-
strcat[m]
at Basic and Enterprise adds the lower option
-
madaidan[m]
Ah, I forgot about that
-
JTL
I'd be curious to see an audit of some sort
-
zaxxa[m]
How are audits carried out?
-
renlord
what audits
-
cn3m[m]
<zaxxa[m] "How are audits carried out?"> I run a lot of MITMs both privately and I used to do them professionally. You want to do the monitoring not on the device. mitmproxy to another device and make sure you can decrypt all communications. "privacy" companies like Apple can make this hard since e2ee will bypass this. If there's something I can't read that's my main focus. I just have to look around a lot
-
cn3m[m]
Wireshark is a great tool as well. I also monitor the device in the wild to make sure it doesn't act wildly different. Malware is usually what changes when you try to audit it so companies are extremely careful to not do that. Things like VM and MITM while mostly detectable are not going to generally abuse that, it's very likely you'll catch them doing it too. Try it on malware analysis
-
cn3m[m]
that's what I'd do to test Windows 10
-
zaxxa[m]
I see, thanks
-
renlord
cn3m[m]: do you share your results publicly?
-
TheJollyRoger
Cripes, one family problem after another... I get back and the threads seem to have vanished.
-
renlord
madaidan[m]: win10 seems to be moving towards that direction with UWP applications
-
renlord
but momentum seems to have died.
-
renlord
:(
-
cn3m[m]
<renlord "cn3m: do you share your results "> I don't since it's too much work to organize.
-
renlord
developers for windows dont seem to want to develop UWP apps
-
cn3m[m]
it's a lot of work to just setup. Sorting and explaining the data and filtering out some things that are needed for OS functions that are not things I want shared publicly
-
cn3m[m]
it's just not feasible
-
renlord
fair enough
-
renlord
maybe just sharing the dump without an interpretation piece?
-
cn3m[m]
I could find a way to do that. Just redact some info
-
cn3m[m]
I'll do that the next time I test a Windows machine
-
madaidan[m]
<renlord "madaidan.: win10 seems to be mov"> You mean the mobile stuff?
-
madaidan[m]
There's W10S
-
renlord
they seem to have pivoted to calling them 'universal' for both desktop and mobile
-
renlord
but ya -- they look tablet-ish
-
renlord
but the windows store is pretty shitz
-
renlord
if i want something like win10s, i'd probably just shell out for an ipad
-
cn3m[m]
I might try a Windows 10 Enterprise MITM at some point
-
emucla
are huawei devices supported by grapheneOS?
-
cn3m[m]
<emucla "are huawei devices supported by "> no
-
cn3m[m]
Check the FAQ
-
cn3m[m]
in fact read the whole site in it's entirety
-
emucla
ok
-
emucla
thanks
-
cn3m[m]
-
cn3m[m]
The rest of the FAQ and at least the Usage Guide should help you understand what this project is about
-
cn3m[m]
-
emucla
7list
-
madaidanTelegram
Please log in before inviting Telegram puppets.
-
madaidan[m]
lmao
-
madaidan[m]
analog what are you doing
-
thelearner[m]
Chrome duet Home-Search-TabSwitcher variation not working for anyone else in Bromite (83)? Any fix? Tried everything uninstalled it, cleared storage etc.
-
renlord
can confirm bt is broken
-
renlord
for calls
-
joshman[m]
Bluetooth calls are broken
-
cyredanthem[m]
renlord (@freenode_renlord:matrix.org): hey how do you set Edge in the virtualization to have sane privacy settings everytime?
-
TheJollyRoger
Running cts.
-
zoraver[m]
-
strcat[m]
josh.man: have you tried rebooting
-
renlord
with bt calls, its random
-
renlord
sometimes it works, sometimes it doesnt
-
TheJollyRoger
Is there a CTS test plan I could run that might give us more information?
-
TheJollyRoger
My phone is back on the rack now. One emergency lead to another and I didn't get back until friggin' late.
-
thelearner[m]
zoraver: thank you :)
-
joshman[m]
<strcat[m] "josh.man: have you tried rebooti"> Yes sir. Various Times
-
joshman[m]
I just tried again. And it worked. Weird. Will test it more during the day
-
dan-v[m]
i haven't been following along with the bluetooth issues very closely; why is stock aosp not experiencing this? i'm assuming it's hardening related?
