upvote

points

by zozbot23412 hours ago |
comments
upvoteby mentalgear9 hours ago|
next
[-]
Interesting. What are the alternatives to GrapheneOS that you wouldn't consider a "toy" ?
reply
upvoteby fsflover7 hours ago|
parent|
[-]
In my understanding, it's not the OS that makes it a toy but the hardware. I guess something with open schematics (Librem 5, Pinephone) should be better, or an open-hardware device like Precursor.
reply
upvoteby subscribed3 hours ago|
parent|
[-]
If the open hardware offers at least comparable security then maybe. If the hardware is an open book then no.

A short list of the hardware security measures necessary to consider it "not a toy" ;) -- https://grapheneos.org/faq#future-devices

reply
upvoteby fsflover3 hours ago|
parent|
[-]
I'm not convinced that all of these is required for security. My Qubes OS desktop is probably more secure than any GrapheneOS phone, and it only requires good hardware virtualization for that.

> If the hardware is an open book then no.

So you choose security through obscurity. I have no further questions.

reply
upvoteby cartoonworld11 hours ago|
prev|
next
[-]
well, a concerted attack could easily subvert the baseband if you have a few million dollars and the correct letterhead or private contacts.

GrapheneOS really wants the software in the phone to not pwn the phone. This is good. Its a different, and much more difficult problem to secure the connection to the telco, and the larger internet, because the transport is attacker controlled.

Think of it this way: Say you use Qubes because security is valued very highly for you. Even if you run Qubes, if your router is controlled by your attacker, what kind of a security guarantee could you really get for yourself?

reply
upvoteby raron4 hours ago|
parent|
next
[-]
> well, a concerted attack could easily subvert the baseband

In theory Pixel phones have IOMMU and GrapheneOS is using them, so even a compromised baseband doesn't result unrestricted access to the system.

reply
upvoteby fsflover7 hours ago|
parent|
prev|
[-]
> Even if you run Qubes, if your router is controlled by your attacker, what kind of a security guarantee could you really get for yourself?

I do run Qubes, and a compromised router, e.g., will not get access to any passwords that I store in an offline VM as text, even with any previously known vulnerability since 2006.

reply
upvoteby subscribed3 hours ago|
prev|
[-]
So if a toy OS is the only one to withstand attacks with Cellebrite, what do you consider not a toy?
reply