The Google Pixel and its Verified-Boot are Overhyped

quite literally a useless document. it talks nothing about the pinephone, hardware switches are very much useful, software switches are bs. and it only talks about pure os (all fixable problems presented) and on the pinephone it does have atf boot plus removable batterys if you really want a brick

1 Like

Yeah, I saw a reddit post about dwm on a pinephone, and just thought that was the peak of the unix community xD

it is dwm but with scripts basically. Works better than plasma or phosh and its simpler to

1 Like

Sure you can fix it. But who actually does? Most (if not all) people using a pinephone will have little security. There are multiple reasons as to why Linux is not a secure operating system (especially on desktops)

Let me simply list a few:
Little to no sandboxing
Little to no firewall (at least ootb)
A kernel that (unless compiled yourself, or taken from somewhere → own security problem) has a ton of CVEs. Some kernel devs even admit that they don’t patch CVEs in LTS kernels.

Linux can be made secure, but it basically never is ootb. Sure, go on and spend a shit ton of time making a flawed operating system secure, but you are not going to have fun with it.

I agree with the statement that using a Google device for security & privacy is weird, but that sadly is how the current world work. In an optimal world, developers would make Linux secure ootb. But I know people that already complain about how unusable Fedora is due to SELinux. People do not care about security, because of the philosophical “FOSS is perfect, no need for anything else” problem.

I would recommend everyone to learn about security, how software is exploited for access to someone’s device and than think about what software (including OS) to use, what hardware to use, how to setup their BIOS/UEFI and so on. As an example: Do you have a Zen, Zen+, or Zen2 CPU with SMT enabled? If yes, then you most likely have a security problem enabled. Especially if you use Firefox instead of a Chromium based browser.
Simply do a cat /sys/devices/system/cpu/vulnerabilities/* and be prepared for probably 4 or more active security problems on your device.
If you get something like Mitigation: untrained return thunk; SMT vulnerable there, you probably want to disable SMT and add something like spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt mds=full,nosmt l1tf=full,force nosmt=force kvm.nx_huge_pages=force retbleed=auto,nosmt to grub. There actually is a lot more to add to your boot parameters, but that alone is probably more than you’re willing to do. The prevention of retbleed costs about 30% of your potential CPU performance.

Oh btw retbleed is not a problem on Windows, just Linux.

Simply as @Dom0 said:

and it’s not even in enforcing mode lol.

When I posted this thread, I was very well aware, that this is a controversial topic. I was aware that some may become emotional regarding their position, but I must ask you to stay friendly and true to the facts.

Only because I take a more reality near approach to security, and do not rely on the theoretical security of a system, does not mean you have to insult me.

The “evidence” you provided so far was lacking and biased. I think we are very well aware about the controversy surrounding Daniel Micay, and I want to note that I can look over the personality of individuals to look at the facts, but that the lead developer of Graphene OS would be biased in favor of his roms approach, is clear.

“But who actually does” people who care and yes linux can be made more secure. It does not matter if a os such as windoze has security because people dont care they get hacked any ways. bsd is the more secure os yes but linux can be very secure also selinux is bs ware

1 Like

When did I insult you again?

This does not make sense

Im having a lot of fun so far with my Gentoo install xD

To be fair: Yes, your points do make a lot of sense, but generalization of “Linux is Linux” is always complicated.

The main problem in the community however is that power users (obviously) develop the distros and os.
Its not so much gatekeeping, as it is “not trying to enrage the other power users by generalizing security”, although it does have similair effects.

In a perfect world, everyone would be a power user, and could customize their lfs install according to their own privacy and threat model.

thats not a argument kek

1 Like

Oh come on. SELinux is not the only thing that can make a system secure, and you should know that if you are a security expert like you claim to be

at this point no one is arguing in good faith, and no ones mind will be changed so i think it may be wise to just spit up. and we cant gain reddit gold either

1 Like

really disappointed it got out of hand so incredibly quickly. The only reasonable person that replied was techlore itself.

Oh, completely missed this entire post.

Are you serious right now? my entire point was that the only thing that I could achieve by mitm-ing a pixel is to see if it is connecting to google. It will not use http however, so its pretty much useless.
Your reply to that:

It will obviously have plenty of reasons to contact google, starting at updates, the time, dns and many many more reasons. The actual content is whats concerning

I still know at least one Arch user complaining about it :stuck_out_tongue:

I personally don’t see how he insulted you, but I apologize for having positively quoted him in a post earlier.

And this is a few. (Desktop) Linux is insecure is more of a “most people do not use a secure Linux operating system and therefore should probably stay on Windows/Mac OS”.

That is correct, but the process of getting hacked (or in the case of desktop Linux not even getting hacked in the traditional way as in most cases any application can access anything happening on the system. File access and display server are just two examples).

SELinux or MAC software? A MAC is similar to what you could call a “system-firewall”. It reduces the amount of information a application can access. Saying that it is “bs” is the same as saying that you don’t care if an application you most likely have not compiled after understanding the whole source code (important because any downloaded binary can include extra spyware) has access to your full system. From the storage, to the webcam.

