undefined | Better HN

0 pointspalata7mo ago0 comments

This is nonsense.

If your threat model is that you cannot trust the Pixel hardware, then you cannot trust any smartphone or computer at all, period.

0 comments

nunobrito7mo ago

That is incorrect. There are more reasons for a major US-government contractor to implant spyware on their hardware to hand our privacy on a plate to alphabet agencies than a generic cheap android without a known brand.

This doesn't mean the cheap device arrives without spyware, likely the difference is the spyware being monitored by chinese rather than US agencies so pick your poison. I'll pick mine.

fsflover7mo ago

I trust smartphones with open schematics. Not because it's impossible to hide a backdoor but because it's harder.

strcat7mo ago

Open schematics for a PCB don't make it any harder to hide a backdoor. You're talking about devices which still have an entirely closed source SoC with all of the real complexity. The products you're repeatedly marketing here use a bunch of low end components with very poor security including lacking ongoing patches for vulnerabilities and basic standard security protections. They're falsely marketed as open but are actually closed source hardware with closed source firmware. A closed source SoC, Wi-Fi, Bluetooth, cellular, NFC, SSD, touchscreen, camera, etc. attached to a PCB with open schematics is not open hardware.

fsflover7mo ago

> They're falsely marketed as open but are actually closed source hardware

This is just a strawman: Nobody claimed they were open hardware.

> Open schematics for a PCB don't make it any harder to hide a backdoor.

This is like saying that FLOSS doesn't make it harder to hide a backdoor. Of course it does.

raspyberr7mo ago

The backdoor would be in the firmware and open schematics for a PCB don't say anything about open firmware right....

1 more reply

nunobrito7mo ago

Exactly.

strcat7mo ago

They're talking about devices known to be extraordinarily insecure, which are still closed source hardware with closed source firmware. Having schematics for the board does not avoid trusting the hardware. It's still a closed source SoC and the same for the other components such as the SSD, Wi-Fi, Bluetooth, cellular, etc. but those components are much less secure without proper updates and security protections. The whole point of an SoC is that it has the complexity of a traditional CPU, GPU, motherboard and other components merged into a single chip, and that's entirely closed source with closed source firmware on those devices.

fsflover7mo ago

> extraordinarily insecure

So you are just attacking another FLOSS community with false [0] claims. This is suspicious.

[0] You can't say "extraordinary insecure" without specifying a threat model. For some threat models, GrapheneOS is less secure, e.g., https://news.ycombinator.com/item?id=45556788

Also, if I explicitly don't trust Google with anything, GOS is extraordinarily insecure for me until a new vendor appears.

j / k navigate · click thread line to collapse

0 comments

nunobrito7mo ago

This doesn't mean the cheap device arrives without spyware, likely the difference is the spyware being monitored by chinese rather than US agencies so pick your poison. I'll pick mine.

fsflover7mo ago

I trust smartphones with open schematics. Not because it's impossible to hide a backdoor but because it's harder.

strcat7mo ago

fsflover7mo ago

> They're falsely marketed as open but are actually closed source hardware

This is just a strawman: Nobody claimed they were open hardware.

> Open schematics for a PCB don't make it any harder to hide a backdoor.

This is like saying that FLOSS doesn't make it harder to hide a backdoor. Of course it does.

raspyberr7mo ago

The backdoor would be in the firmware and open schematics for a PCB don't say anything about open firmware right....

1 more reply

nunobrito7mo ago

Exactly.

strcat7mo ago

fsflover7mo ago

> extraordinarily insecure

So you are just attacking another FLOSS community with false [0] claims. This is suspicious.

[0] You can't say "extraordinary insecure" without specifying a threat model. For some threat models, GrapheneOS is less secure, e.g., https://news.ycombinator.com/item?id=45556788

Also, if I explicitly don't trust Google with anything, GOS is extraordinarily insecure for me until a new vendor appears.

j / k navigate · click thread line to collapse