-
renlord[m]
It just stubs out all the Google apis that gcam requires.
-
takhar[m]
Grapheneos has been great for me, not just privacy wise, but abstractly as well. The limitations make you really consider what apps sit on your phone and what you use a phone for.
-
takhar[m]
I used to buy Samsung phones bc of the cameras and Samsung pay, but now I realize I don't take many pictures and chip cards are just as convenient as spay.
-
takhar[m]
I can surf the net privately, contact my friends securely, and take a solid picture. All without telling a private corporation my every move. Can't beat that.
-
burlycootz[m]
Hey anyone have any idea about why a Bluetooth connection that requires a passcode would fail? I never get prompted. Other devices can connect, just not my pixel.
-
burlycootz[m]
Ran an adb logcat during the attempts
-
burlycootz[m]
Just see that the session terminates but no smoking gun as to why
-
burlycootz[m]
This is for my car using a2dp; regular phone Bluetooth connection is fine, that setup does not require passcode
-
spoonhoarder82[m
OK so update for all pixel 4 and pixel 4 xl users with screen flicker bs: the adb commands to set screen refresh to be capped at 60hz solve the problem almost entirely, and DO NOT wipe your personal data. I can confirm a bit more battery life too.
-
Harpocrates[m]
burlycootz: There's an option in developer options to disable a2dp offload, try toggling that setting, it might help.
-
burlycootz[m]
Yeah should have mentioned that, I did search for answers, tried that previously
-
burlycootz[m]
Sadly did not work
-
burlycootz[m]
Found this in the logs
-
burlycootz[m]
08-26 22:01:21.420 22230 22282 W bt_stack: [WARNING:connection_handler.cc(328)] auto bluetooth::avrcp::ConnectionHandler::AcceptorControlCb(uint8_t, uint8_t, uint16_t, const RawAddress *)::(anonymous class)::operator()(bluetooth::avrcp::ConnectionHandler *, uint8_t, uint16_t, uint16_t, uint16_t) const: No device found for handle: 0x01
-
burlycootz[m]
After that it disconnects
-
burlycootz[m]
Never prompts for passcode and I don't have an option in my stereo to connect without passcode
-
Harpocrates[m]
You may need to reset the BT connector in your car, if you're not sure how to then you may need to check the car manual to find out how to do that.
-
burlycootz[m]
I did pull the battery cable a while back, that was actually the start of the issues; it forgot all Bluetooth connections and I couldn't get reconnected. Worked fine before, no issue with connecting. Just can't understand why every other phone I've tried will prompt but the pixel.
-
burlycootz[m]
Appreciate the advice though
-
Harpocrates[m]
No worries. Not sure it will be a good idea for a car but when the BT on my PC goes haywire I pull the power and turn it on to drain any excess electricity, after that it connects.
-
burlycootz[m]
Tried an old BlackBerry and got connected. Passcode prompt showed up
-
burlycootz[m]
Log notes that com.android.settings generates /.Bluetooth.bluetoothpairingdialog
-
Harpocrates[m]
I'm honestly not sure then buddy, sorry I couldn't help.
-
burlycootz[m]
Eh no worries. I shall keep digging. There has to be something. Might just wipe again.
-
burlycootz[m]
Appreciate the help
-
spoonhoarder82[m
Question: when GrapheneOS moves to android 11, it is likely that it can be done via and ota update, or will we have to do a fresh install to move up to 11?
-
spoonhoarder82[m
I ask because I am thinking about installing gos for a nontechnical relative since I've has such good luck with gos and it is locked down pretty well.
-
nickcalyx[m]
It will be an OTA update
-
nickcalyx[m]
99.9%
-
niky
hello everyone, im in the market for a phone and my two options are iphone se 2020 / pixel 4a w graphene os when its supported ..
-
SEWaRybdALEy[m]
<niky "hello everyone, im in the market"> whats your threat model?
-
niky
im quite new to this idea of privacy n security , but after reading tons of comments and article abt how companies use and sell our data i wanted to change
-
niky
im just a normal person with no one in paricular targetting me
-
SEWaRybdALEy[m]
<niky "im just a normal person with no "> but like, who do you want to defend your data from?
-
niky
i want opt out of mass surveillance and data collection
-
SEWaRybdALEy[m]
I would say there is no one-size-fits-all privacy device, so here are some pros and cons and you can decide which one suits you
-
niky
could you help me understand that pls
-
niky
ive read daniel micays ios vs aosp vs graphene os on reddit
-
niky
but thats a year old now
-
cn3m[m]
<niky "ive read daniel micays ios vs ao"> ah that is a good synopsis. I saw one of the guys here made a list of his Matrix comments too one sec
-
cn3m[m]
<niky "but thats a year old now"> it is still up to date mostly
-
SEWaRybdALEy[m]
Apple pro: great security updates supports (5 years), great security and privacy features (like proximate locations), and if you happen to have lots of friends who have iphones but wont switch to imessage
-
cn3m[m]
-
cn3m[m]
> <@cn3m:privacytools.io> ah that is a good synopsis. I saw one of the guys here made a list of his Matrix comments too one sec
-
cn3m[m]
-
renlord
what does it mean to want to opt out of mass surveillance and data collection?