-
JTL
iirc it's an issue exposed by hardened_malloc
-
dan-v[m]
JTL: gotcha
-
TheJollyRoger
Crazy to think how upstream probably has this bug but like... not realized it because they haven't figured out the potential for that being an exploit.
-
TheJollyRoger
Makes me nervous thinking about what other kinds of bugs could be lurking down below, that don't get found by upstream.
-
TheJollyRoger
Not in like Android specifically, but other things.
-
JTL
Oh sure
-
TheJollyRoger
Like the uh... kernel >_<.
-
cyredanthem[m]
85-90% of exploits in Android are memory related iirc
-
TheJollyRoger
Oh jeez.
-
cyredanthem[m]
I tried to do the math on what percentage of exploits GrapheneOS would stop
-
cyredanthem[m]
My guess is effectively 40% of all exploits should be thwarted by GrapheneOS
-
TheJollyRoger
Wow.
-
thelonewolf[m]
When will armv8.5 hardware be available? It has MTE.
-
thelonewolf[m]
A14 would probably use armv8.5
-
cyredanthem[m]
<TheJollyRoger "Wow."> TheJollyRoger: the tough part is vendor images are different every time
-
cyredanthem[m]
You also have to ask if they are trying to exploit GrapheneOS or just stock Android
-
TheJollyRoger
Got it.
-
cyredanthem[m]
May if I recall correctly was all vendor for the pixels
-
cyredanthem[m]
Which would be very unlikely to be effected by GrapheneOS hardening
-
cyredanthem[m]
Though all of those were medium severity
-
strcat[m]
btw let me know if you have issues with the clock app
-
strcat[m]
an issue was reported with that
-
strcat[m]
it is expected that there's a warning about the API level on first launch though
-
strcat[m]
-
strcat[m]
I am not sure the issue is correct
-
strcat[m]
there may be no new issue
-
renlord
post-updated, phone rebooted and alarm rang on time to wake me up for a very important meeting
-
renlord
dont seem to have an issue
-
renlord
this was 2 days ago
-
cyredanthem[m]
Though all that said the hardening and especially on the webview is very helpful so looking at what I did specifically would be misleading
-
renlord
cyredanthem[m]: what sort of privacy settings? i just keep everything on default
-
renlord
and have dns-level ad blocking
-
cyredanthem[m]
A few random privacy settings and DuckDuckGo
-
cyredanthem[m]
I don't remember I'll check
-
renlord
meh, i gave up using DDG, i sometimes use startpage.com if i have the patience
-
renlord
otherwise just load google.com
-
renlord
DDG gives me very subpar search results for very specific things i look for
-
strcat[m]
cyredanthem: we do harden the vendor components
-
strcat[m]
just not firmware
-
cyredanthem[m]
I doubt Google is doing much effective tracking with a temporal browser any way
-
cyredanthem[m]
strcat (@strcat:matrix.org): oh thanks I stand corrected. Does it effect it if the vendor is partially built from source or not?
-
strcat[m]
as we build more it applies stuff like zero-on-init for stack variables to more code
-
strcat[m]
but most of the hardening applies to it already
-
cyredanthem[m]
Gotcha thanks good to know
-
cg_droid
strcat[m], yes, I received a warning (but only the first time and the apps work) in Messages, Clock and Conversations (xmpp), but they work ok and no more warning after that.
-
strcat[m]
g2g for now
-
strcat[m]
really need help with the bluetooth stuff
-
strcat[m]
we need to figure out the order it gets in stock aosp and make sure this matches
-
cyredanthem[m]
In the code or on a live system?
-
renlord
both
-
cyredanthem[m]
Ah it's just the Pixel 3? If it's bonito as well I can boot the GSI(I think the AOSP May from Google is out with no gapps)
-
TheJollyRoger
gist.github.com/Peter-Easton/ab0333677b1ee1b3e22a3231bfdd84a7 Current test of the beta release. Looks like the CTS is just being dumb again.
-
TheJollyRoger
I think it's that CTS testing app not being installed/uninstalled properly which is responsible for the one "fail" result.
-
cyredanthem[m]
If I can help let me know. I should be able to do without my phone for a day or so
-
cyredanthem[m]
DSI Loader can't come soon enough
-
blacklight447[m]
Dsi?
