@bonsai861 @mschomm @isAutonomous
It won't be a Chinese OEM.
Voxelpower
- 1 Followers
- 7 Following
- 18 Posts
Незламні, нескорені, неспинні!
@bastian @Lacze @nerdish_philipp @BrennpunktUA @AwetTesfaiesus
> "Natürlich ist es nicht schön, wenn Sicherheitsupdates verzögert kommen."
Wenn Security Updates monatelang verzögert rauskommen ist das nicht "nicht schön", das ist ein erhebliches Sicherheitsrisiko.
> "aber das ist jetzt keine Abzockbude, die das so macht, weil sie ihren Gewinn optimieren will"
Sich als etwas dazustellen was man nicht ist nennt man Scam, und genau das ist e/OS/.
Sie scammen ihre Käufer und User für ihren Profit.
> " [...] sondern das sind ehrliche Leute [...]"
Die andere Projekte angreifen die ihren Scam aufdecken z.B. hat Tavi (Android Security Researcher und ehemaliger Entwickler von DivestOS) mehrfach die Insecurity von e/OS/ kritisiert. Als Reaktion darauf kamen Anfeindungen seitens Murena und der e/OS/ Community gegenüber Tavi und DivestOS was letztendlich dazu geführt hat, dass Tavi die Entwicklung von DivestOS eingestellt hat.
Des weiterem attackieren sie regelmäßig auch GrapheneOS.
Erst vor ein paar Monaten hat Gaël Duval (Chef von Murena) einen Artikel von einer Neonazi Verschwörungsseite beworben die GrapheneOS und deren Founder Daniel Micay angriff.
https://archive.is/SWXPJ
https://archive.is/n4yTO
> "An GrapheneOS finde ich zum Beispiel nicht gut, dass es nur auf Google Geräten läuft."
1.) Sind Pixel nunmal derzeit die einzigen Geräte die vernünftige Hardware Security bieten und vollständig Custom OSe unterstützen
2.) Kann man Pixel Geräte auch refurbished kaufen, dann geht kein weiteres Geld an Google
3.) Arbeitet GrapheneOS derzeit mit einem OEM zusammen damit ein Teil deren zukünftigen Geräte GOS unterstützt
> “Die haben auch das IT-Sicherheitskennzeichen des Bundesamts für Sicherheit in der Informationstechnik (BSI) und sind nachweislich besser, was Datenschutz und Privatsphäre angeht."
Ändert nichts daran, dass sowohl iPhones als auch Pixels bessere Hardware Security und Supportzeitraum bieten als Samsung.
Und ich kann dir sagen, dass OneUI definitiv keine bessere Privacy hat als iOS oder PixelOS. Du hast dort neben den privilegierten Google Services noch die Samsung eigenen Apps und Services (die kann man zwar mittels MDM einschränken/deaktivieren ist aber immer noch schlechter als bei PixelOS wo du nur die Google Services hast).
Mit Apple iNDIGO hast du sogar für den öffentlichen Sektor die Freigabe vom BSI für VS-NfD.
Und Südkorea ist ethisch nicht besser als die USA, eher schlechter.
Pixel mit GrapheneOS. Gibt kein anderes Custom OSe das die Sicherheit vom AOSP nicht verschlechtert/abschafft, Security Updates wochen/monatelang verzögert ausliefert und so gut deine Privacy schützt.
@klappspatack @BrennpunktUA @AwetTesfaiesus @kuketzblog
e/OS/ ist in jedem Hinblick so ziemlich die schlechteste Wahl für ein Smartphone OS. e/OS/ reduziert die Security und Privacy gegenüber dem AOSP massiv und schafft nahezu das komplette Sicherheitsmodell ab.
Das beinhaltet unter anderem:
-) keine Unterstützung von Verified Boot (ein sicherheitskritisches Feature bei Android)
-) monatelange Verzögerung von Security Updates
-) bei den Full Patches kann es auch schonmal länger als ein Jahr dauern
-) Chromium kam/kommt im einem Monatelang nicht upgedateten Auslieferungszustand daher.
-) sie hatten mal einen Jahrelang nicht geupdateten Orbot Client in Verwendung
-) Es gab auch einen Vorfall, bei dem ihr Cloud-Dienst die Session-keys mishandled hat und Usern Zugriff auf die Dateien anderer gewährte, und dann die User anlügte, dass der Server die Dateien nicht sehen könne, obwohl es keine E2EE gab
-) der voice-to-text service von e/OS/ sendet die Daten standardmäßig an OpenAI ...
Das ist keine vollständige Auflistung, siehe hierzu auch:
Hinzukommt noch das Fairphone teilweise EoL Hardware verbaut und immer noch wichtige Security Features fehlen.