-
renlord
do you even read the ToS for the services that you consume?
-
cn3m[m]
GrapheneOS and iOS won't fix terrible habits ^
-
cn3m[m]
no such thing as a silver bullet
-
renlord
people with terrible habits are just asking to be spied on and getting taken advantage off, no OS can save you from yourself
-
SEWaRybdALEy[m]
well fuck it Im not gonna top that summary lol
-
SEWaRybdALEy[m]
although I would say, and its just my opinion, when the new iOS 14 come out, iOS is just better than stock Android, its not just trading blows anymore
-
cn3m[m]
iOS has always been better. So has GrapheneOS
-
cn3m[m]
I trust them both ad tracking was my job. I trust iOS and GrapheneOS to restrict apps far more
-
SEWaRybdALEy[m]
<cn3m[m] "iOS has always been better. So h"> yeah but in the article it says they are trading blows, but that article is an year old
-
niky
the ad data and analytics they collect , be it location or audio ,etc
-
SEWaRybdALEy[m]
yeah, if you goes thru all the hoops and flashed Graphene, but the first thing you did was installing Facebook.................
-
SEWaRybdALEy[m]
I mean...
-
niky
yes i understand but id like improve so just wanted to know what should i go for ios or graphene os
-
renlord
the issue with fb is not so much about using fb directly
-
renlord
but what they do in the internet in general, but that's offtopic anyways
-
niky
no im not on any social media
-
renlord
niky: sure, but the sites you visit use their services
-
renlord
and FB screws you over indirectly.
-
renlord
do you even read the cookies policy?
-
theultron[m]
Higher problem is on devices which ships with Facebook as system service. Many OEM Roms like Xiaomi have FB services as system app and many of their inbuilt apps have intents to communicate with that service app. Not sure what sort of deal FB made with manufacturer but it's clear they are buying our data.
-
cn3m[m]
lets move this to offtopic if anyone needs an invite let me know
-
renlord
theultron[m]: that's none of our concern and its a non-issue on grapheneos
-
cn3m[m]
^
-
renlord
we dont ship any built-in services besides what's shipped via aosp
-
niky
yes renlord i do read the policies and i use vpn or tor to surf
-
niky
im not completely ignorant but im no where close to u guys in terms of knowlegde
-
theultron[m]
Ofcourse. I was just saying that using FB app on something like GOS won't invade your privacy.
-
theultron[m]
What you do inside the app is a different thing!
-
cn3m[m]
niky:
madaidans-insecurities.github.io I would read this site especially the VPNs and the Browser Tracking article
-
SEWaRybdALEy[m]
I hate the fact that I brought up Facebook...its just an example guys!
-
niky
hence i thought talking to you guys might increase my insight which it actually is right now
-
cn3m[m]
this is probably the best starter guide and of course the GrapheneOS official FAQ and Usage Guide
-
niky
ive watched installation guides too for graphene os
-
niky
but im confused guys
-
SEWaRybdALEy[m]
look, here's the thing. More metaphors coming
-
-
renlord
niky: the point is that you need to practice opsec, as oppose to relying on an OS to save you
-
niky
should i buy an se or a pixel 4a
-
niky
where should i start ?
-
renlord
using a nice OS is a good start, but you need more than a nice OS to achieve your goals
-
renlord
a nice OS is a not a panacea
-
SEWaRybdALEy[m]
you going to a knife fight, but you have a machete and you have a baseball bat, the question shouldnt be which one should I take with me, rather how I use them
-
renlord
i dont have a list of reading material to recommend, but its a lot of work to realise what you want
-
theultron[m]
I will say go out and try both the devices. Buy what you like the feel, size and the experience.
-
SEWaRybdALEy[m]
cuz in some situations, Id argue that Apple is better than Graphene!
-
renlord
SEWaRybdALEy[m]: depends on trust model
-
niky
where is graphene os better than ios ?
-
SEWaRybdALEy[m]
so it would be irresponsible to say that...oh graphene is just better! pick graphene!
-
theultron[m]
<niky "where is graphene os better than"> First Party Privacy.
-
niky
renlord i completely understand your examples but all im looking for is a good start
-
SEWaRybdALEy[m]
<renlord "SEWaRybdALEy: depends on trust m"> yeah! exactly, it depends on your threat model and what kind of situation you are in
-
niky
and gradually change my digital habits
-
renlord
[aside] apple is a for-profit company beholden to very greedy shareholders that expect good QoQ growth
-
renlord
i dont know how well that agrees with security/privacy in the long-run
-
renlord
speculative opinion, dont take too seriously
-
theultron[m]
<niky "and gradually change my digital "> You can start at reddit privacy, reddit privacytoolsio, privacytoolsio discussion on matrix and techlore.
