Unsubstantiated claims about Sweden exploiting GrapheneOS with no evidence

cuckflared

argante I wonder how vulnerable GrapheneOS is to these kinds of base-band exploits. Can the attackers take control over the entire phone by exploting bugs in the modem firmware? If this is the case then using a separate device that provides cellular connectivity could offer some protection.

ryrona

cuckflared I wonder how vulnerable GrapheneOS is to these kinds of base-band exploits. Can the attackers take control over the entire phone by exploting bugs in the modem firmware?

My impression from earlier communication with GrapheneOS team members is that the baseband is fully isolated from all other hardware and RAM memory not allocated to it. But I would like to get confirmation of this.

So it would require further exploiting a kernel driver or other low level operating system component. GrapheneOS has some hardening of kernel drivers and operating system components, but it is regular Linux kernel, so all drivers run in privileged kernel space, so exploitation would allow what was speculated about earlier in this thread but not supported by any evidence.

I like the suggestion of option that disables cellular when screen is locked. We don't know of any exploitation using cellular, and the court reports presented in this thread does not support that, but that would probably be easy to implement and similar to the USB protection feature in what security it provides. Many of us do not need cellular when phone is locked.

Nomood

Question for those who knows where they talk about.. If having gos on flightmode and connected with a mobile router with VPN is there a possibility to infect your phone by entering in the router? I know that they not just use pegasus or other likely Trojans to people but is it possible?

yore

Nomood If having gos on flightmode and connected with a mobile router with VPN is there a possibility to infect your phone by entering in the router?

Technically, yes. The possibility of an exploit always exists for most things, especially when you have a device that connects to the internet. However, in practice, the average user is probably not going to be targeted by such an attack.

Having said that, you're more likely to be compromised by a malicious app or a dangerous website than by simply connecting to a router. Although by enabling Airplane mode you do reduce your attack surface, it's probably not worth it as a strong security feature unless you're being targeted or your goal is to avoid cell tower triangulation. In any case, GrapheneOS has made improvements to Wi-Fi.

See below sources:
https://grapheneos.org/usage#wifi-privacy
https://grapheneos.org/features#wifi-privacy

locked

JayJay Appreciate you compiling all this, really useful, but honestly, it kind of reinforces the issue, the language in these reports is incredibly vague.

“Content has been extracted” could mean anything from basic metadata to screen recordings or partial user data, it doesn’t tell us if verified boot was bypassed, if a full filesystem was accessed, or what method was used. In fact, in several cases, manual filming was required, which suggests no real exploit access at all, and it's highly likely that the Swedish Authorities got their hands on the phone unlocked, and filmed only the information that was not encrypted they were able to get up on screen, and may include some Signal conversations (but not the entire history do to encryption) as stated by your own commentary above. It appears to me that GrapheneOS held it's ground here when you look at this closely.

Also, no forensic tooling logs, and no technical explanation of how password protected GrapheneOS devices were supposedly accessed. That kind of absence is telling, if a real exploit had been used, especially against a locked device, you’d expect way more documentation.

So far, nothing here points to a compromise of GrapheneOS itself. It just confirms that some devices were accessed, but we don’t know how. Speculation isn’t the same as evidence.

I honestly don't mean to give you a hard time. I know that you are being genuine about the info you are finding and posting here, however, If you happen to come across anything more detailed like forensic logs, tooling reports, or technical notes about the actual access methods, definitely share it. That would go a long way in helping clear up what really happened here.

ryrona

JayJay Samsung SM-S901B
"Telefonen har extraherats utan kod och en omfattande datamängd har anträffats." which translates "The phone has been extracted without code and an extensive amount of data has been found."

Likely Cellebrite.

JayJay Xiaomi 12t pro
fully extracted without code same as Samsung above.

Likely Cellebrite.

JayJay Google Pixel 7A.
IMEI 354487201175140

"The device was powered on and password protected.
The available content of the mobile phone has been extracted and a manual review of the
mobile phone has been conducted."

"Available content" meaning everything visible on lock screen? Doesn't sound like they got into that phone.

JayJay Emil Berling arrested 1st sept 2024
"The mobile phone has been extracted and examined manually by filming the screen."

Was it locked? Forced fingerprint unlocked? What phone?

JayJay GrapheneOS Google Pixel- 6a IMEI 35950275382472
Found in his apartment at a later stage - Fully extracted with software

Potentially interesting. Was it passphrase protected?

