HackerTrans
TopNewTrendsCommentsPastAskShowJobs

FieryBinary

no profile record

comments

FieryBinary
·5 anni fa·discuss
* the founder Nick participated in it, the developers didn't.
FieryBinary
·5 anni fa·discuss
You can easily see that this person was welcomed in the rooms. No one went against it and the CalyxOS developers started going along with it.
FieryBinary
·5 anni fa·discuss
>They'd also be used on GrapheneOS, and anywhere else basically.

The issue is that you're giving Google services privilege and integration not available to other apps.
FieryBinary
·5 anni fa·discuss
Correction: because of CalyxOS' implementation of microG, signature spoofing can't easily be used to break out of the sandbox. Sorry to those whom I inadvertently misled. The fact remains that microG is still an insecure implementation that doesn't implement proper security or transit protection and disregards security.
FieryBinary
·5 anni fa·discuss
>If you have the ear of strcat, I urge you to to talk to them about this kind of paranoid conspiracy thinking that leads them to directly accuse me (and others in this thread) of being a co-conspirator in a vast plot to undermine GrapheneOS. It's fantastic thinking and it damages the reputation of what is otherwise a gift to the community.

It's not conspiratoral thinking. It's plainly obvious if you go into the CalyxOS Matrix rooms that the leaders often spread misinformation about GrapheneOS or allow it to flourish. They also spread misinformation about CalyxOS to promote it, such as claiming signature spoofing has no security drawback as implemented on CalyxOS.

You don't see other OSes and projects spreading misinformation. Likewise, GrapheneOS doesn't attack LineageOS, /e/, etc. we don't discourage people from using them, except saying that yes, they are insecure, so be aware of that. We don't spread attacks and other projects are free to criticize GrapheneOS for legitimate things.

However, criticizing it for legitimate things is far different from concern trolling in the GrapheneOS rooms, getting banned, and then portraying it in the Calyx rooms as GrapheneOS being toxic, which is a common tactic. You can see this using the Logbot service: just look up "concern troll" in the GrapheneOS rooms, see what comes up, and compare it with the messages around the same time in the Calyx rooms. It's quite evident. Of course, I highly doubt you'll sincerely do that considering you're simply calling us paranoid, but to anyone watching that's what you should do.

>I have been on Hacker News a long time, posting on everything from sex worker rights to Telegram to Emacs. I don't know about your Matrix room, I've never visited it. I have no interest in impersonating anyone save myself.

No one said that you impersonated anyone. The point strcat brought about impersonation was that a person from the Calyx community went and impersonated the Bromite developer, attempting to start conflict between Bromite and GrapheneOS.

>I don't see that anywhere here in this thread. I see a thread that should have been a space for celebrating a cool more-private, more-secure Android project being hijacked because its competitor's lead developer believes themselves to be the target of a conspiracy. A conspiracy that isn't even occurring in the very thread they're engaged in:

CalyxOS isn't particularly secure but that's beside the point. That's not the issue and it's fine to not be security-focused. The issue is that the Calyx community and developers consistently spreads misinformation. Just look at what one of them is doing right now with microG.

>From who? Nobody here is doing this! Especially maliciously.

Says the person calling people paranoid for trying to stop misinformation being spread. You can see what people are doing in this thread whether maliciously or nonmaliciously.

>If you think CalyxOS is implementing a feature that is harming users, you might try and communicate with their community in a cooperative, direct way, rather than this self-destructive crusade GrapheneOS is airing publicly.

And people have, and they get banned from their community.
FieryBinary
·5 anni fa·discuss
I'm sure you didn't do it intentionally, it's just that what you said is a common piece of misinformation spread about GrapheneOS. It's understandable that you'd think that given how much it's repeated and considering that many people got duped too.

>I would trust MicroG a lot more than Google, even if it's sandboxed :)

This is the reason that GrapheneOS sandboxes it. You can disable permissions however you'd like, nothing stops you. You don't want it to send certain data? Then don't give it that permission. Disabling INTERNET will prevent it from sending anything (it's used to privilege, so it likely won't use another app to bypass, but you can use a different profile anyway).

