They posted the findings here, I don’t know what you want.

Sorry, I meant personally identifiable. They found out the fingerprint is computer-specific.

What is the fireproof safe for?

(attempt to tag OP): someone@lemmy.today

I’m assuming GrapheneOS isn’t backdoored. If a new release were backdoored, I would have a non-zero chance to catch it while reviewing commit diffs, but the chance of catching it would be zero if I instead used auto-update and let the devs push whatever signed binary they wanted.

The fact that devs sign the builds doesn’t protect you from a Jia Tan type of actor. Jia Tan had social-engineered they way to a maintainer and then dropped their backdoor in the .tar releases. If you had compiled from the tree you couldn’t be affected. It’s possible to fail to review malicious commits even in this case, but it is still more transparent than pre-packaged releases. And there’s no point to reproducible builds if no one actually reproduces them.

I agree. If they’re used solely as any other public forum. The problem is it supports the ecosystem of these platforms’ faux private chats. Also if you have to create an account to view a public chat why not make it encrypted all the way? Matrix.org supports encrypted rooms.

It’s also ridiculous that you have to give a phone number to use any “type of public forum”, telegram.

Telegram is no more secure than any other for-profit platform it claims to be an alternative to.