JayJay Google Pixel 6A with GrapheneOS
The device was turned on and NOT password protected. Found on desktop at home. IMEI 358385582080647

Well, this phone was not passphrase protected, so some use GrapheneOS but with security intentionally disabled (or only fingerprint to unlock).

JayJay Google Pixel 6A with GrapheneOS 1st Sept 2024 IMEI 358385589319923 From Kjellgren, Kent Sven Olof
The device was turned on AND password protected.
"The available content of the mobile phone has been extracted and a manual review of the mobile phone has been carried out."

Another "available content", so only what was on lock screen.

JayJay Google Pixel 7A IMEI 354487205182232
"The device was password protected, but the available content of the mobile phone has been extracted and is available in its entirety in the accompanying material."

Another one. Should be easy to verify it is only info on lock screen by looking in that accompanying material.

JayJay During a search of Firat Akgün's home at Stamgatan 37, Älvsjö, on 30 September 2024, a Google Pixel mobile phone was found.73 The device was found in a closet in the hall and was turned off.
The mobile phone has been identified (IMEI:35950275382472) and has been examined. The contents have been
extracted

If this if extraction of credential encrypted content, which is vague from that phrasing, this is not done by exploit, but knowing, guessing or being given the passphrase. Exploits would not help for BFU devices.

JayJay "The Google Pixel mobile phone has been extracted and Signal chats have been found.3 4
The chats themselves have not been extracted due to technical obstacles as the mobile phone was heavily
encrypted.

No information about how they got into the device, but maybe no passphrase or only fingerprint. This at least shows my theory is wrong, as the only reason they couldn't extract messages is because of Signal's ability to encrypt its messages in another layer at rest. Nothing indicates exploitation.

JayJay Google Pixel 7A. IMEI 352493420613342
"The device was turned on and password protected.
The available content of the mobile phone has been extracted and a manual review of the mobile phone has been carried out. The extraction and manual review of the device are available in their entirety in the accompanying material."

Another one "available content".

JayJay Google Pixel 6A IMEI 358385582080647
"The device was turned on and not password protected.
The available content of the mobile phone has been extracted and a manual review of the mobile phone has been carried out. The extraction and manual review of the device are in their entirety in the accompanying material. For your information, the extraction and manual review have generated different materials."

Not passphrase protected.

So, summary, no signs of any exploitation of vulnerabilities in GrapheneOS in any of these cases. Non-Pixels might have been victims to Cellebrite, but we know already they are vulnerable at that point of time and likely still.

Thank you a lot @JayJay for compiling this list. It saved me a lot of work.

Claimspro

JayJay

Thanks for the clearing things out.
I have not read this FUP since it is in zip.

If you see in the FUP where it say the phones has been extracted usually there would be pictures of what they extracted or like a page with pictures taken/saved on the phone or other stuff extracted text messages or even phone calls after each phone.

Did you find anything useful that shows the content they "extracted" the swedish police often shows what they extracted.

userofgos

DeletedUser299 any notifications you have entitled to be displayed, including signal if you have been carless enough to allow it and any that still come through whilst the phone is seized and powered on

True, but wouldn't someone with access to a locked pixel device with GOS only have access to viewing the icons of the apps and infer which they are?

I can only read the content of the notifications when have either used my fingerprint or unlocked via pin/passphrase to make them viewable.

GrapheneOS

JayJay

According to the file in the zip he provided (363-1.pdf)

The legitimacy of this should be verified, although we're happy to assume it's legitimate for our response.

Below phones was installed with GrapheneOS
Page 252 PW Protected Pixel 7A - Extracted through videorecording
Page 319 No PW Pixel 6A - Fully extracted
Page 325 PW Protected 6A - Fully extracted
Page 345 PW Protected Pixel 7A - Fully extracted
Page 357 PW Pixel 6A - Fully extracted
Page 370 PW Protected Pixel 7A through videorecording

Nothing in the documents indicates anything was exploited. You're making unsubstantiated claims that any of these devices were exploited despite it not being stated in the document.

What are you claiming about video recording?

The USB ports were disabled on some and therefor they were videorecorded.
Some had foreign simcards installed, or was connecting to internet through another device.
Police never mentions any firmwares but you can assume that they were updated until 2024-07-01.

