Post B2foFSTy1KQlXDDtwG by Suiseiseki@freesoftwareextremist.com
(DIR) More posts by Suiseiseki@freesoftwareextremist.com
(DIR) Post #B2fjua5S9TndDpXwLw by mjg59@nondeterministic.computer
2026-01-26T05:25:30Z
0 likes, 0 repeats
Let's workshop a scenario a little. Bad things happen. People are afraid. People buy one of the small number of phones that is almost entirely free software, and organise resistance that way. The resistance are now disproportionately using devices that have IMEIs from specific ranges, and which can be geolocated through tower records. What do you think happens next?
(DIR) Post #B2fjublftzAQR4JAno by mjg59@nondeterministic.computer
2026-01-26T05:31:15Z
0 likes, 0 repeats
If you're in the US and you want to reduce the risk the vendor will fuck you over on behalf of the government without looking suspicious? Much as it pains me to say it, Apple's track record in refusing to assist the FBI in the San Bernardino case is a strong signal there
(DIR) Post #B2fjucrjovbxqA9WtM by publicvoit@graz.social
2026-01-26T09:14:44Z
0 likes, 0 repeats
@mjg59 This only holds true if you blindly trust #Apple & the security level of their software.Their policies may change any time as we've seen in many cases of big corps already.Their ability to provide secure software is mostly a myth from old times. They pushed extremely embarrassing security bugs multiple times which not only means that their testing processes are insufficient.https://karl-voit.at/cloud/ has a few of their failures with respect to #privacy & #security.Having absolute trust in a shareholders obliged company, you may face massive backfire some day.If you are *really* looking for maximum level of protection, there's nothing better as a #Pixel 8 or higher (also from 2nd hand market) with #GrapheneOS flashed (it's very easy via web browser + USB cable and a 2nd #Android device) and a self-chosen level of #Google integration.You may go without any Google service at all or you can opt in for a sandboxed version of them.HTH#publicvoit #digitalSouvereignity #iOS
(DIR) Post #B2fkJchNZwJAYtE8wK by mjg59@nondeterministic.computer
2026-01-26T09:18:46Z
0 likes, 0 repeats
@publicvoit Ok, so first, the track record of Apple publishing detailed descriptions of their security practices outstrips every even vaguely comparable vendor (including Google). But that's not really the point - most people are going to trust a giant international megacorp. The only evidence you have is past behaviour. Do you pick one who has clearly stood up in the past, or one who hasn't?
(DIR) Post #B2fkSkqUepuER3qPj6 by Dorf161@mastodon.social
2026-01-26T09:20:56Z
0 likes, 0 repeats
@publicvoit @mjg59 Pixel lower than 8 with GrapheneOS are not secure? :thaenkin:
(DIR) Post #B2fkq0ee2xEu7tOJSS by Suiseiseki@freesoftwareextremist.com
2026-01-26T09:25:13.602970Z
0 likes, 1 repeats
@mjg59 My GNUbooted GNU/Phone doesn't have an IMEI?
(DIR) Post #B2fliMbIfSxVpPkE7M by mjg59@nondeterministic.computer
2026-01-26T09:32:37Z
0 likes, 0 repeats
@Suiseiseki Huh sorry I hadn't realised you were a parody account
(DIR) Post #B2fliNVfHu2seE7EyO by Suiseiseki@freesoftwareextremist.com
2026-01-26T09:35:01.657538Z
1 likes, 0 repeats
@mjg59 Parody account? I am 100% serious.My phone runs 100% free software!
(DIR) Post #B2flwdd09nAggyLa8e by mjg59@nondeterministic.computer
2026-01-26T09:35:45Z
0 likes, 0 repeats
@Suiseiseki Which software?
(DIR) Post #B2flwfFg7ThfjDRz3w by Suiseiseki@freesoftwareextremist.com
2026-01-26T09:37:36.148776Z
0 likes, 1 repeats
@mjg59 GNUboot+GNU/GNU Linux-libre+old version of linphone, which of course connects to a free version of asterisk.
(DIR) Post #B2fmd7TrYWwDROKTaK by mjg59@nondeterministic.computer
2026-01-26T09:42:56Z
0 likes, 0 repeats
@Suiseiseki Oh, and that connects to the cellular network?
