this post was submitted on 02 Sep 2023
19 points (67.9% liked)

Asklemmy

43852 readers
701 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
 

trying to make a near 100% foss build lol

you are viewing a single comment's thread
view the rest of the comments
[–] j4k3@lemmy.world 3 points 1 year ago (1 children)

I don't think anyone can really say, but I'm not an expert on security.

My biggest skepticism is that all phones have untrusted proprietary hardware. Apple does its own thing and usually seems to develop stuff like a full stack. However, I don't think there has ever been a documented cellular modem. I don't trust anything on a PC unless it is running libre boot. Like even UEFI has network access. You likely also have an entire Intel ME operating system or the AMD equivalent running with lower level permissions than root at all times. Maybe if you have an extensive SELinux ruleset you could mitigate any potential.

If your software is signed or has a hash key available, you can use that to verify file status.

I haven't had any issues with AOSP and GrapheneOS, but I go as far as installing a fresh OS on an old laptop, setup a custom network, all just to install chrome and do the easy automated ROM swap to run GrapheneOS. Then I format the drive. It is the only way I care to run regular chrome or connect Google tainted hardware.

[–] Blake 3 points 1 year ago (1 children)

You can install Graphene without Chrome, just so you know - might be worth looking into, since it sounds like you’re taking this stuff seriously - good for you. But yeah, at a certain point, can you trust the Graphene hashes haven’t been altered? You can take it to extremes.

[–] j4k3@lemmy.world 3 points 1 year ago* (last edited 1 year ago)

We all have our thresholds. I use this mostly to learn using the practical application of an example. I do care about my actual workstation and what is on it, mostly for the peace of mind, but also because I might occasionally get pissed off at some piece of shit proprietary hardware, reverse engineer the design with a schematic and upload it with kicad files. That's about the only real reason for me. I also source a lot of sketchy datasheets and old documentation. I care enough to be behind a whitelist fw, which would stop most junk. It's mostly just the principal of ownership. Stalkerware is hacking as privateers with a license from the king of the USA - corporate America.