at Basic and Enterprise adds the lower option

Ah, I forgot about that

I'd be curious to see an audit of some sort

How are audits carried out?

what audits

<zaxxa[m] "How are audits carried out?"> I run a lot of MITMs both privately and I used to do them professionally. You want to do the monitoring not on the device. mitmproxy to another device and make sure you can decrypt all communications. "privacy" companies like Apple can make this hard since e2ee will bypass this. If there's something I can't read that's my main focus. I just have to look around a lot

Wireshark is a great tool as well. I also monitor the device in the wild to make sure it doesn't act wildly different. Malware is usually what changes when you try to audit it so companies are extremely careful to not do that. Things like VM and MITM while mostly detectable are not going to generally abuse that, it's very likely you'll catch them doing it too. Try it on malware analysis

that's what I'd do to test Windows 10

I see, thanks

cn3m[m]: do you share your results publicly?

Cripes, one family problem after another... I get back and the threads seem to have vanished.

madaidan[m]: win10 seems to be moving towards that direction with UWP applications

but momentum seems to have died.

:(

<renlord "cn3m: do you share your results "> I don't since it's too much work to organize.

developers for windows dont seem to want to develop UWP apps

it's a lot of work to just setup. Sorting and explaining the data and filtering out some things that are needed for OS functions that are not things I want shared publicly

it's just not feasible

fair enough

maybe just sharing the dump without an interpretation piece?

I could find a way to do that. Just redact some info

I'll do that the next time I test a Windows machine

<renlord "madaidan.: win10 seems to be mov"> You mean the mobile stuff?

There's W10S

they seem to have pivoted to calling them 'universal' for both desktop and mobile

but ya -- they look tablet-ish

but the windows store is pretty shitz

if i want something like win10s, i'd probably just shell out for an ipad

I might try a Windows 10 Enterprise MITM at some point

are huawei devices supported by grapheneOS?

<emucla "are huawei devices supported by "> no

Check the FAQ

in fact read the whole site in it's entirety

ok

thanks

The rest of the FAQ and at least the Usage Guide should help you understand what this project is about

emucla: grapheneos.org/usage

7list

lmao

analog what are you doing

Chrome duet Home-Search-TabSwitcher variation not working for anyone else in Bromite (83)? Any fix? Tried everything uninstalled it, cleared storage etc.

can confirm bt is broken

for calls

Bluetooth calls are broken

renlord (@freenode_renlord:matrix.org): hey how do you set Edge in the virtualization to have sane privacy settings everytime?

Running cts.

thelearner: bromite/bromite #580

josh.man: have you tried rebooting

with bt calls, its random

sometimes it works, sometimes it doesnt

Is there a CTS test plan I could run that might give us more information?

My phone is back on the rack now. One emergency lead to another and I didn't get back until friggin' late.

zoraver: thank you :)

<strcat[m] "josh.man: have you tried rebooti"> Yes sir. Various Times

I just tried again. And it worked. Weird. Will test it more during the day

i haven't been following along with the bluetooth issues very closely; why is stock aosp not experiencing this? i'm assuming it's hardening related?

iirc it's an issue exposed by hardened_malloc

JTL: gotcha

Crazy to think how upstream probably has this bug but like... not realized it because they haven't figured out the potential for that being an exploit.

Makes me nervous thinking about what other kinds of bugs could be lurking down below, that don't get found by upstream.

Not in like Android specifically, but other things.

Oh sure

Like the uh... kernel >_<.

85-90% of exploits in Android are memory related iirc

Oh jeez.

I tried to do the math on what percentage of exploits GrapheneOS would stop

My guess is effectively 40% of all exploits should be thwarted by GrapheneOS

Wow.

When will armv8.5 hardware be available? It has MTE.

A14 would probably use armv8.5

<TheJollyRoger "Wow."> TheJollyRoger: the tough part is vendor images are different every time

You also have to ask if they are trying to exploit GrapheneOS or just stock Android

Got it.

May if I recall correctly was all vendor for the pixels

Which would be very unlikely to be effected by GrapheneOS hardening

Though all of those were medium severity

btw let me know if you have issues with the clock app

an issue was reported with that

it is expected that there's a warning about the API level on first launch though

I am not sure the issue is correct

there may be no new issue

post-updated, phone rebooted and alarm rang on time to wake me up for a very important meeting

dont seem to have an issue

this was 2 days ago

Though all that said the hardening and especially on the webview is very helpful so looking at what I did specifically would be misleading

cyredanthem[m]: what sort of privacy settings? i just keep everything on default

and have dns-level ad blocking

A few random privacy settings and DuckDuckGo

I don't remember I'll check

meh, i gave up using DDG, i sometimes use startpage.com if i have the patience

otherwise just load google.com

DDG gives me very subpar search results for very specific things i look for

cyredanthem: we do harden the vendor components

just not firmware

I doubt Google is doing much effective tracking with a temporal browser any way

strcat (@strcat:matrix.org): oh thanks I stand corrected. Does it effect it if the vendor is partially built from source or not?