-
cn3m[m]
niky: iPhone SE and Pixel 3a is what I would get since both are available right now
-
cn3m[m]
4a is not guaranteed support
-
SEWaRybdALEy[m]
yeah, if you have the money, Id rather buy SE and a 3a both too
-
renlord
4a is now available in AVP
-
renlord
*APV
-
SEWaRybdALEy[m]
cuz graphene is privacy and secure, but its not for everyone
-
renlord
kernel port next
-
theultron[m]
May be you can buy both used iPhone SE and 3A.
-
theultron[m]
2 devices is better for security and privacy due to isolation.
-
cn3m[m]
I wasn't suggesting both
-
cn3m[m]
I was suggesting one
-
cn3m[m]
<theultron[m] "2 devices is better for security"> double the attack surface
-
niky
i can afford only one device and like cn3m said 2 devices mean more surfaCe attacks
-
cn3m[m]
1 device would be ideal
-
niky
i have used ios and stock andriod both
-
niky
im comfortable with both
-
cn3m[m]
For example if you could pull it off you can't beat the iPhone + iPad pair for security and privacy since it has only one OS and chipset as attack surface and it is a hardened mobile OS.
-
cn3m[m]
Though GrapheneOS uses Chromium which you probably use on your PC.
-
niky
but if im buy an android device it will be a pixel coz of titan m and updates
-
cn3m[m]
but at the end of the day
-
cn3m[m]
your phone is far more secure than your desktop if you use either option
-
SEWaRybdALEy[m]
well you kinda have to buy a pixel since graphene only supports pixel
-
niky
yes exactly SEWaRybdALEy[m]
-
niky
and on those privacy based sites they have graphene os as a safe os no mentions of ios
-
SEWaRybdALEy[m]
<niky "and on those privacy based sites"> yes, thats true. but with graphene OS it comes with a price, you have to absolutely sure that your daily life isnt hindered by that
-
SEWaRybdALEy[m]
It took me a year to adapt to graphene and sometimes I still dont get used to it
-
theultron[m]
Those privacy based sites will never mentioned iOS because iOS source code is not open to inspect. With GOS you can read and see the code for yourself./
-
SEWaRybdALEy[m]
but the peace of mind it offered was amazing
-
SEWaRybdALEy[m]
well thats other people whose threat model values open and transparency
-
SEWaRybdALEy[m]
thats not necessarily for you
-
SEWaRybdALEy[m]
not saving you dont need openess and transparency, but gos, it comes with a price
-
travankor
"It took me a year to adapt to graphene" wdym
-
SEWaRybdALEy[m]
like getting used to it
-
travankor
it's android?
-
SEWaRybdALEy[m]
yeah, first week, lost 50% of my apps, so I scrambled for weeks to finally get my life back together
-
SEWaRybdALEy[m]
also, im in Canada, so iMessage or WhatsApp
-
SEWaRybdALEy[m]
and suddenly, I lost iMessage, and I hate Whatsapp
-
niky
SEWaRybdALEy[m] what is your threat model ? why do you use gos ?
-
travankor
me too lol
-
niky
i dont use imessage but will use whatsapp in shelter or island thats possible right ?
-
SEWaRybdALEy[m]
so it took me a month or two to familiarize my graphene os's features and tweak it to my usage
-
SEWaRybdALEy[m]
still lost some apps, but fortunately, I bought an used iPhone
-
SEWaRybdALEy[m]
so I can get rid of my whatsapp reliance
-
SEWaRybdALEy[m]
<niky "i dont use imessage but will us"> yeah but you lost notifications and even so, the idea of giving my data to Fecesbook, I hate it
-
SEWaRybdALEy[m]
<niky "i dont use imessage but will us"> now I rarely use it and I put them in my Shelter and freeze it most of the time
-
niky
SEWaRybdALEy[m] so using whatsapp in shelter via gos is safe right ?
-
travankor
iMessage only works for iOS users
-
niky
thats the only app in need due to work
-
dmatrixs[m]
niky if you've got this much interest in these topics you probably aren't gonna be happy unless you use graphene
-
SEWaRybdALEy[m]
<niky "SEWaRybdALEy so using whatsapp i"> Facebook can still get a lot of info of you just by you using that service though
-
SEWaRybdALEy[m]
<niky "SEWaRybdALEy so using whatsapp i"> its secure, but its still not private
-
SEWaRybdALEy[m]
so, as you can see, I prioritize not giving FB anything, so I value iOS in that respect
-
SEWaRybdALEy[m]
in a iOS dominant country
-
renlord
niky: if you really wanna achieve your goals
-
niky
dmatrixs[m] im very interested in trying gos but i dont have a device atm & i have to get a new phone so it can either be pixel or the se hence im here asking for views
-
renlord
the inconvenience you get from using graphene os pales in comparison to the opsec daily practices you are expected to be practising
-
cn3m[m]
If you prefer a little more freedom choose the Pixel if you prefer being able to keep your phone for more than 3 years(more like 6) then go for the SE
-
niky
the only reason i need whatsapp is for work groups t
-
cn3m[m]
This is not as complicated as it sounds
-
dmatrixs[m]
i personally would love to hear more about what those are, at least the more inconvenient ones lol
-
SEWaRybdALEy[m]
yeah, if you want a long term phone, iOS...