All of the devices being updated to the 2024-01-13 release would mean they all had an 18 hour locked device auto-reboot timer as the default (https://grapheneos.org/releases#2024011300). Therefore, there would be an 18 hour window to exploit GrapheneOS before data would be at rest. After that point, exploiting the Titan M2 to bypass throttling would be required to access data within user profiles rather than only exploiting GrapheneOS. You treat the powered off devices differently despite powered on devices in the After First Unlock state going back to the Before First Unlock state after 18 hours since the last success unlock. It would be highly unusual for a GrapheneOS user to disable this rather than increasing the time to 48 or 72 hours, which the vast majority of people aren't going to do either. The default is perfectly usable and many people even lower it.

All of the devices being updated to the 2024-03-11 release or beyond would mean the USB-C port control setting was "Charging-only when locked, except before first unlock" by default (https://grapheneos.org/releases#2024031100). All of the devices being updated to 2024-06-12 or later would mean USB-C port control set to "Charging-only while locked" by default (https://grapheneos.org/releases#2024061200). It would be highly unusual for a GrapheneOS user to change this to permitting connections while unlocked.

The assumptions you're making don't make sense with that in mind.

One of the extracted phone (Pixel 6A) was pw protected and switched off. It was fully extracted.

Auto-reboot timer exists.

Others were turned on but in a locked state, the Pixel 6As were fully extracted the 7A video recorded (probably turned off USB). Which concludes they had atleast the firmware of when the USB disable functionality was launched.

It was default enabled since March 2024.

The phones that were fully extracted, the extraction was done latest on 2024-11-21.
Considering that one of the phones was switched off and pw protected yet fully extracted it means that an exploit was available for them to use between 2024-07-01 and 2024-11-21.

No, the claim that any devices were exploited is unsubstantiated. Your claim also implies exploiting the Titan M2, not only GrapheneOS. You don't have evidence for these claims.

When the phones are under video recording the police turns on airplane mode first to disconnect it from internet and then afterwards starts the videorecording through an external camera.

What exactly are you claiming?

No finger unlock was used. They were pw protected.

Passwords can still be coerced or captured in use.

However we do not know if the password was written anywhere close, if they were shoulder surfed (I doubt this happened though as no evidence pictures provided was so upclose), we also do not know the complexity of the passwords.

Good reasons to avoid make unsubstantiated claims about exploits without a basis.

The phones was collected from someone in Stockholm with preinstalled GrapheneOS, we do not know if this person was undercover to infiltrate or wrote down the passwords somewhere and got raided.

They may have provided the password to the devices, written it down somewhere or been recorded entering it. It may have simply been a terrible password. They may have used the password for a far less secure device where it was possible to crack it such as a Windows machine as the login password. How do you know how they got data from the devices? It's not there, and you admit as much. You're basing this on your assumptions.

There are many questions to how however we can conclude that the phones security were actually bypassed.

No, that conclusion is unwarranted.

GrapheneOS

dc32f0cfe84def651e0e Exactly, they may have recorded the password being entered. It may have been a terrible password and may have been used across all of the devices and other devices. It's entirely possible the password was also used for websites, etc. People commonly reuse passwords.

foxkurdisssh

GrapheneOS
Yes true.
Also, a common way for the police is to check iCloud Keychain if your private phone is a iphone, its very easy to access and also they try all the passwords they can find there because many people often have the same passwords.

Another thing is that they often open the phone and just take the RAM out because the RAM itself is not incrypted, this is very common with iphones i dont know if that works on a GOS.

foxkurdisssh

I see that many people complain that it does not say how, where, when the police entered the GOS in the FUP. What you need to understand is that the police in Sweden do not have to show how they entered, they do not have to report anything, it is enough that they know the contents of the phone and it is enough to say that it was fully extracted, etc.

Swedish police do not have to report anything about how they entered the phones, Swedish police have a lot of legislation on their side, they do not even have to suspect someone of a crime to use attacks and then be inside that person's mobile. In Sweden you can be detained with full isolation for a crime you did not commit for over a year or 2 and then be free in court, this is very common. The police can basically do whatever they want and FRA which is similar to the NSA gives them all the tools they need to the local police. Its crazy.

With that said, Icant confirm or say that any GOS have been exploited.