-
cyredanthem[m]
It allows you to run stock images in a live boot on any phone
-
cyredanthem[m]
At least potentially it's uncertain if bootloader will need to be unlocked
-
renlord
gsi you mean
-
renlord
generic system image?
-
cyredanthem[m]
DSU
-
cyredanthem[m]
Not DSI sorry typo
-
cyredanthem[m]
So close
-
cyredanthem[m]
Dynamic system updates
-
cyredanthem[m]
It's supported in Android 10 or at least partially
-
cyredanthem[m]
Theoretically, if I understand correctly it could be used to develop on the same device you already have if you only have one
-
cyredanthem[m]
renlord (@freenode_renlord:matrix.org):
developer.android.com/topic/dsu
-
cyredanthem[m]
It needs to be signed by Google or your vendor
-
cyredanthem[m]
It's only a GSI though so it's not great for testing I guess
-
cyredanthem[m]
Welcome
-
toaskoas[m]
Auto Dark Mode on a Pixel 2XL is not working.
-
bseeinu[m]
Wait, does BT work now with this update on Pixel 3?
-
joshman[m]
BT worked and works
-
joshman[m]
BT calls are not stable
-
bseeinu[m]
Songs on BT did not work in the previous update
-
bseeinu[m]
Now it reversed to calls
-
JTL
Ahahaha
-
bseeinu[m]
Paired with serious camera errors in opencam for the pixel 3...
-
bseeinu[m]
Ouch.
-
travankor
pmn369[m]: good job
-
travankor
pmn369[m]: hope you upstream as device maintainer
-
hiya
strcat[m]: Can you help me with links or citation that Google uses this project's code?
-
thelonewolf[m]
-
thelonewolf[m]
-
hiya
thelonewolf[m]: hmm thanks
-
Arhu
Does anyone know why DisplayPort Alt Mode is disabled for Pixels in the stock ROM? The 3 and 4 should have hardware capable.
-
gnumdk[m]
Hello, I'm really curious, is there any documentation explaining how and why GrapheneOS bootloader is properly signed ?
-
renlord
gnumdk[m]: yes, read the android verified boot documentation
-
renlord
you will find a flow chart with some graphics, confirm your findings when you install grapheneos for the first time
-
renlord
gnumdk[m]: also, read the grapheneos.org website in its entirety, do not skip anything.
-
gnumdk[m]
ok
-
gnumdk[m]
But, are GrapheneOS key signed by Google ?
-
nickcalyx[m]
No
-
gnumdk[m]
ok, so it does not work like secure boot on PC...
-
Arhu
It is more secure
-
brenneke[m]
Hands-free call volume very low when paired with car audio. (after last update)
-
brenneke[m]
Pixel 2 XL.
-
DrWhax
gnumdk[m]: you can sign with your own keys..
-
cn3m[m]
@gnumdk:matrix.org GrapheneOS loads their own keys. This means your device is locked to GrapheneOS code and can't be changed without wiping the device
-
nickcalyx[m]
Hey DrWhax :)
-
dazinism
Krita made it onto android!
-
dazinism
-
dazinism
gnumdk: I've been documenting stuff to do with android verified boot over at
hub.libranet.de/wiki/and-priv-sec/wiki/verified-boot
-
DrWhax
nickcalyx[m]: hey hey! :)
-
hypokeimenon[m]
nickcalyx: are you related to /aware of the Calyx institute and Android-based OS
-
dazinism
-
hypokeimenon[m]
I see, thanks.
-
dazinism
After folks chatting yesterday about getting apps (GCam) from various, slightly shady app stores I did some more research
-
dazinism
Turns out Exodus Privacy display app signing certs SHA1 fingerprint in their reports
-
dazinism
Thats reports for, I think, for every app on the Play Store.
-
dazinism
-
cg_droid
dazinism, maybe you'd like more Stanley app from F-droid if you are looking forr the certificate and some more information
-
dazinism
Guess thats not as nice as if they had the SHA256 fingerprints, but something
-
cg_droid
Only sha1 too...
