• bbuez@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      9 months ago

      Out of pocket I would assume nonfree packages and hardware shenanigans: binary blobs, etc. …

      The latter imo is only really a concern if you’re being targeted hydrate actors, and you got bigger problems then

      • lemmeee
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        9 months ago

        Mobian Bookworm contains 2 non free firmware packages: https://packages.mobian.org

        According to the FSF, GrapheneOS also contains non free firmware:

        GrapheneOS is a version of Android which is described as “open source,” but it seems to include software that isn’t free software or even “open source”. For instance, it comes with firmware programs for installation and it appears that at least some of them are binaries without source code. It is said to be “de-Googled,” but includes a way to download and install the nonfree Google Play program.

        https://www.gnu.org/distros/common-distros.html

      • lemmeee
        link
        fedilink
        arrow-up
        1
        arrow-down
        2
        ·
        9 months ago

        https://grapheneos.social/@GrapheneOS/111957964224325239

        This only talks about the Fairphone. The only mention of PinePhone and Librem 5 is that according to the author providing schematics is not enough to call it “open hardware”.

        https://grapheneos.org/faq#future-devices

        No mention of PinePhone or Librem 5.

        https://grapheneos.social/@GrapheneOS/111738765361100063

        Same as above.

        https://grapheneos.social/@GrapheneOS/111676448278523353

        It’s a misconception that the Librem 5 and Pinephone are open source. Their hardware components including the CPU, GPU, Wi-Fi, Bluetooth, cellular, etc.

        The word “open source” usually refer to software, but ok. Those companies provide schematics for the motherboard and Librem 5 also provides PCB designs. But they don’t provide those for the chips, so that is correct. I don’t think anyone says otherwise.

        Their hardware/firmware/software is all much less private and secure

        What? :D The person doesn’t even explain why. Then they talk about physical killswitches misunderstanding what they are really for (they are there so that you don’t have to fully trust the software/firmware to turn something off - especially the proprietary modem firmware) and claim that all of those devices are insecure somehow, because on GNU/Linux any program can access the microphone. But that’s exactly why we use free software, isn’t it?

        I’m sorry, but this is ridiculous, so I won’t read the rest. I’m not a hardware expert, though, so maybe some of their other points were valid. I guess those phones’s hardware is probably as secure as any other computer’s. I don’t think anyone says otherwise, but the killswitches are always a good idea.

        • anti-idpol action@programming.dev
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          edit-2
          9 months ago

          Pinephone doesn’t have features like IOMMU isolation or even verified boot. Also as a matter of fact, permission control, unless you’re using flatpak/bwrap/firejail is actually better on Android than Linux. Plus long before the first usable part of Linux written in Rust was released, large parts of low level AOSP code were already rewritten in it.

          https://madaidans-insecurities.github.io/linux-phones.html

          • lemmeee
            link
            fedilink
            arrow-up
            1
            arrow-down
            1
            ·
            9 months ago

            PinePhone’s modem is isolated through USB. I don’t know about other components, though.

            Also as a matter of fact, permission control, unless you’re using flatpak/bwrap/firejail is actually better on Android than Linux. Plus long before the first usable part of Linux written in Rust was released, large parts of low level AOSP code were already rewritten in it.

            I understand that, but none of that makes GNU/Linux insecure and that’s what the GrapheneOS developer has claimed. They said it was insecure. I can’t say if GrapheneOS is more secure than GNU/Linux, because I don’t know enough about it or how libre it is, so I’m not arguing with that. It’s possible that it is (I would have to check opinions of independent experts). My point was that those people can’t be taken seriously if they make such ridiculous claims. I don’t know if I can believe anything they say.

            https://madaidans-insecurities.github.io/linux-phones.html

            This person says that Android (a proprietary operating system) is more secure than GNU/Linux. Ridiculous. It’s nice that Android has all those security features, but it’s still proprietary, so can’t be trusted. Keep in mind that he didn’t just say GrapheneOS, which might be entirely free software, so unlike Android, it might have a chance to be secure.

            PureOS also uses linux-libre. This will prevent the user from loading any proprietary firmware updates, which just so happens to be almost all of them.

            I don’t think this is true at all. The firmware in Librem 5 is stored on some separate chips and I think users can flash new firmware to them. But even if he was correct, I’m not entirely convinced that you get a security benefit from being able to change from one proprietary firmware version to another, since both those versions can’t be trusted. I will need to read more about this at some point.

            Then he says the same stupid thing about the killswitches and just like the GrapheneOS dev pretends that they have no benefit. I’m starting to wonder if they are the same person. Never mind, I can now see that he quotes him in his GNU/Linux article, so he is probably just repeating after that guy.