GrapheneOS

foxkurdisssh Which is why it's completely wrong for people to be claiming that lack of any indication of how they got into devices means they exploited them. There are many people who cooperate with police once faced with that situation. There are also other ways to get the password. It's not clear why people are claiming that these documents indicate exploitation when they do not claim to have done that, do not imply it was done and even have parts which imply it wasn't what they did. If they had OS exploits they wouldn't need to do a lot of what it's indicated they did and OS exploits would not work to get data in several situations presented where it's Before First Unlock with a password. It's largely implied they got the password another way...

foxkurdisssh RAM is not fully encrypted on the supported devices but there's a locked device auto-reboot feature on GrapheneOS kicking in 18 hours after the device is locked by default. GrapheneOS clears freed memory in the kernel including when rebooting or shutting down, which wipes most memory. It also wipes all the free memory when booting the OS. Since April 2024, fastboot mode on Pixels wipes memory on boot before USB is activated. Encrypted RAM would be nice but the SoC can still be tampered with even with encrypted RAM. Encrypted RAM raises the difficulty of that kind of approach to extracting data. It's highly unlikely with GrapheneOS especially for a non-extreme case due to locked device auto-reboot. The passphrase is also not in the memory.

de0u

foxkurdisssh I see that many people complain that it does not say how, where, when the police entered the GOS in the FUP. What you need to understand is that the police in Sweden do not have to show how they entered, they do not have to report anything, it is enough that they know the contents of the phone and it is enough to say that it was fully extracted, etc.

Then no "fully extracted" report counts as evidence that an exploit was used unless somehow there is an explicit statement that an exploit was used.

If any of the proffered police reports does say an exploit was used, it would be great for somebody to say which page of which document.

Otherwise it doesn't matter if there are 500 or 5000 or 50000 police reports that say "fully extracted".

Claimspro

foxkurdisssh

Not true 9/10 times in FUP the police will state what they used to gain access to the phone in the case or the evidence they have used.
For example; It would say cellebrite or HAK or HDA or HÖK have been used on Iphone 11 to gain this and that and after the FUP will show the extracted information.

This statement is also not true:
In Sweden you can be detained with full isolation for a crime you did not commit for over a year or 2 and then be free in court, this is very common. The police can basically do whatever they want.

The person of interest needs to be suspected with evidence to be in isolation.
https://sv.m.wikipedia.org/wiki/Misstankegrad

And if set free due to the evidence not strong enough it is because sweden follows something called,
"Hellre fria än fälla" with other words meaning "rather to set free than sentence someone innocent.

I dont know why people keep claiming the police can do what they want in Sweden. Sweden still sends phones abroad to get help so I dont know where you guys get all this info that FRA and SAPO helps the police.

In the worst year in Swedens criminal history, FRA and SAPO did not step in and help. Stop scaring people and spreading fake rumours. For 2 weeks now GrapheneOS have been a subject among people in Sweden just spreading fake things who started it and where everyone gets the info they have is a mystery.

I know cases high profiled murder cases in Sweden from middle of 2024 and one in 2023 that the police admitted they could not break the encryption and did get no access to the information on the phone.

If the case is that the police had methods to crack the encryption it would be over every newspaper in Sweden like the Swedish police always do celebrate every major thing that could stop the ongoing violence in sweden.
I did send a podcast with forensics in the swedish police who clearly states it all depends on the circumstances if they can gain access. Is it unlocked? Do they have the password? Is there no password? Have the suspect given the password?

Answers no one in sweden can answer but the police. These rumours has to stop.

GrapheneOS

JayJay

I highly doubt it, because if it was they would disable the password and be able to do full extract by switching on all USB. However this was not done, they had to do manual extract.

Why make an assumption about how they would want to extract data where they have the password? They probably wouldn't want to risk having an app wipe the device if they have another way to use it.

Also if it was, there would have been evidence with more upclose photographs, this was not provided as evidence either.

No, that's a bad assumption and doesn't indicate they didn't discover the password somehow.

An exploit has been used here to bypass.

No, that's not substantiated.

Not so long ago there was a simcard switch exploit that bypassed the password.

Only for After First Unlock state devices. You're ignoring the auto-reboot timer, which gets devices back to Before First Unlock state and was 18 hours by default since the 2024-01-13 release.

We know for a fact that such exploits has occurred before

That also required an After First Unlock state device and have been prevented outright as a class of vulnerability able to get data from user profiles since April 2024. You say to assume they were updated past that, so exploiting fastboot mode would only obtain data available Before First Unlock. A device in Before First Unlock state would also need to have the Titan M2 exploited to brute force a password. If it was a strong password, nothing would get the data in user profiles from a Before First Unlock state device. Titan M2 throttling is needed for a random 6 digit PIN or non-strong passphrase. Exploiting that is very difficult.

From 2022 https://www.youtube.com/watch?v=B6q0nJnltsk (simcard switch exploit).

This was an AFU device exploit, not doable after auto-reboot.

While I am not so updated on the CVS between 2024 until 2024-11-21 one cannot fully protect himself. A complex password+auto reboot timer+USB disabled can only protect you until you are being shoulder surfed.