Using musl, clang with hardening flags, patching Chromium for compiling on musl, implementing SELinux and so on? Because standard Gentoo is about as good as any binary based distribution. Well worse than e.g. Fedora.

I don’t really do that, I always add “Linux can be made secure” and so on. Even simply talking about the Kernel, no system can be compared to another. Well theoretically at least.
I talk about what 95% or more of all users use. And that simply is insecure.

Do you have evidence as for why Linux is at least as secure as a Windows or MAC system? The reason why I mostly use madaidan for providing a resource for my claims is simply because he is a trusted person. If you don’t trust him as a source, you also don’t trust Whonix? I say this as madaidan is one of the people developing Whonix.

But it is better than e.g. AppArmor. There are lots of ways to make Linux more secure, but you probably need all of them. I just used SELinux as an example of what you need, since SELinux is one of the biggest pains to set up yourself.

This doesn’t mean that the security problems Linux has are not so bad that you should use it. In my perfect world, we would have something like this:

Threat Model Important Software Recommend OS
Normal user Social Media, Games, Mails, etc Windows & Android/iOS
Concerned about privacy Games, Web browser Fedora & sane custom Android
Paranoid only CLI & Web browser QubesOS, hardened as f* Gentoo, Graphene OS

But we don’t. We have more distros (options for everything in general) than anyone can ever imagine. We need a few sane standards that make sense for different threat models and don’t make systems a pain to use.

Back to the original topic:
Yes, Pixel phones are overhyped. But so is Linux gaming. A lot of things are in fact.
Some of your criticism is valid (like basically having to update the Pixel 6a after getting it due to an old as fuck version; basically needing internet for a short time to enable OEM unlocking and so on).
But you forgot something: Pixels are not only recommended because of their VB, but also because of the Titan M (especially M2) chip. These compared with the Android sandbox and other stock Android features make Pixels really secure. Not private, but secure.
As far as I know, the Pixels are not really recommended for privacy, but security. Yes some people recommend them for privacy (which makes sense AFTER the install, but not before (for some of the reasons you mentioned).

Yes. But here is the problem: You truly do NOT want to fund anything against your privacy or security? Then you sadly have to avoid everything connected to any big company, to China (every Chinese company due to how the government forces them to cooperate) and so on.
You also would basically not be allowed to ever have JS activated, as Google can make money of you that way. It is close to impossible not to accidentally fund companies that want to make money of our identity. I don not want to promote buying Google hardware, I just want to state that making sure that Google and so on don’t earn a single penny of you is really hard.

If you want to actually support freedom of every person involved, you probably should use a Fariphone and flash Calyx.

This is really hard to answer to.
Google simply offers a better security & privacy option than most “privacy focused” companies. Yes, Google does not offer hardware switches, but you still can remove them physically.
What they offer tho is amazing low level protection, a much better sandbox than any preinstalled Linux has and (compared to e.g. the Librem phones) actually are available. Availability is a huge problem in the FOSS world. Some people wait up to years to get their Librem. This is not acceptable for most people, hence they get this “bad” Google phone.

If you could get comparable security on a Linux/privacy focused phone, people would not recommend the Pixels. The reason they do is because it is superior (unless you spent tons of time getting your phone to a reasonable secure level).

About this: The pinephone is a really interesting project and has the potential to be the best phone (you need better hardware and better software optimization, but this will come in the future).
But in the current state, there are a lot of problems.

  • The stock OS simply sucks. Manjaro is one of the worst OSes out there. They are behind on updates (important for security), have not updated their SSL certificate (which you can do with a cronjob automatically and their used software even tells you how to do it), they have DDOSed the AUR before https://www.linux.org/threads/manjaro-accidently-ddosed-the-aur.34248/ and more problems. There are some more "Manjaro on pinephone" problems, but I do not remember the source sadly.
  • Most of the Linux problems directly translate to the pinephone. No sandbox, no MAC, kernel with tons of CVE's and so on.

If the pinephone would have taken an approach that does make sense securitywise, I would not say that the pinephone is a bad choice securitywise. But in it’s current state, it should never be recommended as a phone, unless

  • You know exactly what you're doing and how to make it secure enough for your needs
  • All software you need is supported and you don't have a problem if any of your used software has access to your whole phone.

With this I disagree. Malware can get really easily into your system, no matter what you’re doing.
But let’s first define “malware”. I am going with ciscos definition, which is
Malware, short for “malicious software,” refers to any intrusive software developed by cybercriminals (often called “hackers”) to steal data and damage or destroy computers and computer systems. Examples of common malware include viruses, worms, Trojan viruses, spyware, adware, and ransomware. Recent malware attacks have exfiltrated data in mass amounts. from What is Malware? - Definition and Examples - Cisco

Assuming you have a properly setup system and are smart with your usage, you don’t have to worry a lot. But lots of people are not like this, they’re stupid and click on links without making sure that the site they visit is safe, they don’t check if the network they connect to is safe and so on.

While “people on this forum don’t have to worry about malware on Linux a lot”, this does not apply to Linux in general. It depends on your usage, just as on Windows.

