Security and privacy are not mutually the same thing, and privacy is not necessarily a derivative of security. This is proven by the security of Windows and iOS, which is obscure, and they are antithetical to privacy.
I teach privacy and security definitions to people in this way.
Privacy means that your content has controlled access (to you, your recipient or a small group). Security means the storage of the content is protected from automated or manual intruder/stealer attacks.
So, both are different properties and one is not a pure, or even partial derivative of the other function.
Again, you didn’t show any proof whatsoever about the “FUD” spreading by madaidan and others.
If you have knowledge in the OPSEC and privacy domains, and use some critical thinking, it is too easy to figure out. I can share one instance, since he banned me off his Telegram groups and Matrix rooms, what strcat and his shills are most famous for.
I can share a few instances with you, as I never bothered keeping a year long list of his FUD spreading incidents. I fetched these randomly from my 2 year spanning old Firefox profile.
NOTE: USE REMOVEDDIT/REVEDDIT FOR ALL THESE THREADS.
Probably it should be enough to make you reconsider them as the arbiter of truths in the community.
madaidan doesn’t spread FUD. You didn’t counter the source with actual information.
Picture 1) cn3m(?) Make a valid point.
Picture 2) you didn’t counter his statements, instead, you accusing him to being a troll and a shill.
You sound very biased towards supporting them currently. cn3m and all these people are fine examples of edgy teenagers who gathered their information via making some up, learning some on shitty 4chan threads and a likely result of having nothing better to do in life than engaging in creating their niche in privacy community and trying to milk that for self pleasure on the internet. Delusional personality type of syndrome, perhaps.
Actually, you are too inexperienced and have not had enough confrontation with them, so you should probably not defend random anons on internet without knowing their history well. A lot of people sadly fall for it these days.
You said that Pixel phones cannot be trusted but you didn’t show any proof whatsoever. Closed source software and hardware can be verified, it’s called reverse engineering. Google offers reward extremely high (up to 1,000,000 dollars) for anyone who can catch exploits in the titan M and pixels phones. It’s obvious that can be verified. It’s no sense put some backdoor in the hardware, google already collect every piece of data collectable by users. You’re putting your ideology ahead verified documentation and facts.
WHAT. A. LOAD. OF. BULLSHIT.
All of commercially commonly available USA hardware has some kind of security chip in them, that has been hacked and/or found to have networking, telemetry and backdoor capabilities. Be it the Intel ME or AMD PSP backdoors with SIGINT funding evidence, be it the Snapdragon’s Hexagon DSP hack or the hacking of Apple’s T2 chip.
Having faith in Google’s promise of their proprietary closed source chip being clean is like having faith in cyanide not killing a person. Moreover, they are known as:
NSA partner and collecting data and spy on users in googolplex capacity
use dark patterns in their software to make users accept their TOS to spy
repeated lies about how their data collection works claiming anonymity
forcing users to use their Play Services which is spyware and scareware
monopolising the web and internet via AMP
use of non standard web browser libraries and known attempts to cripple lone standing ethical competitors like Firefox and Gecko web engine (now with Microsoft making their default Edge Chromium-based too)
Google’s track record of being trusted seems not too impressive, so risking it combined with the flaws and intentional backdoors on USA hardware security chips seems like a very bad move. It seems to be well grounded speculation, considering I have cited examples of Google’s neighbourhood companies, Apple, Qualcomm, Intel and AMD, and their own as well.
I never thought I would have to revisit debunking madaidan, cn3m, Micay and their whole cult ever in my life, yet here I am. Sigh.
GrapheneOS is not all that, and I simply do not trust Pixels. What you are telling me is to trust Google hardware here. If this were a Xiaomi phone with, let us say, HanfuOS, open source and security focused, would you use that? If no, why are you using Google Pixel with closed source hardware and its maker that has deep ties with US intelligence and military?
I never accused you of being a paid shill, so try not to do that with me.
GrapheneOS may itself be a good ROM, but the exclusivity of it being used with Google Pixels is extremely suspicious to me. And I have well grounded conjecture to present for it, not just with Google’s history, but with all of other major USA companies that use such security chips and all of them either are backdoored or got hacked.
Madaidan is a security research, he wrote technical analysis about software like Firefox or Linux.
