying he thinks secure phones are just for people in secret services, are we?
He’s just saying, albeit rather clumsily, that their goal is simply not that level of hardened security, but rather privacy from data miners.
I am skeptical how worthwile it is to use /e/os over OEM Android at this point
You keep access to non-verified apps no matter what Google wants since it uses microG.
It’s openness vs security.
Lmao what a toxic piece of shit
Privacy is something everyone deserves, not something only criminals want
I can’t believes he’s intentionally anti-privacy. Occam’s razor suggests he’s instead a fucking idiot.
I don’t think he’s actually making the parallelism with pedophiles and security per se, but rather he’s making the case that his OS’ mission isn’t by default focused on that level of security or anonymity, but rather privacy and disengagement from companies who profit from your data being mined.
He mentioned pedophiles, as well as the secret service, right after, as examples of either criminals who need to be obscured from detection (maybe because it’s easy for the Epstein class to pop in someone’s head, nowadays?) or government agents that need to protect themselves from data breaches, and said his type of OS isn’t made with that level of airtight security in mind, which is understandable and reasonable, and something we probably all knew already. It could’ve just as well been terrorists and investigative journalists mentioned.
One could take his stance and engage in discussion on whether we need that level of security by default as ordinary citizens, or that even without exceptional circumstances, it becomes necessary in an increasingly hypervigilant society/government, but that’s a separate discussion.
We should have a little nuance in interpreting speeches like these rather than taking things this literally, especially when it’s coming from a direct competitor in the degoogling sphere, who would naturally gain from holding it up in the most unflattering light.
Are you a native french speaker? Maybe you heard it differently from me, but while I am all for nuance, lets not sanewash people and take them at their word.
I use plenty of software where the developers are not primarily focused on security, but his line of reasoning sounds just plain dangerous for an OS developer. Maybe he phrased it bad, but that would be up to him to clarify and we shouldnt do that for him.
Interesting conversation with GrapheneOS. Didn’t know they essentially hate each other. I’m using e/os but just because I cannot run graphene on my device.
GrapheneOS’s leadership hates basically any other ROM. If you say something negative about GrapheneOS, he will probably call you out as part of CalyxOS team in a hate raid party, or something of the like.
They make an amazing OS, but you’re better off not giving them much attention in their constant drama.
Calling others on their bullshit does not equal hating on them. Why do you think CalyxOS had to ‘take a break’? Why do you think that The only thing these ‘privacy’ focused OSs can do about GrapheneOS is say it’s geared towards criminals? They have no other way to try and smear them because they’re all garbage in comparison.
Get your shit straight. GrapheneOS is so fucking awesome that they plugged an actual Linux kernel hole within hours of it being found, whereas it took Google weeks, never mind these Murena and Calyx morons.
… bullshit … criminals … smear … garbage … get your shit straight … morons.
more expletives, than sentences; this reads like it was written by micay himself. lol
People curse. Get over it. Just goes to show that you don’t have anything to say about the actual point of their comment when you clutch pearls like that.
I have a huge problem with GrapheneOS: they rely too much on Google hardware. That is why I never used Graphene and probably never will.
Just wondering, do you have a problem in the sense that you don’t want to support Google or more that you’re worried the actual hardware is not safe or trustworthy?
Google is the exact opposite of privacy and security.
I find it very dishonest that GrapheneOS was advertising itself as the secure option while tying itself so closely to Google.
The Pixel phones were the only devices with secure enough hardware to make GrapheneOS viable, that’s why they developed it for them.
It wasn’t because of some deal with google or anything like that.
Hardware security guarantees are irrelevant for most people, including myself. A very small segment of the popularion needs them.
What matters infinitely more is who has access to your data. And Google is one of the worst offenders.
Buying a phone from Google (HTC really) does not give Google access to your data.
There are no Google services installed by Graphene, you have the option of running Google services if you choose, but even if you choose to do so they are kept in a sandbox and not given privileged information on the system.
There are no Google services installed by Graphene, you have the option of running Google services if you choose, but even if you choose to do so they are kept in a sandbox and not given privileged information on the system.
Using Google hardware results in financial gain for Google, which is one of the worst companies out there for privacy and security. I do not like that GrapheneOS is working to propagate Google’s monopoly.
You’re moving the goalposts, you said:
What matters infinitely more is who has access to your data. And Google is one of the worst offenders.
That’s completely different than who benefits financially from your phone purchase.
I don’t really see the issue. So you don’t really care about robust and trustworthy hardware. That I get to some extent considering you’re more worried about your data itself. But if you’re flashing your device with GOS, there is no data being shared to Google unless you specifically want to use Google Play Services or the Play Store. Both of which don’t come pre-installed
Edit: I added the ifRobust and trustworthy hardware does not matter if the apps you need for daily life (like banking or public transportation) are so integrated with Google’s ecosystem that they leak everything.
