I love a lot of the work of Nitrokey, but I cannot get behind the Nitrophone.
Firstly, the Nitrophone is just a Pixel 4A which contains a Qualcomm Snapdragon 765G CPU. I am confused at how the author claims it is free of Qualcomm control. They are unquestionably an active participant in mass surveillance efforts and there are much more covert ways of doing that when you control a CPU, like making your random number generator not actually that random, potentially compromising -all- TLS, or only activating firmware location tracking features when particular domains or traffic is observed. There are countless ways to hardware backdoor a device that are not as crude and obvious as the ones this article observed.
Secondly, the sole signing key for phone software is under the exclusive control of Daniel Micay who is an undeniably brilliant engineer, but I suggest looking into how they communicate online and comments by anyone who has ever worked with them before. Supply chain integrity for GrapheneOS stops and ends with one person, who has rejected all attempts by me and others to pursue reproducible builds etc for accountability.
Third, GrapheneOS still contains many proprietary blobs with full control over various portions of the hardware. The GrapheneOS team has no choice, because the supported hardware components have not been reverse engineered yet and cannot function without them. The only blob-free Android is Replicant OS but it only runs on reverse engineered but sadly ancient devices long out of production and ancient builds of Android missing many years of security patches. The state of open and private mobile computing is truly a shit show.
Fourth, even if you had a fully trusted hardware and software stack, a device that connects to cell towers, even a dumb phone, will be pinged by three or more towers at a time. All of them collude to log the location of every single phone connected. The only way out is living on Wifi only with airplane mode full time.
Fifth, even if you open source hardware and software you -still- have to worry about state sponsored supply chain attacks at the factories.
The only way forward is to essentially go back in time to decisions we made back in the 90s and start over again, which is what the Precursor project seeks to do.
That is the only hope I have for a high trust messaging device in my pocket any time soon. There is an alpha matrix client, so fingers crossed.
Regarding the first point: Their current offerings are based on more current Pixel devices (6a, 7, 7 Pro), which use Google's chips, which in turn IIRC are mostly Samsung Exynos with a sprinkle of Google. That way they are only shooting their first product into the foot.
Firstly, the Nitrophone is just a Pixel 4A which contains a Qualcomm Snapdragon 765G CPU. I am confused at how the author claims it is free of Qualcomm control. They are unquestionably an active participant in mass surveillance efforts and there are much more covert ways of doing that when you control a CPU, like making your random number generator not actually that random, potentially compromising -all- TLS, or only activating firmware location tracking features when particular domains or traffic is observed. There are countless ways to hardware backdoor a device that are not as crude and obvious as the ones this article observed.
Secondly, the sole signing key for phone software is under the exclusive control of Daniel Micay who is an undeniably brilliant engineer, but I suggest looking into how they communicate online and comments by anyone who has ever worked with them before. Supply chain integrity for GrapheneOS stops and ends with one person, who has rejected all attempts by me and others to pursue reproducible builds etc for accountability.
Third, GrapheneOS still contains many proprietary blobs with full control over various portions of the hardware. The GrapheneOS team has no choice, because the supported hardware components have not been reverse engineered yet and cannot function without them. The only blob-free Android is Replicant OS but it only runs on reverse engineered but sadly ancient devices long out of production and ancient builds of Android missing many years of security patches. The state of open and private mobile computing is truly a shit show.
Fourth, even if you had a fully trusted hardware and software stack, a device that connects to cell towers, even a dumb phone, will be pinged by three or more towers at a time. All of them collude to log the location of every single phone connected. The only way out is living on Wifi only with airplane mode full time.
Fifth, even if you open source hardware and software you -still- have to worry about state sponsored supply chain attacks at the factories.
Bunnie had it right in his talk on this. https://hackaday.com/2019/12/29/36c3-open-source-is-insuffic...
The only way forward is to essentially go back in time to decisions we made back in the 90s and start over again, which is what the Precursor project seeks to do.
That is the only hope I have for a high trust messaging device in my pocket any time soon. There is an alpha matrix client, so fingers crossed.