He is about as much of a security researcher as I am, and that is not much really. I never call myself an expert or anything, but he does in third person more often than not.
actually really hoped for something more useful than deleted reddit comments, like some articles or some research which can counter the ones I just linked to you
I doubt you will ever find extensive research papers and journal books and Buzzfeed articles on anonymous personalities involved in the privacy community.
This is why you’re accusing him to be a white suprematist? (Serious question)
No. You have to figure this out via talking to him and his groups. A lot easier way would be to find the CCP Pooh bear credit score, tr*nny demon hacker and such disgusting stickers in their Telegram groups. There is a lot to it, and none of it is drama.
of course is not a load of bullshit. Closed source can be verified, audited and exploited. That’s what security researchers and bad actors do. In fact, windows -for example- has viruses also because people can find exploit in the source code.
You says that google pixels cannot be trusted, but you didn’t showing any documentation about it. You says that it cannot be verified, but you didn’t show any documentation about it. You just assume that because “of course, It’s Google, you can have faith in google, it has an abysmal past regarding privacy”. It’s not an actual proof. Now, let’s say that google pixels have 100% a backdoor in their phones. how about the others vendors? You have verified the phones?
I showed you Google’s track record entirely ridden with malicious intent, questionable past, NSA and DARPA involvement. You want to trust Google hardware after theIR AI was utilised to bomb Yemeni kids via US drones? Good luck, whatever your threat model is, relying on closed source Google security.
You can say that huawei -example- is a safe phone to use, that has no backdoors? That is not affiliate with NSA or other companies? Or you just assume it? The answer is simple, you just assume it.
Huawei is a Chinese company owned by its employees, and has no links to NSA or 14 Eyes countries due to stark political and ideological differences. I will use a historical reference as example. You are trying to tell me that 8 Nation Alliance collaborated with Qing Dynasty to sell the Chinese citizens opium to grow British trade?
why I recommend pixels for people who wants/needs to use google services or install custom OS and get rid of Google services? Because Pixels, unlike 99% of android phones, support custom custom signing keys so, you’re free to install any other OS without destroy the android security model thus Preserving your privacy. Having a phones without the verified boot enabled is security and privacy disaster, because if you get tampered, you wouldn’t now and malware would get persistent.
Verified secure boot is such a meme. You think Evil maid attacks need an unlocked bootloader? One needs to be able to use privileged escalation, which is easier to achieve via social engineering instead. Many methods of attacking users exist. Just go and check how Cellebrite and all these kits work in real world.
One can also setup LockUp app on F-Droid to protect oneself against such tampering, which erases phone upon detection of usage of such kits.
Although, I already suggest users to not root phone, which is the simplest way of making users do nothing and increase their security on a general level. And that is how my smartphone guide works.
Along with Titan M, pixels provide many improvements,
CLOSED SOURCE SECURITY BY OBSCURITY IS NOT REAL SECURITY. IT IS AN ILLUSION. IT IS AN ILLUSION. ILLUSION!!!
Pixels have also become the most vulnerable and worst phones to buy now (always were, now botnet loaded), considering Anøm phones are going onto markets as second hand.
And whichever GrapheneOS fanboy is silently downvoting me, try and debate with me, you worthless despicable rat.
GrapheneOS is all of that. You won’t admit because you have personal antipathy with the lead developer. This is unacceptable because you run a community, and you deliberately choose to spread misinformation
Sounds like you are a fan of GrapheneOS and Micay. I acknowledge it is a good security ROM, yet ignored and cherry picked my statements.
GrapheneOS may itself be a good ROM, but the exclusivity of it being used with Google Pixels is extremely suspicious to me.
See? Second paragraph in previous comment.
I do not talk with some emotions in my mind. What do you even know, Copperhead CEO messaged me to engage in joining hands and attacking Micay, and I stalled and ghosted him. This is exactly why I despise GrapheneOS community.
Not at all, I linked useful source to explain why pixels are the recommended devices. Instead, you didn’t counter the source. The trust is implicit, you have to trust every software and hardware that you use.
I countered the source exactly the way Google tells us to trust their blackbox hardware without explanations.on if their hardware is open.source or can be verified via ehitebox testing methods. It cannot. And I cited examples of every other USA major tech company’s security chip failing, so Google’s is only a matter of time, not if. Obscure security has failed repeatedly, and it always will.
