“Trust” as in: trust it enough to run it on your machine.

(And assuming that you can’t understand code yourself)

  • Skorp@sh.itjust.works
    link
    fedilink
    arrow-up
    9
    arrow-down
    1
    ·
    2 days ago

    He lied about stopping use of GrapheneOS. He can be seen in videos long after still using GrapheneOS on his Pixel. Also, the reasons he stated for not using/trusting it were nonsense. There was not, and is not, a technical way to target a user with malicious OTA updates.

    He was also one of 3 owners of a for-profit telecom that included Nick Merrill (Founder of Calyx). https://sec.gov/Archives/edgar/data/2009536/000200953624000001/xslFormDX01/primary_doc.xml is the SEC filing for shares issued in February 2024 .

    • ares@feddit.org
      link
      fedilink
      arrow-up
      1
      ·
      1 day ago

      I don’t see how any of this is an excuse to what has been said in the chats. Micay also lied about stepping down from GOS.

      • Skorp@sh.itjust.works
        link
        fedilink
        arrow-up
        1
        ·
        21 hours ago

        You understand that in those chats, Micay had been the victim of ongoing harassment, perpetuated by Rossman and Calyx leadership, which culminated in doxxing and then a SWAT attack which is a threat on their life.

        They didn’t lie about stepping down. They took a back seat to development work and the public eye because of these experiences. It was an enormous toll on their mental and physical health.

        Now does that excuse Rossman for mislabeling na individual with mental diagnoses? Does that excuse them and other people for dismissing what they say based on these false labels?

    • ilmagico@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      2 days ago

      Ok first of all: GrapheneOS is great, probably the best alternative Android OS, but their PR skills are rock bottom. Still, many ignore that due to how good it is.

      With that said, I don’t believe their claim that it’s impossible for them to target a user with a malicious OTA: their reason is basically that the update server never even knows who is downloading, and so it can’t send a different file to just one user. That’s true, but thet could, in theory, make a single OTA that everybody gets, but checks for a specific IMEI or other device ID and only there enables some malicious payload.

      I trust them not to do it, for many reasons, but technically they could. I also don’t think they’d do it to Louis, despite the beef they have with him.

      • other8026@lemmy.ml
        link
        fedilink
        English
        arrow-up
        3
        ·
        2 days ago

        Well, the fact is it is impossible to target someone with a modified update. The update client sends no IDs to the server, it just fetches static files and determines whether it needs to update or not. The server only has static files.

        thet could, in theory, make a single OTA that everybody gets, but checks for a specific IMEI or other device ID and only there enables some malicious payload.

        That would be very obvious in the code. And how would devices be targeted if GrapheneOS project members don’t know the unique IDs because they’re not sent in the first place? There are also community members who build GrapheneOS on their own and check if the builds match because GrapheneOS builds are reproducible. It just isn’t possible. But even if people don’t believe all of that, they can still disable the updater app and sideload updates manually. Instructions are on the website.