KindnessInfinity3h ago

GrapheneOS Foundation Discusses History Of Phoney Privacy Companies Targeting The Project

https://lemmy.ml/post/45061709

GrapheneOS Foundation Discusses History Of Phoney Privacy Companies Targeting The Project - Lemmy

There are at least a dozen people spending at least several hours attacking GrapheneOS across platforms on a daily basis. It’s a very strange situation. How do these people have so much time and dedication to keep making posts across platforms attacking us? It’s relentless. Every day, dozens of new accounts join our chat rooms to spread the same fabrications about GrapheneOS including via direct messages. On Hacker News, one of the accounts making personal attacks based on fabrications in most threads about GrapheneOS has been doing it for 8 years. Y Combinator has a financial stake in numerous surveillance and exploit development companies. Hacker News is a platform they own and the moderators on it have permitted years of vile harassment towards our team which they’d normally remove if others were targeted. Hacker News mods micromanage it enough to repeatedly ask us not to reuse a bit of text across our comments. Meanwhile, they do nothing about disgusting personal attacks and harassment content consistently being spread in threads about GrapheneOS on their heavily moderated site. The largest privacy community on Reddit /r/privacy bans any discussion or mentions of GrapheneOS. A bot automatically removes any post mentioning GrapheneOS they’ll very actively ban people who evade their filters. The mods of the subreddit misrepresent this as something we want. Many privacy subreddits have mods who are hostile towards GrapheneOS. We were banned from posting on /r/Android for multiple years. The mod who banned us said our official project account on Reddit was ban evading because they once unjustifiably banned one of our team members. On Wikipedia, a company attacking GrapheneOS project made years of edits to the site pushing false narratives about us. They cited articles based on their own press releases. Other content was made paraphrasing Wikipedia which ended up being cited by it. It continues to this day. Articles about GrapheneOS on most platforms often have comments engaging in baseless personal attacks towards our team, linking to harassment content and making many clearly inaccurate claims about it. We’ve found chat rooms coordinating this including attacks on the X platform. Privacy projects are more vulnerable to these attacks because the userbase and supporters largely avoid social media and other platforms where it happens. Many people believe what they read on social media if it isn’t countered and it builds echo chambers hostile to GrapheneOS. Many people think these must be state sponsored attacks. However, our experience is these attacks are primarily orchestrated by companies selling dubious products marketed as private and secure. We did get targeted by state sponsored smear campaigns in France and Spain though.

Show threadtrampinheavy3h ago
@FrutigerAero00
I know you say you don't want android, but having tried a few linux phones I am firmly convinced #grapheneos is the best mobile os available, at least for now.
KindnessInfinity3h ago

Vanadium version 147.0.7727.24.0 released (Bookmark Import/Export Supported Now)

https://lemmy.ml/post/45060697

Vanadium version 147.0.7727.24.0 released - Lemmy

Changes in version 147.0.7727.24.0: - update to Chromium 147.0.7727.24 - add initial support for importing and exporting bookmarks A full list of changes from the previous release (version 146.0.7680.164.0) is available through the Git commit log between the releases [https://github.com/GrapheneOS/Vanadium/compare/146.0.7680.164.0...147.0.7727.24.0]. This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn’t yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won’t be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

KindnessInfinity3h ago

GmsCompatConfig version 169 released

https://lemmy.ml/post/45060681

GmsCompatConfig version 169 released - Lemmy

Changes in version 169: - add BluetoothA2dp.getConnectionPolicy() stub to resolve wireless Android Auto crash A full list of changes from the previous release (version 168) is available through the Git commit log between the releases [https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/compare/config-168...config-169] (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig). GmsCompatConfig is the text-based configuration for the GrapheneOS sandboxed Google Play compatibility layer. It provides a large portion of the compatibility shims. This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

Frutiger3h ago
I want to buy a new phone and im divided because i want it #eu based and not to be #android based but on the other hand I also want it to be against #ageverification and #grapheneos is a nice choice but is android based. What should i do and why?
#Jolla with #sailfishos
#Motorola (i think that was the brand?) with #grap
Poll ends at .
KindnessInfinity4h ago

