- cross-posted to:
- privacy@programming.dev
- cross-posted to:
- privacy@programming.dev
Read the whole thread
However, we don’t have a “hardened security” approach, we aren’t developing a phone for pedo(censored) so they can evade justice.
You must log in or register to comment.
Pedophiles use their work emails and gmail. Making a secure phone OS won’t make a difference.
some people in this thread still dont get it, so:
you cant expect privacy while also having poor security practices. ideally you’d have both and most of these privacy projects are not much more than just a lineage fork with a dns blocker
apparently in duval’s mind, you can always trust even a fascist government to never try to exploit your phone and to give you privacy. or something idk
Well, that’ll be another 100€ December donation to GrapheneOS.
Sadly FUD as ANYTHING that is NOT increasing profit for surveillance capitalism, i.e Google, Meta, etc is a win for privacy!
Of course /e/OS could be better, GrapheneOS could also be better (including on security) but the big picture is that still ANY of those solutions is making surveillance capitalism, the loss of privacy for profit and power, less efficient. That’s good for all of us who, being on Lemmy or other federated instance, believe we do benefit from having more privacy, or at least not trading it away.
TL;DR: be inclusive, bring others up, don’t be exclusive aiming for perfection none of us can attain.
FUD?
“Fear, uncertainty, and doubt (FUD) is a manipulative propaganda tactic used in technology sales, marketing, public relations, …” https://en.wikipedia.org/wiki/Fear,_uncertainty,_and_doubt
Just because something does something good doesn’t mean it’s immune to criticism.
I’m running e/OS in my old Poco F3 right now.
I switched from LineageOS because I though, e/OS would be easier to ungoogle.
In the end, it just defaults to way more compromises than I would have made on LineageOS.
Over all, it’s actually just LineageOS with MicroG preinstalled, a really bad launcher, an ugly 2015-ish iPhone icon theme, and a few mediocre apps preinstalled, that use these ‘Murena’ services that claim to be an alternative to Google services, but they are neither more secure/foss nor reliable.
Their appstore is rather Bad. Yes, it essentially combines something like APKMirror and F-Droid in one app, but it requests a Google account to access PlayStore Apps.
Imho, LineageOS with MicroG, no GApps, F-Droid and APKMirror and a few foss apps is the better solution.
I have my sync services selfhosted through a NAS and simply use WebDAV (backups), CardDAV and CalDAV. This was harder to set up in e/OS than in basic LineageOS, because e/OS is trying to push their own Murena services for that. And if I didn’t have all of these selfhosted, I’d rather use Proton services instead of Murena.
Over all, really sketchy. It’s like a custom Rom that claims privacy but actually just wants you to möge to their own service.
This was pretty much my impression of /e/ as well. Used it only briefly. It ran poorly, had a bunch of crap I didn’t want. Bad launcher. Things didn’t work properly.
Overall impression I got was that the people who make /e/ do not know what they are doing.
While the GrapheneOS dev comes across as sus and toxic to me, part of me would like to give it a try. But between Pixel phones still having black screen of death problems, and newer ones lacking a headphone jack - I found a Moto G100 plus LineageOS with MicroG is a great option.
I only run open software on it, and keep everything proprietary on my old un-degooglable phone that only gets turned on when necessary.
Anyone telling you the list isn’t graphene -> ios -> good custom android -> aosp-> google stock -> samsung stock is lying to you.
How is iOS - a proprietary OS owned by a big tech company - second in your list?
It has some of the best exploit protection next to Graphene if you enable lockdown mode.
Which flavor of Google surveillance would you consider a more private and secure phone platform than iOS?
It can be made very good from a security and privacy perspective.
If you know you know I guess.
There’s good reason to suspect that it’s very terrible from its privacy and security perspective.
Do you think it’s possible for companies or individuals to not comply with court ordered surveillance and search warrants? That’s what prism is, nsa driven data collection ordered by the court system.
Further, on its own and absent any other evidence, the timeline of prism entry corroborates my statement that ios is second to graphene.
Apple is not a good company, there are no good companies. Apple is a company selling security and privacy amongst other things. You have to buy security and privacy because you can’t go out into the backyard, fell a phone tree, carefully choose the section with the strongest, straightest traces and shape it into an optimally private and secure device in the shed using your grandfathers antique phoneworking bench and strap driven phone lathe.
Do you think it’s possible for companies or individuals to not comply with court ordered surveillance and search warrants?
Companies can’t, no. That’s precisely my point. Hence your argument that iOS is more “secure” than any other bar Graphene is disingenuous. iOS is developed by a company which can be (and likely already has been) pressured into compromising its users on behalf of three-letter agencies. The NSA slides are strong evidence of that.
