Nostr Web Client

I don't. But I don't know enough to say. GrapheneOS came out of CopperheadOS which was marketed towards people wanting security. Just like Signal is suss for that same kind of thing, and I think is a honey trap, I think GrapheneOS is also a honey trap... even if not in the code and totally open source, it pushes you to the google pixel hardware.

miggymofongo ☆彡 1y ago

yea lowkey suss af

remember also that the number one phone maker on earth Huawei is completely banned in US over security reasons ...

I can buy one in NZ and it is supported by major providers, e.g.: https://www.spark.co.nz/help/mobile/device-help/

If it really was banned over security reasons, I think the US would have told NZ and NZ would have pulled it too. More likely it was banned as a trade war tactic. But I'm not certain enough to risk using a Huawei phone.

probably major countries like US and China try to develop their own chips with backdoors for their respective intelligence services ...

personally i would rather be spied on by China than by America since the Chinese can't put me into Guantanamo ...

daniele 1y ago

Page is blank on my Pixel... 🤷😅

The page lists the vendors they sell phones for and support including Samsung, Apple, Huawei, Nokia, Spark, and Oppo

The US banned Huawei NZ and 43 other Huawei subsidiaries in various countries. Maybe Italy followed suit. Or maybe spark doesn't share this info internationally.

The NZ GCSB (five-eyes) banned Huawei 5G gear in 2018 due to security concerns. But not their phones. I remember a friend of mine pissed because it happened right after he bought a Huawei phone and he was worried it would affect him.

daniele 1y ago

Here in Italy you can buy all that brands without problems, and Italy is quite "USA controlled" on certain matters. Weird world.

Btw, I agree that we need an AOSP security focused fork that runs on different hardwares, with an eye for open hardware projects.

Do you know how good Fairphone is on this respect?

No idea.

And when I mentioned the Lava company in India, I did so entirely based on my viewpoint about India's geopolitical positioning - I have 0 information about their phones or if they are any good.

I like that GrapheneOS is open source. I don't like that it funnels people to google hardware. I like that Calyx is open source. I don't like that they stopped supporting all the Chinese hardware. Both of these projects are security (graphene) or privacy (calyx) oriented, and the hardware support of both projects is suss to me (why did Calyx stop supporting all the Chinese brands? Are they anti-China? Why are they anti-China? I don't know).

LineageOS is open source and it supports phones across the spectrum. They aren't focused on privacy or security. But it is AOSP and I suspect a fork that does focus on BOTH security AND privacy AND neutral hardware would be the path I would be most interested in seeing.

Obviously this isn't my expertise and I won't be doing it.

But given I need a new phone (mine is falling out of support) the issue came up again for me.

I'm thinking about using linux on portable non-phone hardware for one-time passwords, camera, microphone, bitcoin, wallets, etc. And use my phone for more prosaic things that I don't care about.

daniele 1y ago

Got it, thanks

and Pixel is basically the only major android phone designed in US ...

Lineage (cyanogenmod) supports a lot more vendors. So probably ok.

including Fairfone (Netherlands) Nokia (Finland) and SWIFT (Germany)

GLACA 1y ago

I was asking myself similar question.

https://grapheneos.org/faq#future-devices

I should add that my impression of various arguments between Techlore guys (e.g. calyx) and strncat/thestinger is their very different views about whether Google is the threat (techlore) or Google is the savior (thestinger). Thestinger seems to always defend google and scoff, turning the arguments towards technical superiority deep in the kernel, and dismissing the google threat model. That's my top-of-the-head impression, I can't back it up right now.

Jimmy 1y ago

The question here is why would you trust any other phone maker in the world? If google is compomised then everyone is, the only potential unkown is which agency collects the data. However, google provides better hardware and software security features, relative to other phones, and grapheneOS improves on those, and they contribute those back to the android FOSS project.

Cameron Otsuka 1y ago

Thanks for sharing the link. I've read that page many times, but I should have shared the link.

I'm saying that I don't believe him.

i never understood why these google phones even exist.

microsoft made surface devices because dells at the time were made out of plastic and microsoft wanted to make a statement that they are as good as apple and not just for poor people.

but google phones were never as good as Samsung nor did they ever sell particularly well or command any kind of profit margins - so why bother ?

It's not that suss. Do you think GrapheneOS is malicious? Have you read the FAQ?

I don't think thestinger is malicious. I think he has a different security model. He trusts different parties for different reasons, parties that I absolutely do not trust. It is a simple misalignment.

I'm calling for neutral country hardware. I would welcome open source GrapheneOS on neutral country hardware. I think there has been quite a ramp-up of monetary support for GrapheneOS so I think they should be able to do that.

The things he listed that *must* be in a phone he will support are cherry picked as the things Google phones have. Other hardware vendors have other things, which he doesn't list as "missing from GrapheneOS".

Didn't Micay step down? Have you read the FAQ? Do you think GrapheneOS is malicious?

I had not heard. No I don't think it is malicious. But you have to trust hardware, and if you don't trust Google hardware you can't use it.

https://grapheneos.org/faq#future-devices

These are direct links to sections in the FAQ. Maybe you didn't read them before you created your original note.

https://grapheneos.org/faq#when-devices

If I had a sat for the number of people who have accused me of not reading the FAQ I'd be retired on a beach somewhere right now. It is starting to really piss me off that people are not understanding what I am saying and having such shallow and accusatory reactions to what I am saying.

