[kuhsaft]

> The kill switches will work independently on a compromise. Why are they moot?

Kill switches only work as a security feature when you activate them before you know you're compromised. But that's impossible.

It's a reactive "security" feature not a proactive one.

> For example, if I use Firefox with NoScript, then it is not very easy.

Security vulnerabilities aren't only JS related.

https://www.mozilla.org/en-US/security/advisories/mfsa2026-3...

https://www.mozilla.org/en-US/security/advisories/mfsa2026-3...

Adding an extension that can access all your browsing data doesn't seem very secure either.

Required permissions:

- Access browser tabs

- Access browser activity during navigation

- Access your data for all websites

[fsflover]

> Kill switches only work as a security feature when you activate them before you know you're compromised. But that's impossible.

Indeed, if you use the kill switches in a stupid way, you get no benefit from them. I use them whenever I want to be sure that I can't be tracked or listened to, either because of a potentially compromised device or closed modem that can connect to towers without my knowledge. In other words, they are a proactive feature. I can get 100% privacy whenever I want, independently on any software, which in principle might always get secretly compromised one way or another. Even the amazing, secure GrapheneOS!

How can you be sure your modem on GrapheneOS doesn't send your location to the mothership all the time, even in an "airplane mode"?

[fsflover]

Good links, thank you. I agree that my protection is not perfect in general. Fortunately I do not open random websites on my phone; I have my laptop with Qubes OS for that.

> Adding an extension that can access all your browsing data doesn't seem very secure either.

This is not just a random extension but an officially recommended one, https://support.mozilla.org/en-US/kb/recommended-extensions-.... It's also regularly verified by the community. I trust it as I trust Firefox.

[kuhsaft]

> Fortunately I do not open random websites on my phone

That's the main use for almost everyone. You're suggesting people use a less secure device and are stating that it's more secure if they don't use it in the way it's mostly used?

That doesn't sound like freedom. That sounds like living in paranoia. You bring up FUD in so many comments, but you seem to be living it. Ironically though, you choose to use systems that enable FUD when there are systems that let you not worry.

There are people building secure software and hardware, so people don't have to live in fear when using their devices. That's the freedom that many people care about.

There's the freedom to shoot yourself in the foot. Most people don't care about that.

[fsflover]

You missed that I do not recommend Librem 5 to "almost everyone". We are not on a normies forum but on HN.

Also, I do not recommend Librem 5, when somebody asks for a secure device. I mention it, when somebody asks about alternatives to the duopoly, a possibility to have a full, general-purpose computer in a pocket allowing you to tinker with it, or wants to run GNU/Linux baremetal. Such people aren't the audience of GrapheneOS anyway.

And I'm not against GrapheneOS. I never said it was less secure than Librem 5 for typical tasks. I only say, that if you want to have a third option, you can have it today. There will be compromises, which can be dealt with by technical users.

[kuhsaft]

> We are not on a normies forum but on HN.

Being on HN does not mean that you are familiar with the intricacies of hardware and low-level software.

> I only say, that if you want to have a third option, you can have it today. There will be compromises, which can be dealt with by technical users.

I think it’s irresponsible to promote it as an alternative device without noting that it’s less secure and full of footguns. Also, disingenuous to promote it as FOSS when it only fits that definition under FSF technicalities. And lastly, to promote it as more open than phones with AOSP distros that utilize the same set of proprietary hardware, just with different communication mechanisms/boundaries.

[fsflover]

This is not a forum with legal advises. I inform people about an option, which they asked for. GNU/Linux phones have a similar security approach to GNU/Linux on desktop. People explicitly seeking GNU/Linux should know this. They can also ask or search the Internet.

> I think it’s irresponsible to promote it as an alternative device without noting that it’s less secure and full of footguns

I disagree with you here. Informing about options is better than not informing. "Less secure" depends on a threat model. GNU/Linux on desktop is working well enough for millions of people. So it is a viable security approach for many. Saying that your threat model is the only one that should exist and be promoted is crazy.

> only fits that definition under FSF technicalities

This is one of the strictest definitions there is. By which definition does GrapheneOS run FLOSS?

> same set of proprietary hardware, just with different communication mechanisms/boundaries

More choice is always good, isn't it? If it is not for you, you are free to use and promote the duopoly. (Yes, I consider AOSP obeying Google's development strategy long term. It will not end well. See: this topic.)

[kuhsaft]

Relevant conversation about those technicalities: https://news.ycombinator.com/item?id=30042576

Though with a username of fsflover, I think you'll be biased.

Also, another relevant thread (that you were even a part of!) discussing the pointlessness of what Purism did to fit the technicalities: https://news.ycombinator.com/item?id=29841267

It's actually worse than I thought. There's the initramfs /lib/firmware loading workaround for the FSF certification of the OS.

But even before that there is code run by the main CPU that loads instructions for the secondary core to load a blob from separate flash memory to pass to the memory controller to initialize it.

All that just to attempt to fit the technicalities of the FSF RYF hardware certification while still loading a blob like every other phone microprocessor.

---

It's interesting that I could make a device that burns efuses to make it obsolete and it could still be considered FSF Respects Your Freedom certified.