Conversation

🚨🚨 Apple says to "protect children," they're updating every iPhone to continuously compare your photos and cloud storage against a secret blacklist. If it finds a hit, they call the cops. iOS will also tell your parents if you view a nude in iMessage.

eff.org

Apple's Plan to "Think Different" About Encryption Opens a Backdoor

Apple has announced impending changes to its operating systems that include new “protections for children” features in iCloud and iMessage. If you’ve spent any time following the Crypto Wars, you

977

8,411

16.4K

Replying to

Linux phones rise up.

261

4,096

Replying to

and

True linux phones like

@thepine64

just don't have mature enough software for real use yet - but I'm a fan of

@DanielMicay

@GrapheneOS

, which uses an extremely hardened version of the Android Open Source Project. It's dope.

Replying to

GrapheneOS is Linux. Using systemd, polkit, glibc, etc. isn't what makes something Linux. Moving to an incredibly insecure userspace without broad use of memory safe languages, strong application security model, modern exploit mitigations, strong sandboxing, etc. isn't desirable.

Replying to

Linux kernel itself is a major issue. AOSP+GrapheneOS substantially reduce kernel attack surface and aggressively harden it. Monolithic kernels are architecturally insecure. Design is comparable to running all userspace in 1 process as root. systemd has nothing on Linux itself.

Replying to

Replacing the Linux kernel is mandatory as part of broader efforts needed to truly provide incredibly strong defenses against targeted attacks. Until there's a proper replacement with an app compatibility layer, it can be hardened, but it's definitely far from an ideal approach.

Replying to

The biggest statement here that is underappreciated is the app compatibility layer. They are remarkably hard to make, and necessary for any phone platform to get adoption. There's what the specs say, what the apis actually do, and then all the side effects developers depended on

Replying to

github.com/google/gvisor is essentially a Linux compatibility layer, which could be ported elsewhere. It's a userspace implementation of the APIs. There's a lot more to it than just having that though. Can give compatibility with existing applications but you need drivers, etc.

10:15 PM · Aug 6, 2021Twitter Web App

Replying to

It wouldn't be hard to port it to another *nix API with it handling making that into the Linux API. It would be quite a lot more involved to port it to a totally different way of doing things. There's a huge amount of work already done including userspace TCP/IP stack, etc.

Replying to

That's cool! Thanks for the heads up. I more meant for phone adoption though, since people aren't going to port apps to a new comer, and people (generally) won't use a phone without apps. Emulation is an option but it's really not performant enough for phones emulating phones.

Replying to

What I meant is that it gives a path to having Android app compatibility without the Linux kernel while keeping the rest of what makes it Android. Of course, still need a Linux kernel for the drivers until the SoC platform supports something else.

Show replies