(DIR) Post #B2fmd8iQxqBhGs9cw4 by Suiseiseki@freesoftwareextremist.com
2026-01-26T09:45:17.074259Z
1 likes, 0 repeats
@mjg59 It connects to the internet and does calls and SMS's.You can easily add a cellular modem for remote usage, if you want to be spied on, but imagine going outside.
(DIR) Post #B2fmzXPfovV6Ev3l2G by mjg59@nondeterministic.computer
2026-01-26T09:46:51Z
0 likes, 0 repeats
@Suiseiseki Ah, yes, you're not serious. Good to know.
(DIR) Post #B2fmzYh53h1EDCDAo4 by Suiseiseki@freesoftwareextremist.com
2026-01-26T09:49:20.141499Z
1 likes, 0 repeats
@mjg59 How is doing calls and SMS's in freedom, no matter what it takes, not serious?
(DIR) Post #B2fnG9qYh10w4ZYlwO by publicvoit@graz.social
2026-01-26T09:52:18Z
0 likes, 0 repeats
@mjg59 There are too many variables in this discussion.First, Apple is closed source. So you can't tell what Apple is doing exactly.Fine.Then, we can only learn from the past and not from the future. So past failures and how they have been dealt with are the only possible way of extrapolating future events.And: you seemed to imply that the Alternative for Apple is Google. Please do re-read my initial message: I suggested to use a smartphone that is Google-free. If you want to use Google services, it's purely optional with GrapheneOS. With my suggested solution, you would have a choice. With Apple, you need to digest anything they throw at you. Can you see the fundamental difference here?
(DIR) Post #B2fnKDFNzZ0tmG6dzE by publicvoit@graz.social
2026-01-26T09:53:02Z
0 likes, 0 repeats
@Dorf161 @mjg59 Google introduced a few very interesting hardware security features as well as a much longer support time-frame with the 8 series.
(DIR) Post #B2fnea3KuWpMIdBM3M by mjg59@nondeterministic.computer
2026-01-26T09:21:31Z
0 likes, 0 repeats
@publicvoit "Buy a second hand Pixel 8 and jump through these hoops to reflash it" is great advice for someone like me and terrible advice for most people who are now going to end up with a phone that doesn't do everything they expect it to. Before making that recommendation, describe your threat model.
(DIR) Post #B2fnebRpiw16cteQsK by publicvoit@graz.social
2026-01-26T09:56:41Z
0 likes, 0 repeats
@mjg59 True. Always speak about requirements and - with security - threat models.I got the impression that you wanted to write about companies giving away your personal data to 3rd parties. So this was clearly one part of my threat model.Related to your worries with GOS flashing: I'm sure that everybody is able to open a web page on an android phone, connect a decent USB-C cable between 2 android phones, push a few buttons on that web page. That's more or less the whole process. You'd be amazed how easy this got in the meantime.And: if you worry about things that do not work: my GrapheneOS is working with all banking apps I need, all government issued apps I need - same as with any other stock ROM. So what's your threat model of not being able to use your phone here?
(DIR) Post #B2fnr45Z40VUvgB3z6 by HatkeshiatorTND@annihilation.social
2026-01-26T09:56:56.741085Z
0 likes, 1 repeats
@Suiseiseki @mjg59 would you happen to know roughly how much you spent on it, and how much that hardware would go for today? i'm thinking of ditching my own foan in a year or two (very difficult to manage uni without a sim card here because for some reason >80% of coordination happens over whatsapp)
(DIR) Post #B2fo2VjScshBqjIR6W by zstg@fedia.social
2026-01-26T09:56:33.148Z
0 likes, 0 repeats
@publicvoit well said. I fail to understand why people think Apple is safe and private. It is NOT. End of story. Perhaps they're not as bad as Microslop or Google, but they simply cannot be trusted.