-
dmatrixs[m]
renlord:
-
SEWaRybdALEy[m]
so you see its impossible to give recommendations
-
SEWaRybdALEy[m]
unless we know your threat model
-
renlord
niky: just read the privacy policy and compare it to graphene os
-
renlord
in our case, we have none since we dont log nor need to log since we have no helpdesk to help you
-
renlord
lol
-
niky
is there any way i can try graphene without buying a pixel?
-
niky
like just to taste it
-
renlord
niky: maybe, emulator
-
renlord
very clunky thouhg
-
SEWaRybdALEy[m]
<niky "is there any way i can try graph"> nope
-
theultron[m]
Is there any x86 image for GOS?
-
renlord
niky: but its just like stock AOSP
-
renlord
just flash stock aosp and try
-
renlord
the user experience is very similar
-
travankor
minus apps that run with google services
-
renlord
aosp has no google services
-
louipc
so u guys gearing up for pixel 4a/5?
-
SEWaRybdALEy[m]
<louipc "so u guys gearing up for pixel 4"> 4a yes!
-
niky
guys can i just know how gos is better than ios other than first party privacy ?
-
niky
like i know ios and gos trade blows
-
niky
but where does gos come on top of ios
-
niky
ive read alot of pro for ios
-
niky
n
-
niky
but not specifically for gos
-
cn3m[m]
<niky "guys can i just know how gos is "> it is not that simple iOS is better at restricting third party and iOS is better verified boot. Otherwise it gets really complicated
-
cn3m[m]
like I said they both beat your PC
-
cn3m[m]
The differences really don't matter
-
cn3m[m]
which lets you do what you want to do better?
-
louipc
graphene is open source so its more easily customizable to the minute detail
-
dmatrixs[m]
that^
-
SEWaRybdALEy[m]
gos being open source, take that ios!
-
louipc
but then u can't call it graphene if you change it
-
louipc
and u have to do all security update builds yourself
-
niky
louipc but im not going to change the code and like daniel had said in a comment that just becoz a code is open soucre doesnt mean it better than closed one
-
niky
im blindly going to trust gos and install it
-
niky
not alter it in any way
-
SEWaRybdALEy[m]
and gos is extra hardening security
-
louipc
niky: doesnt mean its better for security, but maybe better for other things
-
SEWaRybdALEy[m]
and gos supports multiple user profile, it might be nothing, and it might be super useful privacy feature, its really up to how you use it
-
niky
can you enlighten me ? even if the user is using linux debian or tails?
-
niky
SEWaRybdALEy[m] so different user profiles means that apps in one cant talk to the other ?
-
SEWaRybdALEy[m]
<niky "SEWaRybdALEy so different user p"> yep
-
SEWaRybdALEy[m]
also, it compartmentalise your data
-
SEWaRybdALEy[m]
you wouldnt wanna install whatsapp and give it permission to ALL your photos would you
-
SEWaRybdALEy[m]
and this is where ios wins, ios have the option for users to select the photos that an app can access
-
SEWaRybdALEy[m]
so as you can see, ios, gos, which one is more private? its really complicated
-
louipc
hey but maybe it is better for security... because you could remove 99% attack surface and make it into a flashlight or somthing.
-
louipc
only flashlight function
-
niky
SEWaRybdALEy[m]if i give whatsapp access to my photos do they upload to their servers ?
-
niky
louipc hmm got it
-
SEWaRybdALEy[m]
<niky "SEWaRybdALEy[m]if i give whatsap"> not that I know of but I know there are apps that do
-
SEWaRybdALEy[m]
whatsapp is just an example
-
niky
what os do you use on a pc ? SEWaRybdALEy[m]
-
SEWaRybdALEy[m]
and like I said, I hate facebook just as a hobby lolll
-
SEWaRybdALEy[m]
mac and linux
-
niky
got it SEWaRybdALEy[m] you have fb
-
theultron[m]
Guys it's time to move over to off-topic channel.
-
SEWaRybdALEy[m]
<niky "got it SEWaRybdALEy you have fb"> yeah, unfortunately. but signed up with fake IDs and I use frost
-
niky
btw did you read the tech new abt ios 14 cutting down data to apps like fb XD
-
theultron[m]
#grapheneos-offtopic
-
cn3m[m]
^
-
theultron[m]
* #freenode_#grapheneos-offtopic:matrix.org
-
niky
SEWaRybdALEy[m] theultron[m] cn3m[m] louipc renlord and others that im forgetting to mention , thank you all so much
-
louipc
good luck
-
cn3m[m]
<theultron[m] "#grapheneos-offtopic"> they are an urc user
-
theultron[m]
<cn3m[m] "they are an urc user"> Oh Ok. May be you can invite them into the off-topic channel.
