[captainchris]

is that really the case? apple as example, they develop secretive and innovative security measures that, while compatible with their corporate mandates, do actually aim to protect end users. yes, this is in contradiction to certain privacy needs, user lock-in, etc as you mentioned

primarily, i am interested to learn what pine or other offering does outside of the obvious benefits of it being open. specifically, what security measures on their own merit, hardware and/or software, does pine offer, either uniquely or in an effort to "catch up" (e.g. secure enclave)

[blihp]

Yes, I believe it is. You're dismissing out of hand one of the primary security benefits of an open device while giving far too much credit to Apple.

For the open device, (with one glaring hole: they don't support full device encryption i.e. the bootloader etc... yet) you can encrypt your data such that if you lose the key, it is effectively unrecoverable. There is no communication with any 3rd parties that you don't specifically allow/enable. That is a killer security feature of the device: there's no 3rd party between you and your data.

On the Apple side, you're crediting them with 'secretive and innovative' when the reality is they only provide users as much security as their business model requires. All Apple really offers is security from casual hackers and when it suits their purposes, from the user/purchaser of the device. The fact that Apple is in a position to respond to a government demand with anything other than a blob of encrypted data tells you all you need to know about how secure your data really is with them. (I'd love to be corrected if it's realistic these days to use an i-device without their cloud services enabled... I left their ecosystem years ago so I am speculating that it's not)

There's no magic when it comes to security: either you provide the foundation to allow for a secure environment (which Pine appears to be working toward) or you don't (Apple likely never will as they appear to not want to piss off various governments).

[captainchris]

Not dismiss but inquire.

I don't know enough about Pine, but aapl/goog have had hackers battle testing their platforms for a while. I don't see how an open platform can leapfrog ahead unless aapl/goog truly are sabotaging security for "big bro"

yes, cloud is a big hole, but are we hiding from the law? aapl only responds to warrant requests -- supposedly.

(on a side note, afaik, aapl is building their own baseband proc, which presumably will be a good thing for security)

What you said makes a ton of sense, but curious to see in practice how the security of such a device will hold up. you'd have to expect that the platform will have holes, being so new -- and that there wont be enough eyes on, not without adoption. paradox.

yes, open device means far greater flexibility on security posture but this presumes a mature, battle tested tool set. (and may or may not be built on a better foundation than corporate closed phone tech -- hence inquiry)

contrarily and back to my original inquiry -- i still wonder if there are fundamental design choices inherent to Pine that separate it from (or bring it on par with) commercial offerings. (besides those elucidated by you and another commenter -- thanks). for instance, physical boundaries such as a secure enclave, etc

i challenge the notion about aapl and casual hackers. every non-trivial platform has bugs, whether open or closed. there isn't a way to casually own an up to date iOS device, for instance -- if one had such an exploit it would be worth a lot of money to aapl or a broker

sorry for free form reply