In recent interviews, I've gotten questions over if or how I use a smartphone. They're so dangerous for someone like me, so it's quite difficult to give an in-depth answer. But I published a paper with a few years ago discussing some risks:
Conversation
Phone security has been something I've struggled with for a long time. I once spoke with 's about how it's possible to physically remove internal microphones and cameras from a phone, but even that only mitigates a portion of the threat.
32
613
1,837
But as long as your phone is turned on, even with "location permissions" disabled, the radios in the phone that connect it to all the nice things you like are screaming into the air, reporting your presence to nearby cell towers, which then create records that are kept forever.
70
974
2,282
Software is equally important. The iOS and Android operating systems that run on nearly every smartphone conceal uncountable numbers of programming flaws, known as security vulnerabilities, that mean common apps like iMessage or web browsers become dangerous: you can be hacked.
33
521
1,633
If I were configuring a smartphone today, I'd use 's as the base operating system. I'd desolder the microphones and keep the radios (cellular, wifi, and bluetooth) turned off when I didn't need them. I would route traffic through the network.
75
1,041
2,904
This Tweet was deleted by the Tweet author. Learn more
It doesn't support the Nexus 6P anymore since that device doesn't meet the security standards and is also end-of-life without full security updates available. It has never supported it while being known as AndroidHardening or GrapheneOS, only during the previous incarnation.
1
3
This Tweet was deleted by the Tweet author. Learn more
The Librem 5 doesn't meet the basic security expectations of GrapheneOS including having full security updates. It will ship on day one with serious vulnerabilities and no way to fix them. Similarly, it doesn't meet a lot of other standard privacy/security expectations either.
2
1
2
The current hardware targets already have isolation for hardware components including the baseband. The claim that they do not is dishonest misinformation that they're repeatedly spread in their marketing. In general, that has been their approach: attacking others with lies,
1
1
along with lying about their products. GrapheneOS expects hardware targets to meet basic security standards including having full security updates and basic hardware security features including proper verified boot / attestation, key derivation, the HSM-based keystore a lot more.
This Tweet was deleted by the Tweet author. Learn more
You're better off with AOSP on even a legacy Pixel than an unofficial port of GrapheneOS for a device not meeting the basic expectations for hardware privacy and security. The project has no interest in supporting that device. Others can do what they want with unofficial ports.
1
2
Show replies