Gaël Duval is the founder and president of the /e/ foundation along with the CEO of Murena. Duval and his organizations have consistently taken a stance against protecting users from exploits. In this video, he once again claims protecting against exploits is for only useful pedophiles and spies.
Translation to English:
> There's the attack surface, on that front we're not security specialists here, so I couldn't answer you precisely, but from the discussions I've had, it seems that everything
Transcription in French:
> Il y a la surface d'attaque, là pour le coup on est pas des spécialistes de la sécurité, donc je ne pourrais pas te répondre avec précision, mais des discussions que j'ai eu, il semblerait que tout ce qu'on fait, ça réduit la surface d'attaque. Donc oui, probablement ça aide. Par contre, on a pas une approche "sécurité durcie", on développe pas un téléphone pour les pédo(bip) pour qu'ils puissent échapper à la justice. Donc il y a pas des trucs pas possibles pour voir
@GrapheneOS to be fair they don't promise security, only privacy. at least in their foreword on their website here.
I don't think it's by accident that they don't even use the word secure, or security, on the whole page.
I've seen claims before where they claim it's better than GrapheneOS. But in what regard? Maybe degoogling and having alternatives pre-installed? GrapheneOS is probably more involved to get the same apps. That's the only way /e/ is better in my opinion
ECOSYSTEMKEY FEATURESGET /E/OSNEED HELP /e/OS is a complete, fully “deGoogled”, mobile ecosystem /e/OS is an open-source mobile operating system paired with carefully selected applications. They form a privacy-enabled internal system for your smartphone. And it’s not just claims: open-source means auditable privacy. /e/OS has received academic recognition from researchers at…
They dont provide privacy. So a promise is already broken. But beyond that, privacy cannot exist without security. They arent mutually exclusive, they are intertwined. To ignore security means you are not a privacy project.
E/ is not better at degoogling. GrapheneOS does not connect to any google servers, run any google play code, have any privilege google services, etc. Sandboxed google play is sandboxed and must be installed by the user. All default connections are to first party servers hosted by GOS. It is not more involved to get the same apps, google or otherwise.
@HybridStaticAnimate @codebam @GrapheneOS
That it must be installed by the user doesn't make it different.
IMHO the two app stores included in GrapheneOS are not sufficient for the vast majority of users.
If "every" user needs to install it to have a usable phone, it really is part of the attack surface.
(And yes, I'm aware the Play services are sandboxed on GrapheneOS which improves privacy and security)
It's a bit like delivering a computer without network functionality because it reduces the attack surface, and then blaming the user if they install network drivers.
@realn2s @HybridStaticAnimate @codebam
> IMHO the two app stores included in GrapheneOS are not sufficient for the vast majority of users.
Our own App Store is the only one included in GrapheneOS. We don't bundle third party apps and services into the OS. Using those is entirely a user choice and will remain that way.
Our App Store provides Accrescent and the Play Store. If you think other apps such as Obtainium should be easily available then get those to submit their apps into Accrescent.
GrapheneOS
Sean
HybridStaticAnimate
Claudius Link