GrapheneOS Foundation Seeking Remote App Developer

https://lemmy.ml/post/45059519

GrapheneOS Foundation Seeking App Developer - Lemmy

Ever seen our AOSP based apps (Phone,Messages,Gallery…) & thought I could make a difference to bring them up? We’re seeking a senior Android engineer to take ownership of the default app suite: https://grapheneos.org/hiring#android-apps-software-engineer [https://grapheneos.org/hiring#android-apps-software-engineer] Code standard is high, vibe coders need not apply.

KindnessInfinity4h ago

Why Root Based Attestation Is Not a Good Approach & More

https://lemmy.ml/post/45059277

Why Root Based Attestation Is Not a Good Approach & More - Lemmy

If apps are required to verify the hardware, operating system and their app for regulatory reasons they should use an approach supporting arbitrary roots of trust and operating systems. Android already has a standard hardware attestation system usable for this. Android’s documentation and sample libraries are biased towards Google by using them as the only valid root of trust and the API is biased towards stock operating systems but it’s better than a centralized API. https://infosec.exchange/@rene_mobile/116286110700616525 [https://infosec.exchange/@rene_mobile/116286110700616525] Apps should only resort to this if they’re forced to do it. Root-based attestation provides minimal security and is easy to bypass. It’s inherently insecure due to trusting the weakest security systems. A leaked key from the TEE/SE on any device can be used to spoof attestations for any device. Play Integrity permits a device with years of missing security patches. It isn’t a legitimate security feature. It checks for a device in compliance with Google’s Android business model, not security. Unified Attestation is another anti-competitive system putting companies selling products in control of which devices and operating systems are allowed to be used. As with the Play Integrity API, it’s a phony security feature existing solely to get their products permitted while disallowing fair market competition. Android’s hardware attestation API is problematic for a free and open market because it supports root-based attestation. However, it does at least support choosing arbitrary trusted roots and arbitrary trusted operating systems. It isn’t locked to Google’s roots or stock OSes they certify. We made a proposal to Google for pinning-based attestation support for Android hardware attestation and they ended up implementing it. It can be used in combination with root-based attestation or without it. It doesn’t have the anti-competitive properties and provides far more actual security value. Root-based attestation trusts the whole hardware attestation ecosystem. Leaked keys from any device can be used to bypass it. Pinning-based attestation starts trust from first use and then provides a high level of security based on the security of the device’s early boot chain and secure element. Root-based attestation is mainly used to disallow an arbitary device, OS or modified app for control rather than security. Pinning-based attestation lacks those negatives and can be very secure. It can be bootstrapped by root-based attestation but it works without it and it’s not the only approach

Jonathan Harker5h ago
Is anyone else running #GrapheneOS on their phone? Asking for a friend with a Pixel 8 Pro
Kuketz-Blog 🛡5h ago

FMD (»Find My Device«) ist eine quelloffene Alternative zu Googles Geräteverfolgung – ohne Google-Dienste, ohne Tracking, mit Ende-zu-Ende-Verschlüsselung. Per Fernzugriff lässt sich das Gerät orten, sperren, klingeln lassen oder auf Werkseinstellungen zurücksetzen. Steuerung per SMS, Signal, Matrix oder Webinterface. Self-Hosting möglich. Verfügbar über F-Droid, kompatibel mit GrapheneOS. 👇

🔗 https://fmd-foss.org

#FMD #GrapheneOS #Privacy #OpenSource #AndroidPrivacy #DigitaleSelbstbestimmung

/kuk

FMD

Decentralised remote device location and control

Show threadTorf und Schnee7h ago

@daniel @madeindex even on mobile you can install #GrapheneOS. On PC the keyboard is just physical.

They got to gdrive if you don't set otherwise.

"To admit defeat is to blaspheme against the Emperor" (c)