Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
nunobrito 6 days ago

Run away from Graphene, it is suspicious at best scenario and dangerous at worst.

Just observe that the key factor is to be independent from Google and then the only recommended devices from their side are exactly google devices where nobody here can have an idea of what is modified inside them.

You'd be better off supporting other distributions like Calyx, which have no problems in supporting other devices like the fairphone and so on.

duesabati 6 days ago | parent | next [-]

I was very interested in Graphene, do you have other grounds for your suspicions?

fsflover 5 days ago | parent [-]

I agree with the parent. GrapheneOS puts security above freedom, which is wrong. It forces you to give your money to Google and rely on Google hardware, which is questionable in the long term. They refuse to support different hardware "for your security". Their developers are constantly attacking GNU/Linux phones, which are the actual long-term solution for both freedom and security.

https://news.ycombinator.com/item?id=44680624

https://news.ycombinator.com/item?id=43675380

scheeseman486 5 days ago | parent [-]

I don't think I've ever read any solid refutation of the technical choices of the project, mostly just character attacks, the basis of which are dodgy at best. They're completely up-front about the limitations and catches of their choices, too.

Those links don't really help your case, to be frank. Nothing strcat says reads as incorrect or even particularly controversial, they have personal beef with CalyxOS but their criticisms of the choices of the project are largely on point. They're justifiably upset by the mental health accusations too, it's kind of a joke that one of those people in the thread tried to gaslight strcat about how these accusations are somehow not a recurring issue when I, as a third party observer, have seen it come up all the fucking time.

Meanwhile, you're imagining "attacks" on GNU/Linux phones, when most of what I read from them regarding those was sober and reasonable, if not particularly positive, but they're allowed to do that. Their priorities are clearly security and none of those phones really have any.

fsflover 5 days ago | parent | next [-]

This is another project that knows what you need better than yourself. People are constantly asking them to add support to other hardware, but the answer is "it's insecure". This is completely wrong and forces everybody without a(n expensive!) Pixel to abandon reasonable security. Even Qubes OS allows installing itself on hardware without VT-d, with respective warnings, and plans to enable GPU acceleration in VMs on demand. Their priority clearly isn't to make as many people as possible more secure but to force Google on you.

Are you calling the above a "character attack"?

I would love to use GrapheneOS on my Librem 5 and Pinephone. No proprietary drivers are required. Yes, some security features are lacking. Yet it would be a win for everybody.

I didn't say anything about CalyxOS: I don't care about this.

scheeseman486 5 days ago | parent [-]

> the answer is "it's insecure".

Can you give me a quote where they outright say this? Because my hunch is that what they actually say is something along the lines of 'because it doesn't have the security requirements that we desire' which would be true. Whatever their reasons for those choices, it also makes sense to limit scope given the extreme constraints they're working under and that scope is best limited to phones with the widest security feature support for their security-focus Android OS.

> Are you calling the above a "character attack"?

Grow up.

Ghoelian 5 days ago | parent [-]

'because it doesn't have the security requirements that we desire'

aka, insecure.

pessimizer 5 days ago | parent | next [-]

I am continually puzzled that sometimes people can't put together a denial without including an affirmation as a crucial part of that denial. It's like they're doing the opposite of question-begging, they're saying that you're wrong because you're right.

scheeseman486 5 days ago | parent | prev [-]

No, those don't mean the same thing.

All phones are insecure to some extent, most phones compared to GrapheneOS/Pixels are less secure and this has largely proven out whenever there's been leaks of the capabilities of law enforcement phone cracking tools.

fsflover 4 days ago | parent [-]

I just don't see how it refutes any of my arguments. See the example of Qubes OS in my above reply.

scheeseman486 4 days ago | parent [-]

QubesOS is an OS for PCs which have a standardized hardware interface. Support for older systems is basically "free". Smartphones aren't standardized in the same way and the amount of effort it takes to properly support other phones has a considerably higher cost on developer bandwidth.

Anyone can fork GrapheneOS and build it for other phones if they want, instead of doing this the developers instead focus their time and effort on the most suitable hardware for their needs. This isn't a part of some agenda or a swipe at Linux, open source or Stallman's cholesterol filled heart, it's just pragmatism.

fsflover 3 days ago | parent [-]

I agree that the lack of resources is a reasonable argument. However this not the argument provided: https://news.ycombinator.com/item?id=30765013

scheeseman486 3 days ago | parent [-]

Instead there's a bunch of other arguments that are just as reasonable which underline why deploying their security focused OS on such a hardware platform would be a waste of their time. This is your refutation?

