It’s not about being pixel specific. They built high security OS that uses HW components to deliver that high security. It can’t be delivered without them. These components are not google patented nor does GrapheneOS demands they use the exact pixel ones. GrapheneOS just refuses to lower security to support phones that lack these components, because manufacturers wanted to save maybe a $1 per phone by not including them at the expense of user security.

Then let us know when they are solved. Until then, I have a lot more hope in matrix than XMPP. They at least seems to be making progress in the right direction, although they are not there yet either.

Signal remains the best option for now.

So much cope you didn’t even notice no one mentioned matrix. We are comparing XMPP with Signal.

Your reasoning would hold up if 80% of xmpp wasn’t running on Conversations or forks of it

Also, you really think saying only 20% of your chats are insecure is somehow making it better?

The encryption being crap really does not depend on the threat model. Sure, in some threat models you may not need e2ee at all but in that case, what’s wrong with WhatsApp?

The issue with XMPP is that security really was an afterthought. Not only is e2ee an optional extension, but there are actually 2 incompatible extensions, each with multiple versions. Then you have some clients not implementing either, some clients implementing the older, less secure one. Some implement the newer one but older version of the spec with known issues. And of course, the few clients that implement it well become incompatible with other clients that don’t if you enable e2ee, so it is disabled by default.

That is all before you start looking into security audits or metadata harvesting.

Tell me you don’t know anything about security without telling me you don’t know anything about security.

There are: https://nimbusdata.com/products/exadrive/specifications/

They are just not listed in shops for poor people. (joking)

Not really. Sure, China is able to make unpopular decisions better then democracies, but that makes them inefficient in different directions. E.g. high speed rail in areas where it is not needed but greatly lacking freight trains. Or their housing bubble.

“We don’t accept ideologically motivated changes” = White supremacist language… Yeah, sounds about like what I expected…

Yeah, we should just ditch email for sensitive communications.

Anyway, my point was that I lost trust in Proton back then over this and went to Tuta that has native clients. It makes no difference to my security since I don’t think I ever sent or received a single mail that was actually e2e encrypted. But Tuta’s more serious approach to e2ee made me slightly more confident in it as a company.

Now it kinda looks like it was the right choice.

doesn’t impact the security sufficiently to make a difference for the average user.

I think it is borderline. I am not advocating for PGP, I like the Signal model where you trust signal for introductions but have the ability to verify, even in retrospect. Trust but verify. Even a few advanced users verifying Signal keys forces Signal to remain honest or risk getting caught.

I think the lack of meaningful verification for proton is a significant security weakness, though average user probably has bigger things to worry about.

Bridge did not exist back then.

As for it being sophisticated attack, I think it is relative.

Regardless, if Proton said it did not matter to most people, I would respectfully disagree and move on. They did not. They claimed it is not at all less secure than a native app, which is BS.

It is nuanced, but having the ability to selectively serve malicious javascript stealing keys to specific people only on one access is considerable issue in practice, compared to distributing binary where you would generally have the same binary for everyone and you are able to archive and analyse it. Especially if you use third party distributions, like github releases or flatpaks.

Was it ever? I ditched them years ago when they tried to gaslight people that e2ee in javascript in browser is secure.

I don’t see any reason why you couldn’t with default settings. Beware of enabling any setting that stores data next to the media like nfo metadata storage, as those could maybe cause conflicts.

Honestly, if the app was open-source so we can check it does not leak data, I would probably have no issue with it.

Making it a separate app makes sense if google wants to allow other apps to re-use the code. No reason to have the same functionality bundled into each app separately.

And the feature, as long as it is configurable, seems useful.

The auto-install is bad but understandable. As far as I am aware, there is no easy way to mark an app as a dependency of another app so it gets automatically installed only when needed. This should be fixed, but auto-install for all is not terrible temporary solution. This does not apply when the app is closed source and may steal your data.

Again? Didn’t they try this once already?

As I said, I have never seen anything I would consider extremist myself. Though from your reply, I get the feeling the issue could be an unreasonably broad definition of extremist content on your side. That or I just happen to not visit games with such discussions.

I am a big GOG enjoyer myself, but when I need to use steam for anything, I have never encountered such content. Perhaps there is such content in private or otherwise not very visible spaces (such as user profiles), where they will not get reported, but that is true for any site with user content. I call BS on this being an issue.

Ok, you got me there. I just ment I don’t care.

Let me know when it can run GrapheneOS. Until then, who cares?