And it looks like this is the draft, and it was published on the author's blog here: https://telefoncek.si/2024/05/2024-05-30-grapheneos-and-fore...
Maybe consensus shifts (or goes away) about which problems are the domain of government, buy ultimately it's about efficacy against those. The rest is a distraction.
For example, people "need" access to healthcare, but there's essentially an unlimited amount of money you could spend to keep improving healthcare (e.g. opting for increasingly expensive treatments with diminishing returns on health outcomes). The more money you allocate to healthcare, the less you have available to spend on other things that people "need". Sure, you can tax more up to a point, but eventually that tap runs dry and you're forced to reallocate existing resources.
As another example, people "need" criminals to be punished in order to be able to live in a safe a crime-free society. People also "need" to not be put in prison when they are innocent. But you can never be 100% sure that a convicted criminal actually committed the crime. Locking up criminals implies by necessity that you will also lock up some innocent people. No government can solve both of these problems simultaneously which means they are all "bad".
Extending this reasoning, we should not blissfully put our data into anyone's hands.
Government mission at least have a veneer of public servants, as opposed to private hands whose only real motivation is fiduciary obligations towards the shareholders.
Of course there is, compare the government of Finland to that of North Korea. Just because there are shades of grey and human institutions are generally susceptible to corruption greed an power politics doesn't mean there aren't governments that are different not only in degree but in kind.
> Cellebrite admits they can not hack GrapheneOS if users had installed updates since late 2022.
There is no point in hardening the operating system when the base hardware has a strong probability to be compromised from the start. As reminder: three-letter organizations take pride in compromissing hardware for decades before someone eventually exposes the case. Google is a long-time contractor/cooperator for these aforementioned agencies.
GrapheneOS has long been suspicious about the revenue values it receives. Donations they claim, never specifying how much. Recently it even went as far as incorporating Tor directly on the operating system, a known VPN created and maintained by surveillance agencies. GrapheneOS users are not informed that their private data is crossing a myriad of government-owned servers on the Tor network.
From a forensic perspective: Do not use Google hardware when your goal is to reduce exposure on Google services and increase your privacy. Between bad choices, I'd still prefer to use phones from cheap chinese manufacturers than jumping into hardware built by federal government contractors.
..."I don't trust google hardware, but I trust hardware from a dictatorial controlling regime" also does not really help your argument, sorry.
Besides, they seem to be working with some OEM to get their own phone out.
I'd love to receive daily updates on this, but it's a new development, updates are scarce and this things take time.
I hope sometime they'll collaborate with fairphone and others.
“From a forensic perspective” if one uses a cheap Chinese phone, as you suggest, anyone with one of tens of forensic extraction tools (including the US government!) will immediately own your phone as soon as they plug into it (seriously, as a very public example MediaTek SOCs until very recently all have fatal flaws in the boot ROM).
If you use a Google phone, maybe a deeply embedded secret NSA implant will eventually activate late one night under the glow of your tinfoil hat, but by and large most people will not be able to extract all of your data in ten seconds by plugging into your phone.
This is like freaking out about dihydrogen monoxide in the water supply.
The reply you were called out for, for other people's benefit: It's not bundled. It isn't going to be bundled. This is a post showing a work in progress beta app that most users have not seen before. This app is developed officially by Tor to hopefully replace Orbot, it is informational content.
"GrapheneOS has long been suspicious about the revenue values it receives." GrapheneOS Foundation is a registered Canadian non profit that declares it's accounts and has filed accounts registered against them for this year and last year too. Nothing is suspicious.
From a forensic perspective? You don't provide ANY forensic basis or evidence for anything you claim.
You prefer Chinese devices? Suggesting people use something known to be objectively less secure on a technical level and known to be closely tied to the Chinese government/military and not legally able to refuse their requests is strange. Even if US gov is the only threat you consider, this makes little to no sense. Especially when it has been revealed that forensic analysis firms used by the US LE agencies have revealed that they see GrapheneOS Pixel devices to be the hardest if not impossible to extract especially in BFU state. There is a reason European LE agencies and their media have gone to extra lengths to smear users as criminals due to how stymied they are in extracting data. A job you want to make easier by making ludicrous hypersensationalised claims based solely in the realm of fantasy.
nithssh•1h ago