If you feel like you can't get a reasonable reply from anyone on a given subject, it's possible that the subject matter is purely indefensible and everyone but you is wrong about it, or it's possible that there's one constant in all this which you're overlooking.

Anyway, in terms of laptop/desktop security, Apple's doing the best job of anyone on that front at present and is still moving in the direction of improvement. Overall, modern Pixels running GrapheneOS are still the most resistant to a variety attacks, compared to just about any consumer device with any practical value.

Most laptop/desktop hardware architecture is wildly vulnerable in some specific ways that Pixels and iPhones just aren't, and no amount of OS enhancements built on that foundation will fully overcome its limitations. Your refutation to that is typically, "But, Google." I get it. I'm no fan of Google, but their architectural chops on modern Pixels is excellent.

Suggesting in the next breath that people look at the Librem 5 or PinePhone while criticizing the security of GrapheneOS makes me think you might just be completely out to lunch on this one. The Purism project is just not a serious security project in so many ways, and while I appreciate the appeal of hardware switches, the rest of their approach makes the hardware switches and domestic supply chain option and shipping protocols little more than security theatrics. The Librem 5 is so easily compromised that the switches are practically a necessity, I suppose, because the hardware and the software (from the OS to device drivers and--gasp--closed blobs!) just isn't trustworthy. With the clever rhetorical games they play to overstate the reality of the device it's difficult to place any trust in them.

'You shouldn't use this device because Google drove the architecture,' just isn't as compelling to me as, 'you should use this device with outdated drivers, no secure element, no sandboxing, and no IOMMU, no hardware resistance to attacks, baseband isolation that's literally an all-or-nothing affair,' and so on, is a terrible followup recommendation which completely undermines credibility.

You're citing hypothetical weaknesses as a reason to dismiss GrapheneOS while advocating devices with numerous demonstrable weaknesses. The Librem 5 not only isn't very resistant to attacks, it's highly vulnerable to attacks. And then you complain when serious people stop engaging with you. (Not being a serious person, I persist.)

As a former PinePhone user, it's a wonderful effort and I love that they're doing what they're doing, but the device and its software is just completely lacking in security to any real degree. Which is fine, because that isn't the device's reason for being, but we shouldn't overstate its position, which you continually do.

All that said, I genuinely think if you take the time to really fairly understand the situation, you'll find value in GrapheneOS as a project. Whether or not it's for you is another matter, but the only reason I'm bothering to quibble with a faceless stranger on the internet over the issue is because I think the project is one of the most important consumer-device security projects of this era, and I massively hope it succeeds. The planet will be better off for it if it does. And yet, every single time it comes up you make the same lazy dismissals of it, ignore substantive responses, then invariably play the victim when people eventually tire of playing your game.

A broader ecosystem of supported devices is something I very much hope for, and am excited to seem take the step into working directly with one OEM, and I hope for more. The virtualization aspects of their roadmap are exciting, and I expect they'll bring great upstream contributions to whatever hypervisor they choose, as they have for AOSP. Their talks of targeting a laptop which meets their hardware requirements is incredibly exciting, and here's hoping it's a ThinkPad, which seems genuinely possible now.

All this is the most compelling alternative to something like Apple, which, while great at leveraging the advantages of being the behemoth in the market, is too inherently motivated in its pursuit of commercial outcomes to be something I'm likely to want to use.

I lack any real hope that you'll come around on this one, but if you're going to play the game of linking to prior discussions to settle an argument, at least I now have a comment to link to, too. Thanks for fueling my future efficiency.

▲

subscribed an hour ago | parent | next [-]

Oh wow, sir or madam, I adore your dedication and persistence.

▲

fsflover 3 hours ago | parent | prev [-]

Thanks for your extended reply, but many of your points are strawman. I never suggested that Librem 5 or Pinephone were seriously more secure than GrapheneOS. They may be more secure in small ways, depending on your threat model, like avoiding Google or allowing to use the kill switches. However I explicitly said more than once that I would be happy to use GrapheneOS on a more libre hardware (Librem 5), even if the security may be lower. Some people value an additional bit of freedom more than cutting-edge security.

> You're citing hypothetical weaknesses as a reason to dismiss GrapheneOS

Where did I say this? I do not dismiss GrapheneOS, and I do wish them success. I agree this is a very important project (and I upvoted all their recent posts for more visibility). I just feel that some of their decisions harm them more than they think, which is the reason for my parent question.

I suggest Librem 5 or Pinephone in my HN replies whenever I see people caring about mobile freedom more than about immediate security, which GrapheneOS provides. I do not suggest those phones as a more secure replacement of GrapheneOS devices.