CalyxOS also uses only pixels, and you suggest it. Instead, you should suggest both CalyxOS and GrapheneOS.
I refuse to recommend GrapheneOS, and instead recommend CalyxOS, because:
I do not recommend Google Pixels due to extra proprietary hardware layer, that does not exist on other phones and is an unverifiable blackbox
I do not recommend GrapheneOS because strcat simply bans anyone whoever asks even slightly complex, or a bunch of questions in his Matrix room. It is well documented in Techlore’s video. A custom ROM that claims security, and does not solve queries of its users, is a ROM with garbage after-installation support. This would be worse than recommending a phone with garbage post sales support, as the user of a security ROM likely has harsher threat model.
CalyxOS gives post installation support and advices, and has a community not filled with vile racists or unhelpful people, and does not give shitty answers to queries of GSF dependent apps not running properly, as GrapheneOS devs do.
Again, I’m not interested in madaidan, I linked his article because he made an objective analysis about Firefox. I asked you many times to give me useful source to counter his article. Instead, you gave me reddit delete comments about people who you defined sockpuppet. I don’t care to read a thread between you an micay. My point is not defend those people.
Are you purposely changing goalposts? I answered your question to my claim of if madaidan spreads FUD, and he does a lot. Now you do not care about madaidan at all, who is the admin of NoGoolag and SpiteChat Telegram groups, and is a side aide of Micay?
Random anons on internet are not specimens worth being studied by people with academic rigour.
Underhanded_C_Contest . This proves it false that closed source code can be audited properly. This doesn’t counter my point at all. The underhanded C contest can be apply also to open source software
This is false because you can read open source xode, line by line. Open source code is transparent and closed source code is opaque. Are you an antI FOSS shill, by any chance? I find a lot of these quirky people often. Or maybe you have the same problem that folks like Micay have, hurting other open source projects to boost their own and milk it for their popularity gains in community?
Open source it’s not equal to automatic security and privacy. Both open source and closed source software can be audited and you can find malicious code in both. This contest doesn’t mean that you can’t property audited closed source code
You seem to be making exactly same mistakes as cn3m, for some reason. Why is that the case? I think I caught you red handed, or you likely consulted their community to reply to me.
Open source ensures transparency, therefore it will always be superior to closed source. Why are you trying to shill closed source ideology in a privacy community?
not true at all source; the national bureau of Asian research.
Report Launch | A Full-Spectrum Response to Sharp Power: The Vulnerabilities and Strengths of Open Societies June 18, 2021 11:00 am - 12:30 pm
featuring Nadège Rolland, Senior Fellow, National Bureau of Asian Research
Prior to joining NBR, Rolland was an analyst and senior adviser on Asian and Chinese strategic issues to the French Ministry of Defense.
So you just cited this outlet that has clear links to France military, where France is a country that wants war with and is anti China? I swear you people are so funny to play around with.
That’s security through obscurity. Verified boot it’s not a panacea against all kind of possible attacks but it’s still a very useful security and privacy feature. It prevent the malware to get persistent. Users shouldn’t disable for any reason
Yes and you promoted security through obscurity above via claiming open source code does not mean nothing in the case of Titan M blackbox chip. Decide to stand for something for once. Open source, or closed source?
Pixels have also become the most vulnerable and worst phones to buy now (always were, now botnet loaded), considering Anøm phones are going onto markets as second hand.
Two different problems. Pixels didn’t became the most vulnerable because of the anom phones
Yes two different problems, but I am telling how problematic Pixels are to buy. One security vendor messaged mesometime ago to use my platform for their promotion of GrapheneOS loaded Pixels, and this is why I never responded to them. Also, second handed Pixels are all vulnerable devices now, because that is how an XDA member got hold of this ArcaneOS loaded Pixel.
You don’t recommend Google pixels and yet you recommend CalyxOS which uses only pixels.
There exist people who have purchased a Google Pixel already, and may ask me for help with achieving better privacy. I am not going to tell these people to sell off their Pixel, unless 5 Eyes is a threat adversary for them.
. I’d would be more honest if you refuse to suggest both OS because they both use pixels
Your version of honesty is not realistic, and does not help people in reality.
