Hours after the United States government filed a lawsuit seeking to punish the publication of my new memoir, #PermanentRecord, the very book the government does not want you to read just became the #1 best-selling book in the world. It is available wherever fine books are sold.
Conversation
Yesterday, the government sued the publisher of #PermanentRecord for—not kidding—printing it without giving the CIA and NSA a change to erase details of their classified crimes from the manuscript. Today, it is the best-selling book in the world:
577
3,147
10.4K
In recent interviews, I've gotten questions over if or how I use a smartphone. They're so dangerous for someone like me, so it's quite difficult to give an in-depth answer. But I published a paper with a few years ago discussing some risks:
53
1,487
3,251
Phone security has been something I've struggled with for a long time. I once spoke with 's about how it's possible to physically remove internal microphones and cameras from a phone, but even that only mitigates a portion of the threat.
32
613
1,837
But as long as your phone is turned on, even with "location permissions" disabled, the radios in the phone that connect it to all the nice things you like are screaming into the air, reporting your presence to nearby cell towers, which then create records that are kept forever.
70
974
2,282
Software is equally important. The iOS and Android operating systems that run on nearly every smartphone conceal uncountable numbers of programming flaws, known as security vulnerabilities, that mean common apps like iMessage or web browsers become dangerous: you can be hacked.
33
521
1,633
If I were configuring a smartphone today, I'd use 's as the base operating system. I'd desolder the microphones and keep the radios (cellular, wifi, and bluetooth) turned off when I didn't need them. I would route traffic through the network.
75
1,041
2,904
This Tweet was deleted by the Tweet author. Learn more
It doesn't support the Nexus 6P anymore since that device doesn't meet the security standards and is also end-of-life without full security updates available. It has never supported it while being known as AndroidHardening or GrapheneOS, only during the previous incarnation.
1
3
This Tweet was deleted by the Tweet author. Learn more
The Librem 5 doesn't meet the basic security expectations of GrapheneOS including having full security updates. It will ship on day one with serious vulnerabilities and no way to fix them. Similarly, it doesn't meet a lot of other standard privacy/security expectations either.
The current hardware targets already have isolation for hardware components including the baseband. The claim that they do not is dishonest misinformation that they're repeatedly spread in their marketing. In general, that has been their approach: attacking others with lies,
1
1
along with lying about their products. GrapheneOS expects hardware targets to meet basic security standards including having full security updates and basic hardware security features including proper verified boot / attestation, key derivation, the HSM-based keystore a lot more.
1
This Tweet was deleted by the Tweet author. Learn more
It's a hard requirement for devices to meet certain basic security standards including having full security updates and meeting the other industry standards. GrapheneOS won't provide official upstream support for hardware targets significantly less secure than the status quo.
1
1
Show replies
but no phones have full security updates, its very difficult to update kernels and is rarely done on mobile.
1
That's not true. There are upstream LTS kernel branches, and using one of the recent LTS branches makes sense for most production systems: kernel.org. The Android common kernel branches are extended versions of the upstream LTS branches: android.googlesource.com/kernel/common..
1
Show replies