-
dazinism
Most often apk downloads from the devs site or git repo will use the same cert
-
dazinism
cg_droid: yeah, prefer apps_packages info as it shows much more info about apps including the SHA256 fingerprint, but Stanley works for SHA1 fine
-
cg_droid
😉
-
joshman[m]
<dazinism "After folks chatting yesterday a"> What's the bottom line I don't get it
-
nickcalyx[m]
<hypokeimenon[m] "nickcalyx: are you related to /a"> Yup
-
cn3m[m]
nickcalyx: I gotta try CalyxOS sometime
-
cn3m[m]
do you have the extra permissions?
-
nickcalyx[m]
What permissions
-
cn3m[m]
network and sensors nickcalyx:
-
cdesai
cn3m[m]: at the moment we don't
-
cn3m[m]
gotcha thanks, I don't use anything Google so I don't need CalyxOS would just like to try it sometime
-
cn3m[m]
I recommend it on Reddit a lot
-
cn3m[m]
haven't gone more then flashing it once on an old phone
-
cn3m[m]
@eglssm:matrix.org hey eglssm. What device do you have now? Are you going to buy new?
-
madaidan[m]
-
madaidan[m]
Using the exact same screenshot as the sockpuppet accounts
-
madaidan[m]
So reusing saintjohnny's bullshit points
-
madaidan[m]
Think we might have our guy
-
madaidan[m]
<madaidan[m] "So reusing saintjohnny's bullshi"> Also*
-
inquiree
Oh no that again
-
inquiree
"Firefox is superior because Tor browser is based on it"
-
cn3m[m]
@eglssm:matrix.org did you disable the default apps?
-
cn3m[m]
<inquiree ""Firefox is superior because Tor"> Firefox is now a Target and a browser with 4% marker share leads everyone combined with zero days
-
madaidan[m]
<inquiree ""Firefox is superior because Tor"> You should show this to the people who say that
trac.torproject.org/projects/tor/wiki/doc/ImportantGoogleChromeBugs
-
cn3m[m]
Chrome would be a perfect base beside proxy issues and other things
-
cn3m[m]
Firefox is a compromise
-
inquiree
madaidan: Thanks for the link. I see that stupid attempt at rebuttal being echoed really often
-
inquiree
strcat: local (VPN interface) address is no longer exposed with vanadium after latest update. Was that an upstream change?
-
strcat[m]
inquiree: no I changed the default IP handling policy, see changelog
-
strcat[m]
instead of you needing to configure it
-
inquiree
That's a nice change!
-
strcat[m]
there is a low more low-hanging stuff needing to be done
-
inquiree
madaidan, cn3m: It's easy to see why that anonymous dude cannot be left alone. He's been on a personal crusade to spread BS
-
inquiree
Anonymouse*
-
blacklight447[m]
<inquiree "madaidan, cn3m: It's easy to see"> is he at it again?
-
inquiree
When did he ever stop?
-
cn3m[m]
@freenode_inquiree:matrix.org I'm on a personal crusade to do the same thing
-
cn3m[m]
let's see who breaks first
-
cn3m[m]
@freenode_inquiree:matrix.org I'm sure he's asking the same thing about me
-
inquiree
I don't know how he hasn't been banned honestly
-
inquiree
With his extensive history of slandering anyone pointing out his logical inconsistencies/conspiratorial fearmongering
-
cn3m[m]
I am glad he's not we can spot him when he shills his guide
-
inquiree
Even the mods aren't spared. No idea why they're still putting up with his BS
-
cn3m[m]
I don't really care if he's just gonna make another account and I'm going to keep debunking him
-
cn3m[m]
I feel like no one actually trusts that username we all know he's bad news. it's for the best he's not banned
-
inquiree
cn3m: That should apply to people that know better. I don't think most people subscribed to the subreddits he patronizes can make that distinction
-
dazinism
eglssm: if they really bother you can disable or uninstall apps from your main user profile on the phone using adb. Some things may stop the phone working properly so have to be a bit careful.
-
inquiree
madaidan, cn3m:
old.reddit.com/r/privacy/comments/e…ing_guide_for_normal_people/fdmxqau. You see that bit about the titan M? It's a point he loves to tout. We should probably address that
-
clathu[m]
After having read bad things about F-Droid, I don't know which App Store to use. Is Aurora Store the better alternative at the moment ?
-
brenneke[m]
<brenneke[m] "Hands-free call volume very low "> Rebooting phone fixes but only for a while, then require rebooting again. Latest thing is not low but no audio. Is this a known problem?
-
inquiree
clathu: what kind of apps?