Breaking Google’s hold over Android is the most important security topic of all time. Everything else is secondary. GrapheneOS is not real security.
But how does this tie back to your original statement about GOS security and tying itself with Google? The issues you’re raising aren’t even a GOS specific one. I also find it strange to not call it secure because services themselves are reliant on Google’s services. That is not an issue any OS can solve. I say this as someone who does not rely on any Google services on my phone. I also believe you might be conflating security with privacy.
Anyone telling you the list isn’t graphene -> ios -> good custom android -> aosp-> google stock -> samsung stock is lying to you.
How is iOS - a proprietary OS owned by a big tech company - second in your list?
Which flavor of Google surveillance would you consider a more private and secure phone platform than iOS?
It has some of the best exploit protection next to Graphene if you enable lockdown mode.
It can be made very good from a security and privacy perspective.
If you know you know I guess.
There’s good reason to suspect that it’s very terrible from its privacy and security perspective.
Do you think it’s possible for companies or individuals to not comply with court ordered surveillance and search warrants? That’s what prism is, nsa driven data collection ordered by the court system.
Further, on its own and absent any other evidence, the timeline of prism entry corroborates my statement that ios is second to graphene.
Apple is not a good company, there are no good companies. Apple is a company selling security and privacy amongst other things. You have to buy security and privacy because you can’t go out into the backyard, fell a phone tree, carefully choose the section with the strongest, straightest traces and shape it into an optimally private and secure device in the shed using your grandfathers antique phoneworking bench and strap driven phone lathe.
Do you think it’s possible for companies or individuals to not comply with court ordered surveillance and search warrants?
Companies can’t, no. That’s precisely my point. Hence your argument that iOS is more “secure” than any other bar Graphene is disingenuous. iOS is developed by a company which can be (and likely already has been) pressured into compromising its users on behalf of three-letter agencies. The NSA slides are strong evidence of that.
Large collectives of devs spread out all over the world, however, can withstand such pressures since they’re hard to get a hold of. The developers of OSs such as Graphene, Debian or Lineage could easily resist such attempts, simply because they’re not a legal entity incorporated inside a single jurisdiction.
You’re correct in saying that Apple is “selling” privacy and security (as in: marketing, pinky-promising). They may be selling that story, but I ain’t buying it.
As a longtime and current debian user, lol if you think it hasn’t been infiltrated or that any network of developers spread over the globe could resist infiltration let alone the open source “community”.
A large portion of the maintainers of popular open source projects are en the employ of some company or other explicitly because of their maintainer role. Even if some hypothetical distributed global network of developers could resist infiltration, the maintainers of our open source software cannot.
The building blocks of android are maintained by developers who are employed by google. Google was compliant with prism four years before Apple (the exact amount of time it would take for a sealed case to wind its way through appeals).
If the fact of apples compliance with the laws of its jurisdiction worry you, the fact that people don’t get targeted or convicted off of information from properly configured icloud accounts or locked Apple devices should counteract that worry. The fact that other generally held to be trustworthy companies like mullvad are compliant with the laws of their jurisdiction should make it clear that legal compliance doesn’t necessarily mean a company or service isn’t trustworthy.
I would also like to point out that for the purposes of us law, entities outside the jurisdiction of the us are subject to a freer surveillance apparatus which need not be hampered by what some judge is willing to sign off on and doesn’t need to comply with its subjects rights as defined under us law.
An apple in Mexico would be able to offer fewer protections to its us customers than one incorporated in the us.
Sadly FUD as ANYTHING that is NOT increasing profit for surveillance capitalism, i.e Google, Meta, etc is a win for privacy!
Of course /e/OS could be better, GrapheneOS could also be better (including on security) but the big picture is that still ANY of those solutions is making surveillance capitalism, the loss of privacy for profit and power, less efficient. That’s good for all of us who, being on Lemmy or other federated instance, believe we do benefit from having more privacy, or at least not trading it away.
TL;DR: be inclusive, bring others up, don’t be exclusive aiming for perfection none of us can attain.
FUD?
“Fear, uncertainty, and doubt (FUD) is a manipulative propaganda tactic used in technology sales, marketing, public relations, …” https://en.wikipedia.org/wiki/Fear,_uncertainty,_and_doubt
Take this with a grain of salt: GrapheneOS is always stirring shit with other players in the privacy space and they try to paint them in the worst light possible.
It’s a video of him speaking in his own words, not much salt needed.
Lmao e/OS CEO says a thing, someone inevitably in the comments, “How could GrapheneOS do this!”