Yes, they can record you entering the password. If you reuse the password, the weakest security machine where it's used can be targeted. It's also entirely possible someone reused it for a website or other service. You don't know how they got it. If it was a strong passphrase and ANY device was Before First Unlock then they wouldn't have been able to get data from that device without having recorded or obtained the password somewhere. Even if it was a mediocre password, it would take substantial resources and time to crack. The claim that they exploited the devices doesn't add up especially since you say at least one was turned off and therefore Before First Unlock. Exploits cannot bypass the disk encryption as multiple of your posts / statements are implying.

To be able to configure timebased complex password would protect you even further however it depends on what you are defending yourself against.

That doesn't make sense. A standard diceware passphrase combined with the device being Before First Unlock prevents getting past the encryption for user profile data. Even a mediocre passphrase would be a huge hassle to get past. You're implying they exploited the Titan M2 to brute force a relatively weak passphrase. That doesn't seem at all likely, contrary to what you're saying.

Or to be able to have some protection against airplane mode toggle, what-a-heck maybe even a configuration airplanemode toggle =autoreboot first. I mean there are of course more protection one can do but it will come at a cost of convenience.

Enabling airplane mode isn't a problem. Disabling it raises attack surface but is expected as part of emergency calls being possible while locked with it on. We've planned to allow disabling that feature for a while, but it would probably break some regulations.

dc32f0cfe84def651e0e

GrapheneOS If you reuse the password, the weakest security machine where it's used can be targeted. It's also entirely possible someone reused it for a website or other service.

Poisoning the well by reusing duress password elsewhere would make sense then. Imagine: lawdogs take your phone, enter an assumed password which turns out a duress one :)

grayway2

GrapheneOS is it possible that GrapheneOS faces pressure from authorities because forced airplane was implemented?

I mean the default airplane mode would still be bypassed through emergency calls but full would require user to change it from settings.

GrapheneOS

dc32f0cfe84def651e0e USB-C port control is also enabled by default and there are other reasons to avoid interacting with the device/OS if they have the password. There can be apps set up to auto-wipe on various conditions. Having the password doesn't mean they would want to simply unlock it via the UI and go through developer options to extract. If they have a lower level way to do it while having the password, they'd probably want to do that to avoid wipe being triggered.

GrapheneOS

matchboxbananasynergy A password protected device in Before First Unlock state (turned off) having all of the data extracted heavily implies that the passwords were obtained from the people rather than this being a bunch of devices which got exploited. Titan M2 exploit could bypass brute force protection but a decent password would still hold up quite well and would be impossible to break if it was a strong one.

GrapheneOS

Byku There's no indication of an exploit of locked devices and in fact it indicates otherwise, contrary to the conclusions in that post.

GrapheneOS

locked A powered off phone with a password having all data extracted in fact largely implies that the password was known. They'd need to brute force or already know it, implying exploiting the Titan M2. Exploiting devices in After First Unlock state wouldn't give them the password. It's heavily implied they got password(s) elsewhere.

That’s not enough to conclude a live exploit was used in 2024.

The actual evidence even indicates otherwise.

GrapheneOS

ryrona

Okay. That just means they did not use any exploits against that one. No exploit can access encrypted data on a BFU device in any way at all other than by inputting the correct passphrase. So they did guess, know or was given the correct passphrase.

Yes, exactly. It shows that it was not based on GrapheneOS exploits for at least that phone, and heavily implies it for the other devices too.

Even if was a very weak password, they would have still had to exploit the Titan M2 to bypass brute force protection. If it was even a mediocre password, it would be very hard to brute force with brute force protection bypassed. We talk about using 6-8 diceware words because it outright prevents brute forcing even with massive compute power, but a much weaker password still provides substantial protection.

You mean USB port was "charging only" or complete off as opposed to "charging only when locked"? If they guessed, know or were given the passphrase, they would just be able to enable USB fully. So this might actually imply the possibility they have a cellular based exploit that kills the lock screen, but isn't able to enter passphrase needed to change security settings.

That would be extraordinarily unlikely. The lockscreen can't be killed like an X11 lockscreen but rather is a mode of the SystemUI. The SIM card exploit from 2022 which we discovered long before the public disclosure involved SystemUI wrongly entering an unlocked UI mode which is now protected against much better. It could still be hardened more, but it's about SystemUI logic. SystemUI crashing or anything like that would not do it. The device would just soft reboot back to the lockscreen

Is there any other possible explanation of why they would have gotten access to the unlocked user interface on a locked phone, but not able to do USB extraction?