You refuse to admit that titan M it’s not a black box even if I prove you that google will rewards anyone who can find an exploit, of course that means that is not a black box.
Sorry but that is not what being closed source hardware means. Learn about software and hardware testing in an academic manner, as I did during my degree. And this argument “just hack it 1337 haxorman else shut up” is reductio ad absurdum, it is a dumb argument.
Every Phones comes with closed source components, you have to deal with.
“Every phone comes with closed source hardware so one more closed source hardware layer does not matter.” “They are taking our camera permission, let us give them microphone permission too, why does it matter?”
Your logic is utterly flawed. Please learn about how to reduce attack surface. Titan M is not some kind of open TPM chip that you can customise or disable.
You suggest huawei over pixels for no reason despite you know that install a custom os on huawei destroy completely the security model of android. Moreover, huawei delays security updates and lacks long time supports.
Verified boot working as intended assumes hardware comes from a non compromised source. This seems unlikely to be confirmed, especially with American companies that at this point have baked in backdoors left and right, otherwise they have hacked security enclave chips. You can trust USA as much as you want, but I will be your enemy if you try to shill that to others blindly.
You can read closed source line by line, it’s called reverse engineering. Open source it’s an ideology, it’s about freedom, which is good , but it’s not equal to security and privacy, it’s just a misconception.
Yup, you are an anti FOSS shill most likely. Closed source analysis can only be done via blackbox testing, and closed source is not transparent.
If open source is not equal to privacy or security, then by that logic closed source everything sure as hell is pure malware.
Your source doesn’t counter what I linked about huawei. National Bureau of Asian Research have some kind of interesting against China and so they are spread misinformation about huawei, right? But did you actually linked some article that counter the NBAR research? No
Are you recommending people to rely on 5 Eyes/Anglosphere think tank funded research as your counter points against Chinese companies? I proved how the leading people of NBR are directly linked to French military. This is purely a dishonest maligning attempt with no academic rigour.
You falsely accuse me to be something that I’m not because you can’t counter the source I linked.
I prove each and every point I made, and countered your arguments. You cannot get away with staying in denial mode, when everything is clear as day. You are the one shilling closed source over open source ideology. You are the one who cites madaidan’s FUD as authentic information, and then ignore counter proofs. You are the one spreading misinformation about open source workings. You are the one using think tank articles to prove your points. Your comments partially look like advertisements for GrapheneOS at this point. I am not doing any of this.
Security and privacy are not mutually the same thing, and privacy is not necessarily a derivative of security. This is proven by the security of Windows and iOS, which is obscure, and they are antithetical to privacy.
I teach privacy and security definitions to people in this way.
So, both are different properties and one is not a pure, or even partial derivative of the other function.
If you have knowledge in the OPSEC and privacy domains, and use some critical thinking, it is too easy to figure out. I can share one instance, since he banned me off his Telegram groups and Matrix rooms, what strcat and his shills are most famous for.
I can share a few instances with you, as I never bothered keeping a year long list of his FUD spreading incidents. I fetched these randomly from my 2 year spanning old Firefox profile.
NOTE: USE REMOVEDDIT/REVEDDIT FOR ALL THESE THREADS.
Probably it should be enough to make you reconsider them as the arbiter of truths in the community.
You sound very biased towards supporting them currently. cn3m and all these people are fine examples of edgy teenagers who gathered their information via making some up, learning some on shitty 4chan threads and a likely result of having nothing better to do in life than engaging in creating their niche in privacy community and trying to milk that for self pleasure on the internet. Delusional personality type of syndrome, perhaps.
Actually, you are too inexperienced and have not had enough confrontation with them, so you should probably not defend random anons on internet without knowing their history well. A lot of people sadly fall for it these days.
I even remember Daniel Micay once trying to victimise himself by framing me as messiah of privacy community and the arbiter of truths. Maybe it was in this thread. https://removeddit.com/r/privacytoolsIO/comments/gs4uv7/i_dont_fully_trust_grapheneos/fs82fdv/
WHAT. A. LOAD. OF. BULLSHIT.
All of commercially commonly available USA hardware has some kind of security chip in them, that has been hacked and/or found to have networking, telemetry and backdoor capabilities. Be it the Intel ME or AMD PSP backdoors with SIGINT funding evidence, be it the Snapdragon’s Hexagon DSP hack or the hacking of Apple’s T2 chip.
