[Aaargh20318]

> A) So? What if I want to do that?

So what if you do ? You can't.

Android isn't really open source. They let you look at some unimportant parts of it, that's all. It's a token gesture at best, or deliberately deceptive at worst.

> The point of open-sourcing everything isn't so that everyone can audit everything everytime. It's so that we can audit when we need to

But you can't audit the most important parts of Android, as they are closed-source. Hell, even Google doesn't have access to the source of the most important bits such as the baseband firmware.

[CaptSpify]

> So what if you do ? You can't.

That is my complaint. There are plenty of other operating systems where I can. The fact that Apple won't let me implies that they are hiding something.

> Android isn't really open source. They let you look at some unimportant parts of it, that's all. It's a token gesture at best, or deliberately deceptive at worst.

I agree, but this is whataboutism. Android being shitty doesn't give Apple the right to be shitty.

[Aaargh20318]

> There are plenty of other operating systems where I can.

Name 1 OS + hardware combination where you have the ability to fully audit every part of security-sensitive software. I'll wait...

> Android being shitty doesn't give Apple the right to be shitty.

No, but you can whine about stuff you're never ever going to get, or you can just pick the least problematic option available. Currently that's Apple.

[CaptSpify]

> Name 1 OS + hardware combination where you have the ability to fully audit every part of security-sensitive software. I'll wait...

https://www.fsf.org/resources/hw/systems + any open source os

That aside: Just because we have shitty foss offerings doesn't mean Apple has a good offering.

> No, but you can whine about stuff you're never ever going to get, or you can just pick the least problematic option available. Currently that's Apple.

A) Currently that is not Apple. There are many other systems that do a much better job of protecting your privacy that Apple.

B) I'll choose to whine about things that I'm "never going to get". I'm in the business of reality, not wishful thinking. Just because Apple is more convenient when it comes to privacy, doesn't mean it solves the privacy problem, and sweeping that lie under the rug doesn't make it any less of a lie.

[simonh]

>> Name 1 OS + hardware combination where you have the ability to fully audit every part of security-sensitive software. I'll wait... >https://www.fsf.org/resources/hw/systems + any open source os

OMG, I don't even.... You do realise none of those are phones right?

>That aside: Just because we have shitty foss offerings doesn't mean Apple has a good offering.

The contention was that they lead, not that they are perfect.

>A) Currently that is not Apple. There are many other systems that do a much better job of protecting your privacy that Apple.

Name one. I really don't know of any. Android is a security car crash. The MS offering is effectively nonexistent.

The fact is there is a very consistent consensus among security professionals that iOs is the only platform that's even close to being secure.

>B) I'll choose to whine about things that I'm "never going to get". I'm in the business of reality, not wishful thinking.

And yet in a thread about phones where you're asked what systems you can compile your own stack on you give a list of OS friendly laptops and servers; you reframe a thread on which is the best option to one about whether that option is 'good'; then invoke vague assertions about 'other systems' without backing that up in the slightest. Bearing in mind the last time you were asked to back up a statement you changed the subject completely, I hold out little hope.

[CaptSpify]

I apologize, as I was indeed not talking specifically about phones, but computing devices in general. I can see how that can be confusing since the original article is about phones.

In regards to phones:

Just because we don't have a good alternative doesn't make Apple a good one. It is a fact that we don't know what they do with your private data. You can't say that their system is the best if you don't actually know what it does. All you can do is guess.

[Aaargh20318]

> You can't say that their system is the best if you don't actually know what it does. All you can do is guess.

But that's true for everything.

It's simply impossible to have a computing device where you can be sure of every part being safe without trusting other people's judgement. You'd have to start by studying the VHDL of every chip in your computer, that's going to take you a while. Then check the software and hardware that turns that into a photomask and verify that the actual silicon produced doesn't have any hidden backdoors (that's difficult enough). You'd have to own your own equipment for producing the chips (can't trust the manufacturers)

Once you'd have the hardware completed, you'd have to check every single line of code, not just the OS kernel, but every compiler used (you've got a bootstrapping problem here, do you trust the compiler that compiled the compiler ?), every bit of userland software. Hundreds of millions of lines of code.

And even after you've done all of this, all you've proven is that you didn't find a backdoor, not that there isn't one. If you want to be really sure, you'd need formal proof of everything, which is going to add at least a couple of thousand additional years to the whole exercise.

Basically, what you want is a pipe dream. You can't do this alone, you have to trust other people at some point. So then the question becomes: who do you trust ?

[simonh]

And yet you have repeatedly asserted that there are better options.