Joshua Graves@cyberlyra @GrapheneOS @fabio echoing the building everyone up part, those gorillas will tear us apart if given half a chance.
GrapheneOS@joshua @cyberlyra @fabio Jolla is a for-profit company misleading people about what they providing. Their OS has extraordinarily poor privacy and security compared to the Android Open Source Project or iOS. Their own OS code is mostly closed source and there isn't an open source subset that's usable. Jolla has spent years falsely claiming the Android Open Source Project isn't Linux and misleading people into believing a largely closed source distribution is more open than an open source one.
@joshua @cyberlyra @fabio They've mislead people about privacy and security to an extreme, convincing people that a device lacking a proper sandbox, permission model, exploit protections, widespread use of memory safe language and many modern security features is more private and secure. They have their own invasive services too.
Informing people about the reality of their products is our response to years of misinformation about the GrapheneOS project from their team and community.
Kristoffer Lawson@GrapheneOS @joshua @cyberlyra @fabio huh, you're being pretty bloody aggressive. What exactly is your major beef?
Jolla is a for-profit company. I would expect most companies to be for-profit so as to continue operating. When has Jolla stated AOSP isn't Linux?
The OS has sandboxing and a permission model. What invasive services?
Personally I'm most interested in whether an OS can offer a beneficial experience. Given your tact against a small company, I would now rate you lower.
@Setok @joshua @cyberlyra @fabio
> aggressive
We're responding with factual information a thread with misinformation about GrapheneOS promoting an unsafe product as a better long term alternative.
> for-profit so as to continue operating.
Organizations don't need to be run primarily based on earning profits for shareholders to continue operating. An operating doing that is not putting their users first.
> When has Jolla stated AOSP isn't Linux?
It's a core part of their marketing.
@Setok @joshua @cyberlyra @fabio
> The OS has sandboxing and a permission model. What invasive services?
It has incomplete optional sandboxing a very legacy approach to a permission model.
It doesn't provide proper privacy or security patches, doesn't have modern exploit protections, doesn't have full system MAC/MLS policies, lacks verified boot, lacks secure element integration needed for working encryption for most users and more, lacks broad use of memory safe languages and much more.
Troed Sångberg"We're responding with factual information"
+
"It has incomplete optional sandboxing"
vs
"Every application, irrespective of its origin, is run in a Sailjail sandbox with an explicitly assigned set of application permissions to limit the scope of malicious activity achievable by exploiting a possible vulnerability in the application."
"We're responding with factual information"
+
"lacks secure element integration"
vs
"Sailfish OS includes a system service (extensible via vendor-specific plugins) which offers secure storage of data on behalf of client applications. [...]
Data storage is provided by vendor-specific plugins, and may include value-encrypted databases, block-encrypted databases, or hardware-backed secure storage."
This does read quite similar to "secure element integration" to me.
@troed @Setok @joshua @cyberlyra @fabio Providing very limited support for apps using a hardware keystore is not providing secure element integration in the OS. That's not providing working disk encryption for the majority of users not using a strong passphrase via secure element throttling. It's not providing verified boot or attestation for the OS. Hardware keystore also does not mean secure element. Most hardware keystores on mobile are implemented via TrustZone which is a CPU execution mode.