Is privacy compromised when using privacy-respecting apps on non-private operating systems?

Linux isn’t end all. Look into other things like BSD too or source based GNU/Linux metadistros.


Yes, any open source - and the more of the system is open source, the better.


This is called Arm TrustZone (don’t remember the name of the Intel version) and is used for Netflix DRM.

Note that DRM as usually designed is made to protect the program from the user (and the OS, which the user can compromise alter). The same principle can be used to protect the user from the OS.

1 Like

Nice. Tech used for crap like DRM can be used for some good.

Now I can’t help wondering if text messages can be stolen by the operating system off apps like Signal or Threema?

I think if you have those fears you should definetly change the OS :slight_smile:t

1 Like

Yes - as far as I know. I’ve seen mentions of this “secure path” only in two contexts: playing movies, and virtual machines in server rooms.

EDIT: even then, the one who is usually protected is the hardware manufacturer: they hold the encryption keys. Unless you install the encryption key into the hardware yourself, it’s not your data that’s protected by the hardware path. PureBoot is the exception: your encryption keys protect you from someone who tries to gain access to your stuff. Not hardware manufacturer’s keys, and not movie copyright group’s keys.

Well I guess if iOS or windows etc. can access keystrokes or text when an app like Signal or Threema is open then it’s not nearly as secure and private as everyone claims it is?

And I’ll be changing as soon as I can receive my L14! :grin:
As far as an open source software phone the L5 is still a year or more away for me and I’m beginning to look for alternatives.

As a quick aside, it’s encouraging to see (anecdotally) people becoming more and more aware of and concerned about privacy in computing and communicating. More information is finally getting published, and more alternatives are being publicized, which all, naturally, point toward open source.

It seems to me that products like the Librem 5 and Pinephone are often getting people’s initial attention, and then that results in growing interest in GNU/Linux on the desktop and computers from Purism, System76, and others.

1 Like

People don’t claim that the OS can’t access keystrokes or text they display. Those are nearly impossible to prevent, and if they were prevented in the DRM style, by having them handled by a separate OS… then guess what - you still rely on an OS. You can’t escape having an OS, and no one is claiming that you can.

The OS may not be as private as unfamiliar people believe, if that belief is impossible.

Since you can’t escape an OS, you should be handing your data to one that you can trust or audit, and that’s where Librems win.


Seems like a de-Googled Android phone is the only viable alternative at this time. See the following for details:

Android without Google? How is that Possible?

What it’s like to use a De-Googled phone in real life? (Q&A of concerns)

Spyware-Free Phones in 2021: We’re being Squeezed!

1 Like

I use a degoogled phone (graphene on pixel) but this isn’t an entirely freedom setup by any means. The bootloader has a google splash and cannot be removed, the titan chip in the pixel isn’t open and graphene depends heavily on this for security when it is proprietary and there is also plenty of non-free software that comes with graphene which compromises the security of the device such as baseband drivers. The OS works hard to be secure in many ways but still allows the installation of any non-free program. I could, if I wanted to, install eg PUBG onto the device and it wouldn’t complain or warn me the slightest. I’ve used graphene for quite a while now and I would much prefer an L5 despite it being so much weaker than my mobile phone. However, I cannot afford to pay the price purism is asking for that computer when it looks incredibly beta from software to the power of the device so I will wait. It still hasn’t received RYF which I have stated many times here that I am waiting for.

Rob Braxman agrees, no other option right now. I’m looking into getting one of his degoogled phones in the fall when funds are available for me.

1 Like

So I received a follow-up email from Standard Notes as follows…

“I’ve confirmed the details with one of the devs on the team. Indeed the decrypted content is in working memory, however, your initial assumption was actually correct. That is, the operating system is able to access the decrypted data while it is in working memory. Since it’s essential for the app to interface with the OS, exactly how the OS accesses and handles the app data and memory is unfortunately something out of our control. However, do rest assured that we’ve made the app as secure as possible in all areas where we do have control :blush: In case you haven’t done so yet, you may browse through our help articles on Privacy and Longevity in our help page, where we discuss certain topics on how the app keeps your notes secure in general, as well as the details of how encryption is applied on your data.”

Therefore all of the knowledgeable folks with us on here have pointed out some great loopholes that I did not know about before this thread and I thank you.
Bottom line if you’re using non-open source operating system’s there’s just no way to trust what they’re doing with your data anytime a so-called secure and private app is open and being used. I now even have serious doubts about Signal and Threema as to just how private they actually are?
Thank you again everyone!


Yeah, after my Librem 14 arrives and I get it set up (June/July?), I’m going to pick up one of Braxman’s deGoogled Pixel 4.

1 Like

Yep me too!!

also looking at these, to compare the two options

1 Like

This is the one I like

1 Like

Lots of choices to compare!

If I hadn’t already bought a Pixel 4a 128gb with Lineage 18.1 that would have been the one I’d bought. That one in the ad has a bigger screen(6.2) and is 5G capable and brand new as opposed to many used,refurbished with older OS versions.