@jcs Librem 5 has atrocious privacy and security due to using a bunch of low security and outdated components, which are not open and do not have open firmware. Many components including the radios lack proper security updates. Purism does not provide the firmware updates through their OS and has set up a bunch of it in a way where it can’t be updated. They even went out of the way to move things to a locked down secondary processor to block updates. They claim if you can’t update it, it’s open.
GrapheneOS
Open source privacy and security focused mobile OS with Android app compatibility.
- 0 Posts
- 9 Comments
Joined 3 年前
Cake day: 2022年11月27日
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
@jcs Librem 5 has a fully closed source SoC, which means System on a Chip as opposed to a traditional desktop where the components would be part of a motherboard. The board schematics are for a basic PCB. It’s a nearly entirely closed source device in terms of where the actual complexity is. The SoC is the core component providing nearly all the base functionality. The SSD, memory, touchscreen, battery, Wi-Fi, Bluetooth, cellular, etc. are all closed source, as are various other chips, etc.
2·8 个月前@lka1988 We focus our effort on the base OS and areas which are not already covered by high quality open source apps. We don’t need to build our own domain-based filtering and blocklists for it because they already exist.
We have built-in content filtering in Vanadium based on EasyList + EasyPrivacy. That’s more usable (per-site toggle) and much less limited than what domain-based filtering can do but it’s still limited by needing to permit dual use functionality and is still easily bypassed.
> Plus, in the first comment, you suggested “RethinkDNS”, which depends on their own DNS servers.
You do not need to use their DNS servers. You can use local filtering and your choice of DNS servers including the network provided ones.
> I wouldn’t think a security and privacy-focused ROM should be recommending anything but a locally hosted option.
We’re recommending using local filtering via RethinkDNS, not the RethinkDNS servers. They allow downloading the blocklists locally.
You can see from https://eylenburg.github.io/android/_comparison.htm that we have no limitations on call recording while others do. The fact that it’s manual means users are taking responsibility for it each time. It’s little different than recording a call with a tape recorder on speaker phone. If we did it automatically, then users would not be making a conscious decision to enable it case-by-case. That would be a problem, and not an acceptable way to do it without an extra explicit opt-in.
GrapheneOS does add call recording to our fork of AOSP Dialer. Unlike most alternate operating systems including LineageOS, we don’t limit the regions where it’s available. The fact that users are choosing to use it for specific calls means users are taking responsibility for the legality of recording that specific call and informing the other person of it. Automatic call recording would need more complexity to make it practical for people to comply with recording laws.
Why do you want to have a slow, legacy and hard to debug implementation of domain-based filtering instead of managing it with an app?
Domain-based filtering is also very limited in what it can since it’s trivially bypassed by apps or web sites using IPs or doing their own DNS resolution, which is fairly widely adopted. For example, WhatsApp will still work with the domains blocked. In practice, you’ll also only be filtering domains not used for useful functionality.
> System-wide hosts-based adblocking
That’s not a good way to do it.
> DNS/always-on VPN is not a reasonable solution
You don’t need to use a DNS service or VPN service to filter remotely. You can filter locally via the VPN service feature, including while using a VPN if you want.
You should follow our advice and do it with an app like RethinkDNS providing support for both local filtering and optionally using WireGuard VPNs at the same time including chained VPNs.
@jcs The definition of openness used by Librem 5 is that a fully closed source device with closed source firmware and software would be open and freedom respecting as long as none of the firmware/software can be updated.
Purism prevents updating firmware for the SoC and calls it open even though the SoC is fully closed source hardware and does have closed source firmware, which just can’t be updated. They don’t count secondary components like radios. 99.999% closed source hardware isn’t open.