@maddy I think @GrapheneOS are just sellouts at this point...
I don't trust any phone and just have a "#StupidPhone" I can rip out the battery and dump into a faraday bag into my fridge.
That does way more in terms of security...
@F3715H @maddy Using a dumb phone means only having insecure carrier-based calls/texts. They also lack a way to use them without cellular instead of having a mobile computer usable without it including for secure communications via Wi-Fi not revealing your location to the cellular network.
Temporarily disconnecting means that attack surface is temporarily gone and data can't be exfiltrated until later but it still would be. If you think it's backdoored why couldn't they include another battery?
@GrapheneOS @maddy That's literally the point.
I don't trust any network or device and use @torproject / and @tails.
- All that any mobile network sees is Tor-tunneled traffic.
@F3715H @maddy @torproject @tails Interpreted what you said as using a dumb phone where you wouldn't be able to have Tor as you can on a smartphone that's a mobile computer with cellular support but maybe we misunderstood.
GrapheneOS has a bunch of VPN leak fixes with more being developed to turn Android's VPN leak blocking into a fully working feature. iOS and Android don't treat VPN support as a critical privacy feature upstream. Android tries to fix actual leaks unlike iOS but very slowly.
@GrapheneOS @maddy unless Motorola were to offer #GrapheneOS on all their current devices, that's easy to workaround.
Given that they sell sub - €250 devices brand new without any SIM- or Net-Lock, they'll obviously only gonna care about their high-end flagships that are 4-digits.
@F3715H m8 stop wasting your time with @GrapheneOS...
They made it very clear in the past that they don't give a damn, and are #Stallman-Style extremists that go full "My way or Highway!" on anything.
@F3715H @maddy The account you're responding to has been extremely hostile towards our project and team for a long time. They're going out of the way to try to make everything negative and do not stick to factual statements.
They were attacking us for only being able to support Pixels due to lack of what we need elsewhere and now that we have a way to provide more options they're attacking us for that too.
If they're doing it because we got tired of it and blocked them, it just extends it.
@kkarhan
At least Stallman positioned himself firmly against remote attestation, whereas Graphene apparently want to lock the user out of their own device just as eagerly as Google.
@thomas well, #FSF has been griftin' with non-free hardware too...
@thomas @F3715H @maddy Reality check: our hardware requirements mandate full support for installing other operating systems:
https://grapheneos.org/faq#future-devices
We advocate against apps locking out people from using arbitrary operating systems too. For apps which insist on doing it they can allowlist our signing keys for the standard Android hardware-based attestation system so we document how to do that. It requires them to do extra work beyond simply using the Play Integrity API so few apps are willing.
@GrapheneOS @thomas @maddy and that alone is the problem:
The fact that we allowed Google this amount if power!
- Makes them as shit as a #Sony-branded #Symbian device which was effectively locked-out if 99,99% of all #Apps at the time.
- Seems like a major regression compared to #Desktop-#Linux to me, so I'll stick with that!
@F3715H @thomas @maddy Extremely few apps use the Play Integrity API. It's mainly only relevant to GrapheneOS users with banking/government apps and it's only around 1/10 of those apps disallowing GrapheneOS.
There are a few other apps using it such as X adding it for regular password login post-Twitter but there's an easy way to work around it by logging into the browser, making a passkey and using it to log into the app. Some variants of the McDonalds app use it. There's not really much else.
@kkarhan @GrapheneOS Wanting a wide choice of devices is understandable, but you must also understand that a project like GrapheneOS with limited resources can only fulfill its mission if the supported devices have the necessary prerequisites, such as official support for alternative operating systems and all the standard security features listed here : https://grapheneos.org/faq#future-devices
Unfortunately, there are few devices that meet this requirement, only Pixel devide actually, because it costs really a lot of money, and that most of the time, manufacturers weren't really interested, but times seem to be changing with Motorola Mobility contacting the GrapheneOS foundation about a partnership.
