Why do you need to insert a man in the middle vector?
I mean GrapheneOS even provides it's users a web based installer. I really hate these marketing schemes based on privacy buzzwords.
Right? How do I know this isn't a CIA front shipping bugged phones to the users with something to hide? [0] NitroPhone's target demographic is very paranoid^B^B^B security conscious types, they should at least have a FAQ convincing me they're not the feds :)
> NitroPhone's target demographic is very paranoid^B^B^B security conscious types
Let's not add anymore stigmatization in an area where it would serve us all to be a little more paranoid about the amount of spying and corporate+government intrusion that is now the norm in our lives. So many things I would have thought were conspiracy theories a mere 10 years ago are now true. The slippery slope is not a fallacy anymore.
apologies for making my sarcasm too subtle, as evidenced by my wa-po link, I'm well aware that intelligence agencies really do set up fronts to sell bugged goods to a person of interest. Hell, if nothing else works they'll even arrange a vaccination drive for all the kids in your village to try and suss you out.
Just found their "About the company" page: https://www.nitrokey.com/about
They say that they are totally self-financed and produce their Nitrokeys only in Germany to prevent supply chain attacks.
I wondered if Crypto AG (the swiss company selling backdoor'd hardware) would have said the same thing and looked up their old about page. [0] In light of the CIA's involvement I find it exceedingly cheeky:
> We are present around the globe in all cultural environments. The threats, challenges, and fears you are likely to encounter are known to us; they are the source of our innovative thrust.
Thanks to our world-wide network and regional offices, our presence and services know no borders or limits.
I can be conscious of my health, but unless I make healthy choices it doesn't help much. Same with security. If you can't be bothered changing your bad habits, you may be security conscious but it isn't going to help much.
I think you either underestimate your own ability with tech or over estimate the general user. I still get calls from my parents when Firefox updates and a "new box" shows up. This is an extreme example, but this phone could be used by finance or hr team members who are also not expected to really be tech focused.
Just a idea, but support could be a reason to pick a 3rd party to manage these kinds of devices instead of installing the original project. You do open up extra avenues of compromise, but rolling out an OS project you are not really an expert in to staff is a big risk for usability. I can see a value proposition of "locked down devices, more secure than stock, 98% as secure as possible, 24/7 support" being an attractive tradeoff for some companies or people.
People are unable to install the OS. If you go to the matrix room, it's a constant stream of installation questions. Like most things, this is a skill/time/money tradeoff. If you lack in one or more, you can make up with the others.
