| ▲ | Cider9986 8 hours ago |
| It's absolutely insane that phones have online accounts deeply integrated into the OS. You need to give Apple your phone number to download any apps on iOS. For example: Say anyone that downloaded IceBlock commited crime, Apple could give the govt everyone who downloaded its phone number, the govt could get the realtime location of everyone based on their phone number from the carrier. And that's not even mentioning the other problem that nobody can download IceBlock anymore[1]. It's so refreshing for my phone not to ask for any identifying information when I set it up. GrapheneOS is a better software experience than iOS anyway[2]. Phones have great potential to be the most private and secure computers, cell services not withdrawing. And iPhones are one of the most private and secure devices. But, Apple uses that to restrict its users freedom and it makes Apple's users can easily be controlled by any government. GrapheneOS delivers that dream. [1] https://www.iceblock.app/ [2] once you install good apps. This is coming from a lifelong iOS user. Not prejudiced against Apple, I use a Mac (without an account) and their Advanced Data Protection is great (when I had an account). |
|
| ▲ | monksy 8 hours ago | parent | next [-] |
| I agree with that.. additionaly, I'm finding it to be insane that organizations are trying to force you to have a "audited" phone to interact with them. (I.e. events, businesses, etc) |
| |
| ▲ | matheusmoreira 6 hours ago | parent | next [-] | | Remote attestation is not just insane, it's the technology that will end free computing as we know it today. What good is free software if using it marks our devices as untrusted and gets us banned from every service out there? Gets us ostracized from digital society? Because we "tampered" with the device? We should be able to run whatever software we want and they should be none the wiser. Instead, we are part of the threat model now. Our devices are now cryptographically attesting that they are corporate owned and that we are under corporate control. It's so disgusting. The future we're heading towards is terrifying. Everything the word hacker ever stood for will be destroyed if this keeps up. | | |
| ▲ | Cider9986 6 hours ago | parent | next [-] | | It can be used for security and used privately [1] but I entirely agree with you, Google's use of it is anti-competitive and terrible. [1] attestation.app | | |
| ▲ | matheusmoreira an hour ago | parent | next [-] | | It's all about who owns the keys and who trusts those keys. If you don't have the keys to "your" computer, then you don't own that computer, you're just renting it from the corporation. And even if our own keys could be used, who's going to trust those attestations? Nobody. They will trust Google's keys, Microsoft's keys, Apple's keys. Not ours. | |
| ▲ | preisschild 3 hours ago | parent | prev [-] | | Yeah same as TPM and Secureboot. They can improve your own personal security (and thereby privacy) drastically, but it has to be controlled by the user. |
| |
| ▲ | myaccountonhn 3 hours ago | parent | prev | next [-] | | You'll probably just need to keep two phones. One hostile spying device that you use for authenticating and dealing with government stuff, and that becomes e-waste every 2 years. Then you have one that you can repair and extend for your own stuff that respects you and your privacy. | | |
| ▲ | collabs 2 hours ago | parent [-] | | I am doing this now. I have had a carrier locked iPhone SE 2020 which I only use on Wi-Fi for over five years now. I also have an android phone and I don't install any banking apps on my android phone. |
| |
| ▲ | charcircuit 5 hours ago | parent | prev [-] | | >What good is free software if using it marks our devices as untrusted That is not what remote attestation is for. The operating system maintains isolation between apps, so a free software app being installed doesn't mean an app that needs high security is compromised. | | |
| ▲ | marmarama 4 hours ago | parent | next [-] | | I think you've misunderstood. It's not an app problem. The problem is that it makes Free Software OSes unviable. The copy of Android you compile and install yourself - or your copy of desktop Linux where you upgraded the kernel yourself - will never pass remote attestation, and it gives both the attestation provider and software that checks attestation the ability to unilaterally shut out any OS they like with no workaround, even those that do pass attestation. In a world of deeply untrustworthy Big Tech, and trend of governments, banks and other basic services needed to exist in society relying on apps and in the future, websites that use remote attestation, that is very troubling. There are better ways of dealing with the bad actors problem, but Big Tech has chosen violence. | | |
