GrapheneOS Foundation Calls Out Brazil's Flawed Age Verification Law
https://europe.pub/post/10870542
GrapheneOS Foundation Calls Out Brazil's Flawed Age Verification Law - Europe Pub
> Brazil’s authoritarian age verification law became active this month. It won’t
be implemented by GrapheneOS. Complying would require integrating a mandatory
process for each user where a third party service checks government
identification and confirms a match using the camera. > > It doesn’t stop there.
It would require keeping data for auditing and providing a token for connecting
age verification checks by apps and websites to the data. The law is a privacy
disaster and exposes minors to being exploited by leaking their age bracket to
apps and websites. > > GrapheneOS has no team members or operations in Brazil.
São Paulo in Brazil is by far the biggest network hub within South America.
Miami is also a major network hub for South America and is currently where our
update server is for South America since it’s dramatically cheaper. > > We have
a tiny VPS in São Paulo for our ns1 anycast DNS and a second for our
website/network services. It probably isn’t an issue and those can be removed if
necessary. Santiago could be added for both instead but wouldn’t work very well
as a replacement for having São Paulo. > > There aren’t yet devices supporting
GrapheneOS directly sold in South America. Brazil in particular has unusually
high import duties/taxes which add up to around 100%. This has resulted in us
not having a lot of users there but our Motorola partnership will start changing
this. > > People are going to have their personal info leaked by third party age
verification services due to these laws. Children are going to be harmed by apps
and websites changing their behavior to exploit them. It isn’t going to stop
minors finding pornography if they want to find it.
GrapheneOS Foundation Discusses History Of Phoney Privacy Companies Targeting The Project
https://europe.pub/post/10770850
GrapheneOS Foundation Discusses History Of Phoney Privacy Companies Targeting The Project - Europe Pub
>There are at least a dozen people spending at least several hours attacking
GrapheneOS across platforms on a daily basis. It’s a very strange situation. How
do these people have so much time and dedication to keep making posts across
platforms attacking us? It’s relentless. > >Every day, dozens of new accounts
join our chat rooms to spread the same fabrications about GrapheneOS including
via direct messages. > >On Hacker News, one of the accounts making personal
attacks based on fabrications in most threads about GrapheneOS has been doing it
for 8 years. > >Y Combinator has a financial stake in numerous surveillance and
exploit development companies. Hacker News is a platform they own and the
moderators on it have permitted years of vile harassment towards our team which
they’d normally remove if others were targeted. > >Hacker News mods micromanage
it enough to repeatedly ask us not to reuse a bit of text across our comments.
Meanwhile, they do nothing about disgusting personal attacks and harassment
content consistently being spread in threads about GrapheneOS on their heavily
moderated site. > >The largest privacy community on Reddit /r/privacy bans any
discussion or mentions of GrapheneOS. A bot automatically removes any post
mentioning GrapheneOS they’ll very actively ban people who evade their filters.
The mods of the subreddit misrepresent this as something we want. > >Many
privacy subreddits have mods who are hostile towards GrapheneOS. We were banned
from posting on /r/Android for multiple years. The mod who banned us said our
official project account on Reddit was ban evading because they once
unjustifiably banned one of our team members. > >On Wikipedia, a company
attacking GrapheneOS project made years of edits to the site pushing false
narratives about us. They cited articles based on their own press releases.
Other content was made paraphrasing Wikipedia which ended up being cited by it.
It continues to this day. > >Articles about GrapheneOS on most platforms often
have comments engaging in baseless personal attacks towards our team, linking to
harassment content and making many clearly inaccurate claims about it. We’ve
found chat rooms coordinating this including attacks on the X platform. >
>Privacy projects are more vulnerable to these attacks because the userbase and
supporters largely avoid social media and other platforms where it happens. Many
people believe what they read on social media if it isn’t countered and it
builds echo chambers hostile to GrapheneOS. > >Many people think these must be
state sponsored attacks. However, our experience is these attacks are primarily
orchestrated by companies selling dubious products marketed as private and
secure. We did get targeted by state sponsored smear campaigns in France and
Spain though.
Vanadium version 147.0.7727.24.0 released (Bookmark Import/Export Supported Now)
https://europe.pub/post/10770135
Vanadium version 147.0.7727.24.0 released (Bookmark Import/Export Supported Now) - Europe Pub
>Changes in version 147.0.7727.24.0: > > - update to Chromium 147.0.7727.24 > -
add initial support for importing and exporting bookmarks > >A full list of
changes from the previous release (version 146.0.7680.164.0) is available
through the Git commit log between the releases
[https://github.com/GrapheneOS/Vanadium/compare/146.0.7680.164.0...147.0.7727.24.0].
> >This update is available to GrapheneOS users via our app repository and will
also be bundled into the next OS release. Vanadium isn’t yet officially
available for users outside GrapheneOS, although we plan to do that eventually.
It won’t be able to provide the WebView outside GrapheneOS and will have missing
hardening and other features.