>Play Services are still closed-source google components that I don't want on my phone.

microG is just a reimplementation (a partial one) of Play Services. The privacy benefits are negligible.

>I just wanted to express that I generally see GrapheneOS pick the security side over privacy if there is a choice to be made between both (and only then). And with privacy I mainly mean big data tracking from the likes of Google.

I'm guessing you're referring mainly to microG.

Privacy is not just not sending data. It's far more than that. It needs to be able to blend in with others, and needs a certain decent level of security to avoid simply bypassing privacy features through vulnerabilities.

microG doesn't protect data in transit even close to the way Play Services does. How do you expect to have privacy when apps can simply intercept microG data?

Signature spoofing as microG needs, ruins the security model. It bypasses signature checks by apps. Even in CalyxOS's slightly less bad implementation, vulnerabilities in microG can be used to break out of the sandbox. How do you expect to build a security model on this? Vulnerabilities in microG are very likely, considering how the project disregards security.

How do you expect privacy with such little security? You'll not have any privacy if an app can bypass your privacy features.

It also only reimplements a portion of the APIs and breaks when apps need new ones. How is it supposed to keep up with the APIs anyway? It's tens of thousands of lines of code. It's certainly not a viable option.

Using Play Services as a sandboxed app, on the other hand, avoids this. It doesn't require the microG patch which erodes security, it protects data in transit, and it actually gets the majority of APIs and functionality working. The only functionality that doesn't work is SafetyNet attestation and functionality which depends on privilege. SafetyNet enforces using the stock OS, so you'll never get it with microG. Privileged functionality would need invasive OS integration.

It's clearly a much better solution that preserves the security model. It does it right.

GrapheneOS also optionally blends in with stock Android users. This isn't a bad thing and increases privacy. Connections made are just things like connectivity checks, nothing special.

Besides, CalyxOS isn't particularly good for this either. Their Netguard firewall that they bundle doesn't implement it properly and apps can still bypass it. They aggressively integrate Google services, and have Facebook integration as well.
FieryBinary
·5 anni fa·discuss
No, giving criticism of an OS is not attacking it. You'll see that strcat only responded to places where GrapheneOS was mentioned. You'll see that there was misinformation being spread about GrapheneOS, whether intentionally or unintentionally, that originates from the Calyx community. Just look at their Matrix rooms and what their supporters/influencers say about GrapheneOS.

Bundling a bunch of apps and integrating proprietary corporate services with privileges unavailable to other apps is not privacy, sorry.
FieryBinary
·5 anni fa·discuss
I disagree. LineageOS has a legitimate use case, being able to easily tinker with the device. It's certainly not as private or secure, and that doesn't make it a bad option depending on someone's use for it.
FieryBinary
·5 anni fa·discuss
See grapheneos.org/history/copperheados and verify it for yourself using Github graphs and other resources.

A better description would be "One person handled development of the project and other person CEO'd the sponsor company. The CEO attempted to hijack the project and the developer eventually resumed the project under the name GrapheneOS."

A little longer, but more accurate :)
FieryBinary
·5 anni fa·discuss
>How can you claim that we're the ones shipping proprietary service integrations when we ship an open source implementation, and you're the ones shipping an integration for the proprietary implementation.

Play Services is not integrated into GrapheneOS at all. It only has a few shims that, as strcat explained several times, return placeholder data. Play Services has no special permissions, and using it on GOS is the same as installing any other app.

microG is integrated into your OS. It's a partial reimplementation of proprietary Play Services.

>There is precedent here, https://phandroid.com/2009/09/25/cyanogen-gets-cd-from-googl...

That was for distributing Google apps, not for shipping firmware updates. You're making a false comparison.

As you could see if you had read strcat's comments and the documentation, GrapheneOS doesn't ship Play Services but only some compatibility shims, otherwise Play wouldn't know how to work. Users must manually install Play and associated apps.
FieryBinary
·5 anni fa·discuss
He's not "the GrapheneOS developer", he's the lead developer and one of many developers. It's a collaborative open-source project which has made a production-grade OS and whose contributions have been upsteamed for AOSP.