| ▲ | floam 4 hours ago | parent | next [-] | | I don’t see how it’s incompatible with open source, just because my development builds aren’t being blessed. | | |
| ▲ | dpark 4 hours ago | parent | next [-] | | It’s not incompatible with open source. It’s incompatible with free software. If Apple or Google or Microsoft or the government needs to “bless” your build, then you have no freedom to actually use your build. | |
| ▲ | marmarama 3 hours ago | parent | prev [-] | | Your "development build" is another person's daily driver. Case in point: GrapheneOS (or any other custom Android distro) is unlikely to be able to ever pass remote attestation, even a signed, secure boot build with the bootloader relocked, because it's not the original OS for the hardware. Same goes for any desktop Linux. | | |
| ▲ | inigyou an hour ago | parent [-] | | GrapheneOS implements its own attestation so you can attest that it's real GrapheneOS. The valid approach they've chosen is to try and get on a level playing field with the big guys rather than destroy the playing field. They have a good argument their OS is very secure, so you should accept its attestation. This is how a user-friendly OS backdoors into the attestation system. I still think destroying the playing field is better, but less likely to succeed. | | |
| ▲ | matheusmoreira 20 minutes ago | parent | next [-] | | > so you can attest This isn't about you attesting anything though. It's about corporations attesting that your device is 100% corporate owned. Can't have you running software that impacts their bottom line after all. GrapheneOS could be the most secure operating system to ever exist, it doesn't matter to the corporation because it's still under your control. When they say "security", they mean "the corporation's security against the user", not "the user's security against the hostile world out there". | |
| ▲ | HybridStatAnim8 21 minutes ago | parent | prev [-] | | GrapheneOS doesnt implement its own attestation. It simply inherits the existing, generic attestation system provided in the android open source project. Any fork of AOSP can provide this, the keys would just need to be whitelisted per OS. |
|
|
| |
| ▲ | charcircuit an hour ago | parent | prev [-] | | You can apply my same comment 1 layer up. The hypervisor maintains isolation between operating systems, so a free operating system being installed doesn't mean an app that needs a high security operating system is compromised. |
| |
| ▲ | matheusmoreira an hour ago | parent | prev [-] | | Then why can't we install whatever we want on "our" devices? | | |
| ▲ | charcircuit an hour ago | parent [-] | | Because you are buying a device without the feature of installing a custom OS. If you want a feature, buy a device offering it. | | |
| ▲ | matheusmoreira 24 minutes ago | parent [-] | | The whole point of this discussion is the trend towards societal scale denial of that feature by both market forces and governmental forces. There is no such a thing as "just buy a different device" when this "different device" is actively discriminated against to the point it's a paper weight. I wouldn't be surprised if remote attestation becomes necessary to even get an internet connection in the future. |
|
|
|
| |
| ▲ | andai 8 hours ago | parent | prev | next [-] | | What is that? I don't seem to be finding anything relevant on Google. | | |
| ▲ | monksy 6 hours ago | parent | next [-] | | We're running into situations where the usage of smart phones and apps are becoming mandatory for using services. For example: The UK has a digital ID requirement which is required for you to be employed in the UK. Additionally the EU digital identity services have a hardware/software attestitation that is required to run their apps. (Many of those which 3rd party software can't run). Another example of this is the Australian eTA - (Everyone has to have a visa to visit Australia.. but the real only way to get a visa* is you have to get an electronic travel authorization which only works via an App) https://grapheneos.org/articles/attestation-compatibility-gu... Apps that ban graphene-os being used: myGov (Australian government app)
gov.br (Brazilian government app)
Ticketcorner
Authy
Chyrpe Dating
TextNow
mada Pay (Saudi NFC payment app)
McDonald's (International app used for many but not all countries not including the US)
Dott
My SEAT (Connectivity for SEAT cars)
SwissID
Volkswagen
BKK Faber-Castell & Partner
TK-Doc
TK-Ident
TK-App (Blocks access to TK-Safe, TK-GesundheitsMessenger, fingerprint login)
IO (Italian government app which uses it to gate access to the digital wallet feature)
PosteID (Italian postal service’s app used to access the national digital identity system "SPID")
Singpass
| | |
