Episode 236 - How I analyzed privacy of smartphones
Added 2024-11-09 20:22:57 +0000 UTCThis is a peak into my analysis method for my latest video on the most private smartphone. You can follow this via LINDDUN Go cards: https://linddun.org/go/
Comments
Your takeaway is wrong. The secure element makes it harder to hack the phone. Not easier. Just because an exploit existed at some point doesn't make it a threat. It significantly reduces the attack surface. The alternative is to have everything in one place, which would be far less secure.
The Hated One
2024-11-13 23:53:36 +0000 UTCApple's hardware based security (SoC) was fully bypassed and devices taken over already in a zero-day attack. While in theory I agree with you, reality has already proven otherwise. Kaspersky employee phones were compromised in this manner.
Leaper
2024-11-13 22:29:23 +0000 UTCIt doesn't have access to your data. It holds device secrets in an isolated environment to prevent all known attacks. It's the most important thing maintaining the integrity of your device.
The Hated One
2024-11-13 20:51:59 +0000 UTCProprietary code & licensing for sure combined with potentially unlimited access to data on the device, especially if compromised. I agree, no better options at the moment.
Leaper
2024-11-12 18:18:44 +0000 UTCIs it because of proprietary licensing? There isn't really a better alternative unfortunately and there is no evidence this would be a privacy concern.
The Hated One
2024-11-12 15:47:54 +0000 UTCThanks for the reply! I am always weary of SoCs, just like blobs hence I wanted to check in with you to see if I should be concerned when running GrapheneOS on a Google device due to their reputation of less than ethical privacy policies.
Leaper
2024-11-12 15:17:09 +0000 UTCI am not sure I understand... Titan M2 being a problem? It's a security chip that keeps your device secrets, probably the most secure chip on any phone (iPhone being the only competitor). The best hardware to install GrapheneOS on would be the Pixel that still receives security updates. I think the 6 lineup is halway through its end of life cycle. Other than that, newer Pixels have even more secure hardware. There is a business reason for this - a company like Google (or Apple) wants to remove themselves from any liability for user conduct on their devices so they improve security so that they can say they've done their part. I am not sure if you have other concerns but you did the right thing getting GrapheneOS on your Pixel.
The Hated One
2024-11-12 13:27:22 +0000 UTCGreat video!! I do have a question though. How would the scoring be impacted if I am running GrapheneOS on a Pixel 6 phone? I wasn't able to discern this combination from the video as you mentioned the Titan M2 chip in the Pixel phone as a problem and I agree. What would be the best hardware platform to install GrapheneOS on to protect one's privacy as much as possible? Thanks in advance!
Leaper
2024-11-12 13:05:08 +0000 UTCThis video should be available. The last was reuploaded so check again to see if you can watch it. Sorry for the inconvenience.
The Hated One
2024-11-10 12:49:37 +0000 UTCHm, the video is removed? Was it banned or did you remove it? I cnat find it on youtube either.
Don Dingo
2024-11-09 23:14:23 +0000 UTCYeah I have the old version of these cards. The new is even better. Can also be played online in the web browser.
The Hated One
2024-11-09 21:49:05 +0000 UTCP.S. great vid, great application of knowledge showcased here.
RICH
2024-11-09 21:41:09 +0000 UTCFor those interested (as I am): LINDDUN cards available here: https://agilestationery.com/products/linddun-go-privacy-threat-modeling-cards?variant=39284469858375. Seems like a decent way to keep friends/family/loved ones attentive, as let's face it we all have experienced eyes rolling as soon as we say something about privacy to them.
RICH
2024-11-09 21:40:12 +0000 UTCExcellent. I watched the entire video. Thank you for sharing your methodology and approach. Makes total sense to me.
Jose Vanduka
2024-11-09 21:21:54 +0000 UTC
