Post AF62fG2vffPeFz6jnk by vilinhen@mastodon.social
(DIR) More posts by vilinhen@mastodon.social
(DIR) Post #AF62csvOfJ2hy3S99U by inference@pleroma.inferencium.net
2022-01-04T12:21:53.220961Z
0 likes, 0 repeats
@aral @vilinhen Cybersecurity researcher here who used only Google Pixel phones with GrapheneOS.Google Pixel phones are the only phones which not only have all security of AOSP (stock Android) like most or all other Android phones (Android has a high security model whereas Linux has a very weak security model), they have Hardware Security Modules to keep cryptographic keys out of the software and SoC TEE.Google Pixel phones have the following features which no other phone has:- Custom OS signing key support, which allows custom OSes to relock the bootloader to enable verified boot. Verified boot ensures that the phone is protected against both evil maid attacks and malware persistence, should malware hook itself into the OS; VB will attempt to self-heal the OS, and will throw a security exception/warning upon boot if it cannot self-heal.- Fast security updates which are released each month. Other Android phone manufacturers are much behind on security updates a lot of the time. These security updates include both kernel and userspace updates.- Long support lifecycles of 3+ years, with Pixel 6 and Pixel 6 Pro increasing it to 5+ years.Google Pixel running GrapheneOS is the only Android device which is as secure as iPhone running iOS. GrapheneOS is open source and auditable, unlike iOS. Linux phones destroy the security model, as does having an unlocked bootlader and rooting your phone.If anyone is interested in some well referenced articles to prove what I stated, let me know and I'll be happy to prove evidence.
(DIR) Post #AF62fFY5WKk6iKg6jI by aral@mastodon.ar.al
2022-01-04T11:10:27Z
0 likes, 0 repeats
I wouldn’t buy a new de-Googled Pixel phone for the same reason I wouldn’t split a donation between Black Lives Matter and the KKK.Make sure the business model of your privacy-respecting alternative doesn’t simply create yet another revenue stream for the likes of Google.
(DIR) Post #AF62fG2vffPeFz6jnk by vilinhen@mastodon.social
2022-01-04T11:30:14Z
0 likes, 0 repeats
@aral Hey, what is your opinion on #mydataismydata /e/os? Just curious what other like-mided people think 🙋♂️
(DIR) Post #AF62fGYpl2vvqw2DWy by aral@mastodon.ar.al
2022-01-04T11:34:52Z
0 likes, 0 repeats
@vilinhen I’m glad they exist.I have concerns about security but, for everyday threat models for everyday people, it’s not a showstopper.Would I recommend it to an activist whose life might be in danger. No. I’d say go for GrapheneOS (which is sadly only available on *spit* Google Pixel phones for a valid technical reason, which is also the reason why it’s more secure).
(DIR) Post #AF62fH9LZI8lgB7NRY by inference@pleroma.inferencium.net
2022-01-04T12:22:22.916962Z
0 likes, 0 repeats
@aral @vilinhen Cybersecurity researcher here who uses only Google Pixel phones with GrapheneOS.Google Pixel phones are the only phones which not only have all security of AOSP (stock Android) like most or all other Android phones (Android has a high security model whereas Linux has a very weak security model), they have Hardware Security Modules to keep cryptographic keys out of the software and SoC TEE.Google Pixel phones have the following features which no other phone has:- Custom OS signing key support, which allows custom OSes to relock the bootloader to enable verified boot. Verified boot ensures that the phone is protected against both evil maid attacks and malware persistence, should malware hook itself into the OS; VB will attempt to self-heal the OS, and will throw a security exception/warning upon boot if it cannot self-heal.- Fast security updates which are released each month. Other Android phone manufacturers are much behind on security updates a lot of the time. These security updates include both kernel and userspace updates.- Long support lifecycles of 3+ years, with Pixel 6 and Pixel 6 Pro increasing it to 5+ years.Google Pixel running GrapheneOS is the only Android device which is as secure as iPhone running iOS. GrapheneOS is open source and auditable, unlike iOS. Linux phones destroy the security model, as does having an unlocked bootlader and rooting your phone.If anyone is interested in some well referenced articles to prove what I stated, let me know and I'll be happy to prove evidence.
(DIR) Post #AF62tXWdTs1iWOoSTQ by hyde@lazybear.social
2022-01-04T12:24:58Z
0 likes, 0 repeats
@aral I tooted couple of days ago, that I would love to see #grapheneos on some other devices. I'm using #LineageOs with my oneplus 7... but I will probably consider a fairphone for my next one. I wonder the work implied to harden Lineageos to meet grapheneos standard... and if it's doable...