Large collectives of devs spread out all over the world, however, can withstand such pressures since they’re hard to get a hold of. The developers of OSs such as Graphene, Debian or Lineage could easily resist such attempts, simply because they’re not a legal entity incorporated inside a single jurisdiction.
You’re correct in saying that Apple is “selling” privacy and security (as in: marketing, pinky-promising). They may be selling that story, but I ain’t buying it.
As a longtime and current debian user, lol if you think it hasn’t been infiltrated or that any network of developers spread over the globe could resist infiltration let alone the open source “community”.
A large portion of the maintainers of popular open source projects are en the employ of some company or other explicitly because of their maintainer role. Even if some hypothetical distributed global network of developers could resist infiltration, the maintainers of our open source software cannot.
The building blocks of android are maintained by developers who are employed by google. Google was compliant with prism four years before Apple (the exact amount of time it would take for a sealed case to wind its way through appeals).
If the fact of apples compliance with the laws of its jurisdiction worry you, the fact that people don’t get targeted or convicted off of information from properly configured icloud accounts or locked Apple devices should counteract that worry. The fact that other generally held to be trustworthy companies like mullvad are compliant with the laws of their jurisdiction should make it clear that legal compliance doesn’t necessarily mean a company or service isn’t trustworthy.
I would also like to point out that for the purposes of us law, entities outside the jurisdiction of the us are subject to a freer surveillance apparatus which need not be hampered by what some judge is willing to sign off on and doesn’t need to comply with its subjects rights as defined under us law.
An apple in Mexico would be able to offer fewer protections to its us customers than one incorporated in the us.
I thought Samsung stock was better because of Knox et all
better but than the rest of the unmentioned dogshit
Years ago as I started research I literally laughed at loud at the thought of buying a google phone to… Degoogle!
Talk about an instant compromise of values! Haha!
Then I saw the toxicity of the GOS devs & their fanz & that sealed the deal
Best decision ever to run away from that group of nasties
Ahhhhhh, the zen life
Pixels are the only phones available which meet GrapheneOS’ security requirements. https://grapheneos.org/faq#future-devices
GrapheneOS appears to be toxic on the outside, but essentially everything they say is completely true.
This is a different OS isnt it? E and G are different and theynare pointing out that being security conscious doesnt make you a criminal
The linked bsky thread is by GOS, citing /e/.
“anyone who wants privacy from their government is a pedophile” is a hell of a stance…
“Why did you lock your doors, what did you steal?”
More like, “Why did you lock your doors, are you diddling kids?”
Honestly by now it’s becoming reasonable to assume “projection” as a baseline, to then change based on evidence, when someone has a take like this guy’s.
I don’t mean the political tactic, just the garden-variety kind of projection. “Probably ~everyone thinks the way I do, and boy, we better not give everyone the tools to act on that…”
Deeply wrong about how most folks think, because of how they themselves do, and believing they’re therefore helping. Likewise a self-admission, because they don’t realize they’re admitting anything.
Maybe not the case with this guy, I’m not gonna dive in.
But I do sincerely believe that’s a somewhat charitable take toward anyone making a claim like this today. Charitable in the sense of acknowledging a misunderstanding and desire to help.
The less charitable one being - just obviously complicit. Fuck this noise.
the privatized western govts & their tech boys literally are the infrastructure of the global pedos it’s asinine & dangerous to tell people to ignore that!
The stereotype of pedophiles in cop shows is that they use desktop computers anyway, not phones. Don’t know how true to reality that is though.
I think it’s fair they support way more phones than GrapheneOS, even if the security is way worse. But it’s a whole other thing to call people who want secure phones pedophiles.
I am skeptical how worthwile it is to use /e/os over OEM Android at this point
Well, you get a superiour privacy and security by just debloating a device via ADB.
You keep access to non-verified apps no matter what Google wants since it uses microG.
It’s openness vs security.
Agree with your outlook, but I think it’s not too farfetched to give the benefit of the doubt to the speaker here and establish that pedophiles were used as an example (of people whose survival depends on their data not being breached), rather than a direct comparison. And he goes on to name being an executive to the secret services as another example (again, of people to whom hardened security of data is an imperative), but we’re not saying he thinks secure phones are just for people in secret services, are we?
He’s just saying, albeit rather clumsily, that their goal is simply not that level of hardened security, but rather privacy from data miners.
I think both approaches are too extreme. Supporting every device leads to poor security, poor stability, and therefore a poor user experience, but only supporting just Google devices (while there is a good reason for that) is a step too far for most people.
