Dear tech media, could we please stop using GrapheneOS as the judge on what's secure? I respect very much what GrapheneOS has built, but their stance that free software is not important to security is very short sighted. They literally are willing to call binary blobs secure because someone told them they are? They have no other standard to go on, since they can't inspect them.
https://www.theregister.com/2025/10/15/fsf_librphone_vs_proprietary_binary_blog/
I retweeted this yestertday, but then smb pointed out that...
> They literally are willing to call binary blobs secure because someone told them they are?
...this never really happened? At least I followed the links and the stance they express in the thread is nothing of the sort, just a neutral "out of scope" dismissal.
I share the sentiment otderwise, IMO @signalapp and Moxie have done a lot of harm in this regard, sort of reenacting Telegram's denial policy but wrt gservices
@nobody @signalapp It happened because GrapheneOS claims to do everything for security, but then, dismisses projects that aim to replace binary blobs with free software. So perhaps they did not literally say what I wrote, but that's my synopsis of their logic, as far as I can follow it. I know of no standard to audit binary blobs with any reliability. Moxie was also never a believer in free software, his hand was forced by OTF to make Signal free. It was a requirement to receive funding.
@eighthave
The post said "we don't care for getting fsf approval", nothing about librephone
@signalapp
@nobody @signalapp
They said "GNU and FSF promote a bunch of highly insecure operating systems and products which causes real harm to users"
Without GNU and FSF's decades long fight for real free software, we'd be stuck with Microsoft and Apple for our "secure" options. GNU made Linux possible, made Android possible, made Qubes and Tails possible, etc. If you care about getting to real security, where everything is free software that can be inspected, then supporting efforts like FSF is key
> They said "GNU and FSF promote a bunch of highly insecure operating systems and products which causes real harm to users"
Well, yeah they did say that, but it doesn't mean "we shouldn't bother removing blobs" or "blobs and bootstrap arent related to security", and also it's not untrue xDDD, they do tell readers to do things without informing them about all of the compromises involved
@eighthave @signalapp And "FSF is key"... what have they done relevant to making software free since ever? "The Onion"-stlye publications and legalese? Honestly, Nix (Guix, &c&c) is the only development in the past 2 decades that I'm aware of that has any practical implications for software freedom, because (tldr) bootstrap and incentives.
Inshallah with the actual new management, hires like Zoey, FSF _might_ become somehow relevant to software freedoms
@nobody @signalapp GNU is still central to GNU/Linux and GNU/Linux is central to building Android, GrapheneOS, Debian, Tails, Qubes, etc. Even macOS ships GNU. Maintenance counts. Don't forget maintenance.
Then like you said GNU Guix is leading the charge on strictly bootstrapable systems. And GNU Taler is leading the charge on privacy-respecting digital currencies, like real ones that aren't based on scams.
@nobody The FSF is a fiscal sponsor of the Guix project, together with Guix Foundation, but the FSF does not contribute per se to Guix development (even less so now that the project no longer uses FSF infra).
@eighthave
@civodul OOC, how does FSF contribute to maintaining and developing Guix?
@signalapp