I understand what you're saying. It's written clearly. The FAQ answers your questions and is clear about what you said was suss. Maybe other people aren't understanding what you're saying because of how you're communicating your thoughts. Am I really being shallow or accusatory? I never said you didn't read the FAQ. You also admitted that you didn't know Micay stepped down basically a year ago.

"Many other devices are supported by GrapheneOS at a source level, and it can be built for them without modifications to the existing GrapheneOS source tree."

Maybe you can help.

I shouldn't have gotten so upset when people pointed me to the FAQ. I asked "Why does GrapheneOS run only on Google Pixel phones?" in my original post and people pointed out that the FAQ answers that question. That is fair enough I guess. I should mark rhetorical questions as rhetorical somehow next time so people don't miss point.

> "Many other devices are supported by GrapheneOS at a source level, and it can be built for them without modifications to the existing GrapheneOS source tree."

Now that is on point. I don't recall reading that part. So I guess your assucation "Maybe you didn't read them" wasn't entirely untrue.

As for Micay stepping down, I'm reading that he was harassed and SWATted. That is not cool. He's got odd social skills but for fucks sake. I feel bad for him.

🦄Onigirl🐹🐉 1y ago

I can understand the frustration because it seems limiting. But once u switch, you don't go back. Another rabbit hole if you like to join ;)

I've been using GrapheneOS since day 1, because I was using CopperheadOS for several years until the point that Daniel Micay burned the signing keys.

So I don't need to make any switch. I have a Google Pixel 8. And I'll keep using GrapheneOS for the time being.

But I have moods. Sometimes I get really paranoid about Google and Intel processors (more than other companies). I was really paranoid about Google at the time when I made the post. I thought "what if the explanations for why it only works on Google hardware are a lie?" I thought "Anybody can make explanations, they might not be true!"

Turns out you can lock the bootloader on LOTS of hardware that is not Google hardware. And the long list of features that MUST be on the phone to be supported are really not all necessary IMHO for the phone to be plenty secure. So call me a skeptic, but I'm still just not sure, and I don't have the time to dig into it.

Also Daniel Micay seems to be clinically paranoid and accusatory of all kinds of harrassment he doesn't actually receive, and that instability itself is kinda worrying. I like my developers to be paranoid, but not to the level that they can't function with other people. Before even CopperheadOS he was sort-of run off from the Rust community for making drama. They say he stepped down, but he's still the guy producing most of the commits. I hope he gets and stays well, but should I trust the OS? I dunno. I'm trusting it because I don't have a better option (I could read the source, compile myself, compare to AOSP and LineageOS and other AOSP projects, but that would take a year).

🦄Onigirl🐹🐉 1y ago

Highly agreed, its good to be a little paranoid instead of blindly agreeing to everything. Perhaps, its time to do some open heart surgery (as in open up the device and investigate). Might even be able to convince dell to make some parts? As I see them as the way lesser evil compared to apple or IBM. ;( rescrap solana phone? I havent read up on their specs but it didn't look promising

MAHDOOD 1y ago

Does calyx OS support any other devices than pixel? If not, then there probably is a restriction on all the other phones

You can look it up at calyxos.org, right on the front page: Pixel (google, USA), Fairfone (Netherlands), Motorola (USA), SHIFT (Germany). They used to support two phones from China but no longer. If only someone supported Lava. I would trust India to be neutral enough.

MAHDOOD 1y ago

Maybe those other phones perform poorly with their OS 🤷‍♂️

Juraj 1y ago

there are no neutral countries. all are states

ImmutableManty 1y ago

From what I've seen in the past, the primary chokepoint for GrapheneOS has not been funds, but developers. Relevant here because it seems they often don't have enough devs to maintain current releases, much less think about new ones.

If they refused to merge a PR adding support for a new device without a good reason, that'd be one thing, but I don't think that has happened. (Disclaimer: I haven't followed development super closely, so some of this could be inaccurate or out-of-date.)

I think many people also overestimate the competence of "bad guys" like Google (or the US federal government); sure they have a lot of power and can do many bad things, but they are not omnipotent. Obviously I can't *prove* that there isn't some kind of hardware "watcher" that runs even alongside GrapheneOS, but why would Google spend money and dev time on this when they already have control of the entire OS 99% of the time?

I'm much more concerned about the millions of normies using stock Android, which *definitely* sends tons of data to Google, or iOS, which probably isn't much better. Sure I'd love to have an entirely open, auditable hardware platform, but in the meantime I think anyone who switches from Android/iOS to Graphene is taking a step in the right direction.

Luxas 1y ago

Google could totally have hardware-level backdoor to bypass, similarly to Intel ME.

I don't have direct evidence or proof, but I think Intel ME is one out of a dozen different backdoors. For example, I think RDRAND is compromised (thank god Linux devs rejected relying on it alone).

Luxas 1y ago

Same with Qualcomm chips 😔

There is a reason I was deep into RISC-V just before I got deep into nostr

lifeisjustreplication 1y ago

Which RISC-V processors/boards do you find trustworthy?

Wouldn't gov agencies go to great lengths to try to inject hardware backdoors especially in open-source hardware projects out of fear of people actually getting almost secure devices?