{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreiffqlpo3bj55dd5og4gpzhms3cyxx2vl3lugqzlxnmv2m3dbvmham",
"uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mogvqag5aar2"
},
"path": "/t/amd-stripped-transparent-secure-memory-encryption-from-its-consumer-cpus/38576#post_5",
"publishedAt": "2026-06-16T21:19:59.000Z",
"site": "https://discuss.privacyguides.net",
"textContent": "byte:\n\n> Mobile is _waaay_ worse.\n\nHow so? I feel that GrapheneOS is the best operating system for privsec.\n\n> GrapheneOS: The desktop Linux software stack has horrible privacy and security compared to AOSP.\n\n> GrapheneOS: Desktop OSes don’t have anything close to the security model or hardware-based security features of AOSP or iOS.\n\nWe can see proof of this in practice. All of these exploits were possible on mainstream desktop linux:\n\n> GrapheneOS isn’t vulnerable to the 3 recently disclosed Linux kernel vulnerabilities named Copy Fail, Copy Fail 2 and Dirty Frag. Current Android Open Source Project SELinux policies block exploiting all 3 bugs. Standard AOSP GKI kernel configuration also has 2/3 of the vulnerable features disabled.\n\nAndroid has a robust app sandbox, while desktop linux lets apps have full file access.\n\nbyte:\n\n> On PC you at least have ability to install any operating system…\n\nI referred to privsec, not user freedom.\n\nbyte:\n\n> Physical security is consumer responsibility. You lock doors at home, right? Why not to lock laptop in safe if you have this threat model?\n\nOk? And I don’t have to lock my phone in a safe if I had this threat model because of its outstanding hardware security.\n\nbyte:\n\n> And the main point: **never** store anything sensitive inside any machine (even with FDE). Use encrypted external drive, so you can hide it, if needed.\n\nAgree, but maybe cloud instead of locally at all.",
"title": "AMD stripped [Transparent Secure Memory Encryption] from its consumer CPUs"
}