- cross-posted to:
- privacy@programming.dev
- cross-posted to:
- privacy@programming.dev
Read the whole thread
However, we don’t have a “hardened security” approach, we aren’t developing a phone for pedo(censored) so they can evade justice.
Read the whole thread
However, we don’t have a “hardened security” approach, we aren’t developing a phone for pedo(censored) so they can evade justice.
Is he confusing privacy for security?
They’re two sides of the same coin. Can’t have privacy without security and can’t have security without privacy.
Looking at the post though he’s specifically talking about advanced security as a means of preserving privacy, security you’d need if (based on his model) targeted by a government (whether foreign or your local police forensics team). I don’t think his model is correct though because while extra hardened security is useful to protect privacy in such an instance, it’s also just best practice because it’s better to have too much security than not enough, just to keep your bank account secure at least.
Hmmm… I half agree with what you said. The corner stone of most security is an element of initial trust.
With SSL, we’re trusting that the certificate authority is valid.
With tools like GPG, I (as the sender) are trusting that the key I’m using to sign a message is really yours.
With Android we (the users) and the application developers are trusting Google (hence why “sideloading” is now “bad”, because Google says it is).
I absolutely agree that privacy cannot exist without security. But, your privacy is dependent on who your security model trusts.
I don’t trust Google with my privacy (hence, I degoogle) , but my bank app doesn’t trust my security (hence, the app can only be installed via Google Play).
So, privacy is dependent on security, but security is built on trust.
Who? Gaël Duval or GrapheneOS?