Having faith in Google’s promise of their proprietary closed source chip being clean is like having faith in cyanide not killing a person. Moreover, they are known as:
NSA partner and collecting data and spy on users in googolplex capacity
AI used by US military for drone bombing in foreign countries based on metadata Google collects on smartphones
use dark patterns in their software to make users accept their TOS to spy
repeated lies about how their data collection works claiming anonymity
forcing users to use their Play Services which is spyware and scareware
monopolising the web and internet via AMP
use of non standard web browser libraries and known attempts to cripple lone standing ethical competitors like Firefox and Gecko web engine (now with Microsoft making their default Edge Chromium-based too)
Google’s track record of being trusted seems not too impressive, so risking it combined with the flaws and intentional backdoors on USA hardware security chips seems like a very bad move. It seems to be well grounded speculation, considering I have cited examples of Google’s neighbourhood companies, Apple, Qualcomm, Intel and AMD, and their own as well.
I never thought I would have to revisit debunking madaidan, cn3m, Micay and their whole cult ever in my life, yet here I am. Sigh.
deleted by creator
GrapheneOS is not all that, and I simply do not trust Pixels. What you are telling me is to trust Google hardware here. If this were a Xiaomi phone with, let us say, HanfuOS, open source and security focused, would you use that? If no, why are you using Google Pixel with closed source hardware and its maker that has deep ties with US intelligence and military?
I never accused you of being a paid shill, so try not to do that with me.
GrapheneOS may itself be a good ROM, but the exclusivity of it being used with Google Pixels is extremely suspicious to me. And I have well grounded conjecture to present for it, not just with Google’s history, but with all of other major USA companies that use such security chips and all of them either are backdoored or got hacked.
He is about as much of a security researcher as I am, and that is not much really. I never call myself an expert or anything, but he does in third person more often than not.
I doubt you will ever find extensive research papers and journal books and Buzzfeed articles on anonymous personalities involved in the privacy community.
No. You have to figure this out via talking to him and his groups. A lot easier way would be to find the CCP Pooh bear credit score, tr*nny demon hacker and such disgusting stickers in their Telegram groups. There is a lot to it, and none of it is drama.
I will cite the famous Underhanded C Contest here: https://en.wikipedia.org/wiki/Underhanded_C_Contest . This proves it false that closed source code can be audited properly.
I showed you Google’s track record entirely ridden with malicious intent, questionable past, NSA and DARPA involvement. You want to trust Google hardware after theIR AI was utilised to bomb Yemeni kids via US drones? Good luck, whatever your threat model is, relying on closed source Google security.
Huawei is a Chinese company owned by its employees, and has no links to NSA or 14 Eyes countries due to stark political and ideological differences. I will use a historical reference as example. You are trying to tell me that 8 Nation Alliance collaborated with Qing Dynasty to sell the Chinese citizens opium to grow British trade?
Verified secure boot is such a meme. You think Evil maid attacks need an unlocked bootloader? One needs to be able to use privileged escalation, which is easier to achieve via social engineering instead. Many methods of attacking users exist. Just go and check how Cellebrite and all these kits work in real world.
One can also setup LockUp app on F-Droid to protect oneself against such tampering, which erases phone upon detection of usage of such kits.
Although, I already suggest users to not root phone, which is the simplest way of making users do nothing and increase their security on a general level. And that is how my smartphone guide works.
CLOSED SOURCE SECURITY BY OBSCURITY IS NOT REAL SECURITY. IT IS AN ILLUSION. IT IS AN ILLUSION. ILLUSION!!!
Pixels have also become the most vulnerable and worst phones to buy now (always were, now botnet loaded), considering Anøm phones are going onto markets as second hand.
And whichever GrapheneOS fanboy is silently downvoting me, try and debate with me, you worthless despicable rat.
deleted by creator
Sounds like you are a fan of GrapheneOS and Micay. I acknowledge it is a good security ROM, yet ignored and cherry picked my statements.
See? Second paragraph in previous comment.
I do not talk with some emotions in my mind. What do you even know, Copperhead CEO messaged me to engage in joining hands and attacking Micay, and I stalled and ghosted him. This is exactly why I despise GrapheneOS community.