(DIR) Post #B2fo2X0rreDJp0RqsK by publicvoit@graz.social
2026-01-26T10:01:00Z
0 likes, 0 repeats
@zstg It's always the same when it comes to Apple fanboys and discussions. 😔 https://karl-voit.at/2024/09/27/Voits-law-of-apple-fanboy-appearance/No, I never said that you don't understand. You're putting words in my mouth that weren't there in the first place. 👿 So therefore, instead of me assuming that you don't understand Apple and security/privacy, you actually showed me your ability to do a proper discussion on that topic with objective arguments, reliable sources on past incidents, threat models, valid alternatives and such. 😩
(DIR) Post #B2foCz6cGrqHqU7ang by Zergling_man@sacred.harpy.faith
2026-01-26T10:00:32.628269Z
0 likes, 0 repeats
@HatkeshiatorTND @mjg59 @Suiseiseki That is when it is most important to do so.
(DIR) Post #B2foFSTy1KQlXDDtwG by Suiseiseki@freesoftwareextremist.com
2026-01-26T10:03:26.322275Z
0 likes, 0 repeats
@HatkeshiatorTND @mjg59 Whatever GNUbooted ThinkPad - the X200 and X200 Tablet are nice and small.To flash an X200, you just take the keyboard and wristpad off, attache a SOIC-16 clip and use a RP2040 to flash.To flash an X200t, you need to take the whole thing apart and either solder 8 wires to the WSON-8 chip, or desolder the WSON-8 chip (very difficult as the large thermal pad conducts all the heat to the rest of the board) and replace it with a SOIC-8 chip.You need a server for asterisk and a SIP trunk account.If a US or Candan number will do, this slop will work; https://jmp.chat/ (you should be able to use it with a computer with work).
(DIR) Post #B2foH3DOvz0HkVEZMW by mjg59@nondeterministic.computer
2026-01-26T10:03:38Z
0 likes, 0 repeats
@publicvoit Ok so first the entire fucking point of having binaries is that you *can* tell what they're doing exactly because that is the code that runs and we are now very well versed in figuring out what binaries do in a way that is actually way harder with source in various waysAnd second: the choice isn't Apple or ideologically perfect phone, the choice is Apple or what someone can buy in a store they have access to
(DIR) Post #B2foSC1aWN8OFy1ONs by Suiseiseki@freesoftwareextremist.com
2026-01-26T10:05:44.608655Z
0 likes, 0 repeats
@HatkeshiatorTND @mjg59 *Whatever GNUbootable ThinkPad.You can just but them pre-GNUbooted, but those tend to be expensive.You can find them unflashed for nothing to a few hundred (more than 150 USD for a X200 is too much tbh).
(DIR) Post #B2foSh7gtjR4hs7ChU by mjg59@nondeterministic.computer
2026-01-26T10:05:44Z
0 likes, 0 repeats
@publicvoit I am a fan of Graphene OS. I am glad it exists. It does not do anything to solve any meaningful threat model that anyone I currently care about is dealing with. If Google has a backdoor to your phone encryption, why do you not believe that exists in Graphene?
(DIR) Post #B2fp8pEl7X5u2BVjM0 by publicvoit@graz.social
2026-01-26T10:13:21Z
0 likes, 0 repeats
@mjg59 I disagree your statement that would imply that closed source has a fundamental advantage over FOSS when it comes to a reliable setup, privacy or security assessments. That's not what I read from experts in this field.Second: yes, I agree that consumers got lazy in the last couple of decades. However, I do have experience myself as well as with peers that given a certain amount of motivation, everybody is able to accomplish that task.At least here in my city, there are lots of community-driven support events where elderly people, non-tech people, ... may install Linux on their notebooks, flash GOS on their phones, ... with optional support by experts. Running those devices is easy. Setting up is also quite easy these days but most people do have a psychological barrier related to modifying their devices according to their requirements/needs.I'm into education myself. When it comes to PIM, most people aren't used to config even the simplest stuff.We can change that.
(DIR) Post #B2fpHL08uD8ArkjVsO by mjg59@nondeterministic.computer
2026-01-26T10:14:09Z
0 likes, 0 repeats
@publicvoit I'm an expert in the field. Please reappraise.