GrapheneOS isn't here to improve device security and privacy just a little bit, it's here to improve it significantly, and they can't do that magically. They can't take a mobile device with mediocre security out of the box and turn it into a reasonably secure device. Hardware security is just as important as software security.
If you are looking for broad device compatibility, you can use LineageOS, which is much more in line with the goal of this project, and to support devices for as long as possible in order to give obsolete devices a second life.
@Xtreix well, @GrapheneOS chose their requirements and they can happily design their own platform instead.
To the point that it's cheaper to go black/red and teach that to people, even at the risk of inconvenience.
I think #GrapheneOS prefer to "die on their hill" of "moral superiority" than fave the reality that 99% of people can't and won't blow $500 - $1000+ on a phone when any half-decent Netbook with @tails_live , @torproject and #4G or #5G modem can do the same.
Otherwise we'll see them fail the same way @signalapp did, which is eitger getting shut down (#EncroChat-style) or being uncovered as a controlled opposition / honeypot (like #ANØM aka. #OperationIronside aka. #OperationTrøjanShield)…
@kkarhan @GrapheneOS @tails_live @torproject @signalapp
"GrapheneOS chose their requirements and they can happily design their own platform instead."
There's no need to reinvent the wheel. AOSP is a secure, open-source platform that has been around for almost 20 years. I don't want to debate rumors that Google wants to make AOSP proprietary because there is no evidence to support this, especially since it would not benefit them in any way.
"I just think that their stubbornness"
It's not stubborness and I explained why.
"They are the antithesis to #Tails when it comes to #UserFriendly-ness and approachability for #Normies and #TechIlliterates
It's probably the first time I've seen “Tails” and “Normie” in the same sentence, It's not that Tails is difficult to use, but I'm really not sure that many “normies” use it or even know it exists. The user experience on GrapheneOS is almost identical to Pixel OS, the standard operating system for Google Pixel devices, so using GrapheneOS is likely to seem much simpler and familiar to normies, as they will already be used to it.
"Espechally since the problems woth #MobilePhones and the underlying technology ain't fixable with an #AndroidROM
GrapheneOS is not a ROM, Pixel OS is not a ROM, and LineageOS is not a ROM either, theses operating systems are not ROMs.
"Instead we need to foster a #SecurityCulture and proper #ITsec, #InfoSec, #OpSec & #comsec
Indeed, and what GrapheneOS does about security is completely appropriate, including informing people and giving them good advice.
"Otherwise we'll see them fail the same way @signalapp did, which is eitger getting shut down (#EncroChat-style) or being uncovered as a controlled opposition / honeypot (like #ANØM aka. #OperationIronside aka. #OperationTrøjanShield)…"
Signal did not fail, and mentioning Encrochat, ANON, and honeypots in the same sentence is irrelevant. These things have absolutely nothing in common with Signal, you seem to be believing made-up stories.
[email protected] is a troll, he is not interested in a serious, constructive discussion, and prefer to spam his posts with a million hashtags in the hopes of getting some engagement and attention out of it. He's also been spreading wild conspiracy theories about privacy projects like Signal, and he actually blocked me after an argument on Mastodon, because I called out his BS. Engaging in a conversation with that account doesn't really make sense.
@Xtreix OFC @Andromxda can claim bs all day but that doesn't make my points any less true.
I'll be proven right, and I'll shout "#ToldYaSo!" agai.
Until then, I'll sit back and and wait till your fanboyism of @GrapheneOS will hit reality like a car slamming into a concrete wall at 200km/h.
@[email protected] [email protected] is a troll, he is not interested in a serious, constructive discussion, and prefer to spam his posts with a million hashtags in the hopes of getting some engagement and attention out of it. He's also been spreading wild conspiracy theories about privacy projects like Signal, and he actually blocked me after an argument on Mastodon, because I called out his BS. Engaging in a conversation with that account doesn't really make sense.
Maddy 🏳️⚧️ - ADHD-powered 
F3715H
GrapheneOS
Kevin Karhan 
thomas
Xtreix
Andromxda 🇺🇦🇵🇸🇹🇼