At least I think I read it when Librem 11 was released. Since I do not own other Librems than 5, it’s better someone else answers.
1 Like
So it is true then, I always suspected that I was not paranoid enough in spite of other peoples’ protestations.
3LP are so creepy.
Let me ask you this then, where can one go to learn programming and computers well enough to navigate this landscape without spending a million dollars on a college degree? Up to this point I have just used the library.
I’ve been using PureOS for the last three weeks and it ticks all boxes for me. It’s fast, I have all apps that I need, and it receives updates. It does not load microcode or binary firmware. Bluetooth works, wireless works, everythiing I need works.
What exactly benefit do you get from running the latest?
I come across so many pepople obsessed with getting the latest for the sake of getting the latest. That’s not technical problem, it’s psychological.
Perhaps the Linux distro closest to GrapheneOS is secureblue
The way I remember it is he said the opposite: so-called e2ee apps don’t matter if your OS is not FOSS, is spying on you and scanning everything pre-encryption…
In a way he said both. If you are sending a message to another phone and it is android or iOS then the software looks at your phone screen, changes the data to text and sends it to HQ. If you are messaging someone with apple software or android their screen data will be recorded and they will know what both of you are messaging, so end to end encryption only works if both the sender and receiver have e2ee and a device that isn’t a spy machine like android or iOS, etc.
As I understand.
While I don’t always need the “latest”, I’m not one to always run old gear or fall into the category of old “thinkpad” fanboi-ism. (while I do actually like my old thinkpads. lol)
While I do daily an older Thinkpad running qubes… my main machines that I uses at home are all custom built pcs which sometimes serve dual purpose (ie… gaming/video editing/etc). And to keep up with that, i need compatibility with that hardware and drivers to follow.
For example, my next machine build is a 9800x3D w/ a 5090. We already know there are compatibility issues with NVidia already within the linux world, so you know the latest is going to cause issues. Even running older AMD 6000 series GPUs sometimes dont even get the full drivers to be able to use the card to it’s fullest, which is a waste.
Not to mention that if i’m recommending it to friends and family, i don’t want to tell them that they have to run “OLD” hardware for it to be fully optimized. That would be something I would recommend to someone that is budget conscious.
Fairly obviously, at some point (X years after initial release) the benefit that you get is having critical or important security updates!
You might get new functionality that is important to you (and which is not backported or can’t feasibly even be backported because it relies on new core APIs).
You need both.
You need E2EE.
AND
You need neither party to be using a spyphone.
If you are talking about SMS then it is encrypted only between device and tower (at each end). So it is trivial for providers and thereby governments, hackers, third party suppliers, … to grab the content. No need for spyphone. No need for radioing the content of the text back to HQ from the phone.
But let’s say you solve that and you are running verifiably robust E2EE.
Then you need neither party to be using a spyphone.
Because it is typically the case that no matter how good the encryption, the text exists unencrypted at each end - and it can be radioed back to HQ. (There is no need for some complicated arrangement involving looking at the screen and OCRing it back to text or just relaying the entire screen contents. However for more general spyphone compromise, being able to relay the entire screen contents back to HQ is nice.)
Oh and of course you need to trust the other party. If the other party isn’t who you think he or she is then you don’t have a technology problem any more.
I was told the client side ai converted image to text due to bandwidth and search limitations.
But I still am not sure how we are achieving the on board encryption, I thought the pgp card would be necessary and then would only be two way safe if you were sending to another librem with a pgp card in the messaging app. If true then I can only safely communicate between two librems.
1 Like
My point still stands.
I didn’t intend to dispute it, just provided more information.
1 Like
Okay, here are more related topics: