top | item 46038252

(no title)

LMYahooTFY | 3 months ago

How is this different from a backdoor in every phone?

Some authority compels me to give them signing keys so now they can push anything they want, to any device they want?

discuss

strcat|3 months ago

They can't bypass disk encryption that way:

https://news.ycombinator.com/item?id=46038241

It does appear to be what they want from us, but it's not possible to bypass the Weaver disk encryption throttling via compromised OS updates or even secure element updates. It's fully not possible to bypass the security of a strong passphrase, which we encourage via optional 2-factor authentication support for fingerprint+PIN as the main way people unlock to make using a passphrase as the primary lock method after booting or 48h timeout much more convenient.

LMYahooTFY|3 months ago

Well that's really good to know.

Been a happy user of Graphene since the Copperhead days. Thanks for all the work you do. I know you've endured a ton of shit.

SSLy|3 months ago

Just wanted to say: don't listen to people who say you're crass or wrong. GrapheneOS' actions and words are great and a boon.

Hizonner|3 months ago

Once they've established a rule that you have to help them in all cases, what stops them from forcing you to push an update to a phone while the user still has it, to collect information from the phone while actually unlocked and in use?

foxyv|2 months ago

Is this rate limiting on the number of data key decryption calls by the HSM to prevent full data exfiltration? Or, is it rate limiting PIN attempts?

unknown|3 months ago

[deleted]

foxyv|2 months ago

Functionally, there is very little difference. This is why, I imagine, GrapheneOS is pushing back.