If they didn't want to interact with the phone and have a way to extract data based on having the password provided to them without it. However, a whole lot of assumptions are being made about what they did and we don't think it makes sense to theorize based on a bunch of assumptions.

GrapheneOS

JayJay

In these type of reports you can also read the whole police interrogation, the passwords were NOT handed over or it would have been noted in the interrogation otherwise. Also fingerprint was not used.

It's wrong to assume the passwords not being in notes for interrogation means it wasn't turned over. They would have interacted with the police beyond that and there is also the possibility of the password being reused across many devices/services, etc. It may also have been written down, stored on unencrypted storage such as a password manager on a Windows machine, etc. You're assuming something about what happened based on what isn't stated. That's unsubstantiated.

They do not mention in these reports how the access was. However it was not through cellebrite for the Pixels as they usually mention it otherwise.

Not stating something doesn't mean it isn't what was done. We know Cellebrite Premium was only able to exploit GrapheneOS releases from mid 2022. It's possible that changed in the past month or so but we have documentation from 2025 for Cellebrite Premium. If they could exploit releases from 2024 with it, we would know. We also have similar documentation from several other forensic tool vendors and they only appear to be able to extract Before First Unlock data at best, if even that. It's less clear since they don't specifically cover GrapheneOS.

If they had password access they would have made a full extraction and not phone in airplane mode.

Emergency call takes a phone out of airplane mode. A feature for blocking that has been planned for a long time but not implemented yet due to time constraints. We can't implement everything we have planned.

Malmö TR B 11984-24 Aktbil 363-1.pdf

None of this indicates any exploits. In fact, what it shows is that they're likely getting people to hand over their password or getting it another way, followed by performing an extraction if possible or otherwise just recording browsing through the device. Are there even clear indications of exploiting non-GrapheneOS devices? Why is that being assumed when it's not stated?

GrapheneOS

Bimmy

Is there evidence that the cited text is from authentic, official documents?

It has not been verified, but there isn't much reason to doubt the authenticity. The documents do not make any claim that GrapheneOS has been exploited but rather that is entirely the assumption of several people in this thread and elsewhere. Therefore, the documents being authentic or not has little relevance.

What evidence do we have that the events described truly happened? (In contrast to describing partially or wholly fictional events -- maybe as a scare campaign -- as users suspected above.)

If the documents were a scare campaign, they'd probably claim that GrapheneOS had been exploited which they don't appear to claim anywhere.

(If 1 or 2 can't be answered yet, I wonder:) Specifically with the precisely cited numbers for alleged cases, mobile equipment, and even names -- is this consistent with evidence from "outside the bubble"?

There's no indication in the documents of any exploits of GrapheneOS or the Titan M2. Many aspects of it indicate that did not happen. That doesn't mean there aren't exploits of GrapheneOS elsewhere but it does not appear to be happening in these cases. It's not clear why a few people are so convinced it is when the documents do not claim it or even imply it. You can see there are a whole bunch of stated assumptions about supposedly passwords not being handed over due to it not being stated, so they draw the conclusion that the devices are exploits despite it not being stated. It's strange to assume many things didn't happen due to not being stated explicitly but that exploiting the devices did when it's not claimed either. It is confirmation bias.

Bimmy

GrapheneOS It's not clear why a few people are so convinced it is when the documents do not claim it or even imply it. You can see there are a whole bunch of stated assumptions about supposedly passwords not being handed over due to it not being stated, so they draw the conclusion that the devices are exploits despite it not being stated. It's strange to assume many things didn't happen due to not being stated explicitly but that exploiting the devices did when it's not claimed either. It is confirmation bias.

Thank you for the reply.

If you allow me to add my own interpretation and to slightly drift into offtopic philosophy: Our brains have some wonderful attributes -- and imagination can be a fantastic quality -- while, as already implied, being deeply biased by default. Sentential calculus is not our default mode of operation and it has a high cost of chemical energy and experienced effort to invoke and keep consciousness doing that calculus. Its the imperfections of that biology that provoke our rash conclusions.

Getting somewhat back to documents, and the incomplete information we have, it could generally be helpful to call an old saying to mind: That absence of evidence is not evidence of absence (s. https://quoteinvestigator.com/2019/09/17/absence/ ). Our uncertainty and our emotions can make it very hard to infer truthful statements, and it will take continuous effort from all participants to turn the uncertainty we all started with into something more positive.

« Previous Page Next Page »