Interesting. It’s good that they gave you such an honest answer about that!
Yes, but let’s not be too hard on them. We live in a world where practically all (more than 99% I guess) smartphone users are running Google/Apple operating systems. Most people in fact live in that world, where those operating systems being used is just the way it is, it’s not something most people think they can change, they don’t even consider the possibility.
Here on this forum are some folks who are actually trying to change that, but we are a strange bunch and Purism is a strange company trying to do something so very difficult.
My point is that for most of the “normal people” out there, the choice of smartphone OS is iOS or Android and there is nothing else available in their world. Then, in that situation, it is not strange that they try to develop and use “secure and private” apps that are as secure and private as possible within the limitations of the world they live in.
There is also, I think, an effect at play here where we (human beings) have a hard time opening our eyes to some new knowledge in case that new knowledge is severely disturbing our current way of life. Like, if someone spent a lot of time and effort on building a “secure and private” app for iOS, perhaps made a whole career based on that, then starting to talk about how that app that they worked so hard on cannot be trusted because iOS cannot be trusted, is a really big step to take. Much easier not to talk about it and not to think about it.
I don’t mean this as any defense of the status quo, just as a way of understanding why it is difficult to change things. People are reluctant to open their eyes to something if it means their whole world falls apart.
Anyway, congrats on taking the “red pill”, now there is no way back.
Currently, yes, you’re right, but in the same way some people turned smartphones into this super successful product and taught the market to use it, we too can input the smart effort and get into an already educated market.
The way I see it, it’s easier for us now than it was for these guys when nobody knew what a smartphone was and the first smartphones were super crap and nearly unusable.
There’s no way to KNOW what they’re doing, but trust, there are plenty of ways to build trust and plenty of people today that do trust closed source OS’s.
Also, I contend that with closed vs open source there are many of us whom do not have the time and knowledge to know what even the open source OS is doing so primarily we are choosing between trusting a company that could face financial penalties for violating that trust and trusting a community of people and companies to keep each other honest.
This also isn’t a binary issue or a simple one. Some OS’s have huge numbers of contributors, some have single digit numbers… An open source OS with few users and fewer devs may be less trusted by me than Windows/MacOS… I will likely never know which is more secure/private but that isn’t the only aspect of the OS’s and isn’t the only way to build trust.
And even for the people whom could know what an Open Source OS is doing, how many of them will actually check and keep checking as updates come out? Sure that number is greater than 0, but I doubt it’s very high either. Most people I’ve met will check the parts they know we’ll when they have spare time which is inconsistent.
As for the original question of is privacy compromised by “non-private operating systems”? I mean by the design of the question, yes.
The more interesting, to me, question is “is privacy compromised when using open source software on a closed ource operating system?” To which my answer is “maybe”. The OS, as mentioned above, does have access to decrypted information in memory; but there are risks for any business that makes an operating system that intentionally violates the trust that such data is kept private. Financial penalties are one risk, another is a mass Exodus away from their platform.
I’ll contend the old MPE operating system, while non-open source since 1972, was trusted by its users to “not” do something untoward with user data.
Too bad the MPE O/S, dies by its own clock at the end of 2027 and the number of sites still using it is about less than 10K, maybe even 1K. There is a 3rd party patch that will extend it for 10 more years. The only other means is to “lie” to the O/S. (Enter an earlier date at boot up.)
App stores (like google play, apple, microsoft cartels) usually would ban whichever apps if they could not have an access to user’s data. Unless app has specific version design allowed by app store’s policy, such as Blokada lite for example. So I would say any privacy-respecting apps under FOSS are compromised the moment they work with non-privacy-respecting OS.
Users shouldn’t be relying on FOSS apps for privacy on OS run by those cartels. But why on the Earth FOSS would create apps to work with those OS? Probably an attempt to draw more users into switching by educating them. But it just stinks a trap whenever Microsoft turns welcoming to work with linux.
Something in the news today that reminded me of the discussion in this thread:
Cybersecurity experts who have examined how NSO’s Pegasus spyware works say the software does not discriminate between encrypted messaging apps and can access pretty much everything on an infected phone. They say Telegram, as well as WhatsApp, Signal and other messaging apps promising end-to-end encryption, are in effect rendered powerless if the device on which they are installed is infected by hacking software as powerful as Pegasus.
The point is that end-to-end encryption does not save you if you cannot trust the operating system. You need an operating system that you can trust first.
