Joshua Graves@cyberlyra @GrapheneOS @fabio echoing the building everyone up part, those gorillas will tear us apart if given half a chance.
GrapheneOS@joshua @cyberlyra @fabio Jolla is a for-profit company misleading people about what they providing. Their OS has extraordinarily poor privacy and security compared to the Android Open Source Project or iOS. Their own OS code is mostly closed source and there isn't an open source subset that's usable. Jolla has spent years falsely claiming the Android Open Source Project isn't Linux and misleading people into believing a largely closed source distribution is more open than an open source one.
@joshua @cyberlyra @fabio They've mislead people about privacy and security to an extreme, convincing people that a device lacking a proper sandbox, permission model, exploit protections, widespread use of memory safe language and many modern security features is more private and secure. They have their own invasive services too.
Informing people about the reality of their products is our response to years of misinformation about the GrapheneOS project from their team and community.
Kristoffer Lawson@GrapheneOS @joshua @cyberlyra @fabio huh, you're being pretty bloody aggressive. What exactly is your major beef?
Jolla is a for-profit company. I would expect most companies to be for-profit so as to continue operating. When has Jolla stated AOSP isn't Linux?
The OS has sandboxing and a permission model. What invasive services?
Personally I'm most interested in whether an OS can offer a beneficial experience. Given your tact against a small company, I would now rate you lower.
@Setok @joshua @cyberlyra @fabio
> aggressive
We're responding with factual information a thread with misinformation about GrapheneOS promoting an unsafe product as a better long term alternative.
> for-profit so as to continue operating.
Organizations don't need to be run primarily based on earning profits for shareholders to continue operating. An operating doing that is not putting their users first.
> When has Jolla stated AOSP isn't Linux?
It's a core part of their marketing.
@Setok @joshua @cyberlyra @fabio
> The OS has sandboxing and a permission model. What invasive services?
It has incomplete optional sandboxing a very legacy approach to a permission model.
It doesn't provide proper privacy or security patches, doesn't have modern exploit protections, doesn't have full system MAC/MLS policies, lacks verified boot, lacks secure element integration needed for working encryption for most users and more, lacks broad use of memory safe languages and much more.
Troed Sångberg"We're responding with factual information"
+
"It has incomplete optional sandboxing"
vs
"Every application, irrespective of its origin, is run in a Sailjail sandbox with an explicitly assigned set of application permissions to limit the scope of malicious activity achievable by exploiting a possible vulnerability in the application."
@troed @Setok @joshua @cyberlyra @fabio This is an optional sandbox implementation with incomplete containment of applications and an incredibly legacy approach to granting access to those. It's not a mandatory sandbox for applications, is not a modern sandbox actually properly containing those and does not provide a proper permission model. You're only proving our point by linking to these primitive and incomplete implementations of things which are playing catch-up to Android 4.4 from 2013.
How is "Every application, irrespective of its origin" optional?
@troed @[email protected] @[email protected] @[email protected] @[email protected] You should do basic research on how it's actually implemented. The containment is incomplete and optional.
You're the one claiming to only posts facts saying it's optional. Thus it is you who should explain how that is since the Sailfish documentation I have cited seems to disagree.