>Pinephones have absolutely atrocious privacy and security
All demon rectangles have atrocious privacy and security, no matter how updated the proprietary malware is.

>hardware, firmware and software level.
The Pinephones come with no firmware - they have only proprietary hardware and proprietary software.

>highly outdated and insecure hardware components which lack proper firmware updates
Yes, you can update the proprietary malware and spyware, but that simply makes security worse, not better.

>is an outdated Qualcomm cellular modem on another chip running a whole outdated proprietary fork of Android
Last time I checked it was a custom proprietary RTOS and not Android.

If it was Android, that would be a matter of GPLv2 enforcement to resolve that issue.

Unlike any other modem, there is a free software userspace for that modem, which clearly can possibly have security, but as for the modem, the only possible way to possibly have security would be to finish the job and replace the remaining proprietary malware with free software.

>connected to the main CPU via very high attack surface USB
USB devices do not have DMA, thus it's a lower attack surface than a device that has the modem turn on and then start the main SoC and only then decide to turn on IOMMU (or not).

IOMMU is unfortunately inherently flawed as last time I checked IOMMU's only implement page-level filtering and many attacks have been found against it.

It is possible via software means and hard work to make a USB stack very attack resistant, but you're always screwed with DMA if the modem can decide to not enable IOMMU.

>Pinephones are closed source hardware with closed source firmware.
Obviously the hardware is proprietary like all hardware.

The bootloader is free software and you can run only free software on the SoC and when it comes to proprietary software loading, that's only for the Wi-Fi+Bluetooth combo card connected via USB (but I would just disable it via the physical switch as it's garbage).

>It's primarily used to run a much less private and secure software stack on top.
If the user doesn't run proprietary malware on their computer, they're quite secure.

You should not teach users to think they're safe just because there is sandboxing and permissions management, when the most degeneratey proprietary spyware and malware is running!

>It does not avoid closed source hardware or code.
Hmm, if you go and disable the modem and Wi-Fi card via the physical switches, it appears that everything can run with free software?

There might be some software on the usb controller I guess (but an update for that is never offered), but that doesn't have DMA - yes, that should be made free software.

>at least have close to competitive security with Pixels and iPhones
It's peak comedy thinking Pixel's and iPhone's are secure - imagine trusting the biggest malware and spyware experts on the planet!

The very first step of security is to first run 100% free software and then you actually have a chance of securing something - if there is any proprietary software, your security falls to pieces.

@Suiseiseki Decent phones have far better security than laptop/desktop class hardware which is also closed source hardware and firmware, but with far worse hardware, firmware and software security. Providing good security depends on hardware-based security features so those aren't separate things.

Pinephones have a huge amount of proprietary firmware running on the hardware. They have proprietary firmware for Wi-Fi, Bluetooth, cellular, the SSD, the main SSD and other components. You're wrong.

@dev0null Defending the Linux kernel against applications is essentially hopeless in the long term. We can make it much harder and defeat real world exploits not specialized for GrapheneOS but it's pretty much a lost cause. We cannot make it an extremely strong barrier. A stronger sandbox not permitting any file access, etc. can be used to run specialized code but for apps, they require too much functionality from the kernel. We need virtualization for it.

The Linux network stack is also scary.