You can't compare that to China by any means. I know that American democracy is incredibly flawed (e.g. 2-party system, electoral college, etc.), but China is a straight-up dictatorship, and downplaying it doesn't fix any of the issues that exist in the US.
Andromxda
joined 7 months ago
In some cases that's better than getting your data stolen by the authorities. Especially in a communist dictatorship like China.
Guess who nominated these SCOTUS judges at the end of his presidency?
Reason 91627 why you shouldn't go to this authoritarian shithole
But the US is not an authoritarian shithole (it's not a perfect democracy either, but it can't be compared to the Chinese dictatorship in any way), which develops its domestic industries on industrial espionage and stolen intellectual property. Unlike... China. The TSA doesn't get orders from the US government to steal trade secrets and other critical information from business people, in order to boost US industries.
That's exactly what I was thinking while I read this
All your points are true, yet still depend on Google in sandboxed form. That negates everything else for me, who wants a reasonably secure device that works out of the box and also respects my privacy.
Graphene doesn't "depend" on Sandboxed Play services. In fact, it's not installed by default, and it is totally optional. Also, Sandboxed Play services doesn't make your device less secure in any way, it can be installed as a normal user app, you can fully control access to sensitive parts of your device like the microphone, camera, location, etc. through the Android permission manager, and Play services don't have any special permissions, since it's not installed as a system app. As far as I'm aware (correct me if I'm wrong) you can't remove microG on Calyx, since it's installed as a system app and even granted root privileges. microG is a cheap, hacked together workaround, which requires root to function correctly. This greatly expanded attack surface makes it inherently insecure. microG also requires proprietary Google code to be run, in order to work (most of microG is open source, but it still uses some Google blobs). As far as I'm aware, this Google code is not sandboxed, and simply executed as a child process of microG (which runs as root), meaning that this Google blob is also run as root. This makes microG much more insecure than Sandboxed Google Play services, and it potentially gives Google much greater access to your device compared to the sandboxed approach.
If a nation-state wants into my phone, it’s delusional to believe even graphene can hold them off
The GrapheneOS team never claims that their OS is "NSA-proof", but they actually look at which parts of the OS are commonly exploited by (nation-state) hackers, and massively improve them. As you can see in this spreadsheet, created by Google's Project Zero, most vulnerabilities in Android come from memory corruption. That's why GrapheneOS's biggest and most important feature is their custom hardened memory allocator. It protects against most memory-related exploits, and is even stronger when used on a device with hardware memory tagging, which is the reason why GrapheneOS currently only supports Google Pixel devices.
Another significant security feature is secure app spawning. Creating new processes via exec (instead of using the traditional Zygote model on Android) randomizes the initial memory layout, which also helps to defend against memory-related vulnerabilities. The aspects I just mentioned are important protections about malware/remote code execution.
GrapheneOS also protects your device against physical attacks, e.g. by implementing a driver-based control mechanism for the USB-C port, making it impossible to connect to the device while it's locked. This protects against forensic data extraction, e.g. using Cellebrite or XRY hardware.
Graphene even has a feature that protects you, when you are forced to give up your password. The Duress feature let's you set a second PIN/password, which will cause the device to entirely wipe all the encryption keys, which are used for unlocking the device, from the secure element. This process is irreversible, can't be interrupted and happens instantaneously, making the data impossible to recover.
No one claims that GrapheneOS is 100% secure and will absolutely protect you against NSA hackers, but it is by far the best and most secure mobile OS that's currently out there. It is easy to use for everyone, and secure enough to be used by high-profile targets like Edward Snowden.
you need real opsec for that
Good OPSEC includes a secure operating system. Calyx is not security focused whatsoever, it rolls back standard AOSP security features, significantly increases attack surface, and doesn't release security patches regularly.
Happy cake day btw!
Calyx is unfortunately pretty slow to release security patches, uses privileged apps with root access like microG and the F-Droid privileged extension by default and doesn't really provide any unique features. All of the privacy features of Calyx are either already present or can be easily replicated in a better form on GrapheneOS. Take Datura Firewall, it's yet another privileged app with root access which adds unnecessary attack surface, and is less secure than the Graphene equivalent. GrapheneOS implements a network permission toggle, which is embedded in Android's native permission manager and uses the INTERNET permission to restrict network access. It disables both direct and indirect network access, including the local device network (localhost). GrapheneOS also has a bunch of unique security features, that can't be found on any other Android ROM, like for example a hardened memory allocator, hardened kernel, secure app spawning, improved SELInux policies, Duress PIN/Password, driver-level USB-C control, Storage Scopes, Contact Scopes and soon App Communication Scopes. GrapheneOS also includes Sandboxed Google Play services, a better GMS implementation than microG, which doesn't require root and has better app compatibility.
I tried using Jerboa and found it to be incredibly buggy and poorly designed. Not sure what's going on there, considering that it's the official mobile app made by the Lemmy devs
Hydroxide was specifically created as a free replacement for the official Proton Mail Bridge, so no, it doesn't require a subscription