| ▲ | subscribed 5 hours ago | parent | next [-] | | > The UK has a digital ID requirement which is required for you to be employed in the UK. That's untrue. There was a strong push towards the digital ID from the current administration, but it was abandoned 6 months ago. What you likely mixed up with digital ID is the old digital visa scheme, mandatory for all non-UK citizens to prove right to work. Re: your app list: looks a little bit eclectic, so it's worth mentioning most of the apps don't ban GoS specifically, but enforce Google play strong or device integrity pass, which GoS doesn't pass. Some trip on some exploit protections, like secure app spawning, but these can be turned off per app in the latest releases based on Android 17. | |
| ▲ | anonzzzies 6 hours ago | parent | prev | next [-] | | GrapheneOS and others should have lobbyists or rather lawyers and lawmakers to fight for using secure systems to mandatory be allowed for these. Sure, there must be some type of OS guarantee, but that should not be exclusive to Google and Apple. And indeed browsers with otp/authn devices (not one per service but yubi/thetis type of thing as those can be made sovereign for a large part); when an OS is not allowed, the browser and app should be mandatory allowed with such a device as that is, actually, more secure than the original device as it is an external encryption and encryption key source the hacker cannot reach. | | |
| ▲ | Cider9986 6 hours ago | parent [-] | | Us users might be effective as well. Hopefully anti-trust law catches up and bans play integrity. They are probably going to spend their money improving features and experience to get more users. There's threads on the forum dedicated to sending emails to Volkswagen to get them to support Grapheneos and it may be working. |
| |
| ▲ | z3t4 4 hours ago | parent | prev | next [-] | | This sucks. The solution is to buy the cheepest iPhone and use it just for the goverment services. | | | |
| ▲ | gib444 an hour ago | parent | prev [-] | | > The UK has a digital ID requirement which is required for you to be employed in the UK. False In fact I can't think of a single Government service or legal requirement that requires a smartphone in the UK. In the past year I have applied for a passport, applied for benefits, opened a bank account, passed through border control, filed a company tax return, closed down a business, helped someone else claim for benefits, made police reports, filed a case with the small claims court, paid my council tax, received an incone tax refund, travelled on public transport extensively, hired a car. All had alternatives as far as I can recall. Quite a few were done online just with a computer and optionally a phone number And based on prior discussions here I have to point out that "require" doesn't mean "ok but the alternative is kind of inconvenient" |
| |
| ▲ | andwur 7 hours ago | parent | prev [-] | | Likely referring to Android's Play Integrity/hardware attestation API (good explainer from GrapheneOS [1]) that is practically used to restrict what devices/brands/Android builds an app will allow itself to be run on. [1] https://grapheneos.org/articles/attestation-compatibility-gu... |
| |
| ▲ | LoganDark 6 hours ago | parent | prev | next [-] | | I miss the days when iOS jailbreaks allowed you to completely circumvent basically all DRM because the trust in Apple was so high that you could just assume a device is secure. Contrast that with Android, which has always had invasive attestation mechanisms because of widespread mistrust in OEMs. On iOS, sometimes you had individual apps trying to check for jailbreak but that was it | | |
| ▲ | realusername 5 hours ago | parent [-] | | Apps trying to check for jailbreak is still a thing on iOS and as you would expect, it's jank and can trigger on stock iOS if you are unluky |
| |
| ▲ | roysting an hour ago | parent | prev | next [-] | | > organizations are trying to force If it were only that and we actually had “free market capitalism” and “competition” you could simply choose, but leering and steering these “organizations” is the treasonous and inherently illegitimate government, which is increasingly indistinguishable from private corporations, mostly because it’s the same pool of people, which are reflexively moving us all towards a common focal point of a form of tyranny similar to hereditary oligarchy and/or serfdom. | |
| ▲ | preisschild 3 hours ago | parent | prev | next [-] | | > that organizations are trying to force you to have a "audited" phone to interact with them. (I.e. events, businesses, etc) Even worse, GOVERNMENTS do that. EU Governments basically forcing you to give Google (via the Google Mobile Services rootkit) or Apple (and via the cloud act also the Trump Admin) access to your entire phone (including all of your saved personal data) to use the govt eID system... | | | |
| ▲ | daniela-vera 5 hours ago | parent | prev [-] | | [flagged] |
|
|
| ▲ | ablob 4 hours ago | parent | prev | next [-] |
| Don't phones have identifiers outside of phone number anyway?
I feel like you have to trust the hardware/os vendor anyway.