-
chani
clathu[m]: what bad things have you read about F-Droid?
-
cx2[m]
<brenneke[m] "Rebooting phone fixes but only f"> It is...and it is being sorted out from what I understand.
-
nickcalyx[m]
I think the google play store has more malware than fdroid
-
brenneke[m]
<cx2[m] "It is...and it is being sorted o"> Will watch for developments thanks.
-
chani
I'm pretty new to this and trying to be careful, but I had thought F-droid was (generally speaking) safer than Aurora Store.
-
cx2[m]
<brenneke[m] "Will watch for developments than"> Of course! Give the guys time... there are some great minds working on this project....just working through a few kinks
-
cx2[m]
* and / or gals
-
cn3m[m]
@nickcalyx:matrix.org depends
-
cn3m[m]
F-Droid has more insecure software that's a security threat
-
cn3m[m]
Play Store has more badware
-
hitchhooker[m]
what makes google play store apps so much more secure? there is code review?
-
hitchhooker[m]
hmalloc busts so many memory unsafe apps from play store that barely never happends with f-droid
-
nickcalyx[m]
Low
-
nickcalyx[m]
> F-Droid has more insecure software that's a security threat
-
nickcalyx[m]
How can you say that, quantitatively
-
hitchhooker[m]
-
hypokeimenon[m]
From what's already been said, it may be partly to do with F-droid apps shipping with a v1 signature instead of a v2. Read past chat
-
cn3m[m]
@nickcalyx:matrix.org look at how long they don't patch stuff and random old programs
-
cn3m[m]
v2 signing is a nice addition from modern app stores yes
-
cn3m[m]
F-Droid does a lot right and with common sense it can be very good
-
nickcalyx[m]
Fdroid only distributes other people's software
-
nickcalyx[m]
In any case, I definitely support alternatives to google controlling the whole ecosystem of android app distribution
-
nickcalyx[m]
Probably we can all agree on that :)
-
hypokeimenon[m]
I'm opposed to Google's control
-
cn3m[m]
@nickcalyx:matrix.org 100%
-
hypokeimenon[m]
but if they open-sourced their PHA(potentially harmful app) detection algorithms or something I wouldn't mind..
-
cn3m[m]
I'd put a warning on any network permission app that is over two years old. Require v2 signing and block all apps over 5 years old
-
hypokeimenon[m]
shouldn't be anything over 2 years old in the store tbh lol
-
cn3m[m]
I see comments on PTIO all the time about their disk change password and how GrapheneOS is unsuable since I said it didn't have it. I explain how it works and they say, but it's in F-Droid and it's security software section
-
madaidan[m]
<inquiree "madaidan, cn3m:
old.redd"> I've already replied to that point but he doesn't listen. He's incredibly stubborn and ignorant. He doesn't care for the truth and no matter how much evidence you present to prove him wrong, he sticks to his biased agenda.
-
madaidan[m]
And btw, to ping me you need to add that dot at the end or I don't get a notification
-
madaidan[m]
"madaidan." instead of "madaidan"
-
cn3m[m]
@madaidan.:matrix.org he's a madlad with a .
-
cx2[m]
<madaidan[m] "I've already replied to that poi"> Going to read.... but lemme guess... something about the spooky black box...
-
madaidan[m]
<cx2[m] "Going to read.... but lemme gues"> Exactly.
-
madaidan[m]
He likes to say Huawei phones are the best and Pixels are the worst because of the dreaded Titan M black box. It's crazy.
-
cn3m[m]
@madaidan.:matrix.org I need to take up a prescription habit to handle this guy
-
blacklight447[m]
you know what i found funny about this guy
-
blacklight447[m]
hes always obessed about the USA and the 14 eyes
-
blacklight447[m]
because of this, he wants to use a huewei device, fine
-
blacklight447[m]
but here is the thing
-
madaidan[m]
I wish him and all his alts were banned. It's too much to deal with him. He's relentless.
-
blacklight447[m]
his proof for huewei being the only trustworthy oem comes from a report from the UK claiming they found no evidence of a backdoor
-
blacklight447[m]
and the uk is part of the 14 eyes
-
blacklight447[m]
so to avoid tech from the 14 eyes, your gonna rely on a report from the 14 eyes saying that something is not backdoored, where the fuck is the logic in that
-
madaidan[m]
The mods of r/privatelife are all his alts lol
-
blacklight447[m]
imagigne being banned on so many privacy subs that you just start your own
-
gervarouge[m]
<blacklight447[m] "and the uk is part of the 14 eye"> But they sided with me!?!