Siehe hierzu auch Infos von Tavi (Android Security Researcher und ehemaliger Entwickler von DivestOS):
https://forum.fairphone.com/t/is-fairphone-really-interested-in-sustainability/99302/2
Du solltest dir mal die Vergleichstabelle von eylenburg ansehen, dort findet man gut übersichtlich dargestellt wichtige Infos zu den einzelnen Custom OSe:
Ich rufe dir nochmals folgendes in Erinnerung:
e/OS/ ist in jedem Hinblick so ziemlich die schlechteste Wahl für ein Smartphone OS. e/OS/ reduziert die Security und Privacy gegenüber dem AOSP massiv und schafft nahezu das komplette Sicherheitsmodell ab.
Das beinhaltet unter anderem:
-) keine Unterstützung von Verified Boot (ein sicherheitskritisches Feature bei Android)
-) monatelange Verzögerung von Security Updates
-) bei den Full Patches kann es auch schonmal länger als ein Jahr dauern
-) Chromium kam/kommt im einem Monatelang nicht upgedateten Auslieferungszustand daher.
-) sie hatten mal einen Jahrelang nicht geupdateten Orbot Client in Verwendung
-) Es gab auch einen Vorfall, bei dem ihr Cloud-Dienst die Session-keys mishandled hat und Usern Zugriff auf die Dateien anderer gewährte, und dann die User anlügte, dass der Server die Dateien nicht sehen könne, obwohl es keine E2EE gab
-) der voice-to-text service von e/OS/ sendet die Daten standardmäßig an OpenAI ...
Das ist keine vollständige Auflistung, siehe hierzu auch:
Hinzukommt noch das Fairphone teilweise EoL Hardware verbaut und immer noch wichtige Security Features fehlen.
Siehe hierzu auch Infos von Tavi (Android Security Researcher und ehemaliger Entwickler von DivestOS):
https://forum.fairphone.com/t/is-fairphone-really-interested-in-sustainability/99302/2
Du solltest dir mal die Vergleichstabelle von eylenburg ansehen, dort findet man gut übersichtlich dargestellt wichtige Infos zu den einzelnen Custom OSe:
https://eylenburg.github.io/android_comparison.htm
Des weiterem attackiert Gaël Duval (Chef von Murena) häufig andere Projekte die Murena und e/OS/ kritisieren und ihren BS aufdecken (GrapheneOS, DivestOS).
> "If the app would have been native it would have operated inside firejail sandbox. Probably not as good as with GOS but it isn't like there isn't any safety features"
Firejail does not even come close to offering the same robustness as the AOSP sandbox (GrapheneOS improves on this even further).
That's the problem when you try to bring the security model of desktop Linux systems to smartphones—you significantly worsen the current situation.
> “But immediately going for neo-Nazis is extreme imo”
I'm not saying that Rossman is a neo-Nazi, but he is active on a platform that includes such people and is known for organizing and carrying out organized trolling and doxxing campaigns (https://en.wikipedia.org/wiki/Kiwi_Farms).
He also spreads falsehoods about GOS (he once said somewhere that GOS was dead and would not upgrade to Android 16, but a few days later, GOS was on Android 16).
> “ [...] and they spammed 14! messages”
That's what happens when you want to write detailed explanations and technical information and have a character limit of 500 per post. I would also had to split my posts into at least 7 smaller posts. That's more Mastodon's fault.
> “Didn't claim that some European project is superior”
The problem is that they are worse alternatives than Pixels, iPhones, and even current Samsung smartphones, but contrary to technical reality, they present themselves as better. If they met industry standards and offered long support periods (and didn't use EoL Hardware or cheap Chinese MediaTeks), that would already be better than their current status.
> “This is copy paste from GOS :D”
No, it's not.
> “But to be honest, if they were as good as they claim, they wouldn't participate in conversations so toxically.”
As I said, I don't see any toxic communication. I don't consider setting the record straight, adding Information to the discussion, defending against false claims and exposing them, to be toxic communication.
> “Ps. How can you write such long messages? I have a limit of 500 characters. It might be clearer to answer with one post, but I haven't figured that out yet.”
That's the standard on Mastodon. You can only increase it with a specially patched instance.
> "but on other hand how many normal Joe will ever experience that 3rd party will target your device specifically?"
> "Didn't claim that average Joe couldn't use GOS, just that it makes most sense for those that probably face direct 3rd party attacks"
> "Some alternatives are in my opinion good enough from privacy perspective to average Joe who's main privacy thread is Google/Meta/Microsoft"
You don't have to specifically target the device. Some time ago, the developer of the Smarttube app (a privacy-friendly YouTube client) was hacked, and malicious builds of the app were released and distributed. Since Android has a robust sandboxing and permissions model, the damage was largely minimized.
