← Back to context

Comment by palata

8 days ago

I am not sure what you are trying to say.

My point is that

1. If you care about privacy, you should care about security. If your email server is compromised and your emails leak in the public internet, then they are not private anymore.

2. GrapheneOS does care about both security and privacy.

> explored my phone's capabilities with root. Accessing the sensor devices, inspecting what the different apps do, what the OS is doing, installing Xprivacy to provide fake data to tracking apps... none of that is possible on GrapheneOS

I think you're talking about something like "freedom", here. GrapheneOS doesn't claim to give you the freedom to do whatever you want. In fact, part of the Android security model is to limit your freedom.

Which is not to say that you should not want the freedom to have root access on your phone. But if that's what you want, GrapheneOS is probably not it.

2 comments

palata

Reply
Aachen  8 days ago

My phone isn't my email server though? It's not exposed to the public internet. It connects outwards but you can't simply connect inwards to the IMAP client

You can invert your logic as well: Why care about security without privacy? If your apps are leaking everything to the internet, what's there to keep secure. One could argue this is the essential dependency, not the other way around, since security depends on the threat model but, without privacy, there's no more secrets

> I think you're talking about something like "freedom", here

In part, as well as a means to an end, yes. (GrapheneOS uses this as well, since without the freedom to bring your own OS, they couldn't run on Google's devices. I would think we all enjoy having the freedom to do what we want with our own hardware.) Note also the part where it says "provide fake data to tracking apps": that's privacy which GOS doesn't offer but a user root device / any desktop OS would

  • palata  7 days ago

    > You can invert your logic as well: Why care about security without privacy?

    That's EXACTLY my point here. GrapheneOS cares about both, because GrapheneOS considers that they go together.

    People come and say "GrapheneOS doesn't understand that people care about privacy and not security, therefore people are happier with less secure systems like /e/OS because /e/OS doesn't care much about security but cares about privacy".

    My point is that I care about both, and I am therefore happier with GrapheneOS because GrapheneOS cares about both.

    > Note also the part where it says "provide fake data to tracking apps": that's privacy which GOS

    GrapheneOS offers such privacy features (like giving a permission to the app but telling the system to feed it dummy data). But yeah, maybe it's not exactly doing what you want (actually it sounds more like you just don't know what GrapheneOS can do, but it's not stopping you), therefore you can probably go around and claim that "GrapheneOS doesn't provide privacy", because why not?