this post was submitted on 24 Feb 2024
126 points (88.4% liked)

Privacy

32120 readers
334 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I want to mainly use it for privacy over its "security". I don't know what makes everyone fine with running it on fucking google pixels. Is there some kind of "low security" version or something for other phones? I'm so tired of certain organizations infiltrating privacy communities and making people believe in improving "security" by voluntarily giving up on privacy and using even non free software like that insecurities blog and other people.

you are viewing a single comment's thread
view the rest of the comments
[–] jet@hackertalks.com 22 points 9 months ago* (last edited 9 months ago)

https://grapheneos.org/faq#recommended-devices

Non-exhaustive list of requirements for future devices, which are standards met or exceeded by current Pixel devices:

Support for using alternate operating systems including full hardware security functionality

Complete monthly Android Security Bulletin patches without any regular delays longer than a week

At least 5 years of updates from launch for phones (Pixels now have 7) and 7 years for tablets

Vendor code updated to new monthly, quarterly and yearly releases of AOSP within several months to provide new security improvements (Pixels receive these in the month they're released)

Linux 5.15 or Linux 6.1 Generic Kernel Image (GKI) support

Hardware accelerated virtualization usable by GrapheneOS (ideally pKVM to match Pixels but another usable implementation may be acceptable)

Hardware memory tagging (ARM MTE or equivalent)

BTI/PAC, CET or equivalent

PXN, SMEP or equivalent

PAN, SMAP or equivalent

Isolated radios (cellular, Wi-Fi, Bluetooth, NFC, etc.), GPU, SSD, media encode / decode, image processor and other components

Support for A/B updates of both the firmware and OS images with automatic rollback if the initial boot fails one or more times

Verified boot with rollback protection for firmware

Verified boot with rollback protection for the OS (Android Verified Boot)

Verified boot key fingerprint for yellow boot state displayed with a secure hash (non-truncated SHA-256 or better)

StrongBox keystore provided by secure element

Hardware key attestation support for the StrongBox keystore

Attest key support for hardware key attestation to provide pinning support
Weaver disk encryption key derivation throttling provided by secure element

Insider attack resistance for updates to the secure element (Owner user authentication required before updates are accepted)

Inline disk encryption acceleration with wrapped key support

64-bit-only device support code

Wi-Fi anonymity support including MAC address randomization, probe sequence number randomization and no other leaked identifiers