Purchasing phones which ensure frequent software patches for a number of years is a far better tactic IMHO. For example I recently purchased a Nokia X20 (https://www.clove.co.uk/products/nokia-x20) which has a promised 3 years of OS upgrades...something I've not seen by other manufacturers.
This still wouldn't protect me from a targeted surveillance attempt like Pegasus, but it does protect me from automated mass surveillance in the cloud, and at least partially reduces the attack surface, by getting rid of unvetted, unreviewable, backdoored proprietary software.
0 regrets, only privacy vibes every since.
The hardware seems fine, but, as said above, it seems that critical hardware (and software for that hardware) is closed.
What is great is: replaceable battery and dipswitches to physically turn on and off every module in the phone.
But why do you expect people can trust a group of anonymous developers building open source smartphones?
No, these modules are closed because it's simpler than making them open. Someone is getting ready to type "FCC and other regulatory bodies prohibit consumer reconfiguration of specific certified radios" but that has nothing whatsoever to do with openness. Being able to monitor something and being able to configure it are not the same thing.
But this article writes about the very people who have plenty to hide (for good reason!). I think it's a bit misleading to say investigative journalists have "nothing to hide" - confidential sources, on-going stories, contacts, whereabouts etc. Mixing this up, in my eyes, is not helping the "privacy for the masses" adoption.
However as the cost of exploits and ease of mass surveillance becoming cheaper . That statement has made less true for more and more people.
In the NSO target list for India I am seeing all sorts of people like virologists and journalists I wouldn't have thought were doing important enough to be tapped. More than the tapping that surprised me.
Sooner or later either we will be worth slightly more than cost or costs will become cheap enough.
However at that point it will be too late. Like the infamous quote goes " first they came for communists/Jews"
All the open phones in the world won't help if you use closed-source WhatsApp / Facebook. And you kinda have to if you want to talk to your less tech savvy friends and family.
In the EU there is a law in preparation that will force big players in chat networks to open up to third parties: The Digital Markets Act (DMA): https://ec.europa.eu/info/strategy/priorities-2019-2024/euro...
or we can try to reverse engineer existing basebands, but I'm not aware of any successful projects working toward that.
Just like anything going in secrets courts is bad for judicial integrity, or RTI laws can help keep government somewhat honest, Open source can help like any other transparency framework.
Just transparency is not a magic solution , open source alone is not going to solve everything. It is just one among many other controls we need.
[0] https://www.phoronix.com/scan.php?page=news_item&px=Linux-Gi...
The point is, right now, nobody can audit these things. Once someone -- anyone! -- can, everyone else can benefit.
Even if there is no direct audit of the code, once a vulnerability is discovered it can be traced back to the person(s) who introduced it.
With a closed system, only the owner of the source code history can do that. With open source, any person in the world can, and can start a discussion to understand whether it was malicious or not, if the person(s) should be banned from pushing code, new code security standards to be adopted, etc. You lean on the world's expertise at that point.
Bad things happen. It's important to have the ability to understand why and mitigate for the future.
USGOV has a pretty comprehensive guide on how to validate them:
https://www.uscurrency.gov/sites/default/files/downloadable-...
Fake validation is less like coding as to catch a really well made fake you would need years of experience seeing all sorts of fakes , while coding needs only experience to see what is good code to able to catch most issues
If that were true, the software industry would have a much smaller problem re: bugs and errors than they currently do.
Sadly the problem is good enough is how the industry sees everything, constant cost cutting , off shoring or replacing senior talent with fresh graduates , inadequate focus on security, debt is all too common, unless/until something affects bottomline there is no pressure.
A fair point. I took "dollar bill" to be the generic "US currency" rather than specifically "the $1 bill". But this page covers everything from $1 to $100 (although it seems the $1 and $2 have barely any.)
In any case, "a random nickname on the Internet, using a computer somewhere in the globe" is a lot more information than none.
Finding out that that's the case for a given project is part of traceability.
That information is meaningless if traces back to an empty room.
You don't get commit rights as a random person, so yes, a commit can usually be traced back to a person. Sure, the committer could have received a patch from a unknown person, but then he's still responsible for the commit.
It's not perfect but it's something vs nothing. I'll take something every time.
Any serious project would have some form of web of trust and know who has commit rights. It's up to you to decide if you trust their web of trust.
I guess from your comments that you are not actually interested in contributing to the discussion since you just sprout single line comments with no information at all.