Thanks for the distinctions and links to the other good discussions you’ve started!

For the invasive bits that are included, it’s easy enough for GrapheneOS to look over the incremental updates in Android and remove the bits that they don’t like.

That’s my approximate take as well, but it wasn’t quite what I was getting at.

What I meant is, to ask ourselves why is that the case? A LOT of it is because google wills it to be so.

Not only in terms of keeping it open, but also in terms of making it easy or difficult - it’s almost entirely up to google how easy or hard it’s going to be. Right now we’re all reasonably assuming they have no current serious incentives to change their mind. After all, why would they? The miniscule % of users who go to the effort of installing privacy enhanced versions of chromium (or android based os), are a tiny drop in the ocean compared to the vast majority of users running vanilla and probably never even heard of privacy enhanced versions.

excellent writeup with some high quality referencing.

minor quibble

Firefox is insecure

i’m not sure many people would disagree with you that FF is less secure than Chromium (hardly a surprise given the disparity in their budgets and resources)

though i’m not sure it’s fair to say FF is insecure if we are by comparison inferring Chromium is secure? ofc Chromium is more secure than FF, as your reference shows.

another minor quibble

projects like linux-libre and Libreboot are worse for security than their counterparts (see coreboot)

does this read like coreboot is proprietary? isn’t it GPL2? i might’ve misunderstood something.

you make some great points about open vs closed source vs proprietary etc. again, it shouldn’t surprise us that many proprietary projects or Global500 funded opensource projects, with considerably greater access to resources, often arrive at more robust solutions.

i definitely agree you made a good case for the currently available community privacy enhanced versions based on open source projects from highly commercial entities (Chromium->Vanadium, Android/Pixel->GrapheneOS) etc. something i think to note here is that without these base projects actually being opensource, i’m not sure eg. the graphene team would’ve been able to achieve the technical goals in the time they have, and likely with even less success legally.

so in essence, in the current forms at least, we have to make some kind of compromise, choosing between something we know is technically more robust and then needing to blindly trust the organisation’s (likely malicious) incentives. therefore as you identify, obviously the best answer is to privacy enhance the project, which does then involve some semi-blind trusting the extent of the privacy enhancement process - assuming good faith in the organisation providing the privacy enhancement: there is still an implicit arms race where privacy corroding features might be implemented at various layers and degrees of opacity vs the inevitably less resourced team trying to counter them.

is there some additional semi-blind ‘faith’ we’re also employing where we are probably assuming the corporate entity currently has little financial incentive in undermining the opensource base project because they can simply bolt on whatever nastiness they want downstream? it’s probably not a bad assumption overall, though i’m often wondering how long that will remain the case.

and ofc on the other hand, we have organisations who’s motivation we supposedly trust (mostly…for now), but we know we have to make a compromise on the technical robustness. eg. while FF lags behind the latest hardening methods, it’s somewhat visible to the dedicated user where they stand from a technical perspective (it’s all documented, somewhere). so then the blind trust is in the purity of the organisation’s incentives, which is where i think the political-motivated wilfully-technically-ignorant mindset can sometimes step in. meanwhile mozilla’s credibility will likely continue to be gradually eroded, unless we as a community step up and fund them sufficiently. and even then, who knows.

there’s certainly no clear single answer for every person’s use-case, and i think you did a great job delineating the different camps. just wanted to add some discussion. i doubt i’m as up to date on these facets as OP, so welcome your thoughts.

I’m sick of privacy being at odds with security

fucking well said.

https://i.imgur.com/SuPafFd.gif

and they’re using our retirement money to do it

i think they mostly mean the ones in the middle

https://smartcdn.gprod.postmedia.digital/nexus/wp-content/uploads/2024/07/0703-dg-benches.jpeg

Glad to see everyone agrees this is

1. funny cos they’re crying over stealing what they stole

2. acknowledges this means the weights are actually open sourced (which is how it fuckin should be)

also discussion i’ve seen elsewhere:

3. when considering the energy footprint of chatgpt, also consider the energy footprint of running the internet for 30 years to accumulate all that data they stole. therefore the most ecological option is to extract the weights and then opensource it.

just want to add

4. if the accusations aren’t true (still a possibility), oai is probably deliberately buying time/stock recovery by keeping this discussion in the news rather than everyone discussing how much they suck

5. if large entities are going to capture and then open source each others proprietary weights, that may actually be one of the best outcomes for global humanity amidst this “AI” craze

fuck me lemmy is turning into an absolute reddit-esque cesspool shithole.

i do not understand why people are in here simping for cloudflare (presumably unpaid) do they have money in cloudflare? clearly they don’t have a fucking clue whats really going on in the world, but what makes them think they need to actively enforce (ie. downvote people) for pointing out issues with cloudflare??

this is beyond weird.

wow the level of cope in this thread (thankfully not that many tho) arguing over stats - which are probably made up anyway.

some people can’t handle that most humans just wanna be friends regardless of gov politics bs

innovating or being less wasteful??