(DIR) Post #B2fpnmVCC3s5QPjCyW by publicvoit@graz.social
2026-01-26T10:20:47Z
0 likes, 0 repeats
@mjg59 You know that security is always a process and there is no 100% security. 😉 So even with sophisticated backdoors in the firmware blobs, you do get a much better level of privacy/security by flashing GOS. I really can not tell why you write stuff like that if you know security and GOS. 🤷 Furthermore, Apple has been caught with really worrisome backdoors as well. Latest example that comes to my mind: https://media.ccc.de/v/37c3-11859-operation_triangulation_what_you_get_when_attack_iphones_of_researchers (people got killed!)As far as I remember, that class of backdoor was not found in a Google device so far. Quite the contrary: Google's security teams did investigate many security issues not only in their own products but also in other companies devices: https://en.wikipedia.org/wiki/Project_ZeroFor the longest time, Apple never had any single point of contact to inform them about their security issues. And they never openly discuss security on a scientific level.I don't know you but this tells me a lot about the importance of security for those two megacorps. 😉
(DIR) Post #B2fq0uUHocoBxJYyZM by publicvoit@graz.social
2026-01-26T10:23:09Z
0 likes, 0 repeats
@mjg59 Well, that makes two of us. 😉 🤷 I don't judge people on their positions. I try to judge people on their actions and statements.Some quotes from you are not very convincing to me so far. 😔
(DIR) Post #B2fqALPZ5Bd244qxvc by mjg59@nondeterministic.computer
2026-01-26T10:24:50Z
0 likes, 0 repeats
@publicvoit You need to stop asserting things because you do not have a strong enough understanding of everything that's going on and the worst case of you being wrong here is that people die
(DIR) Post #B2fqRqfM8DwpvFaOg4 by publicvoit@graz.social
2026-01-26T10:28:01Z
0 likes, 0 repeats
@mjg59 I'm open to arguments.You may just as well send me some reliable sources that back your statements. I'm happy to learn from you.I tried to back up my statements with links and personal experience as well. Happy to provide more if you think that I was wrong here or there.
(DIR) Post #B2fqafqxhdFWzeDtD6 by mjg59@nondeterministic.computer
2026-01-26T10:28:39Z
0 likes, 0 repeats
@publicvoit My background is easily accessible. Please give me a reason why I should trust you at all.
(DIR) Post #B2fqhZXxY4MLSecl0q by zzoo@mastodon.social
2026-01-26T10:30:50Z
0 likes, 0 repeats
@publicvoit @mjg59 "that makes two of us" nope. Matthew is on another level.
(DIR) Post #B2fqokQZUZrREbadmK by publicvoit@graz.social
2026-01-26T10:32:10Z
0 likes, 0 repeats
@mjg59 I remember that there was evidence that while Apple was defending iPhone unlock protection against US agencies they did comply to give away iCloud backups when asked for.Unfortunately, I can't find the sources at the moment. 😔 Maybe somebody else is able to retrieve that reports?
(DIR) Post #B2fr0KyPxJYdlUwoDY by mjg59@nondeterministic.computer
2026-01-26T10:34:13Z
0 likes, 0 repeats
@publicvoit Yeah uh any company being legally compelled to hand something over is going to do so. And you can read up on the various mechanisms Apple uses to ensure that sensitive data they hold is encrypted in a way they can't decrypt.
(DIR) Post #B2fr9PPooHPG9E5cx6 by publicvoit@graz.social
2026-01-26T10:35:54Z
0 likes, 0 repeats
@mjg59 Sorry, in my opinion everybody should be open to reliable sources and objective arguments independent of the person who is pointing in that direction.Yes, I might be wrong here or there. However, you can't prove me wrong by comparing CVs but with exchanging said arguments and sources.Please, do tell me why I was wrong and where. This is how I learn.
(DIR) Post #B2frQ5zMI8Dgosfbu4 by mjg59@nondeterministic.computer
2026-01-26T10:38:31Z
0 likes, 0 repeats
@publicvoit Ok look what you're saying here is that if I say "The sky is blue" and someone turns up and says "The sky is green" it's my job to provide evidence and no I am not going to do that
(DIR) Post #B2frTGzrosgFpVQIXw by publicvoit@graz.social
2026-01-26T10:39:29Z
0 likes, 0 repeats
@mjg59 This is certainly true if you trust Apple to implement their E2EE as they say so.Therefore I mentioned that this requires you to blindly trust Apple in the first place.At least I don't know any reliable 3rd party analysis if their closed source does implement it that way and also without any security flaws that might be used as an attack vector for capable parties.If you know such an analysis (that most probably would only cover one particular point in time though), I'd be delighted to learn about it.
