GrapheneOS decided to leave France because they would have to implement a backdoor for French authorities.
What about backdoors in #IodeOS as Iodé is a French company?
https://goingdark.social/@watchfulcitizen/115605398411708768
@[email protected] is being threatened by French authorities for refusing to add backdoors and they're dealing with coordinated attacks in French media right now. They're pulling out of France entirely, moving all their servers, and fighting off a wave of bullshit one-sided reporting that makes them look like they're helping criminals. They need us to fight back. Support them however you can, whether that's a dollar, sharing their story, pushing back on the garbage news coverage when you see it, or just telling someone you know about what's happening. All of it matters because they're drowning in attacks from governments and media and bad actors who want them gone. This is the only Android OS that actually makes me feel like privacy isn't just marketing. They fight for us now they need us to fight for them. The EU is pushing Chat Control and creating an environment where governments feel empowered to threaten developers into compliance, and if we stay quiet we're letting it happen. Show up for them in whatever way you're able to. #grapheneos #Privacy #NoBackdoors #encryption #security #chatControl
I am interested in that issue too.
I'm planing to get an IodeOS phone and i highly oppose the idea of "scan-on-device" / cliwnt scanning backdoors in Software.
Not only having a single App with such a backdoor in, but the base OS having one, is even worse...i didn't know this was law in france already.
Even if i am not in danger to be targeted in an legal investigation, does such a backdoor not pose a great risk to be hacked by criminals via that way too?
@GrapheneOS @globcoco @Uddelhexe
iOS is closed source, so nobody will ever find any backdoors in the software, even if the hardware offers to implement a high level of security. Do I miss anything?
@plumeros @GrapheneOS @Uddelhexe
Nope.
Now, closed source is also problematic as well if decisions were made at the top...
@globcoco @plumeros @Uddelhexe No, it's very inaccurate and is a common misconception among people who aren't developers or security researchers about open source. It does not provide anything close to what you believe it does. You still highly trust the developers of software released as open source and even rare cases of extensive external review do not find all or most vulnerabilities in practice. Finding subtly hidden vulnerabilities would be even more difficult.
@[email protected] @[email protected] @[email protected] No, that's not how closed source and open source work at all. Closed source software is not a black box. Open source absolutely doesn't mean that all or most vulnerabilities get discovered. Linux kernel has many severe vulnerabilities being found on a regular basis which have existed for years and even decades. Most projects are not getting anything close to that much review. It certainly doesn't mean that an intentionally hidden subtle vulnerability will be found.
@econads @globcoco @plumeros @Uddelhexe
> it's the absolute basic of security, not a guarantee. It's the auditability. If something is closed source you can't check whatever claims it wants to make.
Having access to the source code does not provide the ability to avoid trusting the developers in practice. If it did, widely used projects like the Linux kernel would not have a massive stream of severe vulnerabilities being found which have been present for years and even decades in plain sight.
@econads @globcoco @plumeros @Uddelhexe The vast majority of open source projects get little to no external review. Nearly none receive in-depth privacy or security review. In general, people trust open source projects because source code is available and someone could audit the sources rather than because anyone is doing it.
The claim that only sources can be reviewed is incorrect and resembles dubious claims that open source is less secure due to attackers being able to find bugs more easily.
@GrapheneOS @globcoco @plumeros @Uddelhexe wow 4 replies to replay what you already said. And I already said that open source doesn't guarantee security, it actually has to be audited and the rest yes. I can tell you from 18 years in the industry that companies are not completely trustworthy either (audience gasp), and most closed source software doesn't have internal audits either.
But why is closed source not a black box?
iodé 🇬🇧
Plumeros ☮️
Uddelhexe
GrapheneOS
Coralie Renée
econads