(DIR) Post #AF63EhDscYaigA80OG by inference@pleroma.inferencium.net
2022-01-04T12:28:49.173983Z
0 likes, 0 repeats
@aral @vilinhen Cybersecurity researcher here who uses only Google Pixel phones with GrapheneOS.Google Pixel phones are the only phones which not only have all security of AOSP (stock Android) like most or all other Android phones (Android has a high security model whereas Linux has a very weak security model), they harden it. They have open source Hardware Security Modules to keep cryptographic keys out of the software and SoC TEE.Google Pixel phones have the following features which no other phone has:- Custom OS signing key support, which allows custom OSes to relock the bootloader to enable verified boot. Verified boot ensures that the phone is protected against both evil maid attacks and malware persistence, should malware hook itself into the OS; VB will attempt to self-heal the OS, and will throw a security exception/warning upon boot if it cannot self-heal.- Fast security updates which are released each month. Other Android phone manufacturers are much behind on security updates a lot of the time. These security updates include both kernel and userspace updates.- Long support lifecycles of 3+ years, with Pixel 6 and Pixel 6 Pro increasing it to 5+ years.Google Pixel running GrapheneOS is the only Android device which is as secure as iPhone running iOS. GrapheneOS is open source and auditable, unlike iOS. Linux phones destroy the security model, as does having an unlocked bootlader and rooting your phone.If anyone is interested in some well referenced articles to prove what I stated, let me know and I'll be happy to prove evidence.
(DIR) Post #AF64Y4jtVmqn4OuJDE by Lamdarer@social.dev-wiki.de
2022-01-04T12:43:21Z
1 likes, 1 repeats
@hyde @aral Unfortunately #GrapheneOS is not available for the reasons @inference mentioned https://pleroma.inferencium.net/objects/90b5c624-ed17-4871-9b94-92f5ee54275bThe devs or one of them stated that they would like to support other devices but dont because they dont know of any Phone that supports certain security features on custom ROMs such as GrapheneOS (see german source, Answers are in English) [1]: https://www.kuketz-blog.de/erneut-rueckmeldung-von-daniel-micay-grapheneos-entwickler/" We’re very interested in supporting more than Pixels and are actively working with some companies to influence future hardware and potentially partner with them to get our hands on GrapheneOS versions of the devices.Current devices that are supposedly privacy-focused have substantially worse security and also privacy regressions. There are mainstream devices meeting our requirements… but only when running the stock OS. The hardware vendors choose not to invest in providing full support for alternate operating systems and cut corners when it comes to making it secure. Only supporting verified boot, attestation and full hardware keystore functionality with the stock OS is the norm. It’s unclear if there are any existing devices we could be using. It is quite possible that some of the Android One phones would be a suitable target comparable to the security of an older generation Pixel. We don’t have the resources to invest in purchasing devices, doing research on them and also communicating with the vendors. We regularly report issues with Pixels and get them resolved, including issues only impacting an alternate OS."
(DIR) Post #AF64zYC86aKSF8DP9s by dazinism@social.coop
2022-01-04T12:48:27Z
0 likes, 0 repeats
@hydeIts kind of not really possibleA long time ago Graphene was based upon Cyanogenmod (pretty much what is LineageOS now) but they moved to basing it directly on AOSP due to various issues.DivestOS.org takes LineageOS and improves security- sorts out some of the problems with LineageOS, applies patches to the kernel, & has everything for verified boot to work on devices that support it (but also does some other stuff). Its about doing the best for older devices. @aral
(DIR) Post #AF65M6VzBSsZ3YG0CO by newt@stereophonic.space
2022-01-04T12:52:32.244818Z
0 likes, 0 repeats
@dazinism @hyde @aral "A long time ago Graphene was based upon Cyanogenmod"No. GrapheneOS (formarly CopperheadOS) has always always based on AOSP with some custom tooling and patches on top. This is also the reason it only supports the latest Pixel phones, because that is what AOSP supports.
(DIR) Post #AF65cCNJAEvprdsAEK by newt@stereophonic.space
2022-01-04T12:55:27.385752Z
0 likes, 0 repeats
@dazinism @hyde @aral "A long time ago Graphene was based upon Cyanogenmod"No. GrapheneOS (formarly CopperheadOS) has always been based on AOSP with some custom tooling and patches on top. This is also the reason it only supports the latest Pixel phones, because that is what AOSP supports.