So if you don't trust apple to not misbehave, maybe not getting an iphone is better than chasing the whole phone-number idea. |
| |
| ▲ | Cider9986 4 hours ago | parent [-] | | Your comment isn't super clear to me, let me know if I misunderstood anything. Yes there are still identifiers when using cellular data service, but they aren't connected to your phone number that you give out. Phone number gets a determined threat actor real time location, which is what I explained. Threat actor gets location from any carrier identifier. Cellular was built in a terrible way for privacy and security. Android doesn't let apps see hardware identifiers if that's related. Yes you're correct about having to trust Apple, but my point is that the way Apple is collecting all this extra info allows them to be compelled to hand it over. It's not about trusting Apple, it's about them following the law, which they will do. |
|
|
| ▲ | pjerem 6 hours ago | parent | prev | next [-] |
| I’m on the edge of migrating from my iPhone to a Pixel with GrapheneOS. But there is ONE feature I love on iOS and it’s the Live Photos. I feel like it’s an amazing way to keep family memories. Do you know if it exists on GrapheneOS? |
| |
| ▲ | mschild 6 hours ago | parent | next [-] | | Natively it doesn't. There are 3rd party camera apps that support it, but you'd have to download them separately. GrapheneOS camera app is fine but nothing outstanding. It will give you decent pictures but don't expect any fancy upscaling or editing features. | | | |
| ▲ | aucisson_masque 6 hours ago | parent | prev | next [-] | | Only in Google camera, which is usable on grapheneos: You get a live shot feature, it ain't exactly the same tho, look into that. I run pixelos and the amount of stuff I miss from iphone is staggering, the difference between pixelos/grapheneos isn't as big as the difference between iphone/pixel. | | |
| ▲ | Cider9986 6 hours ago | parent [-] | | Hmm, don't really miss anything from iOS besides tap the top screen to go to top of page. Also Apple Notes is great. No back button on iOS is madness and also the Android rotate screen integration is way better than iOS. | | |
| ▲ | aucisson_masque 5 hours ago | parent | next [-] | | It's mostly the app. Nothing come close to apple notes or reminder for instance. Even safari... On Android, you get chromium that doesn't have any extension or Firefox that has incredibly frustrating UI and doesn't work well on some website. | | |
| ▲ | Cider9986 5 hours ago | parent [-] | | I can understand extensions but I like Vanadium a lot more than Safari. Reminders is hard to replace unfortunately. Overall I like android apps a lot more though. Once you find the right ones. |
| |
| ▲ | k4rli 5 hours ago | parent | prev [-] | | Obsidian might be even greater for notes. Looks beautiful, and it's super immersive on OLED especially. Worth trying for sure. Tap to scroll might be possible to get also. Haven't felt need for it when it takes a few regular scrolls anyway. | | |
| ▲ | Cider9986 5 hours ago | parent [-] | | Thanks for the rec, I'll try it it. I like the open nature with markdown but when I tried on Mac it was a bit confusing. |
|
|
| |
| ▲ | Cider9986 6 hours ago | parent | prev [-] | | Yes, I have it and I use Google camera and Google photos. Not sure if default camera and gallery have it. |
|
|
| ▲ | izacus an hour ago | parent | prev | next [-] |
| I mean... your sentiment is in the right place, but Android phones (non-GrapheneOS) can be used without Google account just fine. Yes, you need to use F-Droid & Co. to get apps (just like on Graphene), but otherwise they're functional and many people are actually using them like that. |
|
| ▲ | tonyhart7 3 hours ago | parent | prev | next [-] |
| well you cant blame apple for that since Government can literally force your company to doing shit like this |
|
| ▲ | surcap526 2 hours ago | parent | prev | next [-] |
| [dead] |
|
| ▲ | NeutralWanted 6 hours ago | parent | prev [-] |
| [flagged] |
| |
| ▲ | HybridStatAnim8 14 minutes ago | parent | next [-] | | GrapheneOS does not interfere with law enforcement doing their jobs. Thats like saying the right to remain silent interferes with law enforcement doing their jobs. Law enforcement has one job, enforcing the law, and that includes following their own laws. People have a right to privacy, and GrapheneOS is one of the many methods that allow people to exercise that right. | |
| ▲ | Anvoker 5 hours ago | parent | prev | next [-] | | And why not? Law enforcement does not represent supreme justice and good. There are higher moral principles out there. Respect for law enforcement in the absence of justice is a disaster for society. All it does is give cover for bad actors. | | |
| ▲ | izacus 5 hours ago | parent [-] | | There's plenty of high moral principles, but "let's build technology that explicitly protects criminals - especially child and women traffickers - against investigation" ain't one of them for majority of people living in democracies. | | |
| ▲ | HybridStatAnim8 6 minutes ago | parent | next [-] | | If you are referring to GrapheneOS, there is nothing that GrapheneOS offers or advertises that "explicitly protects criminals". GrapheneOS is not for criminals, its not aimed at criminals, its not designed for criminals. Not implicitly or explicitly. | |
