Conversation

Months ago my phone died and now I need 1+ man-week to de-backdoor my new Pixel 4. Being mostly phoneless warms me up to a simple device that respects my rights out of the box. Continuing phone detox until I get a Pinephone or Librem 5. I'm done funding #SurveillanceCapitalism twitter.com/ashk4n/status/

This Tweet is unavailable.

This Tweet is from a suspended account. Learn more

Replying to

and

Neither of the devices is open hardware and neither has open firmware, despite misconceptions created by misleading marketing. The Librem 5 is deliberately locked down to prevent updating the firmware. Neither is close to the security requirements for official GrapheneOS support.

Replying to

See grapheneos.org/faq#device-sup for an overview of device support including the requirements for official support. We can't provide official support for insecure devices with vulnerabilities that can't be patched. Similarly, the hardware needs to provide the standard hardware-based

Replying to

security features including the hardware-backed keystores used by the OS and apps, support for real verified boot and attestation, modern mitigations, proper IOMMU integration / setup for the components, hardware key derivation support, Wi-Fi anonymity beyond just MAC rand, etc.

Lance R. Vick ( @lrvick@mastodon.social )

Replying to

and

But to get all those you also have to trust yet another closed stack of components and piles of privileged binary blobs you have to sort through tediously on every single new device. All current options suck in very different ways.

Replying to

and

The Librem 5 and Pinephone are closed hardware with closed firmware. The complexity in the entirely closed source SoC and other hardware components / firmware completely dwarfs the complexity in userspace libraries. You're also grouping things that are open source in with blobs.

Replying to

You think wpa_supplicant and all of the other largely open source code in vendor is closed source? Lack of interest from people in building code from source let alone replacing the closed source components (many of which have working open source alternatives already) says a lot.

Lance R. Vick ( @lrvick@mastodon.social )

Replying to

and

I never thought wpa_supplicant etc was closed. After going through the actually closed blobs in the pixel 4 I realize they just keep adding more and more. It is a very time consuming task and so far no one has the time. I truly hope that changes. You are the closest of anyone.

Replying to

and

You're inaccurately treating the division of code into the vendor image as being based on open vs. closed source. It isn't and a device with fully open drivers has everything involved in device support contained to the vendor image. You're confusing Pixel issues with AOSP issues.

6:31 AM · Apr 15, 2020Twitter Web App

Lance R. Vick ( @lrvick@mastodon.social )

Replying to

and

That is fair. Hardware vendors Google chooses for their flagship devices and their endless blob requirements are the problem, not AOSP. They become hard to separate as I don't know of any current gen devices with IOMMU/secure boot that can run blob free.

Replying to

and

The proprietary code in userspace can be inspected/audited (it even has symbols), fuzzed and hardened with a subset of the techniques used elsewhere. This is about ideology, not so much privacy or security, especially when the far more complex SoC underneath is closed either way.

Show replies