-
zombieworld[m]
Hello, I have a Pixel 3a and installed GrapheneOS a week ago. The security patch is 5 August 2020. I have a huge question: this means my phone is already patched for the vulnerabilities of the Qualcomm SDM670 chipset that they were published in the August Security Bulletin from Qualcomm website ?
qualcomm.com/company/product-securi…etins/august-2020-security-bulletin
-
zombieworld[m]
They are 33 vulnerabilities discovered in a month !
-
cn3m[m]
zombieworld: that is a general security bulletin
-
cn3m[m]
very few actually effect the Pixel
-
cn3m[m]
-
cn3m[m]
2 effect it and they are both moderate
-
cn3m[m]
there is one high severity vulnerability in the kernel
-
cn3m[m]
that was patched
-
cn3m[m]
I have no idea if GrapheneOS kills these 3 or not
-
zombieworld[m]
Thanks a lot
-
theultron[m]
Merging the vendor from google would have fixed it right?
-
zombieworld[m]
I was amazed when I ve seen 33 vulnerabilities for the SDM670 chipset in a month
-
cn3m[m]
<theultron[m] "Merging the vendor from google w"> yes they are fixed
-
cn3m[m]
the pixel security bulletins is generally where I go
-
zombieworld[m]
I have a second question. Because I cannot use Waze on Graphene, I will have to use a samsung s7 edge as a second phone, and I wish something as secure as possible on a samsung. I like PixysOS, can you recommend something better ?
-
cn3m[m]
join the offtopic channel
-
SECLUDED-M3[m]
-
zombieworld[m]
The link does not work, I use Element
-
zombieworld[m]
I have to search for tchncs.de ?
-
zombieworld[m]
Or what ?
-
cn3m[m]
invited you
-
zombieworld[m]
cn3m: thanks
-
zombieworld[m]
hnfpz5w6jg9hfjk3: its becouse you don t have Google sevices for push notifications I think. Signal uses that.
-
cn3m[m]
Signal uses it if you don't download from the site
-
robocat[m]
I got signal from Aurora store, it works fine and notifications work as well
-
robocat[m]
Im currently on 69.2, so jo ig, im gonna update to 69.6
-
robocat[m]
Auto updates arent really an issue if you have a routine check where u update all apps
-
robocat[m]
But yes, under settins in aurora, then updates, you are able to enable automatic updates
-
robocat[m]
Although i havent tested this yet on degoogled android
-
robocat[m]
<hnfpz5w6jg9hfjk3[m] "Are there other private messagin"> I personally think, id use signal or element, and then arrange to meet whoever im chatting with, put phones in a faraday pouch
-
robocat[m]
And if your worried bout corona wear a gas mask :D
-
louipc
hazmat suit
-
za_vilfp8kn0pcyh
<hnfpz5w6jg9hfjk3[m] "Are there other private messagin"> Signal, Element are some of the best options, though Signal will serve your purpose more provided they'll be there as well
-
marlow11[m]
I always get Signal from Aurora store, never from the website. I've never had any issues. It just detects that no play services available and asks to run a background service to get around it
-
djee737ejdd[m]
<cn3m[m] "like I said they both beat your "> Entirely depends what PC you're using and how. PCs can run more powerful hardware and therefore use things as virtualization.
-
djee737ejdd[m]
<djee737ejdd[m] "Entirely depends what PC you're "> What OS**
-
djee737ejdd[m]
But that is probably off topic
-
za_vilfp8kn0pcyh
Sans virtualization maybe
-
za_vilfp8kn0pcyh
Since the context is about the OS itself
-
applescruff_53[m
Autopsy: The first two above, I have called that number and it says I have two voicemails, and there is a notification on the pull down stating I have to voicemails giving the number above. I use FreeUp as service provider and , as far as I know, have not headed any indication of a FreeUp voicemail service. What action would you advise to remedy this issue?
-
cn3m[m]
<djee737ejdd[m] "Entirely depends what PC you're "> most vms are pretty weak compared to mobile security layers
-
Autopsy[m]
<applescruff_53[m "Autopsy: The first two above, I "> Block the numbers, call up FreeUp Voicemail and see if there's anything there. If there is, listen and delete if it isn't important.
-
cn3m[m]
my iPad is essentially is running 2 kernels(Darwin and the master PPL) and using the CPU to enforce rules like KTRR to further isolation the system
-
cn3m[m]
GrapheneOS of course has many layers of protection as well
-
cn3m[m]
so you are looking at overall
-
cn3m[m]
a much more in depth defense on mobile OSes
-
cn3m[m]
verified boot.
-
cn3m[m]
etc
-
djee737ejdd[m]
<cn3m[m] "most vms are pretty weak compare"> Things as Qubesos arent. Daniel himself has said GrapheneOS could work towards that.
-
cn3m[m]
djee737ejdd: Qubes doesn't have verified boot. Also yes virtualization is better than not having it, but it doesn't make Qubes more secure than GrapheneOS
-
ruddo[m]
Qubes has Anti Evil Maid, which is a form of verified boot not based on trusted computing. But again, that is offtopic x this channel.
