Conversation

Months ago my phone died and now I need 1+ man-week to de-backdoor my new Pixel 4. Being mostly phoneless warms me up to a simple device that respects my rights out of the box. Continuing phone detox until I get a Pinephone or Librem 5. I'm done funding #SurveillanceCapitalism twitter.com/ashk4n/status/

This Tweet is unavailable.

This Tweet is from a suspended account. Learn more

Replying to

and

Neither of the devices is open hardware and neither has open firmware, despite misconceptions created by misleading marketing. The Librem 5 is deliberately locked down to prevent updating the firmware. Neither is close to the security requirements for official GrapheneOS support.

Replying to

See grapheneos.org/faq#device-sup for an overview of device support including the requirements for official support. We can't provide official support for insecure devices with vulnerabilities that can't be patched. Similarly, the hardware needs to provide the standard hardware-based

Replying to

security features including the hardware-backed keystores used by the OS and apps, support for real verified boot and attestation, modern mitigations, proper IOMMU integration / setup for the components, hardware key derivation support, Wi-Fi anonymity beyond just MAC rand, etc.

Lance R. Vick ( @lrvick@mastodon.social )

Replying to

and

These are super hard features to give up. I totally hear you here. I am also super frustrated that the Pixel 4 (and likely devices beyond it) are going to take such a massive amount of time to deblob. There is no escaping the need for a better target.

Replying to

and

We'll take a more secure closed source driver over a less secure open source one any day of the week. It really doesn't matter to us. The project is about privacy and security, not ideology. Open source is good because it lowers barrier to entry for research and hardening.

Replying to

We want to have fully open userspace device support but it's hardly one of the most important things for us. We care about the privacy and security properties of the hardware / firmware far more than especially since userspace code can just be rewritten/replaced, hardware can't.

7:00 AM · Apr 15, 2020Twitter Web App