as we build more it applies stuff like zero-on-init for stack variables to more code

but most of the hardening applies to it already

Gotcha thanks good to know

strcat[m], yes, I received a warning (but only the first time and the apps work) in Messages, Clock and Conversations (xmpp), but they work ok and no more warning after that.

g2g for now

really need help with the bluetooth stuff

we need to figure out the order it gets in stock aosp and make sure this matches

In the code or on a live system?

both

Ah it's just the Pixel 3? If it's bonito as well I can boot the GSI(I think the AOSP May from Google is out with no gapps)

gist.github.com/Peter-Easton/ab0333677b1ee1b3e22a3231bfdd84a7 Current test of the beta release. Looks like the CTS is just being dumb again.

I think it's that CTS testing app not being installed/uninstalled properly which is responsible for the one "fail" result.

If I can help let me know. I should be able to do without my phone for a day or so

DSI Loader can't come soon enough

Dsi?

It allows you to run stock images in a live boot on any phone

At least potentially it's uncertain if bootloader will need to be unlocked

gsi you mean

generic system image?

DSU

Not DSI sorry typo

So close

Dynamic system updates

It's supported in Android 10 or at least partially

Theoretically, if I understand correctly it could be used to develop on the same device you already have if you only have one

renlord (@freenode_renlord:matrix.org): developer.android.com/topic/dsu

It needs to be signed by Google or your vendor

It's only a GSI though so it's not great for testing I guess

Welcome

Auto Dark Mode on a Pixel 2XL is not working.

Wait, does BT work now with this update on Pixel 3?

BT worked and works

BT calls are not stable

Songs on BT did not work in the previous update

Now it reversed to calls

Ahahaha

Paired with serious camera errors in opencam for the pixel 3...

Ouch.

pmn369[m]: good job

pmn369[m]: hope you upstream as device maintainer

strcat[m]: Can you help me with links or citation that Google uses this project's code?

<hiya "strcat: Can you help me with lin"> android-review.googlesource.com/q/owner:danielmicay%2540gmail.com

<hiya "strcat: Can you help me with lin"> android-developers.googleblog.com/2…ng-android-with-more-linux.html?m=1

thelonewolf[m]: hmm thanks

Does anyone know why DisplayPort Alt Mode is disabled for Pixels in the stock ROM? The 3 and 4 should have hardware capable.

Hello, I'm really curious, is there any documentation explaining how and why GrapheneOS bootloader is properly signed ?

gnumdk[m]: yes, read the android verified boot documentation

you will find a flow chart with some graphics, confirm your findings when you install grapheneos for the first time

gnumdk[m]: also, read the grapheneos.org website in its entirety, do not skip anything.

ok

But, are GrapheneOS key signed by Google ?

No

ok, so it does not work like secure boot on PC...

It is more secure

Hands-free call volume very low when paired with car audio. (after last update)

Pixel 2 XL.

gnumdk[m]: you can sign with your own keys..

@gnumdk:matrix.org GrapheneOS loads their own keys. This means your device is locked to GrapheneOS code and can't be changed without wiping the device

Hey DrWhax :)

Krita made it onto android!

gnumdk: I've been documenting stuff to do with android verified boot over at hub.libranet.de/wiki/and-priv-sec/wiki/verified-boot

nickcalyx[m]: hey hey! :)

nickcalyx: are you related to /aware of the Calyx institute and Android-based OS

hypokeimenon: calyxinstitute.org/about/board/nicholas-merrill

I see, thanks.

After folks chatting yesterday about getting apps (GCam) from various, slightly shady app stores I did some more research

Turns out Exodus Privacy display app signing certs SHA1 fingerprint in their reports

Thats reports for, I think, for every app on the Play Store.

dazinism, maybe you'd like more Stanley app from F-droid if you are looking forr the certificate and some more information

Guess thats not as nice as if they had the SHA256 fingerprints, but something

Only sha1 too...

Most often apk downloads from the devs site or git repo will use the same cert

cg_droid: yeah, prefer apps_packages info as it shows much more info about apps including the SHA256 fingerprint, but Stanley works for SHA1 fine

😉

<dazinism "After folks chatting yesterday a"> What's the bottom line I don't get it

<hypokeimenon[m] "nickcalyx: are you related to /a"> Yup

nickcalyx: I gotta try CalyxOS sometime

do you have the extra permissions?