-
cn3m[m]
<ruddo[m] "Qubes has Anti Evil Maid, which "> no it is not at all verified boot and it doesn't even accomplish it's goals
-
ruddo[m]
Offtopic. Go argue with the Qubes devs if you want.
-
cn3m[m]
<ruddo[m] "Offtopic. Go argue with the Qub"> you are spreading misinformation. I am going to correct that
-
anupritaisno1[m]
Qubes is insecure
-
anupritaisno1[m]
It's just an outdated fedora
-
anupritaisno1[m]
Running an easily bypassable hypervisor
-
zugzwang[m]
Whats the off topic channel anyone? Cant seem to find it when i search for it
-
cn3m[m]
anupritaisno1: ^
-
anupritaisno1[m]
BTW
-
cn3m[m]
-
anupritaisno1[m]
Many of my sessions were logged off
-
anupritaisno1[m]
I accidentally reset my phone and one of my HDDs failed
-
zugzwang[m]
<anupritaisno1[m] "Many of my sessions were logged "> Mine too
-
anupritaisno1[m]
I did cross sign the new sessions
-
anupritaisno1[m]
But if you want to know why almost all my keys changed
-
anupritaisno1[m]
That is why
-
cn3m[m]
<anupritaisno1[m] "Running an easily bypassable hyp"> Xen is a poor example of well designed security
-
zugzwang[m]
-
theultron[m]
Off-topic but Xen is widely used also. AWS, Citrix?
-
anupritaisno1[m]
cn3m: BTW I have a new and more secure way of flashing glassrom on pixels
-
anupritaisno1[m]
Maybe I'll do it on grapheneos
-
anupritaisno1[m]
Maybe
-
cn3m[m]
<anupritaisno1[m] "cn3m: BTW I have a new and more "> how so?
-
cn3m[m]
<theultron[m] "Off-topic but Xen is widely used"> KVM
-
anupritaisno1[m]
<cn3m[m] "how so?"> Modify the boot control block + force recovery into sideload
-
cn3m[m]
I think AWS is KVM
-
anupritaisno1[m]
A simple script can be used to just download and verify 100mb of a boot.img
-
theultron[m]
<cn3m[m] "I think AWS is KVM"> They are shifting to KVM. But majority is still Xen.
-
cn3m[m]
<anupritaisno1[m] "Modify the boot control block + "> oh interesting
-
anupritaisno1[m]
The recovery verifies what is being flashed next
-
anupritaisno1[m]
There is also zero risk of bricking due to A/B
-
anupritaisno1[m]
You always flash to the inactive slot
-
theultron[m]
You built a custom recovery?
-
anupritaisno1[m]
No
-
anupritaisno1[m]
AOSP recovery is sufficient
-
cn3m[m]
anupritaisno1: what is the threat model here?
-
anupritaisno1[m]
None
-
anupritaisno1[m]
It's safer because you don't have to rely on getting the fastboot tools at all
-
anupritaisno1[m]
Any adb works
-
anupritaisno1[m]
As long as it isn't a dinosaur
-
cn3m[m]
hmm interesting
-
anupritaisno1[m]
In case of a failed install
-
anupritaisno1[m]
You'll just boot back to the stock ROM
-
anupritaisno1[m]
Also you download about 100-200 mb less than a fastboot image
-
theultron[m]
Nice.
-
cn3m[m]
interesting
-
Autopsy[m]
<anupritaisno1[m] "Also you download about 100-200 "> So, for all intents and purposes, it's similar to just flashing an update?
-
Autopsy[m]
Through recovery ^
-
anupritaisno1[m]
Yep
-
Autopsy[m]
Nice. If it works well, it may save people being confused with the current method
-
cdesai
you'd still need fastboot to unlock, flash avb key, and the boot.img though
-
cdesai
(and relock)
-
djee737ejdd[m]
<anupritaisno1[m] "Running an easily bypassable hyp"> What makes you say that. There are well known security researchers working on the project.
-
-
cn3m[m]
djee737ejdd: it is not at all designed with security in mind, the marketshare is plummeting, and the track record is poor. Sure the gold standard is something like Hyper-V which is frankly quite amazing. However, Xen fails to hold up even to KVM
-
lovesausage[m]
Fingerprint unlock for my apps and stuff is great, however it is not so good for unlocking the phone for several reasons I'm sure you are aware of. There is the lockdown feature on graphene , however I still need to remember to use it every time. Is there any chance of getting a lockdown always on feature?
-
dazinism
lovethere sausagetheres a feature in AOSP that is accessible for corporate device management apps, that achieves this.
-
djee737ejdd[m]
<cn3m[m] "djee737ejdd: it is not at all de"> Do you have any source on that though? Its recommended a lot by actual cybersecurity experts and non just normies like r/privacy. Some well known researchers are working on it and GrapheneOS wants to work towards it.