            The microphone kill switch is useless since audio can still be gotten via the sensors (such as the gyroscope or accelerometer).

            I doubt that. I’m pretty sure that in reality the audio levels you can get from those sensors is too low to be usable (unlike a microphone). Here is a fun fact that this person doesn’t know about. The microphone killswitch on one of the PinePhone versions doesn’t actually kill the microphone, it just disconnects the amplifier or something. So the microphone technically still works, but it’s not gonna pick anything up, even if you yell directly at it. I know this, because people have figured it out from looking at the schematics and tested it.

            The unorthodox way in which the Librem 5 attempts to isolate the modem is via the Linux kernel USB stack, which is not a strong barrier, as shown in the Linux article.

            I can’t find where he explains this, but I think the problem was that he just doesn’t know about USBGuard. The author’s two articles are full of errors or false information, they don’t understand that proprietary systems can’t be considered secure. I see no reason to trust their opinions on security.

            • anti-idpol action@programming.dev
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              9 months ago

              AOSP is not proprietary. Also security is not achieved merely by the merit of being libre, see CVEs for sudo, glibc or Apache HTTP server or even the Linux kernel itself.

              And when it comes to proprietary firmware updates, in case of x86 one such notable example is the microcode which is pretty important to keep updated for security.

              • lemmeee
                link
                fedilink
                arrow-up
                1
                arrow-down
                1
                ·
                9 months ago

                AOSP is not proprietary.

                I never said that it was.

                Also security is not achieved merely by the merit of being libre, see CVEs for sudo, glibc or Apache HTTP server or even the Linux kernel itself.

                Being libre is the basic requirement to even being considering something as secure, but it is not enough by itself. I agree.

                And when it comes to proprietary firmware updates, in case of x86 one such notable example is the microcode which is pretty important to keep updated for security.

                Generally that’s what people say, but is it really that simple? A new firmware version might fix some known vulnerability, but its developers might have also introduced a new one on purpose. So a known vulnerability might have been fixed, but you might have gotten a new one that isn’t yet known. So I don’t know if that’s really so much better. Also I assume that the only way to exploit those vulnerabilities is through malware? But if you only run free software, the risk of getting malware is very small.

                • anti-idpol action@programming.dev
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  edit-2
                  9 months ago

                  I agree with you that every proprietary software must be presumed to be a trojan with a backdoor but still some critical, low level free software being decades old C codebases with oftentimes millions of LoC has proven to be a double-edged sword where on one hand most of it is super optimized (just compare launch times of lightdm or GDM to e.g. regreet) but on the other hand by pure probabilistics it’s more likely to contain some vulnerabilities accumulated over the years of imperfect code reviews.

                  Sure I believe it’s worth hoping and supporting initiatives that might one day bring us to something like RISC-V smartphone with high level of hardware security that’d run something like Alpine (a minimalist distro) but based on Redox OS. Maybe that’ll come true in a couple of years.

                  But right now GrapheneOS even despite proprietary hardware is the best option security-wise, unless you’re willing to tinker with hacking together some RISC-V SBC-based device (which might even have better battery life than most smartphones by up to 60%!), but the optimization of basically any software is going to suck so badly. And forget compiling any Rust code on the currently available RISC-V CPUs. want memory safety? pick something with a VM/GC instead.

                  • lemmeee
                    link
                    fedilink
                    arrow-up
                    1
                    arrow-down
                    1
                    ·
                    9 months ago

                    You are right that some projects are more likely to have vulnerabilities than others. But at least with libre software any expert can look into it, fix it and distribute the patch to others.

                    I don’t have much hope for RISC-V, since most SBCs that use it seem to require a custom Linux kernel, so it’s the same problem that we have with ARM. Maybe things will get better at some point, but unfortunately most people don’t seem to care. I haven’t heard of Redox before. It looks interesting, but it’s a shame that it’s not under a GPL license.

                    But right now GrapheneOS even despite proprietary hardware is the best option security-wise

                    Maybe you are right and Graphene with F-Droid is the most secure option. I don’t think it’s necessary to have all of its features, since we don’t have them on desktop either, but it would be nice to have them on mobile for sure.

                    unless you’re willing to tinker with hacking together some RISC-V SBC-based device (which might even have better battery life than most smartphones by up to 60%!)

                    That’s crazy! Is RISC-V so much more efficient than ARM?

                    And forget compiling any Rust code on the currently available RISC-V CPUs

                    Is that not possible?