-
gervarouge[m]
They must be right
-
blacklight447[m]
look at it, its all just him posting news articles
-
blacklight447[m]
lol
-
madaidan[m]
<gervarouge[m] "But they sided with me!?!"> He's so hypocritical
-
madaidan[m]
It's not the only case of him discrediting a source until it fits his agenda
-
cn3m[m]
he has so many alts I'm starting too wonder I'm one of them
-
cn3m[m]
😆
-
gervarouge[m]
We all are
-
cx2[m]
<blacklight447[m] "so to avoid tech from the 14 eye"> **ESPECIALLY** if that concern is likely due to “spycraft”... the Brits of all people?? haha
-
blacklight447[m]
<madaidan[m] "It's not the only case of him di"> this just shows weakness
-
gervarouge[m]
Can we just clone madaidan, blacklight, and cn3m?
-
analog[m]
why blacklight
-
gervarouge[m]
Le postage
-
blacklight447[m]
<analog[m] "why blacklight"> ?
-
blacklight447[m]
you got a problem with me? lol
-
aksuited[m]
When connecting a phone to a pc to transfer files or adb, does the pc see identifying info about the phone like imei hardware id etc or just the phone name?
-
aksuited[m]
Android phone by the way
-
strcat[m]
aksuited: no, just the phone name
-
strcat[m]
aksuited: if you enable ADB and whitelist the host, completely different story, you give it a massive amount of information and control over the device
-
strcat[m]
I thought that was clear?
-
strcat[m]
you shouldn't be using ADB on a production device, it is in developer options for a reason
-
strcat[m]
that's the purpose of ADB
-
aksuited[m]
I had to use it
-
strcat[m]
OS and app debugging, giving an attached computer a huge amount of information and control
-
aksuited[m]
I disableed the usb debug after it
-
strcat[m]
why did you have to use it
-
aksuited[m]
Amd reset the option of pc
-
aksuited[m]
I installed threema work app
-
aksuited[m]
And then i tried to uninstall and it just wouldn
-
aksuited[m]
So i had to use adb to uninstall it
-
strcat[m]
Secure PDF Viewer app version 4 released:
github.com/GrapheneOS/PdfViewer
-
strcat[m]
-
strcat[m]
-
cn3m[m]
@strcat:matrix.org thanks
-
strcat[m]
-
strcat[m]
also, need someone to work on updating pdf.js
-
strcat[m]
last time there were issues with CSP
-
strcat[m]
-
strcat[m]
you build it with gulp
-
strcat[m]
need to update
-
aksuited[m]
<strcat[m] "OS and app debugging, giving an "> No way now to remove the information from pc? If i remove platform tools which i used adb from?
-
strcat[m]
aksuited: I don't know what you mean
-
strcat[m]
I'm explaining that ADB gives a massive amount of control over the device
-
strcat[m]
I doubt you needed it to uninstall an app, you could have used Settings
-
strcat[m]
there is nothing you can do to take back the fact that you trusted the computer like that before - you can revoke the trusted host keys from ADB and disable ADB
-
strcat[m]
if that computer was compromised it could have used ADB to gather data about the device and do all kinds of things like installing apps, granting permissions
-
strcat[m]
that's what ADB does
-
strcat[m]
don't use ADB if you aren't a developer is good advice
-
strcat[m]
if the computer wasn't compromised then no problem...
-
strcat[m]
there is nothing for you to remove in that case, don't overcomplicate things
-
aksuited[m]
The settings just freezed when tried to uninstall
-
cn3m[m]
<strcat[m] "don't use ADB if you aren't a de"> this is very good advice
-
cn3m[m]
along with don't use developer options
-
aksuited[m]
All day i tried from settings from holding the app and uninstall and nothing
-
strcat[m]
if you encounter bugs please report them on the issue tracker
-
aksuited[m]
<strcat[m] "there is nothing for you to remo"> Ok thanks
-
aksuited[m]
I thought it was a corrupt install and didnt want to create an issue about it
-
aksuited[m]
Meaning i didnt think it was an os probl