-
dazinism
For security reasons someone could code a patch for GrapheneOS to show a toggle to enable this
-
dazinism
-
-
dazinism
Actually it wouldnt be a toggle, but you'd set the time, for your desired case, very low
-
dazinism
I think a patch for this is likely to be accepted if someone submitted it
-
lovesausage[m]
Great :) will submit it
-
djee737ejdd[m]
<cn3m[m] "djee737ejdd: it is not at all de">
qubes-os.org/statistics
-
anupritaisno1[m]
Gold market share has also never been so high
-
djee737ejdd[m]
<anupritaisno1[m] "Gold market share has also never"> Just proved his point wrong. Never said that market share makes it good.
-
BlackWinnerYoshi
<anupritaisno1[m] "Gold market share has also never"> *Fairphone, is that you?*
-
anupritaisno1[m]
<djee737ejdd[m] "Just proved his point wrong. Nev"> Sure makes chrome good, no doubt
-
djee737ejdd[m]
QubesOS is trying to make a secure environment for running "insecure" OS and it does that damn well. They have focused too much on Linux for sure and should add better support for Windows.
-
djee737ejdd[m]
<anupritaisno1[m] "Sure makes chrome good, no doubt"> Agree with that.
-
theultron[m]
Biggest market is with VMWare. I think it's greater than combined all other hypervisors.
-
anupritaisno1[m]
Eh I like hyper v
-
anupritaisno1[m]
In my basic use I found it sufficiently secure
-
djee737ejdd[m]
As Rotkowska said, its an non egocentric way of getting privacy and security.
-
djee737ejdd[m]
Not everyone need to change to something you use. You can use the software other people use in a secure way.
-
theultron[m]
Okay. VMWare market is share is close to 75%. They dominate the market.
-
theultron[m]
Xen is at 2nd with close to 10%.
-
theultron[m]
Ofcourse all thanks to Citrix
-
dazinism
<lovesausage[m] "Great :) will submit it"> If you do that, and feel like you are on a roll, providing a way to stop user profiles would be super nice to have
developer.android.com/reference/and…onentName,%20android.os.UserHandle)
-
theultron[m]
<theultron[m] "Xen is at 2nd with close to 10%."> I doubt that Xen is so insecure.
-
trismous[m]
Guys this is offtopic
-
djee737ejdd[m]
<theultron[m] "I doubt that Xen is so insecure."> It really isn't. Some people on here think that GrapheneOS is the ONLY choice out there for an OS.
-
theultron[m]
<lovesausage[m] "Fingerprint unlock for my apps a"> Just remove fingerprint unlock/face unlock? Using pin/pass is same as lock down mode?
-
lovesausage[m]
<theultron[m] "Just remove fingerprint unlock/f"> As I said using it for my apps is great for unlocking not so much. There is no way of doing this at the moment without root or device managers.
-
theultron[m]
So you want to disable fingerprint for keyguard and use it for apps.
-
lovesausage[m]
Yes
-
Guest4938
when will pixel 4a be supported?
-
Guest4938
i want to buy new smartphone, should I wait for the support or just buy pixel 4 /XL?
-
Guest4938
any opinion?
-
anupritaisno1[m]
<djee737ejdd[m] "It really isn't. Some people on "> It is
-
za_vilfp8kn0pcyh
Don't use wifi lol
-
za_vilfp8kn0pcyh
Jk
-
za_vilfp8kn0pcyh
That was a joke of course
-
robocat[m]
<za_vilfp8kn0pcyh "Don't use wifi lol"> Use ethernet
-
za_vilfp8kn0pcyh
Find a phone with better IOMMU isolation, and HAL sandbox among Android phones
-
za_vilfp8kn0pcyh
Plus, among android, only Pixels iirc has proper implementation of MAC randomization
-
za_vilfp8kn0pcyh
If that is a problem too
-
za_vilfp8kn0pcyh
Android 10 iirc also prevents apps reading non-resettable hardware identifier unless given READ_PRIVILEDGED_PHONE_STATE (not sure if that is the right one)
-
dazinism
<lovesausage[m] "Great :) will submit it"> Actually, submitting a patch for 2 factor (fingerprint and pin) lockscreen unlock, allowing long passphrase to be needed for device boots, is what GrapheneOS really wants. Maybe this would also work for you?
-
za_vilfp8kn0pcyh
Every single device has closed source components like on firmware anyways, it just depends on how the isolation and mitigation is implemented.
-
za_vilfp8kn0pcyh
I recommend reading grapheneos.org/faq as well
-
za_vilfp8kn0pcyh
* Find a phone with better IOMMU isolation, and HAL sandbox among Android phones than Pixels
-
za_vilfp8kn0pcyh
Don't use text messages as well, you don't have to be the government to intercept them anyways
-
za_vilfp8kn0pcyh
Not sure if that answers everything, and forgive my tone. Just annoyed of black box crap, as if there is a device without a single component that is closed source
-
dazinism
-
dazinism
lovesausage that would be more desirable, although faceunlock devices wouldn't be supported. And implementing similar for them would be a whole different job
-
alzxjm[m]
djul77: Yes, unless the question is whether or not the Pixel 4a is currently supported or will be supported in the near future 😉
-
alzxjm[m]
(it probably will be, but not for a few months) You can also search the logs of the channel for common questions.
