logoalt Hacker News

summmyesterday at 5:51 PM1 replyview on HN

Nope. It is still not possible to give someone else (the government, or the bank) control over your phone while at the same time run software that you alone control with higher privileges. Please don't mix that up with "is practically hard to implement because of sloppy code. Also your attacker model is still "occasional evil government agency or evil private corporation wants to crack and read your messages", while what is discussed here is more fundamental "evil government or abusive corporation controls your phone in the first place, and can just remote control it you can't use really secure apps"


Replies

whazortoday at 11:57 AM

I want governments and banks to allow open-source software, not control my phone.

For example, I essentially trust the ROM I download from the GrapheneOS website. What I want is for governments, banks, or some independent open foundation to be able to approve that ROM too, so attestation can work with it.

More like how CA certificates work: not perfect, but not locked to one vendor either.

show 1 reply