Wonderful except that soon that phone won't work for anything official in europe because it won't pass play integrity attestation that brussels wants to be the only gateway to certification of devices.
Yeah. Remote attestation, "certification" of devices in general, should be illegal. Anything short of that and computer freedom is lost, everything the word "hacker" stands for will be destroyed.
We can't let Google get away with bundling their spyware in the name of security into a phone we must now have..
It's NOT ok that a government app (often practically mandatory) requires the user to accept some invasive ToS of a foreign corporation maintaining an illegal monopoly.
Requiring attestation doesn't mean Google spyware should be unremovable without breaking it, Google's business model should not be mandated by the law.
The problem is not that it's difficult, the problem is that it makes phones that are not locked against their users commercially dead - a money losing venture for any manufacturer. Because most people simply won't bother with two phones.
I wonder if dual-booting is possible, with the boot-loader loading the bootloader that's been "blessed" by Google's certification priests to boot the "certified virginal" phone.
GrapheneOS devs have announced "We're currently working with a major OEM towards future generations of their devices meeting our requirements and providing official GrapheneOS support. GrapheneOS on both Pixels and these future non-Pixels will be fine." (https://grapheneos.social/@GrapheneOS/115102564799343519)
You're welcome to assert otherwise, of course, but your assertions are contradictory with direct statements from the GrapheneOS team.
And that's even assuming one cares about the secure enclave. I am not convinced that any phones exist that one can not unlock the enclave via JTAG debugging.
For most devices, if you have that kind of physical access, and enough technical resources, all bets are off. Most people's threat model doesn't include three-letter-agencies reading their secure enclave. If yours does, you're probably better off not carrying a phone at all.
Wonderful except that soon that phone won't work for anything official in europe because it won't pass play integrity attestation that brussels wants to be the only gateway to certification of devices.
Yeah. Remote attestation, "certification" of devices in general, should be illegal. Anything short of that and computer freedom is lost, everything the word "hacker" stands for will be destroyed.
Is it possible to spoof/emulate play pass integrity somehow?
No, not strong integrity, since that depends on hardware secure modules which attest that the software on the phone is signed by Google.
Is it so difficult to have a separate phone for gov & bank apps only?
We can't let Google get away with bundling their spyware in the name of security into a phone we must now have..
It's NOT ok that a government app (often practically mandatory) requires the user to accept some invasive ToS of a foreign corporation maintaining an illegal monopoly.
Requiring attestation doesn't mean Google spyware should be unremovable without breaking it, Google's business model should not be mandated by the law.
So is there anyone else out there attesting device firmware and ensuring they're secure?
It's not a law to only trust Google's attestations.
Difficult? Not at all, but it annoying at least.
The problem is not that it's difficult, the problem is that it makes phones that are not locked against their users commercially dead - a money losing venture for any manufacturer. Because most people simply won't bother with two phones.
but what if,the two phones could be packed into one?
it would be a little thicker, you would need 2 of some components.
switch between phones like switching workspace?
Ha, a phone with a KVM (1) although without the K or M: https://en.wikipedia.org/wiki/KVM_switch
Or this 90's hardware oddity that combined Mac and PC: https://www.youtube.com/watch?v=a6b4lYOI0GQ (skip to 8:00 to see it in action).
I wonder if dual-booting is possible, with the boot-loader loading the bootloader that's been "blessed" by Google's certification priests to boot the "certified virginal" phone.
yes
> One is a hardware switch that cuts circuit power to the cameras and microphones
How great might be the threat of using its speakers as microphones ?
That would practically certainly require electrical changes, at which point all bets are off anyway
Can you please elaborate as maybe I couldn't understand what you were trying to convey.
Thanks in advance!
Hey, I learned something. I knew of Fairphone, but I didn't know they had kill switches. The device might be out of my budget, but it seems promising.
The mediatek dimensity means it's sure to barely work on US carriers. They're not written band support anywhere on their 'detailed specs'
nit: Title inaccurate. There is a single hardware kill switch, not plural. Separately, there is also a software kill switch.
Is there a headphone jack?
Bring back headphone jacks & SD card slots!
If GrapheneOS won't plan on supporting that it means it's not as secure as advertised.
GrapheneOS devs state requirements based on Pixels, not choose Pixels based on requirements
so I won't trust judgement based on that
GrapheneOS publishes a list of the requirements: https://grapheneos.org/faq#future-devices
GrapheneOS devs have announced "We're currently working with a major OEM towards future generations of their devices meeting our requirements and providing official GrapheneOS support. GrapheneOS on both Pixels and these future non-Pixels will be fine." (https://grapheneos.social/@GrapheneOS/115102564799343519)
You're welcome to assert otherwise, of course, but your assertions are contradictory with direct statements from the GrapheneOS team.
Not at all and ignorant of you to think so.
No, it means the phone isn't suitable for security maximalists. GrapheneOS doesn't support any hardware except the Pixels.
And that's even assuming one cares about the secure enclave. I am not convinced that any phones exist that one can not unlock the enclave via JTAG debugging.
For most devices, if you have that kind of physical access, and enough technical resources, all bets are off. Most people's threat model doesn't include three-letter-agencies reading their secure enclave. If yours does, you're probably better off not carrying a phone at all.
Blala, 1k electronics shit that won't potentially do calls reliably or BT with cars etc.
> shit that won't potentially do calls reliably or BT with cars etc.
Based on what? If it's not yet available, how would you be able to tell how well it does calls or BT-pairs with cars?
It's a run-of-the-mill pre-sale scam. Post when it's actually available for sale.