The incident is a good example of how important sandboxing and the OS security model are. Just imagine if the app had also been available for Linux (including SailfishOS) or Windows – the damage would have been enormous.
It is also a good example of how a trustworthy app became a threat. This can happen with other apps at any time.
> "I don't know how chatting about phone OS turns into speaking about neo-Nazis without relating at all to those OSs?"
You were the one who linked Rossmann's video; I just pointed out that he is not a reputable source and that you shouldn't believe anything he says. If you want to know more, ask @GrapheneOS yourself.
Here's my take on it (my private Opinion):
I've been reading GrapheneOS posts (on X and Mastodon) almost daily for almost a year now, and I've never noticed any toxic communication on the part of GrapheneOS. All they do is publish technically accurate information (which often overlaps with other Android security researchers).
> "[...] with GOS (Google developed OS with different clothes and nicer seams) [...]"
This statement is incorrect. It is based on the AOSP (like LineageOS, IodeOS, etc.) but significantly improves the security of the AOSP. No GOS developer is affiliated with Google in any way.
> “doesn't contribute anything to the table if we are looking at European alternatives”
These so-called “European alternatives” all have far worse security than Pixels or iPhones. In the case of Fairphone, for example, GrapheneOS and Tavi (Android security researcher and former developer of DivestOS) have already written something:
https://forum.fairphone.com/t/is-fairphone-really-interested-in-sustainability/99302/2
> “[...] but why bash every other alternative just to prove your superiority?”
It's not about showing that they are “superior.” It's about providing technically accurate information, refuting false claims made by various companies and organizations (some of which attack GrapheneOS), and defending themselves from those attacks.
If there were a smartphone OS with reasonable security (modern exploit mitigations, memory-safe languages, robust sandboxing and permissions systems, strict MAC policies) and timely security updates, they would recommend it.
> "But for average Joe, there are privacy friendly options, which can even be fully Google free as they aren't even android based"
GrapheneOS is the only custom OS that does not weaken or eliminate the security of AOSP, but actually significantly improves it. It is also the only custom OS that does not delay security updates for weeks or months. Any custom operating systems that are not based on Android (e.g., Sailfish OS) lack basic security mechanisms such as modern exploit mitigations, memory-safe languages, reasonable sandboxing and permissions systems, strict MAC policies, etc.
This means they also lack the ability to protect users' privacy from malicious third parties.
The majority of GrapheneOS users are ordinary people, not opposition figures or journalists, so it is false to claim that GOS is only for such people.
And btw, the Linux kernel contains a lot of code from Google, Microsoft, Oracle, Red Hat, etc. Using Linux kernel-based OSes are not “fully Google free”.
> "I also have problem a little bit how GOS people communicates. This has been demonstrated well in video: https://youtu.be/4To-F6W1NT0"
Louis Rossman often spreads fake news about GrapheneOS (e.g., he once said somewhere that GOS was dead and wouldn't be updating to Android 16, but a few days later, GOS was released with Android 16).
See also information from GrapheneOS about Rossmann and the video:
https://xcancel.com/GrapheneOS/status/1950568612600619319#m
Louis Rossmann also has a verified account on KiwiFarms, one of the largest neo-Nazi, hate, and troll platforms:
https://kiwifarms.st/members/larossmann.132201/
https://en.wikipedia.org/wiki/Kiwi_Farms#Harassment
https://en.wikipedia.org/wiki/Kiwi_Farms#Christchurch_mosque_shootings
You can also see that he posts there regularly (the last time was this Wednesday, for example).
And that he specifically seeks out friendships with people who regularly attack GrapheneOS on KiwiFarms.
A current iPhone is perfectly fine and definitely the better choice than a Fairphone with e/OS/.
> “Self flashing – not for the masses”
Incorrect, there are already several stores offering GrapheneOS:
https://shop.nitrokey.com/shop/category/smartphone-tablet-4
https://shop.proxysto.re/de/i/pixel/
https://www.freifon.shop/c/freifon-kaufen/grapheneos
https://buy.jolla-devices.com/product/pixel-9a-with-graphene-os/
> “Lack of some essential app functionality”
No less than with other custom OS, quite the contrary.
> “Would say... Buy a Nokia 5310”
Far worse security and privacy than a smartphone, you can't even use encrypted messengers.
By the way, GrapheneOS is working with an OEM to ensure that future devices support the requirements for GOS (planned for 2027 iirc, @GrapheneOS is that correct?).
And honestly, I don't understand this anti-Pixel attitude. Google hardly makes any money selling Pixels (they make far more with their licensing), and if you buy them refurbished, they don't get any money at all.
If environmental protection is really important to you, buy a used smartphone and flash it with LineageOS (you can forget about security/privacy anyway, and LineageOS is still better than e/OS/). That's far better than buying a new ewaste device with an OS that only lies to users.