People coming from iOS or other Androids are usually very happy about GrapheneOS, it is a clear upgrade in both security, privacy and freedom.
People like me coming from Linux mobiles are maybe less excited. It is a clear upgrade in security, but privacy is a bit hit and miss, and it is a clear downgrade in freedom.
I am sorry if I were stepping on peoples toes yesterday. Still I got this sense that maybe the GrapheneOS community is thinking differently about security and privacy than I am, and that I am used to, especially around source code openness and hardware reliance. We are maybe coming from different worlds after all.
But this situation has made me wonder how the GrapheneOS project itself stands on these topics, so I would love if someone can give some hints or clarifications about that.
Do the GrapheneOS project have an official statement of some kind with regard to closed source components? What I am wondering is whether the GrapheneOS project strive for or see it as desirable that all parts of the system is open source, including bootloader, baseband firmware and firmware running on the hardware security chip, or whether this is an irrelevant goal for the project. Personally I think that closed source is at odds with security and privacy goals, as closed source is merely an attempt to obfuscate the code, prevent auditing, and prevent the device owner from fixing issues and remove unwanted features, so it is pretty important for me.
Do the GrapheneOS project have an official statement of some kind with regard to non-replaceable software components, such as the bootloader that is locked so only versions signed by Google can be installed? What I am wondering is whether the GrapheneOS project strive for or see it as desirable that any software or firmware components can be replaced by the device owner, including the bootloader and firmware running in the hardware security chip. This is also rather important for me, as making components non-replaceable like this would prevent the device owner and even GrapheneOS developers from fixing issues and remove unwanted features, even if the source code is available.
Do the GrapheneOS project have an official statement of some kind with regard to reliance on hardware components for security? What I am wondering is whether the GrapheneOS project sees hardware security chips and similar as beneficial for security and privacy, or at odds with security and privacy goals. Personally I don't trust hardware components to provide security, as their design and inner workings are always deliberately kept secret today, and thus would be akin to security by obscurity. I am not against using hardware components like the hardware security chip opportunistically, as long as the software makes sure the system is secure even if the security of the hardware is entirely broken, and I see GrapheneOS at least claim to implement the disk encryption is a secure way like that. But I want to know what the project's philosophy really is more generally. There is also the thing that attacks against hardware components will improve each year but hardware cannot be upgraded, so the secrets stored in a hardware security chip or similar will be more and more weakly protected against a physical attacker for each year, in a way harder to predict than algebraic password strength.
Finally, I also wonder whether the GrapheneOS project strive for making GrapheneOS be as easy as possible to inspect, audit, modify and improve to the device owner. Today it seems auditing is really only possible with the help of special debug builds and with the help of other devices, and modifying GrapheneOS also requiring making your own build and flashing that. I realize these properties may largely be inherited from AOSP, but I wonder if GrapheneOS project would strive to improve the situation here and whether the GrapheneOS project sees that is beneficial for the security and privacy of the system to make it more easily auditable and modifiable from within the system itself.