I countered the source exactly the way Google tells us to trust their blackbox hardware without explanations.on if their hardware is open.source or can be verified via ehitebox testing methods. It cannot. And I cited examples of every other USA major tech company’s security chip failing, so Google’s is only a matter of time, not if. Obscure security has failed repeatedly, and it always will.
I refuse to recommend GrapheneOS, and instead recommend CalyxOS, because:
Are you purposely changing goalposts? I answered your question to my claim of if madaidan spreads FUD, and he does a lot. Now you do not care about madaidan at all, who is the admin of NoGoolag and SpiteChat Telegram groups, and is a side aide of Micay?
Random anons on internet are not specimens worth being studied by people with academic rigour.
This is false because you can read open source xode, line by line. Open source code is transparent and closed source code is opaque. Are you an antI FOSS shill, by any chance? I find a lot of these quirky people often. Or maybe you have the same problem that folks like Micay have, hurting other open source projects to boost their own and milk it for their popularity gains in community?
You seem to be making exactly same mistakes as cn3m, for some reason. Why is that the case? I think I caught you red handed, or you likely consulted their community to reply to me.
Open source ensures transparency, therefore it will always be superior to closed source. Why are you trying to shill closed source ideology in a privacy community?
Oh my, citing an outlet funded by these entities that want a desperate war with China? Cute. https://www.nbr.org/about/our-funding/
From https://www.ned.org/events/report-launch-a-full-spectrum-response-to-sharp-power-the-vulnerabilities-and-strengths-of-open-societies/ :
So you just cited this outlet that has clear links to France military, where France is a country that wants war with and is anti China? I swear you people are so funny to play around with.
Yes and you promoted security through obscurity above via claiming open source code does not mean nothing in the case of Titan M blackbox chip. Decide to stand for something for once. Open source, or closed source?
Yes two different problems, but I am telling how problematic Pixels are to buy. One security vendor messaged mesometime ago to use my platform for their promotion of GrapheneOS loaded Pixels, and this is why I never responded to them. Also, second handed Pixels are all vulnerable devices now, because that is how an XDA member got hold of this ArcaneOS loaded Pixel.
deleted by creator
There exist people who have purchased a Google Pixel already, and may ask me for help with achieving better privacy. I am not going to tell these people to sell off their Pixel, unless 5 Eyes is a threat adversary for them.
Your version of honesty is not realistic, and does not help people in reality.
Sorry but that is not what being closed source hardware means. Learn about software and hardware testing in an academic manner, as I did during my degree. And this argument “just hack it 1337 haxorman else shut up” is reductio ad absurdum, it is a dumb argument.
“Every phone comes with closed source hardware so one more closed source hardware layer does not matter.” “They are taking our camera permission, let us give them microphone permission too, why does it matter?”
Your logic is utterly flawed. Please learn about how to reduce attack surface. Titan M is not some kind of open TPM chip that you can customise or disable.
Huawei’s security, according to BlackHat hackers, is same as that of Pixels. https://github.com/secmob/TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices/raw/master/us-20-Gong-TiYunZong-An-Exploit-Chain-to-Remotely-Root-Modern-Android-Devices.pdf
Verified boot working as intended assumes hardware comes from a non compromised source. This seems unlikely to be confirmed, especially with American companies that at this point have baked in backdoors left and right, otherwise they have hacked security enclave chips. You can trust USA as much as you want, but I will be your enemy if you try to shill that to others blindly.
Yup, you are an anti FOSS shill most likely. Closed source analysis can only be done via blackbox testing, and closed source is not transparent.
If open source is not equal to privacy or security, then by that logic closed source everything sure as hell is pure malware.
Are you recommending people to rely on 5 Eyes/Anglosphere think tank funded research as your counter points against Chinese companies? I proved how the leading people of NBR are directly linked to French military. This is purely a dishonest maligning attempt with no academic rigour.
I prove each and every point I made, and countered your arguments. You cannot get away with staying in denial mode, when everything is clear as day. You are the one shilling closed source over open source ideology. You are the one who cites madaidan’s FUD as authentic information, and then ignore counter proofs. You are the one spreading misinformation about open source workings. You are the one using think tank articles to prove your points. Your comments partially look like advertisements for GrapheneOS at this point. I am not doing any of this.