GrapheneOS

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

ldmia

Member
Oct 1, 2021
14
4
Recently I was listening to a podcast that is focused on privacy and the former law enforcement person who is the host
made a strange claim, that GrapheneOS (which is based on Android) is a safe OS to use because it was made by activists
rather than by Google. In addition, in his opinion iOS is not safe for privacy-minded individuals.

However Android (or AOSP in this case on which GrapheneOS is based) has a huge security flaw:
In order to build AOSP, one has to run Google's script which downloads a slew of prebuilt compiler executables from their website.

This brings to mind the old exploit in which someone wrote a C compiler that, when it was compiling the Unix login.c file,
made sure to add a backdoor to the login executable. It was a proof of concept showing that you really can't trust the output
of a compiler because it could have been maliciously modified to add malware to its own output.

Given the stipulation that compiling AOSP requires running unknown binaries from Google, which is a part of
the PRISM spying operation (as is Apple), how can anyone be certain that Google is not exploiting that security hole
(downloading prebuilt executables) to compromise GrapheneOS's binaries?
 
  • Like
Reactions: rfrazier
how can anyone be certain
How can you be sure of anything in life? You need to start with a base level of trust in something. If you think that Google is untrustworthy then I guess you need to avoid using any of their tools. Myself, I think they care too much about my life because they want to advertise to me, not because they're spying on me.
 
Yes I am well aware of the past achievements and contributions of Ken Thompson. It's unclear how that in ANY way takes away from what I said. You have to have some BASE level of trust, or you can trust nothing at all. You would apparently not trust Google... you're probably in a very small minority.
 
OK, I guess I'm going to have to jump in. I don't mean any offense, and we don't have to get in a cat fight. Everyone has a different opinion. I appreciate everything Steve and Leo do and I enjoy this group. I'm a big fan. BUT, I have long felt that Steve and Leo do not take privacy seriously enough. Security yes. Privacy no. OF COURSE I don't trust Google, nor Apple, nor Facebook, nor Twitter, nor Instagram, nor Linkedin, nor Microsoft. Every one of them has been tracking us to death, selling our information, and censoring thousands of content creators just because the corporations don't like their opinions. I'm never logged into Google on my web browser. I am switching search to DuckDuck Go (although I don't think their databases are as big). I have an Android tablet because it's a slightly more free than Apple and those are the main two viable options. At least I can sideload things. I have location off. I run a very minimal number of apps. I don't use my phone for computing (since I have the tablet), only phone calls and texts. I always run on a VPN. I EXPECT that they're still tracking me and spying on me to a point. I EXPECT that they're still selling my information to a point. HOPEFULLY, they're not putting viruses on my tablet. But I have NO delusions that they're my friends. Don't belittle people because they're concerned about such things. The OP's question is valid.

"Trust but verify."


May your bits be stable and your interfaces be fast. :cool: Ron
 
Last edited:
Although I do not go to the lengths I ought to, or even the lengths of rfrazier, I agree with his sentiment and post. You cannot trust any of the corporations to protect you in any way. It is contrary to their incentives.

If it is electronic you are not private. If it is not shielded (assuming shieldability in the first place) you are not private. Privacy as envisioned by those forging the government in the 1880's simply does not exist in a world they could not imagine. It is one reason strict textualism in the legal and political conservatives is a deeply flawed perspective.

I do not go to great lengths to protect my privacy because I do not have the resources in time nor money to run that race for the life I lead. I'm just not that interesting nor important. Still, it would be nice if the people elected to represent us would pass laws and regulations to help protect us from these intrusions. Gathering information about me does not make you the owner of that information. It is still mine and should be treated with respect and permission sought before it is used for any purpose.
 
  • Like
Reactions: rfrazier
My point is not [specifically] who you trust, only that you DO trust someone. If you don't trust AMD, Intel or your ARM chip manufacturer, then you shouldn't be able to post here. If you don't trust your keyboard manufacturer, or your screen manufacturer, SSD manufacturer or motherboard manufacturer, you also shouldn't be able to post here. Surely you're not fabricating your own equipment at home, so you must trust someone.

Maybe the government is really trying to do you in and your electric can opener is slowly poising your food when you open it. If that's what you believe, please go be paranoid somewhere else. Otherwise, let's realize that we all have different levels of caution/concern, and most of us aren't actually worried that Google, nor Amazon, Microsoft, Apple, or Intel nor AMD give a rats ass about us personally, and accept that they just want us to help them get rich by being customers.
 
You would apparently not trust Google... you're probably in a very small minority.
Do you work for Google? It's hard to imagine why you would think I'm in a "very small minority". This is like saying to someone in the 1600's that only a "very small minority" doesn't trust the Catholic Church. It's a preposterous claim. And given that Big Tech is now insisting that it is the judge of what is true or false, the analogy couldn't be more apt.
 
Last edited:
BUT, I have long felt that Steve and Leo do not take privacy seriously enough. Security yes. Privacy no. OF COURSE I don't trust Google, nor Apple, nor Facebook, nor Twitter, nor Instagram, nor Linkedin, nor Microsoft. Every one of them has been tracking us to death, selling our information, and censoring thousands of content creators just because the corporations don't like their opinions.
Well said. I would add there are many efforts to document the pervasive surveillance.

Terms and Conditions May Apply

Surveillance Capitalism

Google Archipelago

Kashmir Hill's tech detox

Backdoor found in Samsung phones
 
Last edited:
  • Like
Reactions: rfrazier
that they just want us to help them get rich by being customers.
Did you not listen to anything that Edward Snowden said? Does the PRISM spying program not ring a bell, for instance? Or the fact that Google was funded by the CIA from the start?
 
Last edited:
I'm in a "very small minority".
I said it because it's true. For example, there are over 1.8 Billion GMail accounts. There are reportedly more than 3 billion active Android phones.



As I said before, this site is not the "paranoia report." It's all well and good for you to be concerned about Google's reach. It's not healthy to assume you're so special that "they" are out to get you. The only thing any big company wants from its average customer is more business.
 
listen to anything that Edward Snowden

As far as democracy goes, a country gets the leadership they elect. After 9/11 the US population chose to allow their government to become more snoopy. Not everyone agrees that Snowden did anything good. To avoid any prosecution for what he knew was a crime against his own country he is in self-imposed exile, in one of the most hated countries in the world, after all.

You seem to have a cross to bear against the government, so I suggest you spend more time writing your own software to protect your own interests, and spend less time accusing everyone else of failing to protect your interests. Google is in business to make money, not to spy on you. Stop with the paranoia.