| ▲ | everyday7732 3 hours ago | parent | prev | next [-] | | Your assumption that "criminals" are doing something morally wrong is fundamentally flawed. Civil rights activists were criminals, as were suffragettes, and the people who protected Jews in Nazi Germany, and gay or trans people just existing in countries where that isn't allowed. All criminals. Law enforcement isn't even always carrying out the law, as we've seen with ICE arresting, assaulting, searching, deporting people on no other basis than their skin color. Democracy dies when people can't protest. When they are under constant surveillance, afraid of being singled out by the government intelligence gathering mechanisms. Unable to speak out about injustice, organise and engage in healthy counter culture. Look at Russia, look at China. Don't imagine that giving your own government and law enforcement the same tools of surveillance and oppression will have a different outcome. | | |
| ▲ | budsniffer952 an hour ago | parent | next [-] | | You do realize there's another side to it, right? There are morally good examples where privacy is needed, and morally bad examples where not being able to access data is harmful. I personally agree with you, but for most people it's not black or white. They want privacy when it suits them, but would take yours away in a heartbeat. | |
| ▲ | izacus 26 minutes ago | parent | prev [-] | | Yes, exactly, but if you actually follow all of those groups, none of them changed things by building bunkers into which police couldn't ever enter and any crime could happen there. As someone who grew up on the other side of the iron curtain, I find this idea that you'll make your own government an enemy and shield criminals against it utterly naive, since that's not what actually changes society. It's a form of techno-cowardice, where people hide behind technology to avoid doing the hard stuff. | | |
| |
| ▲ | milutinovici 4 hours ago | parent | prev | next [-] | | How does it protect trafficers especially? Does it have some extra trafficking features? Does it unlock additional capabilities if you're a criminal?
Or maybe it just protects everyone? | |
| ▲ | inigyou an hour ago | parent | prev | next [-] | | Do you believe window curtains should be legal? Should it be legal for a TV to not include a microphone and require an internet connection (as recent LG TVs do)? | |
| ▲ | Anvoker 3 hours ago | parent | prev | next [-] | | In the era before the advent of mass digital surveillance, it was well understood that there are many different ways to fight crime. Now every time I see this conversation being had, it's treated as if keeping any amount of privacy beyond what you personally find acceptable is tantamount to endorsing the existence of human traffickers. Warrantless spread-shot digital surveillance is now often treated as essential. I have a question for you. Why don't you advocate for more surveillance? The more active and widespread the surveillance, the more criminals can be caught. If you think it's not entirely practical, just embark on a thought experiment with me -- assume it would be practical. Would you do it? Would you have everyone be under perfect surveillance 24/7 in order to catch every criminal? Let's call this stance surveillance maximalism. If you agree with surveillance maximalism, then we're just very different people and I don't think we can find common ground. I hope we can live peacefully in different countries with different laws that suit our preferences. If you disagree with surveillance maximalism, then why is your arbitrary tradeoff so good? It's not obvious why it's better. You are assuming the moral high ground, but you're also doing the same thing you're accusing me of -- you're accepting some amount of traffickers existing by not being a surveillance maximalist. By adopting this moral high ground, the discourse is kept at a shallow level. We talk less about which surveillance measures are actually effective or not, what has happened to crime rates over time, what is the context in which crime occurs, what are the negative consequences of undermining privacy, what are the negative consequences of mass surveillance etc. Instead we waste our time and energy on cheap moral opprobrium. | |
| ▲ | ktallett 4 hours ago | parent | prev [-] | | You forgot terrorists on your usual list of reasons e2e is bad. Technology will always be used for bad and good, but there are far more people using it for good than bad. |
|
| |
| ▲ | Cider9986 5 hours ago | parent | prev | next [-] | | I meant the government deciding that downloading iceblock is a crime, because it shouldn't be, not that people who downloaded it used it commit crimes. Apologies for not being clear if that's how you were interpreting. | | | |
| ▲ | Telaneo 3 hours ago | parent | prev | next [-] | | Law enforcement aren't always moral (and sometimes even lawful!) when performing their jobs. | |
| ▲ | ktallett 4 hours ago | parent | prev | next [-] | | Law enforcement don't have a legal right to access all that people do, say, and think. They are there to investigate and present evidence to court incase of illegal activity, nothing more. | |
| ▲ | Cider9986 6 hours ago | parent | prev [-] | | >I work at Google, and yes. We use a monorepo for absolutely everything you can think of. But good luck getting that code off a corp device without being caught https://news.ycombinator.com/item?id=46440276 Hmm, I hope you don't work on AOSP! |
|