(DIR) Post #B2frxcgRklOhmGoMYy by mjg59@nondeterministic.computer
2026-01-26T10:40:38Z
0 likes, 0 repeats
@publicvoit You are the most tedious person I've dealt with this year and I work in tech in San Francisco
(DIR) Post #B2fs8Lw2Me031CDhgm by mjg59@nondeterministic.computer
2026-01-26T10:34:54Z
0 likes, 0 repeats
@publicvoit I'd expect an expert in this field to know this
(DIR) Post #B2fs8NAFnGxwpZsZUG by publicvoit@graz.social
2026-01-26T10:46:53Z
0 likes, 0 repeats
@mjg59 Exactly.Therefore, my preferred way of mitigating that risk is by not giving away my data to 3rd parties like Apple or Google.It's tedious to discuss all the threats associated with it and how companies try to convince others that they do handle them properly.Mitigating risks include risk avoidance and not just risk management (and others).In my experience, too many people often forget about that possibility that you don't actually need to give away your data to any cloud and still have a proper amount of convenience.Yes, sometimes people should learn about how to do stuff on their own. We've done that in the past and we can emphasize on that part of education again.If somebody thinks that people can't (re-)learn those abilities, that would reduce the options on the table, yes.
(DIR) Post #B2fsENtTziBGpZtwdE by zzoo@mastodon.social
2026-01-26T10:48:00Z
0 likes, 0 repeats
@publicvoit @mjg59 I'm not sure what you are trying to do here... you won't win the argument.
(DIR) Post #B2fsKlfgVGRKJSUW6S by publicvoit@graz.social
2026-01-26T10:49:09Z
0 likes, 0 repeats
@mjg59 🤣 I respect your experience. However, I would challenge you to give me something besides (educated) opinion that convinces me of your arguments so that I may gap my lack of knowledge here.Is that so wrong to ask for?
(DIR) Post #B2fsOoAr8jv5EWzwOm by zzoo@mastodon.social
2026-01-26T10:49:52Z
0 likes, 0 repeats
@publicvoit @mjg59 yes.
(DIR) Post #B2fsbg7wMzkG2Zlse0 by mjg59@nondeterministic.computer
2026-01-26T10:50:58Z
0 likes, 0 repeats
@publicvoit Awesome if that is the thing you prioritise over everything else then you are going to kill people. If you're ok with that keep doing it. But if anyone you are advocating to is at actual real risk you are likely increasing the risk they are exposed to. Are you OK with that?
(DIR) Post #B2fsg07A00MVBlT2dU by publicvoit@graz.social
2026-01-26T10:52:59Z
0 likes, 0 repeats
@zzoo @mjg59 OK, I give up.I thought this would be an excellent opportunity for me to learn something here.Maybe you're right and I'm totally wrong despite the fact that I tried to base my statements on all sorts of reliable sources I consumed so far.Sorry if I was tedious. 😔
(DIR) Post #B2fskzIAU5lm5NzhC4 by mjg59@nondeterministic.computer
2026-01-26T10:53:52Z
0 likes, 0 repeats
@publicvoit Software contains vulnerabilities. Well-resourced actors are better able to find those vulnerabilities. Well-resourced actors are better able to defend against them. Poorly-resourced actors are less able to defend against them. Are you better resourced than Google's security teams? Than Apple's? Against everything capitalism can throw at you? At Saudi paying millions to whoever can give them what they want?
(DIR) Post #B2fzsSQ1I2Q47vAwym by publicvoit@graz.social
2026-01-26T12:13:41Z
0 likes, 0 repeats
@mjg59 Note: my threat model in this discussion did not include hardcore APT attacks and advanced government-driven threats beyond IMSI-catcher and such.My focus here is the privacy/security of the average person in a country where human rights are still in place. For that, I still stand with my arguments/sources mentioned.Matthew may have information I lack so far.
(DIR) Post #B2gWhVQH4rPakIgF4y by zungi@mathstodon.xyz
2026-01-26T18:21:25Z
0 likes, 0 repeats
@publicvoit, i do not see any wrongdoing on your part right now.