In case you use OpenPGP on a smartphone ...
ಚಿರಾಗ್ ನಟರಾಜ್
gpg-users at chiraag.me
Tue Aug 11 21:13:17 CEST 2020
I suppose, you're right. I'm wary of blindly believing videos, especially when faking them has become relatively easy at this point.
I think one thing both Android and iOS get wrong is that the user isn't really in control of the device. So many manufacturer ROMs have built-in bloatware and various apps you'll never use, and there's no way to get rid of it. There are different classes of apps with differing levels of access to the internals of the OS, and there isn't much you can do about it. And on iOS, you're at the mercy of Apple as to whether your device remains supported and whether e.g. bugs in WebKit (the only renderer available on iOS) get fixed for your device. While custom ROMs solve some of these issues, most phones are bought with a locked bootloader (since most people aren't rich enough to buy their smartphones outright and end up leasing them through the service provider), which sort of renders that argument moot for *most* people.
Fundamentally, while a Linux phone may not necessarily have all of the hardening or whatever that many Android phones come with today, I'd argue that the privacy aspects, and the fact that the user truly _owns_ their device, more than make up for those (current) deficiencies. It will be easier, I think, to defend against what you're talking about in terms of malware, shady links, and so on because you have the opportunity to control literally *everything* running on your device.
Once I get my PinePhone, one of the first things I will be doing is playing around with things like firejail to see if I can get seamless sandboxing for most programs (I already heavily utilize firejail on my laptop). And I suspect that level of control (and ability to keep receiving updates, no matter how old the phone) will put Linux phones over the top in terms of security.
Sincerely,
Chiraag
--
ಚಿರಾಗ್ ನಟರಾಜ್
Pronouns: he/him/his
11/08/20 19:32 ನಲ್ಲಿ, Andrew Gallagher <andrewg at andrewg.com> ಬರೆದರು:
>
> It matters little whether these statements were made by Snowden. Whether a particular piece of software exists or not, and whether it is owned by the Russians or the Israelis or the Americans, is beside the point. In principle, it can exist and similar pieces of software have existed in the past, so we can safely assume that something like it will always exist in some form or another.
>
> If someone roots your phone, or your laptop, it is Game Over. It does not matter if you are using Signal, or WhatsApp, or PGP. If the Bad Guys have rooted your phone you are helpless against them. The solution is not to let them root your phone in the first place (i.e. update regularly and don’t click on anything unsolicited), and don’t use your phone for anything that would endanger your life if you were rooted.
>
> Andrew Gallagher
>
> > On 11 Aug 2020, at 17:18, Stefan Claas <sac at 300baud.de> wrote:
> >
> > Please ask native U.S. citizens if this is a video with a faked voice from Mr. Snowden, not me.
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - gpg-users at chiraag.me.asc.pgp
Type: application/pgp-key
Size: 651 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200811/46a095f2/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 233 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200811/46a095f2/attachment.sig>
More information about the Gnupg-users
mailing list