What we should not forget tho is: You give a lot of programs unlimited root access during installation. This can be especially dangerous for packages from user repositories (like the AUR), as they often times are not regulated enough and malware can be run on your system.

“Linux is safe from malware” simply is an incorrect statement. Just as

should not be a reason to think that Linux is safe from malware. Some malware (like wannacry) can work on Linux via wine. This alone makes the “Linux is not targeted so it is more secure” a much weaker argument, since people might download some random .exe file for a program they need, just to get malware installed.
Again, this might not affect most people here, but it generally does.

This is correct, but you should not forget that this does not mean that a secure device doesn’t make sense. Protection against the government is basically impossible, but there are ways to at least make it a bit harder. You then also can use the 15 user profiles on GOS (for which you need a Pixel device, getting back to “Pixel phones aren’t worth it”) and might be able to delete some of the malware much easier than on stock Android an Linux.

So in conclusion: The Google Pixel phones are not the holy grail and perfect, but other options are hard to get, really expensive and without manual hardening much worse.

1 Like

Everyone is saying very long replies. I will simplify it by just saying:
No.

2 Likes

Hardware switches has no real privacy/security benefits on Android as madaiden points out in his post.

I will quote madaiden here-

Hardware kill switches are nothing but marketing frills.

The microphone kill switch is useless since audio can still be gotten via the sensors (such as the gyroscope or accelerometer). While the Librem 5 does have a “lockdown mode” that disables the sensors, it also requires flipping all of the other switches, including the network switches, which effectively turns your device into a brick just to prevent audio recording.

The network kill switch has two primary threat models: preventing cell tower triangulation, or preventing data exfiltration after the device has been compromised. The switch is useless in either of these threat models:

  • To prevent cell tower triangulation, you can simply enable airplane mode and it is just as effective.
  • The network kill switch is useless for preventing data exfiltration since the attacker can just wait until you toggle the switch on again to exfiltrate data. If you need to temporarily disable network access, you can use airplane mode. Airplane mode can be disabled via a software vulnerability, but if an attacker has those capabilities already, then they can also simply sit and record any sensitive data and eventually upload it once you re-enable the hardware network kill switch, making it no more effective than airplane mode.

The camera kill switch can be useful as a small usability improvement, but it is really no better than some tape.

Linux fan bois be liking this -

Rather than following good security principles and criticizing Distros for not adhering to such principles.

Part of why Linux is so bad is due to it’s users in my opinion.

1 Like

Windows is not a inch better at security than Linux.

I personally prefer LibreWolf to any chromium based browsers, and I explained why in another thread

No, using the hardened SELinux profile, compiling minimalistic, having a slim and hardened kernel with self protection, full disk encryption, usb-guard and a firewall, using *bsd vms.

PAX, PIE, SSP and grSecurity will be next, although I will have a lot of thing coming up in the near future, so I do not know if I will have enough time.

I do not have any enemies, and would consider myself threat model 1 of this original post, so I really do not fear anything, but just want to make my installation hardened for the fun and experience.

Since I neither have anything of value on my device, nor are a political or public figure, I might just convert back to unhardened gentoo, and try to get the most performance possible out of it. I am already using the lto-overlay, but am interested how much I can get out of my machine.

Only because one does not use security precautions and zero-day mitigations does not mean they will be hacked, and only because one does use security precautions and zero-day mitigations does not mean they can not be hacked.

If you are a target and someone is trying to hack you, they can, if they just put enough effort into it. The amount of effort required is measured in their skill, your hardening, your opsec and knowledge, your software, your firmware, your hardware, your physical surroundings and the people you interact with. People need to see security as it is.

I agree, but would honestly rather go with mac instead of windows for the “Normal User” tier. If they are not going to flash a custom rom/os, then apple is (sadly) better, although I do not agree politically with them (right to repair and so on)

Good point.

Yes, but the fairphone is probably very good, and Ideal for most people, but I enjoy the freedom and custamizability of Linux too much, I think I want the same freedom I have on all my other devices with my phone.

Its his attitude and immediatly turning a discussion into insults.

Yes, I fully agree. The fs and system progresses are a very critical single point of failure, and it just shows that Linux is a traditional server os, where there are not malicious programs. I hope it will be addressed in the future of Linux.

The track record of Windows is pretty much shit, cant say the same about apple though.

Well the best is of course having both

I block js by default and have decentraleyes in my browser. I completely understand that that does not change that much, but I never said I wanted to give “not a single cent” to google. 500$ is a lot of money in one purchase, and then buying the new model every 1-2 years…
It also boosts their sales numbers and so on. Even if you buy a used one, it does technically increase the resell value.

Oh yeah, I also stopped recommending Manjaro a while ago. Theres a interesting github article about it.
I was thinking of flashing pure Arch, or maybe Void, if it has the packages I need.

Yeah, I was prepared for that, but since I do not care that much about security (again: not a targeted individual), it will not matter. As long as it has a pin to keep the normies out, and maybe full disk encryption, Im good.

Sorry for the late reply, was really busy.

1 Like