The people pushing this technology, that accelerates climate change, have lobbied the government to circumvent typical roadblocks created by society to limit sensationalist development. Incidentally, the same people who talk about how dangerous AI will be for society, but don't worry, they're going to be the one to deliver it safely.
Now, I don't believe AI will ever amount to enough to be a critical threat to human life, you know, beyond the immense amounts of wasted energy they propose to convert into something more useful, like a market crash or heat and noise, or both.
Not sure how you can call someone opposed to any of that "anti-civilisational" matter-of-factly.
The painful irony of bragging about/lamenting your new model's cybersecurity capabilities within and in response to leaking all the information about it due to poor cybersecurity.
Can't wait for the "$LAST_MODEL was amazing but this is the one that will change everything."
I don’t think this is about nit picking some small detail that causes them to fail a quality/belief checklist. It’s not like finding out your hero picks his nose or doesn’t like chocolate ice cream. When someone goes mask-off as MAGA, they are revealing fundamental core beliefs and values that totally flip the kind of person you might have thought they were.
I have friends and family who I never thought had a hateful, cruel, or belligerent bone in their bodies, suddenly start acting like totally different people, in the span of a few years. This isn’t me holding them to some purity checklist!
It's an object lesson on how certain historical things happened. We go, oh no how could those people have all been inhuman monsters? If only we understood what made them like that.
Agreed. Additionally, when someone says something latently bigoted or hateful, it's easy to just let it slide because we all have our failings and societal progress is slow. Whereas maggotry is about openly embracing those failings, taking on additional types of failings from other people, and then socially validating it all as a purported political movement. But the only real thing tying it together is frustration with the world culminating in lashing out, which is why when they get into power there are no actual constructive policies in any political framework [0]. (apart from lining the preachers' pockets of course, and now apparently a holy war)
nit: I wouldn't call it "mask off" though, as if it's been there the whole time. I'd say it's more like there is tiny a kernel of that (and let's be honest, who doesn't have this in some form or another?), combined with a lack of willpower and critical thinking, that causes them into give in to the siren song of easy answers from mass-personalized propaganda.
[0] ancap and religious fundamentalism are the only frameworks I've been able to find that fit the maggot movement, and they're not particularly constructive.
Fred Rogers was the same kind, thoughtful person in everyday life as he was when he acted on his show. You can watch the congressional tapes of him testifying on increased funding to PBS and also testifying on not making VCRs illegal.
That's a little bit of a false dichotomy, though. I agree that it would be rare, even impossible, to find people who match every quality I imagined they had.
But some of those failings are forgivable, others are not.
Getting genuinely confused about pronouns sometimes: forgivable.
Being a loud, public MAGA homophobe transphobe: not forgivable.
Android doesn't ask your age, Google does for an account. You can use an android phone without a google account. Most people don't but the distinction is important because degoogled android phones will also have to comply.
So for example operating system that does not ask this question could simply declare itself "inappropriate"/"illegal" in the jurisdiction.
Say, GrapheneOS can explicitly disallow image downloads from Californian IPs and not sell phones with preinstalled GOS there.
You don't need to be complaint with the Mongolian law to sell in Burkina Faso.
Similarly they don't need to be complaint with Ohio law if they do not operate and have presence there.
American companies that decide to surveil users ont heir websites with pervasive tracking without consent would only contravene the European GDPR if they allowed EU users to use them. Block the EU (famous http/451), and they're in the clear.
This is what Ageless and some apps are deliberating. I wonder if my ToS can protect me as a scientific calculator maintainer; if I mandate that it cannot be installed within jurisdictions that ban or fine maintainers who fail to implement the age checks.
Edit: I have no control over who links to my library.
How gaslit I must be to remark how more painless this is to use than literally any NA store website I've used.
Less useless shit popping up (with ad block so I mean just the cookies, store location etc harassments)
Store selector didn't request new pages every time I do anything; resulting in all the popups again. (just download our spyware and all these popups will go away!)
Somehow my page loads are snappier than local stores despite being across the planet.
Not saying it's a good site. It's almost the same as Home Depot. Just slightly better.
I mean there's an AI button for searching for a product so you can do agentic shopping with a superintelligence on your side.
OSS is allowed to make money and there are projects that require paid licenses for commerical use.
The source is available and collaborative.
Qt states this on their site:
Simply put, this is how it works: In return for the value you receive from using Qt to create your application, you are expected to give back by contributing to Qt or buying Qt.
Reduced security has always annoyed me a bit as an argument. Sort of in the same way as signal deprecating SMS because it's insecure.
I get all or nothing when your threat model is state actors. However, for most people, the benefit is just freedom from corporate agendas.
Not everyone needs kernel hardening, or always E2EE (as with signal). Personally I just like the features it provides (e.g. scoped storage, disabling any app including Google play services, profiles etc etc
Its also an easier sell to people who are apathetic to security when the product is just better and more secure, the same way apple does (for whatever their reasons may be).
All that said, I get they're limited in funds and manpower, plus the things mentioned at the end there, so I can only be so peeved they chose a target and stuck with it. They typically cite security as the reason, not those other ones, however.
