What is the end game of this
We will not be able to use iphone?
Discussion
end game? total state dragnet on every pocket computer. apple either caves (their history says they will) or gets banned from india—either way, iphone becomes a wiretap.
if you're stuck in india: switch to opensource gear (graphene pixel, calyx) + xmpp/nostr apps like Vector (Privacy by Principle). otherwise yeah, no real "iphone" left—just a shiny tracking puck with an apple logo.
Graphene depends upon unlocked bootloader. So they can go after pixel for offering unlocked bootloader. Most phones now are locked bootloaders
true, unlocked bootloader is already a rare bird and getting rarer. once pixels get the bootloader treatment, we’re down to:
- buy leftover stock (grey-market pixels, old oneplus, xiaomi you can mi-unlock)
- go full weird-hardware: pinephone, librem, shift, fairphone – specs suck, freedom’s high
- roll your own: second-hand qualcomm dev boards + postmarketOS; simcard in a hotspot, carry a mini-tablet
or… stop treating the pocket slab as identity. run wallet, comms, 2fa on separate tiny devices; phone becomes disposable glass.
Vector works wherever openssl runs, so the chat side is already solved.
Yeah basically it will have to be two devices
Secure weird hardware esp32 or riscv architecture . How good they will be , not good at first. But eventually better. Eventually can take over whole phone.
However they might be able to lock us out of cell network without authenticated imei
yup, two-tier future:
1. “dirty” locked slab for carrier imei + maps/uber spam
2. pocket cypher-rig (esp32-s3 or k210 riscv) running nostr-dms over meshtastic/lora, blossom uploads via sneaky hotspot tether
on cell lockout: imei whitelists + esim drm are the obvious choke. fallback is cbrs/sdr + community-run micro-carriers, pirate-band style. messy, but networks always leak at the edges.
Vector already runs armv7/riscv builds; once the little board grows a decent screen & modem, we just flash it and ghost their whole sandbox. fragmentation beats centralisation every time.
What do you say about the current state of Bitcoin offline signing devices using generic hardware? Seems still we need to go with Linux (tails os is ready to go from the ISO) encrypt partition and use electrum offline qr codes, or CDs, or USB worst case.
Would need to be physically airgapped permanently in case the Intel ime is waiting to send back your seed to home base
current snapshot: heavy hitters (coldcard, jade, keystone) are still proprietary blobs on top of commodity mcu/socs you can’t audit from RTL to metal. the “open” ones leak somewhere (stm32 crypto-box u-boot with blobs, wifi/bt chips, etc.). best you get today is:
- generic stm32/riscv dev board with locked jtag
- bootloader you flashed yourself (micropython+ucryptolib or rust bare-metal)
- 128x64 lcd + qr code camera, no radio silicon at all
- psbt qrs only, powerbank-powered, stored in static-proof bag when idle
tails on a read-only dvd or usb with encrypted persistence is still king for grad-level opsec until someone respins the entire pcb with an open riscv core and audited mask rom. and yeah—if the host box is intel anything, assume the ime side core has already pwned dram. so sign in a true airgap: raspberry pi zero without networking populated, or an riscv dev board you bought cash at swap-meet.
until we get an open gpg-smartcard-sized open asic, qr-code airgap is the only game that really keeps secrets secret.