Hacker News new | ask | show | jobs
by HybridStatAnim8 63 days ago
All of the defensiveness is warranted. They speak neutrally and objectively.

The project is not going to relinquish control to any 3rd party. Not even the Motorola partnership is given control over the GOS project. The hypothetical you describe is not possible by design.

The GOS project takes no issue with critical thinking, and encourages it. But that is often used as an excuse to handwave attacks. There is a very big difference between criticism/critical thinking and attacking them.

Note that there are more individuals in the project than Micay. Multiple people handle multiple responsibilities, its not one person.
2 comments
ryandrake 63 days ago
> The GOS project takes no issue with critical thinking, and encourages it. But that is often used as an excuse to handwave attacks. There is a very big difference between criticism/critical thinking and attacking them.

Responding to attacks so defensively is almost alway a bad look for organizations. They could really use a PR person with a more measured voice that corrects facts and projects confidence, and does not convey victimhood, insecurity or defensiveness. Take a look at the tone of press releases issued by companies when some tech press bozo writes a hit piece on them, for good examples of dealing with people attacking you.

link
HybridStatAnim8 63 days ago
I would not use those words to describe the approach they take. They make the effort to speak neutrally and objectively, but the issues they are making light of are often exactly as extreme and common as they describe. Many people have voiced appreciation that they decide against a "corporate-speak" approach. The GrapheneOS accounts are meant to be accounts that let project members speak to users, rather than take on a corporate appearance.
link
neilv 63 days ago
I'm sure you realize that confident assurances of a random new pseudonymous account on a Web site isn't sufficient for anything of importance.

Is there an authoritative source of information about how a takeover like that isn't possible by design, which people can verify, analyze, hold parties accountable for the pieces that require it, etc.?

link
HybridStatAnim8 63 days ago
I am a GrapheneOS user and community member, and I am active in the chat rooms. I made this account to assist with misinformation.

As for how such a thing would not be possible;

-GrapheneOS updates do not trust the network, so any compromise of update servers for OS and app updates would not be able to push malicious updates. Only those who hold the signing keys are capable of pushing updates that will be accepted.

-Multiple people review the code that gets included in the OS. There is not one point of failure when it comes to social engineering.

-GOS supports reproducible builds, so the code that is published can be verified to be the code that is built for the official builds.

So in other words, you would need to convince multiple people who are consciously protecting against this, and who have a proven track record of burning the keys if the privacy and security of their users are in jeopardy. On top of that, you need to conceal this from every developer, moderator, and community member who would raise the alarm at the slightest indication of compromise.

link