afaict the topic of the article seems to be focusing on trust as in privacy and confidentiality

for the discussion i think we can extend trust as in also trusting the ethics and motivation of the company producing the “AI”

imo what this overlooks is that a community or privately made “AI” running entirely offline has the capacity to tick those boxes rather differently.

trusting it to be effective is perhaps an entirely different discussion however

feeling like you’ve been listened to can be therapeutic.

actionable advice is an entirely different matter ofc.

Thanks for the distinctions and links to the other good discussions you’ve started!

For the invasive bits that are included, it’s easy enough for GrapheneOS to look over the incremental updates in Android and remove the bits that they don’t like.

That’s my approximate take as well, but it wasn’t quite what I was getting at.

What I meant is, to ask ourselves why is that the case? A LOT of it is because google wills it to be so.

Not only in terms of keeping it open, but also in terms of making it easy or difficult - it’s almost entirely up to google how easy or hard it’s going to be. Right now we’re all reasonably assuming they have no current serious incentives to change their mind. After all, why would they? The miniscule % of users who go to the effort of installing privacy enhanced versions of chromium (or android based os), are a tiny drop in the ocean compared to the vast majority of users running vanilla and probably never even heard of privacy enhanced versions.

excellent writeup with some high quality referencing.

minor quibble

Firefox is insecure

i’m not sure many people would disagree with you that FF is less secure than Chromium (hardly a surprise given the disparity in their budgets and resources)

though i’m not sure it’s fair to say FF is insecure if we are by comparison inferring Chromium is secure? ofc Chromium is more secure than FF, as your reference shows.

another minor quibble

projects like linux-libre and Libreboot are worse for security than their counterparts (see coreboot)

does this read like coreboot is proprietary? isn’t it GPL2? i might’ve misunderstood something.

you make some great points about open vs closed source vs proprietary etc. again, it shouldn’t surprise us that many proprietary projects or Global500 funded opensource projects, with considerably greater access to resources, often arrive at more robust solutions.

i definitely agree you made a good case for the currently available community privacy enhanced versions based on open source projects from highly commercial entities (Chromium->Vanadium, Android/Pixel->GrapheneOS) etc. something i think to note here is that without these base projects actually being opensource, i’m not sure eg. the graphene team would’ve been able to achieve the technical goals in the time they have, and likely with even less success legally.

so in essence, in the current forms at least, we have to make some kind of compromise, choosing between something we know is technically more robust and then needing to blindly trust the organisation’s (likely malicious) incentives. therefore as you identify, obviously the best answer is to privacy enhance the project, which does then involve some semi-blind trusting the extent of the privacy enhancement process - assuming good faith in the organisation providing the privacy enhancement: there is still an implicit arms race where privacy corroding features might be implemented at various layers and degrees of opacity vs the inevitably less resourced team trying to counter them.

is there some additional semi-blind ‘faith’ we’re also employing where we are probably assuming the corporate entity currently has little financial incentive in undermining the opensource base project because they can simply bolt on whatever nastiness they want downstream? it’s probably not a bad assumption overall, though i’m often wondering how long that will remain the case.

and ofc on the other hand, we have organisations who’s motivation we supposedly trust (mostly…for now), but we know we have to make a compromise on the technical robustness. eg. while FF lags behind the latest hardening methods, it’s somewhat visible to the dedicated user where they stand from a technical perspective (it’s all documented, somewhere). so then the blind trust is in the purity of the organisation’s incentives, which is where i think the political-motivated wilfully-technically-ignorant mindset can sometimes step in. meanwhile mozilla’s credibility will likely continue to be gradually eroded, unless we as a community step up and fund them sufficiently. and even then, who knows.

there’s certainly no clear single answer for every person’s use-case, and i think you did a great job delineating the different camps. just wanted to add some discussion. i doubt i’m as up to date on these facets as OP, so welcome your thoughts.

I’m sick of privacy being at odds with security

fucking well said.