> we shouldn't overstate its position, which you continually do

I do not see where I am doing this, see above. And I certainly didn't do it in my parent comment.

> Their talks of targeting a laptop which meets their hardware requirements is incredibly exciting

I have no idea how anything can be more secure than Qubes OS. I never received a reasonable answer to this question. And yes, virtualization (i.e., compartmentalization) is the best way to achieve security, in my opinion.

> in terms of laptop/desktop security, Apple's doing the best job of anyone on that front at present and is still moving in the direction of improvement

This is not even funny, given how many vulnerabilities are constantly being found in MacOS. You should just compare that with Qubes OS, which I use.

	▲	handedness 2 hours ago \| parent \| next [-]
		And I appreciate that you wish them success and think it's important. If you think so, please try to better understand the nature of what it is you're criticizing. If you're repeatedly met with push-back from numerous individuals but can't evolve in your understanding, you have to start asking yourself harder questions.
	▲	handedness 2 hours ago \| parent \| prev [-]
		They aren't strawman. You pop up in Graphene OS threads like clockwork and recommend other devices. You say, "but Google hardware." I get not wanting to contribute to Google financially, I get not wanting their logo on a device, I get the general discomfort with anything Google. But it's akin to people being so anti-Google that even when Firefox on Android lacked nearly any sandboxing whatsoever and had downright reprehensible security practices, they'd continue to use Firefox on Android when visiting untrusted websites, because, well, at least it's not Google-adjacent. It's completely irrational and unjustifiable on anything but a totally emotional level. You conflate privacy with security here, "They may be more secure in small ways, depending on your threat model, like avoiding Google," and yet you don't articulate any demonstrated connection between using Google hardware with GrapheneOS and Google's ad tech business. The closest thing there is needing to connect to Wi-FI to unlock the bootloader, but that's easily addressed. You cite a hypothetical backdoor that Google may have placed in the hardware, but unless you're physically examining every chip running every OS (and there are several) in every device you own (even the ones you think you've disabled the MIE on), you simply can't know that. You have to account for that, but you talk about it in ways that imply a project which accounts for it better than others hasn't, while one that inherently can't, has. When they announce Motorola support, you're still on about avoiding Google. They literally can't win with you. If you think their decisions harm them more than they think, but can't understand the basic factors at play, it's hard to take your determinations seriously. Good governance of a complex project is hard, and people snipe from the sidelines with virtually no understanding of what the actual situation is. By all indications the project is incredibly well run in all ways that practically impact eventual end-user security. If you have no idea how anything can be more secure than Qubes OS, consider Qubes OS running on hardware with excellent security features, and the two being tightly integrated. There's your reasonable answer. That is literally the roadmap for Graphene OS. A hypervisor-based OS that's useful for end-user purposes by carefully layering on functionality to make a hypervisor-based OS some degree of usable. The less reasonable reasonable answer is that you'd have better security if you ran Xen itself, as everything Qubes adds to make it usable potentially weakens it. It's just the nature of the beast. It wouldn't surprise me if GrapheneOS lands on Xen for all the same reasons Joanna landed on Xen, and they end up contributing massively upstream to Xen security largely by tightly integrating it with said hardware. But I'm sure other patches will flow upstream with whatever project they choose, because their security chops are that good. Qubes OS also lacks resources. They're supporting a massively bigger variety of hardware with a comparatively tiny user and donor base. By all indications their finances are nowhere near sufficient for what they really need to do. The project is as good as it currently is almost entirely down to the incredible efforts by a very small number of amazing people. If nothing else, the speed at which they can iterate and evolve is highly constrained. Remove 1-2 key players from the equation and the project almost invariably collapses. That alone is constitutes a definite security vulnerability. Re: Apple, I'm talking hardware security. But even when you factor the software in, for a portfolio of consumer operating systems used by a billion and a half normies who expect it to do every normie task under the sun with very little frictional security overhead, Apple does a great job at security. Edited to add: > I would be happy to use GrapheneOS on a more libre hardware (Librem 5), even if the security may be lower. Some people value an additional bit of freedom more than cutting-edge security. OK, but that's a nonsensical wish at best. There are other AOSP forks out there that would meet your needs. Buy a non-Google Android phone and load another AOSP fork. Or, fork GrapheneOS and modify it to meet your needs, thought that would be a largely pointless exercise. Repeatedly criticizing the project every single time it comes up for not wanting to completely change its fundamental nature in an ill-defined attempt to satisfy your inclination is a real head-scratcher.