If I were in the position of e/os I’d just support probably three manufacturers. Going through the major ones that I know of: Motorola and Google are obvious picks. Next would need to be something cheap and popular. Samsung is way out of the question. Xiaomi and Vivo I’ve never seen their phones mentioned outside of China (which is a country that generally doesn’t have the same privacy considerations as people in the west do). That leaves Oneplus and Tecno Mobile for the third model.
CalyxOS (when it existed) supported Fairphone, Motorola (some) and Pixel.
The full translation of the clip of Gaël Duval provided by GrapheneOS:
There’s the attack surface, on that front we’re not security specialists here, so I couldn’t answer you precisely, but from the discussions I’ve had, it seems that everything we do reduces attack surface.
However, we don’t have a “hardened security” approach, we aren’t developing a phone for pedo(censored) so they can evade justice. So there aren’t difficult things to check if the memory is corrupted, really hardened security stuff that could clearly be useful for executives, in the secret service, or whatever.
That’s not our goal, our goal is to start from an observation: today our personal data is constantly being plundered and that wouldn’t be legal in real life with the mail or the telephone, we want to change that. So we are making you a product that changes that by default for anyone.
As a french speaker, I can attest that the translation is fairly accurate.
While I don’t agree with the characterisation Gaël Duval makes here, I believe the statement from GrapheneOS here:
Duval and his organizations have consistently taken a stance against protecting users from exploits. In this video, he once again claims protecting against exploits is for only useful pedophiles and spies.
Is a bit disingenuous. It sounds like they do make some efforts to secure their device, but it’s not their main focus. Theirs is to improve privacy first and foremost.
I would take anything GrapheneOS devs says with a grain of salt, as we all know that they have quite an adversarial relationship with… well… everyone. But especially other OS makers.
It sounds like they do make some efforts to secure their device, but it’s not their main focus. Theirs is to improve privacy first and foremost.
I don’t have any issue with that: different OSes have different priorities and that’s okay. However, I feel like he’s basically saying that users of hardened secure devices are pedos, and I have a very big issue with that. I don’t know if maybe in French it doesn’t sound that way, but the English translation does for me.
That’s how it sounds. So, I’m a pedophile because I run GrapheneOS on my phone? I guess I better tell my wife, and my kids.
… and my kids
“Hey Kiddos! So I have some good news and some bad news…”
Kind of shameful of /e/ to blatantly disregard user privacy like that. Is Graphene our last stand against Orwellian surveillance?
i honestly dont care much about privacy in the sense that i dont rlly need it to be provided by an OS, just give me max freedom and let me handle privacy myself. That being said I am on grapheneOS atm but still hoping for librephone to enable me to have an arch linux like phone experience that i can customize to hell
That would be really cool.
Lmao what a toxic piece of shit
Privacy is something everyone deserves, not something only criminals want
I can’t believes he’s intentionally anti-privacy. Occam’s razor suggests he’s instead a fucking idiot.
Yeah maybe. But whether it’s intentional or not, I would not want to use /e/os.
But also, from the linked thread:
Murena is a for-profit company owned by shareholders including Gaël Duval. /e/ has a non-profit organization which is also led by Gaël Duval. /e/ includes paid services from Murena. /e/ very clearly exists to build products for Murena to sell in order to enrich the shareholders.
Despite being done for profit, /e/ receives millions of euros in funding from the EU on an ongoing basis. /e/ and Murena use extraordinarily inaccurate marketing to not only promote their products/services but also to mislead people about GrapheneOS and scare them away from it.
From @grapheneos.org
Graphene made an OS only for Google phones. I can see what they mean here, but not sure they have room to talk regardless of the security circumstances.
It is shitty if there was a smear campaign against them though.
Oh agreed. I wouldn’t want to install an OS from a fucking idiot either.
(And I take your point that said idiot may also be a dishonest slime ball.)
I can see how one can interpret it like that, but it’s not how I read what he said. I think the point he’s trying to make is that hardened security protects the user from attacks, yes, but their focus is to provide services that can be trusted not to attack the user. He said: “really hardened security stuff that could clearly be useful for executives, in the secret service, or whatever. That’s not our goal”
I mean, I use GrapheneOS on my phone, but do I personally need all the hardened security? Not really. It’s nice theoretically, but mainly I’m just happy the OS itself isn’t spying on me. I’m personally not very worried about an evil maid attack or state level spying.
Please provide the video with the question included. This looks cut to fit the anti murena narrative that GrapheneOS has been screaming about for years. It’s the same tactic Republicans use against others: cutting only a bit that sounds bad when taken out of context.
