Kevin Karhan Mar 24

I still think that #GrapheneOS should not chain themselves to a single vendor but rather release actual proper specs for support.

  • Otherwise we'll continue to see lazy ripoffs / rebadgings of their #ROM / #Android - #distro instead.

I also doubt that #Motorola will release any affordable device with @GrapheneOS support.

  • And I'm not even talking about their ≤€250 retail budget phones they neglect and refuse to update, but rather anything in the ≤ €500 price bracket.
    • Pretty shure only ≥ €1k devices will get any chance of that, making it even more classist.

And unlike @tails_live / @tails / #Tails dropping #32bit support amidst the fact that there are almost no #32bitOnly machines that can run it, I don't see the benefit of trusting into an unauditable blackbox of a "#SecurityChip".

  • I'm shure @stman could run entire semester-long classes at a university explaining why this blatant violation of #KerckhoffsPrinciple is irredeemably bad, but I digress…
GrapheneOS (@[email protected])

@[email protected] GrapheneOS has an official long term partnership with Motorola and will support many of their future devices, not one. It will support multiple new Motorola devices every year. We aren't lowering our security requirements but rather their devices are being improved to meet our requirements. The reason GrapheneOS won't support their currently available devices is because those don't meet our security requirements. Currently, only Pixels meet our requirements. https://grapheneos.social/@GrapheneOS/116159602850585685

GrapheneOS Mastodon
Show threadKevin Karhan Jan 25

@GossiTheDog Obviously this is nothing new, as #Microsoft's #CryptoAPI is so #backdoored that it's basically #Govware.

I'll be collecting apologies once the next #ToldYaSo hits.

thaddeus e. grugq on Twitter

“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”

Twitter
Show threadKevin Karhan Oct 27

@adamshostack I think it's beneficial to do so given any halfway-organized adversairy will have done the same.

#KerckhoffsPrinciple demands #transparency only excluding keys, passwords and PINs.

  • Obviously that may be a bit too extreme but I do assume every asversairy to have the same knowledge as I do and thus only being stopped by lack of credentials.
Show threadKevin Karhan May 5, 2025

@dazo @MarionDonnelly @murena @e_mydata @red_rooster @georgetakei not to mention #Apple is not only capable but willing to shove in #Govware #Backdoors.

So their claims re: #privacy and #security are "#TrustMeBro!" at best if not blatant lies.

Remember: #AllGAFAMsAreBad and #KerckhoffsPrinciple demands #transparency!

How Tim Cook Surrendered Apple to the Chinese Government

YouTube
Show threadKevin Karhan Jan 22, 2025

@ESETresearch @smolar_m thanks for the post and research.

  • Personally, I don't rely on #CensorBoot as I don't trust any #security that violates #KerckhoffsPrinciple, but that's not my decision and being able to attest the security of it or at least have another way to check for it is kinda important.

And yes I refuse to call it "#SecureBoot" because it is not secure by #Microsoft's own admission - otherwise they would've relied on it on the #XboxOne and not just the #Xbox360 !

Guarding Against Physical Attacks: The Xbox One Story — Tony Chen, Microsoft

YouTube
Kevin Karhan Dec 30, 2024

@bastibayer nein, weil #Threema ne #proprietär|e +#SingleVendor & #SingleProvider) Lösung ohne #SelfCustody der Keys ist, und damit inhärent unsicher (#KerckhoffsPrinciple)...

Meine Empfehlung ist @monocles / #monoclesChat & @gajim für #XMPP+#OMEMO, ducht gefolgt.von @delta / #deltaChat für echte #E2EE!

Show threadKevin Karhan Aug 26, 2024

@rysiek also #Telegram - like @signalapp - demand and collect #PII like #PhoneNumbers which ain't possible to acquire anonymoisly in more and more juristictions.

Using #XMPP+#OMEMO by contrast is secure and adding @torproject / #Tor to tunnel it makes it even more anonymous.

  • So don't expect any messenger to cover your 6, but instead go out of your way so that even when held at gunpoint, they can't decrypt comms!

Cnsider every #Messenger that doesn't #decentralize and support #Tor oit of tue box to be insecure!

thaddeus e. grugq on Twitter

“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”

Twitter
Show threadOS/1337Feb 5, 2024

@stacksmashing And the cool part of it: It's systemically unfixable!

Note: If #Microsoft doesn't even bother trying to use #BitLocker and #TPM to #CensorBoot the #XboxOne, we can safely assume it wasn't secure to begin with!

https://www.youtube.com/watch?v=U7VwtOrwceo

Remember: All Cryptogeaphy that violates #KerckhoffsPrinciple is inherently insecure and untrustworthy!

Guarding Against Physical Attacks: The Xbox One Story — Tony Chen, Microsoft

YouTube
Show threadKevin Karhan Oct 9, 2023

@ainmosni @Linux_Is_Best

Yeah but that's just minimally less bad than going full #heads as aftermarket #firmware and requiring all executeables to be signed by the device owners' personal PGP keys...

Also I'd not trust a #blackbox like a #TPM as it violates #KerckhoffsPrinciple and thus must be considered cryptographically shit.

IMHO #TPMs and #Windows11 only act as #CensorBoot...

https://www.youtube.com/watch?v=s7WDbnHlc1E

Trusted Computing

TCPA stands for Trusted Computing Platform Alliance. For the technology we will speak from TCP (The trusted computing platform). This plans that every comput...

YouTube
Kevin Karhan Jul 24, 2023

@md @bmi @bsi #TETRA's #Crypto is so #weak that it's trivial to crack with any modern #GPGPU, because it's #SecurityThroughObscurity makes all the #TEA versions as weak as #CSA on #DVB.

But then again noone pays me to fix it, so it's not my problem.

Spoiler: The proper fix is to abolish all #proprietary shit and demand a fully #OpenSource'd communications system, since everything else violates #KerckhoffsPrinciple and is thus inherently and unfixably insecure by design!