Pushing for insecure post-quantum algorithms, that may be secure against quantum computers
Eh, I doubt that is how it works. We do not have quantum computers yet, so how we prove security in quantum settings is by specifying the adversary to have specified quantum capabilities, in addition to classical capabilities. Hence, broken under traditional attack means broken under quantum attack.
You can say that new post-quantum schemes are less verified compared to established classical schemes, but that does not mean classical is necessarily more secure.
As a user, I can definitely say that GrapheneOS is the single best project in the open source space. 99.99% of stuff works out-of-the-box, with de-facto feature parity. The remaining 0.01% is the one dumb investing app which I can only assume has sneaky spyware on it.
In the GrapheneOS forum, I encountered a claim that F-droid is insecure (and not good at privacy as well). These links (and more) were given as an evidence:
- https://privsec.dev/posts/android/f-droid-security-issues/
- https://xcancel.com/GrapheneOS/status/1883895255142932816#m
- https://github.com/obfusk/fdroid-fakesigner-poc
While there are some attitude against FOSS app, I think the arguments are generally sound and in good-faith. Which makes me confused, as I've been hearing good words about F-droid in lemmyverse.
I am not good at assessing arguments, so I want to ask you guys for more aspects and information.
Also, if not F-droid, what should I use? Is Aurora store, a frontend of play store, not fine to use as well?
My current phone is 7 years old, does not support recent android versions, and battery life is becoming atrocious.
This feels like right time to change my phone.
Currently, I know of & am considering 3 options:
- Google Pixel
- iPhone
- Samsung Galaxy
I heard that Pixel is the best choice for privacy, despite it being Google^TM. Should I go with it, and install Graphene OS or similar options? The very fact that the name "Google" is attached makes me nervous. Also, I don't think I can trust android, so I would have to install Graphene OS or the like. In the case, app support would be lacking, though.
I am considering iPhone as well, since it has "reputation" of being secure. Of course, Apple can access my data, but that might be a good enough compromise? Honestly, I don't know. It's the best supported option as well - lots of apps support iPhone.
Galaxy is just the one that I am the most familiar with (my current one is Galaxy S8). I don't trust it, though. Do they even make good hardware nowadays?
EDIT: Turns out, Pixel phones are poorly supported by local telecomm companies. It is relatively cheap though. Still worth it?
EDIT2: I heard that data & message is fine, but the call quality is impacted by lack of VoLTE compatibility.
It might still be possible to compare ciphertexts and extract information from there, right? Welp I am not sure if the whole scheme is secure against related attacks.
Do they care about what e-mail you use? Weird.