What permissions

network and sensors nickcalyx:

cn3m[m]: at the moment we don't

gotcha thanks, I don't use anything Google so I don't need CalyxOS would just like to try it sometime

I recommend it on Reddit a lot

haven't gone more then flashing it once on an old phone

@eglssm:matrix.org hey eglssm. What device do you have now? Are you going to buy new?

strcat: old.reddit.com/r/privacytoolsIO/com…_to_cryptocompare/fs0e03i?context=3

Using the exact same screenshot as the sockpuppet accounts

So reusing saintjohnny's bullshit points

Think we might have our guy

<madaidan[m] "So reusing saintjohnny's bullshi"> Also*

Oh no that again

"Firefox is superior because Tor browser is based on it"

@eglssm:matrix.org did you disable the default apps?

<inquiree ""Firefox is superior because Tor"> Firefox is now a Target and a browser with 4% marker share leads everyone combined with zero days

<inquiree ""Firefox is superior because Tor"> You should show this to the people who say that trac.torproject.org/projects/tor/wiki/doc/ImportantGoogleChromeBugs

Chrome would be a perfect base beside proxy issues and other things

Firefox is a compromise

madaidan: Thanks for the link. I see that stupid attempt at rebuttal being echoed really often

strcat: local (VPN interface) address is no longer exposed with vanadium after latest update. Was that an upstream change?

inquiree: no I changed the default IP handling policy, see changelog

instead of you needing to configure it

That's a nice change!

there is a low more low-hanging stuff needing to be done

madaidan, cn3m: It's easy to see why that anonymous dude cannot be left alone. He's been on a personal crusade to spread BS

Anonymouse*

<inquiree "madaidan, cn3m: It's easy to see"> is he at it again?

When did he ever stop?

@freenode_inquiree:matrix.org I'm on a personal crusade to do the same thing

let's see who breaks first

@freenode_inquiree:matrix.org I'm sure he's asking the same thing about me

I don't know how he hasn't been banned honestly

With his extensive history of slandering anyone pointing out his logical inconsistencies/conspiratorial fearmongering

I am glad he's not we can spot him when he shills his guide

Even the mods aren't spared. No idea why they're still putting up with his BS

I don't really care if he's just gonna make another account and I'm going to keep debunking him

I feel like no one actually trusts that username we all know he's bad news. it's for the best he's not banned

cn3m: That should apply to people that know better. I don't think most people subscribed to the subreddits he patronizes can make that distinction

eglssm: if they really bother you can disable or uninstall apps from your main user profile on the phone using adb. Some things may stop the phone working properly so have to be a bit careful.

madaidan, cn3m: old.reddit.com/r/privacy/comments/e…ing_guide_for_normal_people/fdmxqau. You see that bit about the titan M? It's a point he loves to tout. We should probably address that

After having read bad things about F-Droid, I don't know which App Store to use. Is Aurora Store the better alternative at the moment ?

<brenneke[m] "Hands-free call volume very low "> Rebooting phone fixes but only for a while, then require rebooting again. Latest thing is not low but no audio. Is this a known problem?

clathu: what kind of apps?

clathu[m]: what bad things have you read about F-Droid?

<brenneke[m] "Rebooting phone fixes but only f"> It is...and it is being sorted out from what I understand.

I think the google play store has more malware than fdroid

<cx2[m] "It is...and it is being sorted o"> Will watch for developments thanks.

I'm pretty new to this and trying to be careful, but I had thought F-droid was (generally speaking) safer than Aurora Store.

<brenneke[m] "Will watch for developments than"> Of course! Give the guys time... there are some great minds working on this project....just working through a few kinks

* and / or gals

@nickcalyx:matrix.org depends

F-Droid has more insecure software that's a security threat

Play Store has more badware

what makes google play store apps so much more secure? there is code review?

hmalloc busts so many memory unsafe apps from play store that barely never happends with f-droid

Low

> F-Droid has more insecure software that's a security threat

How can you say that, quantitatively

developers.google.com/android/play-protect is there more than this?

From what's already been said, it may be partly to do with F-droid apps shipping with a v1 signature instead of a v2. Read past chat

@nickcalyx:matrix.org look at how long they don't patch stuff and random old programs

v2 signing is a nice addition from modern app stores yes

F-Droid does a lot right and with common sense it can be very good

Fdroid only distributes other people's software

In any case, I definitely support alternatives to google controlling the whole ecosystem of android app distribution

Probably we can all agree on that :)

I'm opposed to Google's control

@nickcalyx:matrix.org 100%

but if they open-sourced their PHA(potentially harmful app) detection algorithms or something I wouldn't mind..