(DIR) Post #AF66Hm5NIUOCUZJFC4 by dazinism@social.coop
2022-01-04T13:01:53Z
0 likes, 0 repeats
@newtIm afraid you are mistaken. In its early days (when they supported the Samsung Galaxy S4 and some Google Nexus phones) it was based on Cyanogenmod. Shortly before I bought a used Nexus 5 (I almost got a Samsung) to start using it they rebased onto AOSP & dropped support for the Samsung @hyde @aral
(DIR) Post #AF66HmYRYPdpwiuSVE by newt@stereophonic.space
2022-01-04T13:02:52.825363Z
0 likes, 0 repeats
@dazinism @hyde @aral wow you mean that early? Then yeah, this might just be true. I picked it up only around 2016.
(DIR) Post #AF67DeLOEr7vHGOhIO by hyde@lazybear.social
2022-01-04T13:13:26Z
0 likes, 0 repeats
@Lamdarer Thanks ...@dazinism I'll check divestOS.org ... Does anyone use it ?
(DIR) Post #AF6m3Sss5VvMxZJueu by arh@mastodon.alirezahayati.com
2022-01-04T12:30:07Z
0 likes, 0 repeats
@aral what's your phone right now? I have struggle finding a privacy-respecting free (as infreedom) phone that suits my daily needs. I currently use OnePlus 6T with LineageOS installed on it.
(DIR) Post #AF6m3TNiEqauVDkXjM by werwolf@fosstodon.org
2022-01-04T20:50:55Z
0 likes, 1 repeats
@arh @aral any LineageOS supported device is more than enough. I have a guide about trying to maximize your privacy on an Android phone, which you may find useful https://ebin.city/~werwolf/posts/android-privacy-guide/
(DIR) Post #AF6oQCOHm9KaNKyx6W by oseo@fosstodon.org
2022-01-04T21:17:11Z
0 likes, 0 repeats
@werwolf @arh @aral I use Replicant 6.0 0004rc5 with Conversations, K9-Mail, DAVx, Jami, KeePassDX, Markor, MAXS, OpenCamera, Seafile, Simple Gallery, Simpler File Manager and Tusky. Organic Maps and Tor browser are too much for my phone. I advise not to use the native web browser. I bought a refurbished device for 80 €.
(DIR) Post #AF7wV9NFPeXfG5KQHA by cel@skinnyver.se
2022-01-04T20:57:46.133069Z
0 likes, 0 repeats
@aral what if you bought the phone used? in that case you're both not supporting google and helping the environment
(DIR) Post #AF7wV9lLy1pASqbfqi by aral@mastodon.ar.al
2022-01-05T07:04:14Z
0 likes, 0 repeats
@cel Indeed; that’s why I said new :) (I wrote this after seeing an announcement from a company that sells new Pixel phones with GrapheneOS.)
(DIR) Post #AF7wVAD0JDwTqbXkwq by cel@skinnyver.se
2022-01-05T09:24:08.582321Z
0 likes, 0 repeats
@aral you mean nitrokey? yh i just looked through their website hoping at least some of the proceeds go towards funding grapheneos development but absolutely no details :( shame; if i'm wrong @nitrokey should really update their website on this one
(DIR) Post #AF7wVAnW7T9JfqcurQ by nitrokey@social.nitrokey.com
2022-01-05T10:22:42Z
0 likes, 0 repeats
@cel @aral We offered donations to GrapheneOS and are going to publish it later.
(DIR) Post #AF864eSsi0BLPLy0GG by aral@mastodon.ar.al
2022-01-05T07:17:51Z
0 likes, 0 repeats
@inference @vilinhen I know all that. None of that is up for debate. My post is that companies buying new Pixel phones, installing GrapheneOS on it and selling them is simply creating a new revenue stream for Google and isn’t a viable long-term alternative. I absolutely love what GrapheneOS is doing but there must be a non-Google handset if it is going to be a viable long-term independent alternative. CC @Fairphone
(DIR) Post #AF864ifR5GbKRRs5Nw by inference@pleroma.inferencium.net
2022-01-05T12:09:59.430293Z
0 likes, 0 repeats
@aral @vilinhen @Fairphone The issue isn't Google Pixel or GrapheneOS. The issue is no other alternatives come close to being secure or private enough for GrapheneOS to run on it.Fairphone is terrible in its current state, as are all Linux phones. I agree that Google having a monopoly on the ultra-secure and ultra-open Android and even general phone market is a bad thing, but it's up to companies such as the ones developing Fairphone to implement the necessary features to allow GrapheneOS to work correctly on them.
(DIR) Post #AF8CfzvmSc3YQJfwIK by aral@mastodon.ar.al
2022-01-05T13:19:48Z
1 likes, 0 repeats
@inference @vilinhen @Fairphone Agree on the latter bit, that’s why I CCed them in.