GrapheneOS decided to leave France because they would have to implement a backdoor for French authorities.
What about backdoors in #IodeOS as Iodé is a French company?
https://goingdark.social/@watchfulcitizen/115605398411708768
@[email protected] is being threatened by French authorities for refusing to add backdoors and they're dealing with coordinated attacks in French media right now. They're pulling out of France entirely, moving all their servers, and fighting off a wave of bullshit one-sided reporting that makes them look like they're helping criminals. They need us to fight back. Support them however you can, whether that's a dollar, sharing their story, pushing back on the garbage news coverage when you see it, or just telling someone you know about what's happening. All of it matters because they're drowning in attacks from governments and media and bad actors who want them gone. This is the only Android OS that actually makes me feel like privacy isn't just marketing. They fight for us now they need us to fight for them. The EU is pushing Chat Control and creating an environment where governments feel empowered to threaten developers into compliance, and if we stay quiet we're letting it happen. Show up for them in whatever way you're able to. #grapheneos #Privacy #NoBackdoors #encryption #security #chatControl
I am interested in that issue too.
I'm planing to get an IodeOS phone and i highly oppose the idea of "scan-on-device" / cliwnt scanning backdoors in Software.
Not only having a single App with such a backdoor in, but the base OS having one, is even worse...i didn't know this was law in france already.
Even if i am not in danger to be targeted in an legal investigation, does such a backdoor not pose a great risk to be hacked by criminals via that way too?
@GrapheneOS @globcoco @Uddelhexe
iOS is closed source, so nobody will ever find any backdoors in the software, even if the hardware offers to implement a high level of security. Do I miss anything?
@plumeros @GrapheneOS @Uddelhexe
Nope.
Now, closed source is also problematic as well if decisions were made at the top...
@globcoco @plumeros @Uddelhexe No, it's very inaccurate and is a common misconception among people who aren't developers or security researchers about open source. It does not provide anything close to what you believe it does. You still highly trust the developers of software released as open source and even rare cases of extensive external review do not find all or most vulnerabilities in practice. Finding subtly hidden vulnerabilities would be even more difficult.
@[email protected] @[email protected] @[email protected] No, that's not how closed source and open source work at all. Closed source software is not a black box. Open source absolutely doesn't mean that all or most vulnerabilities get discovered. Linux kernel has many severe vulnerabilities being found on a regular basis which have existed for years and even decades. Most projects are not getting anything close to that much review. It certainly doesn't mean that an intentionally hidden subtle vulnerability will be found.
@GrapheneOS @plumeros @Uddelhexe
True. I don't have the experience and knowledge.
Thank you for sharing what you know.
Much appreciated.
Which devices do you own? (Iphones, ipad, mac...?)
@globcoco @GrapheneOS @Uddelhexe
It's correct that open source doesn't guarantee that all vulnerabilities are found.
But OSS can be reviewed by anybody at anytime, the developers cannot control by whom.
Closed source is sometimes also reviewed. But who prevents closed source developers of removing backdoor code just before a review and add it immediately afterwards again? Who selects the reviewers? It's all in the hands of the closed source manufacturer.
So how can anyone trust closed source?
@plumeros @globcoco @Uddelhexe
> But OSS can be reviewed by anybody at anytime, the developers cannot control by whom.
Your belief that closed source software is a black box which cannot be externally reviewed is incorrect.
> But who prevents closed source developers of removing backdoor code just before a review and add it immediately afterwards again?
Closed vs. open source doesn't work the way you believe it does. Closed source software means not having sources, not lacking the code.
@plumeros @globcoco @Uddelhexe
> Who selects the reviewers? It's all in the hands of the closed source manufacturer.
No, that's not how it works. Closed source software still has the compiled code available for review, which is often the best format for finding a subtle backdoor which can be inserted as part of the toolchain or through very subtle approaches. Source code is usually the best form of the code to look for accidental vulnerabilities but a backdoor is a much different thing.
@GrapheneOS @globcoco @Uddelhexe
> You're talking about backdoors where it's deliberately done and hidden.
I meansoftware quality in general and backdoors in particular.
> Closed source software still has the compiled code available for review, ...
Following this logic OSS wouldn't make any sense then, as users have always the binary code for execution and for review.
@plumeros @globcoco @Uddelhexe
> Following this logic OSS wouldn't make any sense then, as users have always the binary code for execution and for review.
It doesn't make it not make sense. Source code is the preferred and easiest format for modifying the code and open source provides permission to do it. That doesn't change that what you're saying about closed source software is inaccurate. Finding backdoors is also far different than looking for accidental vulnerabilities.
iodé 🇬🇧
Plumeros ☮️
Uddelhexe
GrapheneOS
Coralie Renée