Andromxda

What an incredibly efficient use of taxpayer-funded police forces! Should report it to DOGE, they definitely need to cut funding for that

you would be able to downgrade to the Debian supported version

That's pretty specific to fixed release distros, and it's not gonna work on e.g. Arch Linux.

I’m not going to respond to all the rest of your post, because I don’t think it will help with anything. It seems that we have very different ideas about device ownership.

You don't have to respond to it, I'd be happy enough if you would just acknowledge it. I too like the fact that one can tinker with Linux systems. I've always told people who want to study OS architecture to daily drive either Linux or one of the BSDs. They're really fantastic operating systems for learning how computers and operating systems work. I too have built libraries and system utilities from scratch. I still wouldn't recommend it on production systems. I built Linux from Scratch many times, and I think it's pretty fun and informative (if you pay attention, instead of just copy-pasting the commands from the instructions).
Yet the fact remains that desktop operating systems are inherently less secure than mobile systems, which were designed with a strong focus on security from the ground up. SELinux is a pretty good example. How many desktop Linux distributions do you know, that deploy SELinux (or a comparable LSM) in enforcing mode, and with meaningful policies? Yeah, some of the mainstream distros, such as Ubuntu, Fedora and SUSE do it (sometimes with pretty weak policies), but looking at the vast majority of distros? I'd say almost none. Android on the other hand has used SELinux by default for a long time, with actual meaningful, secure policies. Btw if you're looking for a more secure Linux OS, check out secureblue. It's based on Fedora Atomic, and applies lots of hardening on top. Not affiliated or anything, I just think it's a nice and secure distro.

All in all, I think Production devices should be secure. You can always have a second device or that you can use to study the inner workings of an OS, or make changes to it (or in this case run GrapheneOS in the Android emulator).

Compare to Debian, Ubuntu, RHEL, etc., where you can compile your own newer package, install it

None of these operating systems have Verified Boot. Desktop systems are inherently less secure than mobile devices.

even replace core operating system components

Don't you see the problem there?

and then seamlessly upgrade to the OS vendor’s version when they catch up.

That's not true either. Swapping out random parts of the OS will certainly lead to breakage and dependency hell in your package manager (unless you just replace files without using the package manager, which might make all of this even worse).

and don’t offer any way to install patches, besides building it again

Normal Android behavior. This will be the case for ANY Android-based OS with Verified Boot enabled.

and this is just TPM for Android

This isn't comparable to TPM at all. TPM is a very insecure way of providing a hardware keystore. It can easily be bypassed. Here's a demonstration of that https://www.youtube.com/watch?v=wTl4vEednkQ

I’ve opposed TPM from the start

TPM in desktop machines neither really provides a benefit, nor does it inconvenience the user. I've also opposed to it from a security perspective, since it's misleading and makes users think that it's actually secure and comparable to proper secure elements (such as the Titan M2, Apple Secure Enclave Processor, or the Qualcom SPU), while it really isn't.

I don’t want a device that keeps secrets from me.

It's not keeping secrets from you, the secure keystore is keeping cryptographic secrets away from attackers. Only you can use the cryptographic secrets from the secure element, by combining them with your PIN/passphrase (in a key derivation function) to derive the keys used for full disk encryption. Without a secure element that safely guards these secrets and throttles unlock attempts, attackers like law enforcement agencies can easily brute force your 6 digit PIN and gain full access to your device, including all of your data. The iPhone 11 was the last iPhone generation without a proper secure element. A 6 digit passcode was also bypassed on the iPhone 11 Pro Max, just a few months after its release. https://appleinsider.com/articles/20/01/15/fbi-reportedly-accessed-locked-iphone-11-pro-max-with-graykey-third-party-tool

This hasn't been possible anymore since the iPhone 12, which was released with the Secure Enclave Processor. This is even confirmed by leaked internal documents from forensics companies, such as Cellebrite: https://discuss.grapheneos.org/d/14344-cellebrite-premium-july-2024-documentation

Specifically, I recommend looking at this chart:

It clearly shows that data cannot be extracted from iPhones with secure elements, unless the device is in the AFU state, meaning that the encryption keys are kept in memory.

