[CodeGlitch]

The article says that Pegasus is installed via a zero-day (presumably via a phishing attack or similar). I love opensource software, but it is not a magic bullet that stops the likes of zero day attacks. In other words, using a fully opensource stack would not prevent something like Pegasus if they exploited a zero day.

Purchasing phones which ensure frequent software patches for a number of years is a far better tactic IMHO. For example I recently purchased a Nokia X20 (https://www.clove.co.uk/products/nokia-x20) which has a promised 3 years of OS upgrades...something I've not seen by other manufacturers.

[danogentili]

Partially true, but moving away from proprietary hardware and software and especially cloud services would still greatly reduce the attack surface, and is something I committed to fully half a year ago by purging Google/Play services from my phone, having already wiped Windows off my drive five years ago, replacing it with Arch.

This still wouldn't protect me from a targeted surveillance attempt like Pegasus, but it does protect me from automated mass surveillance in the cloud, and at least partially reduces the attack surface, by getting rid of unvetted, unreviewable, backdoored proprietary software.

0 regrets, only privacy vibes every since.