GmsCompatConfig version 169 released
https://europe.pub/post/10770085
GmsCompatConfig version 169 released - Europe Pub
>Changes in version 169: > > - add BluetoothA2dp.getConnectionPolicy() stub to
resolve wireless Android Auto crash > >A full list of changes from the previous
release (version 168) is available through the Git commit log between the
releases
[https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/compare/config-168...config-169]
(only changes to the gmscompat_config text file and config-holder/ directory are
part of GmsCompatConfig). > >GmsCompatConfig is the text-based configuration for
the GrapheneOS sandboxed Google Play compatibility layer. It provides a large
portion of the compatibility shims. > >This update is available to GrapheneOS
users via our app repository and will also be bundled into the next OS release.
Why Root Based Attestation Is Not a Good Approach & More
https://europe.pub/post/10769193
Why Root Based Attestation Is Not a Good Approach & More - Europe Pub
>If apps are required to verify the hardware, operating system and their app for
regulatory reasons they should use an approach supporting arbitrary roots of
trust and operating systems. Android already has a standard hardware attestation
system usable for this. > >Android’s documentation and sample libraries are
biased towards Google by using them as the only valid root of trust and the API
is biased towards stock operating systems but it’s better than a centralized
API. > >https://infosec.exchange/@rene_mobile/116286110700616525
[https://infosec.exchange/@rene_mobile/116286110700616525] > >Apps should only
resort to this if they’re forced to do it. Root-based attestation provides
minimal security and is easy to bypass. It’s inherently insecure due to trusting
the weakest security systems. A leaked key from the TEE/SE on any device can be
used to spoof attestations for any device. > >Play Integrity permits a device
with years of missing security patches. It isn’t a legitimate security feature.
It checks for a device in compliance with Google’s Android business model, not
security. > >Unified Attestation is another anti-competitive system putting
companies selling products in control of which devices and operating systems are
allowed to be used. As with the Play Integrity API, it’s a phony security
feature existing solely to get their products permitted while disallowing fair
market competition. > >Android’s hardware attestation API is problematic for a
free and open market because it supports root-based attestation. However, it
does at least support choosing arbitrary trusted roots and arbitrary trusted
operating systems. It isn’t locked to Google’s roots or stock OSes they certify.
> >We made a proposal to Google for pinning-based attestation support for
Android hardware attestation and they ended up implementing it. It can be used
in combination with root-based attestation or without it. It doesn’t have the
anti-competitive properties and provides far more actual security value. >
>Root-based attestation trusts the whole hardware attestation ecosystem. Leaked
keys from any device can be used to bypass it. Pinning-based attestation starts
trust from first use and then provides a high level of security based on the
security of the device’s early boot chain and secure element. > >Root-based
attestation is mainly used to disallow an arbitary device, OS or modified app
for control rather than security. Pinning-based attestation lacks those
negatives and can be very secure. It can be bootstrapped by root-based
attestation but it works without it and it’s not the only approach
GrapheneOS Foundation Seeking Remote App Developer
https://europe.pub/post/10769092
GrapheneOS Foundation Seeking Remote App Developer - Europe Pub
>Ever seen our AOSP based apps (Phone,Messages,Gallery…) & thought I could make
a difference to bring them up? > >We’re seeking a senior Android engineer to
take ownership of the default app suite: >
>https://grapheneos.org/hiring#android-apps-software-engineer
[https://grapheneos.org/hiring#android-apps-software-engineer] > >Code standard
is high, vibe coders need not apply.
Vanadium version 146.0.7680.164.0 released
https://europe.pub/post/10756696
Vanadium version 146.0.7680.164.0 released - Europe Pub
>Changes in version 146.0.7680.164.0: > > - update to Chromium 146.0.7680.164 >
>A full list of changes from the previous release (version 146.0.7680.153.0) is
available through the Git commit log between the releases
[https://github.com/GrapheneOS/Vanadium/compare/146.0.7680.153.0...146.0.7680.164.0].
> >This update is available to GrapheneOS users via our app repository and will
also be bundled into the next OS release. Vanadium isn’t yet officially
available for users outside GrapheneOS, although we plan to do that eventually.
It won’t be able to provide the WebView outside GrapheneOS and will have missing
hardening and other features.
Android-Based GrapheneOS Refuses Age Verification, May Exit Regions That Enforce It
https://literature.cafe/post/30135358
Android-Based GrapheneOS Refuses Age Verification, May Exit Regions That Enforce It - literature.cafe
Lemmy
What are the downsides? - Lemmy.World
I’ve been thinking about making the switch for a year or two. I installed
Graphene on an old phone to get a feel for it, and the only drawback I noticed
was that it doesn’t support Firefox. Is there anything else I should consider
before switching? You can be honest - I’m mostly sold and just want to know what
to expect.
GrapheneOS Foundation To Never Required ID or Other PII To Use GrapheneOS
https://suppo.fi/post/11204611
cm0002