I'd put a warning on any network permission app that is over two years old. Require v2 signing and block all apps over 5 years old

shouldn't be anything over 2 years old in the store tbh lol

I see comments on PTIO all the time about their disk change password and how GrapheneOS is unsuable since I said it didn't have it. I explain how it works and they say, but it's in F-Droid and it's security software section

<inquiree "madaidan, cn3m: old.redd"> I've already replied to that point but he doesn't listen. He's incredibly stubborn and ignorant. He doesn't care for the truth and no matter how much evidence you present to prove him wrong, he sticks to his biased agenda.

And btw, to ping me you need to add that dot at the end or I don't get a notification

"madaidan." instead of "madaidan"

@madaidan.:matrix.org he's a madlad with a .

<madaidan[m] "I've already replied to that poi"> Going to read.... but lemme guess... something about the spooky black box...

<cx2[m] "Going to read.... but lemme gues"> Exactly.

He likes to say Huawei phones are the best and Pixels are the worst because of the dreaded Titan M black box. It's crazy.

@madaidan.:matrix.org I need to take up a prescription habit to handle this guy

you know what i found funny about this guy

hes always obessed about the USA and the 14 eyes

because of this, he wants to use a huewei device, fine

but here is the thing

I wish him and all his alts were banned. It's too much to deal with him. He's relentless.

his proof for huewei being the only trustworthy oem comes from a report from the UK claiming they found no evidence of a backdoor

and the uk is part of the 14 eyes

so to avoid tech from the 14 eyes, your gonna rely on a report from the 14 eyes saying that something is not backdoored, where the fuck is the logic in that

The mods of r/privatelife are all his alts lol

imagigne being banned on so many privacy subs that you just start your own

<blacklight447[m] "and the uk is part of the 14 eye"> But they sided with me!?!

They must be right

look at it, its all just him posting news articles

lol

<gervarouge[m] "But they sided with me!?!"> He's so hypocritical

It's not the only case of him discrediting a source until it fits his agenda

he has so many alts I'm starting too wonder I'm one of them

😆

We all are

<blacklight447[m] "so to avoid tech from the 14 eye"> **ESPECIALLY** if that concern is likely due to “spycraft”... the Brits of all people?? haha

<madaidan[m] "It's not the only case of him di"> this just shows weakness

Can we just clone madaidan, blacklight, and cn3m?

why blacklight

Le postage

<analog[m] "why blacklight"> ?

you got a problem with me? lol

When connecting a phone to a pc to transfer files or adb, does the pc see identifying info about the phone like imei hardware id etc or just the phone name?

Android phone by the way

aksuited: no, just the phone name

aksuited: if you enable ADB and whitelist the host, completely different story, you give it a massive amount of information and control over the device

I thought that was clear?

you shouldn't be using ADB on a production device, it is in developer options for a reason

that's the purpose of ADB

I had to use it

OS and app debugging, giving an attached computer a huge amount of information and control

I disableed the usb debug after it

why did you have to use it

Amd reset the option of pc

I installed threema work app

And then i tried to uninstall and it just wouldn

So i had to use adb to uninstall it

Secure PDF Viewer app version 4 released: github.com/GrapheneOS/PdfViewer

@strcat:matrix.org thanks

github.com/GrapheneOS/PdfViewer/issues assorted easy issues to work on

also, need someone to work on updating pdf.js

last time there were issues with CSP

github.com/GrapheneOS/pdf.js is the current one

you build it with gulp

need to update

<strcat[m] "OS and app debugging, giving an "> No way now to remove the information from pc? If i remove platform tools which i used adb from?

aksuited: I don't know what you mean

I'm explaining that ADB gives a massive amount of control over the device

I doubt you needed it to uninstall an app, you could have used Settings

there is nothing you can do to take back the fact that you trusted the computer like that before - you can revoke the trusted host keys from ADB and disable ADB

if that computer was compromised it could have used ADB to gather data about the device and do all kinds of things like installing apps, granting permissions

that's what ADB does

don't use ADB if you aren't a developer is good advice

if the computer wasn't compromised then no problem...

there is nothing for you to remove in that case, don't overcomplicate things

The settings just freezed when tried to uninstall

<strcat[m] "don't use ADB if you aren't a de"> this is very good advice

along with don't use developer options

All day i tried from settings from holding the app and uninstall and nothing

if you encounter bugs please report them on the issue tracker

<strcat[m] "there is nothing for you to remo"> Ok thanks

I thought it was a corrupt install and didnt want to create an issue about it

Meaning i didnt think it was an os probl