| ▲ | neilv 3 hours ago | |
My gut feel is that Micay is genuine, and obviously also very defensive. At least some of the defensiveness is warranted. Maybe most of it. Regardless, it comes across in most GrapheneOS communications, and it's sometimes counterproductive. A related issue, which I'm sure Micay can appreciate, is that users of GrapheneOS tend to be cautious, and increasingly will want to know why the project should be trusted, now that it is popular and on a lot of radars of adversaries. (For example, hypothetical scenario that's plausible, given the incentives: State actor (e.g., RU, US, CN) or organized crime group long-con starts with a public harassment campaign of Micay. Followed by sleeper volunteers taking more control of the project, initially under the pretext of helping insulate Micay from harassment, and taking some of the load off. Later maybe even impersonating Micay. Now the threat actor has backdoors to a large number of especially privacy/security-conscious parties, including communications, 2FA, location, cryptocurrency wallets, internal networks where those people work, etc.) I think it probably hasn't been compromised like that, but it's an obvious real possibility, and IMHO, until GrapheneOS is more transparent, some natural users of GrapheneOS are going to consider iPhone relatively "the devil you know". Again, I think Micay is genuine, and I'm a fan of the project and appreciate it. And I hope the project understands that's compatible with critical thinking about infosec, and doesn't take personal offense at that. (Source: Am long-time GrapheneOS user, and have donated.) | ||
| ▲ | microtonal an hour ago | parent | next [-] | |
I agree that this is an issue, but it is impossible to prove a negative. The same could be said for Apple's or other manufacturer's signing keys. Who guarantees that the US government hasn't required access to the iOS signing keys? Or China in exchange for access to the Chinese market? They probably wouldn't even want to reveal that the signing keys were leaked if they were allowed to, since it would undermine their security story. With a non-profit project of highly principled security experts, there is at least a high probability that they'd rather blow up the project than compromise. People elsewhere in the thread criticize Micay because he deleted the CopperheadOS keys, but to me it increases trust in the GrapheneOS project, since he clearly puts the security of his users over money, fear, and whatnot. In the end trust arises from running a project or company long-term without evidence that you somehow compromised security. I wonder in general how this situation could be improved. Second or third independent reproducible build + confirmation signing? | ||
| ▲ | HybridStatAnim8 an hour ago | parent | prev [-] | |
All of the defensiveness is warranted. They speak neutrally and objectively. The project is not going to relinquish control to any 3rd party. Not even the Motorola partnership is given control over the GOS project. The hypothetical you describe is not possible by design. The GOS project takes no issue with critical thinking, and encourages it. But that is often used as an excuse to handwave attacks. There is a very big difference between criticism/critical thinking and attacking them. Note that there are more individuals in the project than Micay. Multiple people handle multiple responsibilities, its not one person. | ||