I have no problem with using an iPhone because i dont use one and never will.
You may say about grapheneos whatever you like, im not sure whats going on between brax and graphene and probably never will be. But what i can say is atleast with graphene i am speaking with the official email support instead of some dubious community member.
Nothing against you ofcourse not, but you should understand my point here. I contacted official brax support and istead of speaking to me like official grapheneos support does, they just told me to go to the community forums. I dislike this behaviour alot.
i shared this conversation with a friend and he quoted you and responded as follows:
“this way these corpos can make a man in the middle attack or access your traffic”
- what are you talking about? if that were true that would mean every linux including android is by default backdoored by big tech which makes no sense. those certificates can be turned off/deleted or not used at all cause they’re only there to verify if the site you visit is legit or fake
There are specific individuals here who are developers of iodéOS or are employed in Brax like Plamen and Rik and would be able to answer specific questions, they have a ton of things to deal with like design, manufacturing, logistics, payments etc. Try to make your questions specific and direct them to them specifically.
Concerning the certificates we’ve said that the only way to be sure of the owner of a key or a certificate is to have it handed to you by the person itself. Anything else requires the trust to some intermediate party, for example when you install Linux you get the certificates in the respective folder and then the distribution updates those certificates every now and then, so you are trusting someone in the middle continuously.
There is a specific old video where Linus Torvalds is asked whether Linux includes CIA backdoors and he avoids to answer the question.
This is why the most essential part of your perspecitve should be that everything is compromised or hackable in some way, they own the infrastructure and the players, keep your privacy tricks just to hide your regular use of internet and don’t feel safe with anything and especially with Tor, VPNs and similar tricks.
The probability of getting hacked by some random person is negligible especially with Linux and degoogled devices and especially when you don’t click on random things, you use the QR code analyzer before opening QR codes, you use browser isolation for dirty sites etc
All the cases of banking scams that I know of were pure social engineering and nothing to do with “hacking”, security or privacy, the persons were just scammed by an impersonator that asked them to go into their bank account and make a money transfer or to give the credentials and then the One-Time-Password for the transaction.
As I told you just buy an unlocked Pixel or a degoogled Pixel from Iodé or Brax or anyone else and play with flashing GrapheneOS or any other degoogled Android distribution as much as you like.
The point I want to make about certificates is that when for example you will try to download GrapheneOS your ISP will serve you the website, trusting your installed certificates means that you believe that the website you are browsing is indeed Graphene’s and that you’re downloading the real GrapheneOS, but the certificate authority can be compromised and serve you a fake but “certified” website.
For example when you try to use LetsEncrypt as an authority you’ll trust your initial Windows or Linux certificates shipped with the OS to verify LetsEncrypt website, at this point you can be served anything that appears to be correctly signed.
Of course trusting LetsEncrypt itself shouldn’t be considered safer than any other authority.
Concerning Linux it already contains CPU microcode and over 400MB of firmware plus various binary drivers.
There is a small number of what is called GNU Linux distributions that are supervised by Richard Stallman and supposedly are free of binary blobs.
Sometimes the open source drivers contain executable byte sequences that are presented in the code as “data” or “constants”.
I think - having worked with large government organizations and large and small private contractors - I can safely say the lack of professionalism in the official email responses from graphene about their competitors is very telling. Thanks Harald for posting those. I will use that information to determine exactly what degoogled OS will go on my next phone
2 Likes
I don’t deny their expertise and the quality of GrapheneOS but there is a continuous name-calling and an obsession against Rob because he did the “unimaginable” to develop a series of devices and software on his own. They even refuse to port the OS to Brax phones like they are trying to make sales for Google. They could say that the recommended device is Pixel but here it is for other devices too so that users can enjoy this “hardening” they are talking about and all the other features on devices that already can be degoogled.
1 Like
I agree George. Just not a fan of that type of talk from companies that should be supporting each other with a common goal. It doesn’t help the cause
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.