iodé 🇬🇧Nov 28
The next time someone says "Privacy doesn't matter to me, I've got nothing to hide", show them this video.
Show threadPlumeros ☮️Nov 28

@iode

GrapheneOS decided to leave France because they would have to implement a backdoor for French authorities.
What about backdoors in #IodeOS as Iodé is a French company?
https://goingdark.social/@watchfulcitizen/115605398411708768

Watchful Citizen (@[email protected])

@[email protected] is being threatened by French authorities for refusing to add backdoors and they're dealing with coordinated attacks in French media right now. They're pulling out of France entirely, moving all their servers, and fighting off a wave of bullshit one-sided reporting that makes them look like they're helping criminals. They need us to fight back. Support them however you can, whether that's a dollar, sharing their story, pushing back on the garbage news coverage when you see it, or just telling someone you know about what's happening. All of it matters because they're drowning in attacks from governments and media and bad actors who want them gone. This is the only Android OS that actually makes me feel like privacy isn't just marketing. They fight for us now they need us to fight for them. The EU is pushing Chat Control and creating an environment where governments feel empowered to threaten developers into compliance, and if we stay quiet we're letting it happen. Show up for them in whatever way you're able to. #grapheneos #Privacy #NoBackdoors #encryption #security #chatControl

GoingDark
Show threadUddelhexeNov 29

@plumeros @iode

I am interested in that issue too.
I'm planing to get an IodeOS phone and i highly oppose the idea of "scan-on-device" / cliwnt scanning backdoors in Software.

Not only having a single App with such a backdoor in, but the base OS having one, is even worse...i didn't know this was law in france already.

Even if i am not in danger to be targeted in an legal investigation, does such a backdoor not pose a great risk to be hacked by criminals via that way too?

Show threadGrapheneOSNov 29
@Uddelhexe @plumeros You should readhttps://discuss.grapheneos.org/d/24134-devices-lacking-standard-privacysecurity-patches-and-protections-arent-private which also applies to iodéOS. There's linked content from Divested Computing, Mike Kuketz and Eylenburg there too which each directly cover iodéOS. /e/ and iodéOS both have extraordinarily poor privacy and security. They make it much easier for states to get into devices remotely or extract data with physical access compared to iPhones.
Show threadCoralie RenéeDec 2

@GrapheneOS @Uddelhexe @plumeros

Are iphones secure in that sense?

I didn't think they were...

Show threadGrapheneOSDec 2
@globcoco @Uddelhexe @plumeros iPhones are far more secure than anything running LineageOS, iodéOS or /e/. An iPhone 17 provides much stronger protections than past generations due to hardware memory tagging which was only previously deployed in production for a lot of code by GrapheneOS (more than iOS). iPhones can be configured to have a higher level of security than they do by default via lockdown mode and other features. End result is definitely far better than any non-GrapheneOS option.
Show threadGrapheneOSDec 2
@globcoco @Uddelhexe @plumeros Pixels and iPhones are the only devices with high quality secure elements providing working disk encryption with a random 6 digit PIN or other typical lock method rather than 6 -8 random diceware words. This matters a lot to many people even if they don't realize it. Other Android devices either omit a secure element providing this or have a much lower quality implementation which gets bypassed by commercial exploit tools in practice. That's just one example.
Show threadPlumeros ☮️Dec 2

@GrapheneOS @globcoco @Uddelhexe

iOS is closed source, so nobody will ever find any backdoors in the software, even if the hardware offers to implement a high level of security. Do I miss anything?

Show threadGrapheneOSDec 2
@plumeros @globcoco @Uddelhexe No, that's not how closed source and open source work at all. Closed source software is not a black box. Open source absolutely doesn't mean that all or most vulnerabilities get discovered. Linux kernel has many severe vulnerabilities being found on a regular basis which have existed for years and even decades. Most projects are not getting anything close to that much review. It certainly doesn't mean that an intentionally hidden subtle vulnerability will be found.
Show threadHoward Chu @ Symas
@GrapheneOS @plumeros @globcoco @Uddelhexe You keep repeating "closed source software is not a black box" but in most cases that simply isn't true. Proprietary software companies go to great lengths to impede attempts to reverse engineer their binaries. One of the reasons proprietary apps are so bloated is because their code has been processed by an obfuscator, which replaces simple instructions with long sequences of mathematically equivalent code that takes thousands more instructions.
Dec 6 at 9:04amWeb
Show threadHoward Chu @ SymasDec 6
@GrapheneOS @plumeros @globcoco @Uddelhexe speaking from experience, it can take hundreds to thousands of man hours and compute hours to deobfuscate these things.
Show threadGrapheneOSDec 6
@hyc @plumeros @globcoco @Uddelhexe The topic isn't obfuscated code but rather iOS compared to AOSP including the Linux kernel. iOS doesn't obfuscate the OS code and a large amount of public external research has been done on iOS. The overall system is closed source and the parts which are semi-open-source have the code released very late, but understanding the compiled code is hardly starting from scratch. You're responding as if this thread is about dealing with highly obfuscated software.
Show threadHoward Chu @ SymasDec 6
@GrapheneOS @plumeros @globcoco @Uddelhexe your generic statement "closed source software isn't a black box" is generally false. You could have just said "iOS isn't a black box".
Show threadGrapheneOSDec 6

@hyc @plumeros @globcoco @Uddelhexe You can read what we said as closed source software not inherently being a black box and reviewing what it does not being an insurmountable task orders of magnitudes harder than reviewing an open source project with the same level of depth. Source code can have very subtle intentional security holes and can take advantage of the medium to hide those. The topic was claims about backdoors in iOS vs. a similar scale open source OS.

https://www.underhanded-c.org/

The Underhanded C Contest