Oh man, I am still annoyed about Signal removing SMS support. Had to add another app to my phone and I can now no longer accidentally discover that someone I'm texting has Signal, which happened more than once to me!
I only just installed Signal in some abandoned corner of one of my devices to be able to communicate with my 'highschool' classmates (in reality a Dutch Gymnasium so a totally different school system and age group but you get the idea) and had to get the blasted thing working without Google services on a device which for some specific purposes sometimes enables these but mostly has them disabled. As soon as Signal gets a whiff of even a stub of Google services is refuses to work without a fully fledged Google services implementation. To fix this I had to add 'disable Signal' to my 'enable rudimentary Google services' script and to do that I had to find the package name:
org.thoughtcrime.securesms
So yes, they're still called 'secure SMS' even though that is no longer part of the deal.
I'll only use it for the specified purpose since I far prefer my own XMPP server with OMEMO encryption - which is based on the same 'double ratchet' keying as Signal uses.
Reduced security has always annoyed me a bit as an argument.
Security is one of one of the main selling points of GrapheneOS, I can fully understand that they don't want to weaken that by supporting fundamentally insecure devices.
I think a nice side-effect is that they only focus on a small number of devices (Pixels) and support those really well. I have followed the /e/OS forums for a while and many devices have constant regressions because it is hard to validate each release on tens of devices.
I get all or nothing when your threat model is state actors.
People do have different thread models, though I think up-to-date software should be the baseline for everyone and where pretty much every phone outside iPhone, Google Pixel, and a subset of Samsung phones fail. Also, I think having a secure enclave should be the baseline, since phones do get stolen.
Its also an easier sell to people who are apathetic to security when the product is just better and more secure, the same way apple does
That's really a weird example though for supporting the argument that GrapheneOS should support more devices. Isn't Pixel + GrapheneOS then pretty much iPhone + iOS? Privacy-respecting, secure, not pushing AI subscriptions all the time (though iOS is getting worse in that respect), offering useful functionality?
At any rate, I understand if you have another phone, you wouldn't buy a Pixel for GrapheneOS, but it does make sense to buy your next phone for running GrapheneOS. Pixel covers a pretty wide price range to, e.g. the Pixel 9a was 349 Euro here recently, all the way up to the Pixel fold.
> I can fully understand that they don't want to weaken that by supporting fundamentally insecure devices.
Except that there is nothing fundamentally insecure about them, they just don't support a specific convenience feature. You can straightforwardly support PIN-based unlocking by encrypting the PIN in ordinary persistent storage using a longer passphrase that only has to be entered during boot.
This is arguably even more secure because it allows the PIN to be dumped from active memory and require the longer passphrase again after a timeout, a limited number of bad attempts or in response to a panic button on the lock screen. Then the device doesn't contain the long passphrase whatsoever, instead of having it permanently stored inside of an opaque enclave that itself could (and often does!) have its own vulnerabilities.
> I get all or nothing when your threat model is state actors.
The problem for those of us in the USA, that labels anyone who disagrees with the current administration and ICE as a domestic terrorist, means that now everyone's threat model is a state actor.
The threat model of every citizen that dares to exercise their first amendment rights now escalated beyond corporate agendas to "How do I make sure Israeli & Palantir spyware doesn't end up on my phone? How do I make sure if my phone does get confiscated, Cellebrite can't image it or access the data?"
Even if that weren't the case, I see no valid reason to be lax with security in 2026. There's no excuse anymore, I mean we still have OEMs selling phones that they do not issue security updates for after purchase. That's just gross negligence.
How do I make sure if my phone does get confiscated, Cellebrite can't image it or access the data?"
In this context one super-nice feature of GrapheneOS (do check the legal ramifications though, IANAL) is that it supports a duress PIN. It's an alternative PIN that immediately erases your phone (probably throws away your FDE keys?) and clears your eSIM.
Besides that, it also supports configurable time to reboot after no unlocks. This is relevant because it is typically much harder to exfiltrate data BFU (before first unlock) than after. iPhone also supports this, but only does it after I think 3 or 4 days. On GrapheneOS, this can be set as short as 10 minutes when there is a risk of your phone getting confiscated. Of course, you can also manually reboot, but that's not possible in every situation.
Graphene is OSS, so if you want to create a fork that supports other phones, you are free to do so. The maintainers have limited amount of resources, why wouldn't they focus those resources on the most secure hardware if that is what aligns with their goals? If you have different goals, create or fund a fork to support more hardware.
>Not everyone needs kernel hardening, or always E2EE (as with signal).
If application processors and hardware crypto accelerators are good enough to make this invisible to the end user, then why not? Why not have everyone be on hardened kernels by default and let them opt-in to insecure ones instead of the other way around?
Now, I don't believe AI will ever amount to enough to be a critical threat to human life, you know, beyond the immense amounts of wasted energy they propose to convert into something more useful, like a market crash or heat and noise, or both.
Not sure how you can call someone opposed to any of that "anti-civilisational" matter-of-factly.
reply