The new Pixel phones get 7 years now. Things are improving

https://www.privacyguides.org/en/android/

There is no controversy. There’s a lot of people memeing. I haven’t seen a single security analysis, or survey of options, that didn’t put GOS at the very top. Look at privacy guides, they say graphene is great, but if you can’t use that divest is okay.

People may not like the leader, and the developers are very opinionated which turns other people off, but I don’t think there’s any questioning the pedigree and the level of security provided

I think lineage is a good operating system for a limited exposure use cases. Like a project phone on a safe network, or as a webcam, or is like a embedded hardware controller. But not on the raw internet, not processing raw internet data, not with open Wi-Fi, not with open Bluetooth.

Even with all of that, it should still be segmented from the rest of the network

I think it’ll generate 5 days converted into seconds number of operations.

To decrypt however, you have to do all those operations, so I think it would take 5 days to decrypt. Even if you wait 10 days to start the operation

You can use a hardware security key, like a yubi key, or a software fido2 equivalent.

That way it satisfies the two factor requirement, without using a phone number.

For initial registration you can use an SMS service like SMS pool or the others, you pay a little money, you receive a real text message to a real phone number. You just don’t have access to that number in the future

Your voice, vocabulary choice, lighting conditions, power interference frequency, can all give away parts of your location and identity. You have to choose what level of paranoia is sufficient

The most anonymous, would be to have a v-tuber like model, respond and parrot LLM generated voice audio, from a script that’s been translated a few times. Or pay a voice actor from Fiverr to read your script.

Of course this whole time, using a VPN.

This seems interesting. But for something so complex I would really like them to have a white paper to see how they achieve this.

https://eprint.iacr.org/2023/189 Other systems, for instance, use a third party network to broadcast the parts of the secret that are needed to decrypt over time. So you’re relying on a third-party service, and if that third party service disappears you can’t unencrypt

I think this person is just permanently a contrarian.

Randomizing the numbers does provide good security, because there’s no longer an oil imprint on the most frequently used numbers on the phone, making guessing the pin code much harder before the TPM locks the phone.

Phones are full fledged computers nowadays, with Android you can have different profiles. For their level of paranoia, they could have a profile they never use in public, and only login with a full password, only when they’re in a secure location.

For the randomized pin, and biometric two-factor use of a phone, that covers most use cases, and is quite secure compared to most models of data security average civilians use.

You can have different scopes, if you’re in a crowded place, reading Lemmy isn’t really a big security risk. But logging into your banking would be. All of that is possible on Android, the fact that they’re so staunchly pro computer, is difficult for me to take their analysis seriously

Google makes the most open and customizable phones. Unlocked bootloaders, the ability to sign your own code. Rapid security updates for baseband drivers.

Nobody else comes close.

https://grapheneos.org/faq#future-devices

Actually pine phone is really open, but it’s not android and nowhere ready to be a daily driver.

You see the boat in the photos? You see how it’s got a flat bottom, and a ramp that can be lowered? It is literally designed to land on beaches and offload cargo. No Pier needed

Does this mean your also against yubikeys?

https://learn.microsoft.com/en-us/windows/security/hardware-security/tpm/tpm-fundamentals

Devices that incorporate a TPM can create cryptographic keys and encrypt them, so that the keys can only be decrypted by the TPM. This process, often called “wrapping” or “binding” a key, can help protect the key from disclosure.

This is how cell phones and windows hello justify short pins, the pin goes into a rate limited TPM that then discloses a larger key to decrypt the actual secret.

Qubes is immune to the knife to the throat threat model?

TPM in the SOC to transform the “convenient” pin into more robust encryption keys is the gold standard for civilian devices.

“computers” (of which a phone very much is) also use a TPM for this very reason.

But even taking what you say as gospel, the device isn’t insecure, its how people are using it.

I will stand by my comments a phone is the MOST secure device a civilian will use. Even with a secured desktop computer where someone diligently types in a 64 bit random code to unencrypt the hard drive… if they use the computer as a general purpose device, the threat surface raises dramatically. Now information and programs are not compartmentalized, install one bad program and it can trivially take over everything.

Please help me understand your point of view. So far all you have said in this conversation is that other people are wrong. That may be, but your not helping us understand you

I think phones are the MOST secure devices most people have. They are locked down, they run software in very restricted containers, they have more restrictive feature allowance. for 99% of the people the phone is the most secure device, full stop.

Can you do better on a computer? Sure, but it takes a bunch of work and isn’t the out of box experience

You can use two factor, fingerprint plus pin and have the pin layout randomize each time.

The hardware driver updates are absolutely critical if you want to have a secure phone. The phone has to be within the support window, to get any hardware driver updates. The risk surface of a phone’s hardware is huge, you’ve got the Bluetooth drivers, you’ve got the Wi-Fi drivers, you’ve got the modem drivers, and any other sensors I may have forgotten about.

Could you explain how phones are insecure by design?

I’m pretty sure this person was just looking for a reason to sue, and then tried to construct the most salacious situation to sue about.

I’m not against them suing, I think web tracking is evil, so more power to them, but I definitely feel like a lawyer helped architect the actual complaint

Depends on your friends threat model, lineage will work on it.

No security updates makes the Pixel 4a a bold choice for your main phone. I don’t recommend it

I would follow the graphene OS recommended phone guide, that gives you maximum flexibility to put any operating system you want on the phone.