Email or username:

Password:

Forgot your password?
Top-level
thomzane

@josh @GrapheneOS Sadly many people believe that Apple is secure. That is what they keep saying. Even EFF repeat their ads.

10 comments
Josh

@thomzane @GrapheneOS Valid point not sure what EFF does besides take money though?

thomzane replied to Josh

@josh @GrapheneOS They do a lot of good things, but they also recommend Apple phones.

Josh

@thomzane @GrapheneOS So many people I see on here still think Apple is great. I dont even engage with them in conversation.

GrapheneOS

@thomzane @josh iPhones are genuinely the next best option overall for a private and especially secure tablet or smartphone after GrapheneOS.

Apple does have some advantages over GrapheneOS but they're mostly related to privacy from apps where we have our own significant advantages. iOS 18 added a similar feature to our Contact Scopes but they don't have our Sensors toggle or other things we do. They're not great at privacy from Apple but do offer more end-to-end encryption, etc. than Google.

Josh replied to GrapheneOS

@GrapheneOS @thomzane Go visit Dread and see how often Apple gets recommended lol is all I need to say.
GOS gets recommended 24x7 there.

Josh replied to Josh

@GrapheneOS @thomzane My point was amongst people with lots to lose they won't choose a device that will sell them out over one that provides what they need to stay out of jail/prison etc

GrapheneOS replied to GrapheneOS

@thomzane @josh They do have substance behind their privacy and security marketing. Pixels have substance behind their security marketing too and are largely competitive with iPhones with the stock OS in that regard, but not on privacy overall. We start from a solid base with the Android Open Source Project on Pixels. We see Apple implementing some of the features we've provided for longer as a form of compliment for our work even if they weren't aware of it. In many cases, they probably were.

thomzane replied to GrapheneOS

@GrapheneOS @josh Not you too! E2EE without the ability to manage your own keys and verify the mechanisms of encryption means that Apple can introduce more ghost keys behind the scenes allowing themselves and others to be included in who can decrypt the information.

Then there is the whole notifications issue where Apple and Google were leaking that which should be local. reuters.com/technology/cyberse

I don't trust Apple.

@GrapheneOS @josh Not you too! E2EE without the ability to manage your own keys and verify the mechanisms of encryption means that Apple can introduce more ghost keys behind the scenes allowing themselves and others to be included in who can decrypt the information.

Then there is the whole notifications issue where Apple and Google were leaking that which should be local. reuters.com/technology/cyberse

GrapheneOS replied to thomzane

@thomzane @josh

We never said they had best in class end-to-end encryption support, only better support for it than Google does. Google does have E2EE for certain Android services but it's a lot more limited and has a very limited security model.

> Then there is the whole notifications issue where Apple and Google were leaking that which should be local.

No, you're entirely misunderstanding this. It was about push messaging registration metadata and nothing was being leaked.

GrapheneOS replied to GrapheneOS

@thomzane That story is not about apps sending notifications locally. That story is about apps which chose to use their push messaging services to send messages to the device through APNS or FCM. On Android, FCM is optional and alternative push mechanisms can be used. Apps are choosing to use it. For both APNS and FCM, apps can end-to-end encrypt the messages. For FCM, they can also send empty messages to wake the app and then fetch the data themselves. It's not about local notifications.

Go Up