It really seems like you're more concerned about hurt feelings than objective fact here. Every link you've provided thus far was framed by you as evidence of poor decisions or behaviour on the part of the GrapheneOS team but you've done nothing to elaborate, and after reading the content of those links for myself there is nothing there that support the things you've been implying.

It doesn't make a whole lot of sense, at least not unless I put myself into the mindset of a child and read any negativity expressed towards FOSS projects as an attack, or taking their choice to not target phones I like personally.

fsflover 2 days ago | parent [-]

I have no idea where you managed to find any feelings in my replies, and I will ignore the personal attacks.

The linked security-related arguments aren't reasonable at all. They talk about improving users' security but instead the actual result is less security for the majority of people, due to (1) the high price of the supported hardware, (2) reliance on Google hardware not trusted by many users (https://news.ycombinator.com/item?id=45101524).

scheeseman486 2 days ago | parent [-]

> I have no idea where you managed to find any feelings in my replies, and I will ignore the personal attacks.

Your username is fsflover and your posts clearly have an ideological bias that favours purely open source solutions even if it goes against reason.

> The linked security-related arguments aren't reasonable at all. They talk about improving users' security but instead the actual result is less security for the majority of people, due to (1) the high price of the supported hardware, (2) reliance on Google hardware not trusted by many users

All SoCs are a black box and all of them are made by untrustable companies that are likely already working with the security services of whatever country they're R&D'd or manufactured in. There is no good solution to this, so they picked the best worst option.

Nonetheless, most of the evidence that is available shows that GrapheneOS on Pixels are the most secure phones currently available. So, clearly not security theatre, whereas if they also supported phones that didn't even let you lock the bootloader it absolutely would be.

GrapheneOS isn't to blame for every other phone manufacturer dropping the ball.

fsflover 2 days ago | parent [-]

> fsflover

Thanks for the clarification. Free software ideology is not like a religion, where people believe in a god. Every Stallman's essay explains a very practical reason for following his ideas. FLOSS protects you from the enshittification, walled gardens, backdoors (to a degree) and similar things.

GrapheneOS have put themselves in Google's walled garden in terms of the supported devices and now Google can easily make them less secure or even kill them completely at will.

This is like saying "you clearly have an ideological bias that favors democracy/ or freedom even if it goes against reason". Sometimes a tyranny is more efficient at forcing people to do a particular thing, e.g., produce weapons. It doesn't mean that choosing it can be reasonable sometimes.

> All SoCs are a black box and all of them are made by untrustable companies

You clearly can't understand that different people have different threat models. This is a huge problem of GrapheneOS developers: they never accept this possibility and force the single threat model upon everyone. This reminds me of Apple by the way: They do the same. In reality, some people can trust Chinese devices more than Google's ones (imagine that), or trust a particular company that didn't perform a ton of evil action like Google did (that's me and many others).

> There is no good solution to this

The good solution to this is security through compartmentalization, which is the best security approach ever invented. The more varied hardware people use, the harder it is to make a targeted attack or to mass compromise every single device sold.

> most of the evidence that is available shows that GrapheneOS on Pixels are the most secure phones currently available

I don't dispute that, and you won't find me saying that GrapheneOS is insecure in itself. I am saying that they did a wrong bet long-term, and their approach leaves a lot of people without Google's hardware insecure.

> not security theatre, whereas if they also supported phones that didn't even let you lock the bootloader it absolutely would be.

Once again, this is implying one single threat model upon everyone. I never leave my phone unattended, so nobody can secretly reflash it. And whenever I suspect a compromise, I reflash it myself using a disposable VM on Qubes OS. Does it look somewhat secure to you?

jamesnorden 5 days ago | parent | prev [-]

>Their priorities are clearly security and none of those phones really have any.

As opposed to a black box from Google, that nobody really knows exactly what it does...

pferde 6 days ago | parent | prev [-]

No, the "key factor" of GrapheneOS is to provide a secure OS on a secure hardware. If the "key factor" was to be independent from Google, they wouldn't support Google devices at all. But since the Pixel phones are the only ones with secure enough hardware, GrapheneOS supports them.

They even tell you in their usage guide that it's more secure to use Google's app store than e.g. F-Droid (which neglects several good security practices for an app store), and that it's not a good idea to blindly aim for "degoogling" at all costs.

Go away with your baseless FUD.

NoGravitas 5 days ago | parent | next [-]

I use a Pixel with GrapheneOS because it's really the least bad option available today. But it's not wrong to say that they strongly prioritize security over privacy or freedom/independence. That's a fair decision for them to make, but people should know what they're getting into.

close04 6 days ago | parent | prev | next [-]

> Pixel phones are the only ones with secure enough hardware

The biggest thing that excludes most phones from supporting GrapheneOS is the lack of unlockable bootloader. Pixel phones also allow the developers to target a large but homogeneous hardware base.

pferde 6 days ago | parent [-]

There is no single biggest thing. GrapheneOS has a rather strict demands for a device they're willing to support, see https://grapheneos.org/faq#future-devices

close04 5 days ago | parent [-]

GrapheneOS doesn't support Pixels with locked bootloader. It's where the game stops for all locked phones, a common practice now. You can already see how this is the single biggest thing.

The second big thing is that the "non-exhaustive list of requirements" is basically "whatever new Pixels do". Your conclusion that Pixel phones are "the only ones with secure enough hardware" is overstretching what's happening here.

The developers took the Pixel as a template because it's a well selling line, with good security, and generally with unlocked bootloader, and modelled the requirements based on it. It's a reasonable approach to the development of a niche security oriented OS because: "In order to support a device, the appropriate resources also need to be available and dedicated towards it". It has the downside that it makes it sound like no other phone has comparable security features.

Are the fully supported Pixel 6/6a more secure than any other non-Pixel phone sold on the market today?

pferde 5 days ago | parent [-]

What do you mean, "doesn't support Pixels with locked bootloader"? Yes, you need the bootloader unlocked to install GOS, but the last step during installation is locking the bootloader again. Having an unlocked bootloader is officially considered unfinished GOS installation. See https://grapheneos.org/install/cli#locking-the-bootloader

As for Pixels being more secure than non-Pixel phones, I would say they are more secure, due to existing hardware security features that most non-Pixel phones do not have, and just as importantly, due to still getting regular security updates from the vendor. Pixel 6 in particular is supported until late 2026, if I recall correctly.

This is the problem for most Android phones on the market - most of them stop getting security updates after a year or two, so your only option is hoping that one of the alternate Android OSes pick up the slack, e.g. Lineage or Calyx.

EDIT: That they modeled their security requirements based on the best device available at the time is simply how this works if the priority is security. They picked best of what was available, built features around that, and refuse to compromise for new device models if at all possible. And yes, no other Android phone has comparable security features for what they are doing. That's not how "it makes it sound", that's just reality.

close04 5 days ago | parent [-]

> What do you mean, "doesn't support Pixels with locked bootloader"?

You cannot install GrapheneOS on a Pixel that was locked by the carrier, it's literally the first prerequisite they mention [0]. From here came my initial comment saying that the biggest thing that excludes most phones from supporting GrapheneOS is the lack of unlockable bootloader.

This is what should give you pause when you declare one phone to be "best HW for security" because it supports GrapheneOS. Some Pixels are unsupported even with the same HW/FW/SW.

[0] https://grapheneos.org/faq#supported-devices

akimbostrawman 5 days ago | parent [-]

You acting purposefully obtuse. unlocked bootloader is the prerequisite for any android rom, that does not mean other hardware feature are less important than there other security requirements set by the project. Why other phones aren't comparable with details is literally explain two bullets point below your own link.

https://grapheneos.org/faq#future-devices

close04 5 days ago | parent [-]

> purposefully

Mighty all-knowing of you.

Just read my first comment, see what I objected to, see what arguments I used, and then think 2-3 times if you really added to the conversation. There must be better way to pad your comment count.

pessimizer 5 days ago | parent [-]

I did, and it makes this comment unintelligible unless there are no other Android phones with unlocked bootloaders. You've moved the goalposts, then got snotty about it.

edit: exactly who on this planet is motivated by "comment count" other than spammers?

edit2: the only way I can make your comments comprehensible is if I assume that you thought somebody was angry that they couldn't install Graphene on a phone with a locked bootloader. Before you assume the person you're talking to is insane, you should consider the alternatives.

BlueTemplar 6 days ago | parent | prev [-]

> it's not a good idea to blindly aim for "degoogling" at all costs

Why not ? This seems to be exactly the push that was needed.