I do want comprehensive backups, including all cryptographic keys.

Having a secure element to isolate keys there doesn't make sense if you can just export them. The security of those keys cannot be guaranteed anymore, once they're outside of the secure hardware keystore. This is not unique to Android/mobile devices. Look at U2F hardware security tokens, such as the YubiKey or NitroKey. You can't export your keys there either, which is by design, and it's a good thing.

I’m fully aware that Widevine won’t run on a device where the owner has control over the whole device.

This has nothing to do with Widevine. The vast majority of Android devices currently on the market doesn't have a secure element. Widevine still works on these devices.

and you seemingly can’t do it incrementally

What do you mean? Generating an incremental update .zip package and flashing it over your stock GrapheneOS installation? No, that's certainly not gonna work, due to Verified Boot verifying that the signature of the update package matches the signature of the OS that's installed. This is a very important security feature, and prevents attackers (could just be cybercriminals, but that can also include law enforcement, intelligence agencies, etc.) from hacking into update servers and delivering mallicious updates to users. If I remember correctly, that's how EncroChat got bugged by the French police. They hacked into the update servers that were hosted by OVH, and then distributed mallicious update packages, gaining access to the devices of all EncroChat users.

since you have to flash an entire operating system at a time

That is correct. Changing the signing keys requires you to unlock the bootloader, wipe the Verified boot keys, and replace them with a new set of trusted custom (i.e. non-stock) keys. Otherwise someone could just flash a mallicious OS over your current OS, while retaining all of your data. They could then use it to extract your data.

Of course you can easily make changes and install new versions incrementally, once you have installed your custom OS and signing keys to the device. Also, none of this is some crazy GrapheneOS invention, it's the default Android Verified Boot behavior, which GrapheneOS builds upon.

they don’t support compiling the OS from source

They literally have a whole instruction page for it on their official website: https://grapheneos.org/build

What they don't support is making modifications to GrapheneOS, compiling it, and then still calling it GrapheneOS. It's not. You changed it, so it's something else. It's your own fork of GrapheneOS, so you should name it accordingly.

there’s still the TEE you can’t access even with root

Uh that's by design? Do you even understand the purpose of a secure element and trusted execution environment, and how they work?

and the OS filesystem is readonly to inhibit customization

It's read-only for security reasons. This is the default AOSP behavior. iOS/iPadOS and macOS handle this very similarly. This is the industry standard for secure devices. If you want to make modifications, the code is open source, you can freely modify the OS, compile it, sign it with your own keys and use it with full verified boot enabled.

GrapheneOS promotes “verified boot” that stops you from doing many important things.

Verified boot is a built in feature of AOSP. https://source.android.com/docs/security/features/verifiedboot

Thank you

Links to Twitter are not allowed on lemmy.dbzer0.com, please edit your comment accordingly

The Nitter link is allowed, as there's an exception for those

January 2025 rule change regarding Twitter links

They need $5800/month in recurring donations to fund a full time developer to be working on Accrescent, implementing new features, creating new tooling, etc. The blog post clearly says this.

What would you use instead? PayPal? Which was literally founded by fascist Elon Musk and democracy-hating Peter Thiel?

Anything that involves banks? Literally centralized financial institution that are subject to extensive KYC/AML regulation?

GitHub Sponsors at least doesn't charge fees, so it's the best of these options. But crypto, especially XMR, is objectively better for accepting donations online.

A lot. Including significant security issues. https://privsec.dev/posts/android/f-droid-security-issues/

@[email protected]

for example, only showing a source instance

That would make vote manipulation incredibly easy, and impossible to prove, since there would no user names shown. If there are suddenly a whole bunch of votes from accounts that have been created 2 minutes ago, that's very obvious. If only a number is shown with no user list, how would you prove anything?

This might become my favorite quote.

This is something I have never understood. How would you use this for moderation? I'm a moderator of the biggest community on this instance, c/piracy, and not once have I needed to look at people's voting behavior. What do you assess by looking at their votes? Which benefit does it provide for your moderation work? I find it quite weird that this feature exists in the first place. It just leads to mods behaving completely erratically, leading to cases like this https://lemmy.dbzer0.com/post/50067209