(·•᷄_•᷅ )

arguing to reduce the population so the privileged can have even more privilege?

( ˶ˆᗜˆ˵ )

Sorry for my poor phrasing, perhaps re-read my post? i’m entirely supporting your argument. Perhaps your main point aligns most with my #3? It could be argued they’ve already begun from a position of probable bad faith by taking this data from users in the first place.

TLDR edit: I’m supporting the above comment - ie. i do not support apple’s actions in this case.

It’s definitely good for people to learn a bit about homomorphic computing, and let’s give some credit to apple for investing in this area of technology.

That said:

1. Encryption in the majority of cases doesn’t actually buy absolute privacy or security, it buys time - see NIST’s criteria of ≥30 years for AES. It will almost certainly be crackable <oneday> either by weakening or other advances… How many people are truly able to give genuine informed consent in that context?

2. Encrypting something doesn’t always work out as planned, see example:

“DON’T WORRY BRO, ITS TOTALLY SAFE, IT’S ENCRYPTED!!”

Source

Yes Apple is surely capable enough to avoid simple, documented, mistakes such as above, but it’s also quite likely some mistake will be made. And we note, apple are also extremely likely capable of engineering leaks and concealing it or making it appear accidental (or even if truly accidental, leveraging it later on).

Whether they’d take the risk, whether their (un)official internal policy would support or reject that is ofc for the realm of speculation.

That they’d have the technical capability to do so isn’t at all unlikely. Same goes for a capable entity with access to apple infrastructure.

3. The fact they’ve chosen to act questionably regarding user’s ability to meaningfully consent, or even consent at all(!), suggests there may be some issues with assuming good faith on their part.

deleted by creator

can you please explain in a little more depth? are you saying pluton is basically dead in the water and is likely to disappear from implementations in silicon in the near future?

that’s great buddy. but while recapping basic IT facts might make you feel smart on facebook. this is lemmy where the average user ¹ is perfectly familiar the principles. here it just telegraphs to us that you didn’t read the fucking article (which would’ve taken less time than spamming the thread & insulting users btw).

¹ before the influx of reddit api refugees - on that topic do you ever reflect on how corporate bootlicking might relate to the over-corporatisation of reddit which led to users fleeing? only to come here and do unpaid simping for the corporations, slowly ruining this place too?

perhaps dial back the attitude a bit there? if you think you know better than someone (even if you’re wrong), then you should have no trouble kindly educating instead of insulting them.

you may also wish to revisit your highly questionable claim that graphene properly configured on pixel is less secure than stock rom on some random android device.

+1 for the lockbox idea. with appropriate selection it could also provide (varying degrees of) electromagnetic shielding. useful in general, and increasingly as the line for actual device shutdown becomes more and more blurry.

my guess is its just another flavour of cope.

imo likely because recent history has began to undermine the delusions which were propping up the former flavour.

so what they’re really saying is they won’t give it away for free

hey man, i think you may have misinterpreted who i was replying to /what i was saying, or perhaps i didn’t communicate perfectly.

i am 10,000% on your side with this, and very much appreciate your post and appreciate your support in this thread/community on this topic. it’s actually giving me a tiny bit of hope that this community isn’t entirely lost.

i’ve really grown absolutely weary of the ridiculous denialism in society and especially in so-called tech communities on this topic.

the kindest thing i think you could say about the rampant denialism is they emotionally do not want to believe it could be happening, and therefore all rationality has gone out the window.

these threads are always a circle jerk of denialists repeating popular media headlines which say “its not happening”, and then if you read the article IT DOESN’T SAY THAT AT ALL. and these denialists WON’T EVEN FUCKING READ THE ARTICLES THEY POST.

apart from the emotional cope, perhaps also partial exposure to eg. basic consumer stuff like installing steam or downloading a movie, so they assume the bandwidth is too high to exfiltrate audio cos their music/game/movie audio files are big, completely ignoring the fact that the telecomms industry has put many decades and $ into producing efficient voice codecs for around 50 years now. they probably think nyquist is a brand of cough medicine

same goes for all the other erroneous ‘consumer tech’ false facts they parrot back and forth.

eg. the lunacy of saying the tired old statement “if they were listening ALL THE TIME, we’d know” completely ignoring threshold based noise gates have been a thing for well over half a century.

these self-proclaimed know-it-alls can’t even put in 10 minutes reading BASIC topics in an encylopedia to realise this shit was solved over half a century ago. (actually you don’t even need tech knowledge or an encylopedia to imagine such a fundamental thing as…i don’t know…not recording when nothings happening 🤯). they can’t put in even BASIC effort, yet are SOOO smug in not only telling us “its absolutely not happening”, but they actually can’t wait to be rude and ridicule randoms for even asking the question.

correct.

the level of unsubstantiated cope in this thread is mind boggling. from people many of whom should honestly know better.