-
ruddo[m]
Google devices are the only devices that allow for flashing custom OSes and Secure Boot.
-
ruddo[m]
No chip in the device phones home to Google, that's all software, which GOS does not carry.
-
zombieworld[m]
djul77: no secure bot for Samsung
-
zombieworld[m]
Make an encrypted backup with TWRP and come back to it as often as you want. It takes just 2 minutes !
-
zombieworld[m]
* Make an encrypted backup with TWRP and come back to it as often as you want. It takes just 2 minutes !djul77
-
za_vilfp8kn0pcyh
> <@djul77:matrix.org> My other point is for an eventual feature on GrapheneOS
-
za_vilfp8kn0pcyh
> I think apps can access the device id and thus uniquely identify them. I think it would take a random ID generator that would provide a different ID to each app to stay anonymous.
-
za_vilfp8kn0pcyh
If you mean IMEI, not really
-
arept
went to a local store today looking for a pixel 3a. the guy couldnt tell me whether it was a locked or unlocked model. Is there a way to find out? I have the SKU
-
arept
anyone here?
-
zombieworld[m]
If itbwas without a contract it should be unlocked
-
zombieworld[m]
* If it was without a contract it should be unlocked arept
-
zombieworld[m]
arept: there are alsobwebsites were you can check by IMEI
-
zombieworld[m]
* arept: there are also websites were you can check by IMEI
-
nikitalita[m]1
arept: basically, if it's not the Verizon model, it's unlocked and the bootloader can be unlocked
-
nikitalita[m]1
I don't know if the SKU is different between them
-
spoonhoarder82[m
OK, update on WiFi calling: testing with friends SIMs (details above) and finding WiFi calling worked on Verizon, I bought a Verizon SIM. It does NOT work with WiFi calling on GOS (have not tried stock yet). After many calls to tech support, they basically say it is googles fault for not including some of their required patches in stock image, which sounds like BS to me.
-
spoonhoarder82[m
Tried friends SIM again and it works. The only thing we can figure is that since his SIM was registered on a Verizon phone first, that might have something to do with it on Verizon's back end.
-
spoonhoarder82[m
So be warned, WiFi calling on GOS doesn't work out of the box with Verizon. At least not in my case. If there is anything devs can do (like the guy in the above linked github thread that got WiFi calling working on a Verizon reseller) I'd be very greatful. Im not technical enough to help sadly.
-
spoonhoarder82[m
With Verizon and AT&T getting ready to go VoLTE/WiFi calling only in the nearish future, that's going to be needed anyways. :(
-
arept
so its only the verizon model? What do you mean with contract? Sim?
-
arept
are the verizon models the only ones with locked bootloaders?
-
strcat[m]
yes
-
strcat[m]
> My other point is for an eventual feature on GrapheneOS
-
strcat[m]
> I think apps can access the device id and thus uniquely identify them. I think it would take a random ID generator that would provide a different ID to each app to stay anonymous.
-
strcat[m]
Please read the FAQ. That's not possible.
-
strcat[m]
-
strcat[m]
hnfpz5w6jg9hfjk3: that video is not accurate and definitely not relevant to GrapheneOS
-
arept
strcat[m]: thanks
-
strcat[m]
@za_vilfp8kn0pcyh-tfcfvapg77a:privacytools.io: secure boot is still an accurate term for part of how it works and was used for this before it was corrupted by Microsoft and Linux distributions to refer to an incomplete and totally useless implementation with no security properties for users
-
djul77[m]
<strcat[m] "yes"> Thx
-
anupritaisno1[m]
@za_vilfp8kn0pcyh-tfcfvapg77a:privacytools.io:
-
anupritaisno1[m]
Secure boot is good indeed
-
anupritaisno1[m]
It prevents untrustworthy kernel code from running
-
anupritaisno1[m]
However
-
anupritaisno1[m]
Your userspace must have additional verification
-
anupritaisno1[m]
On grapheneos you are actually using both secure and verified boot
-
anupritaisno1[m]
It is your responsibility to set up verified boot along with verity
-
anupritaisno1[m]
Secure boot only protects the boot code
-
anupritaisno1[m]
It is not responsible for what that code does
-
anupritaisno1[m]
That code must verify the rest of the system
-
Jimmehh[m]
hey does anyone know about biometrics and laws related to unlocking phones?
-
cn3m[m]
<Jimmehh[m] "hey does anyone know about biome"> varies wildly, though for AFU reasons rebooting the device is always recommend when leaving it unattended
-
Jimmehh[m]
hmmm well i was gonna ask about if i should worry about using my index fingers as fingerprints if the national guard has them
-
cn3m[m]
<Jimmehh[m] "hmmm well i was gonna ask about "> it times out after 48 hours
-
cn3m[m]
someone would likely have to preplan and make a fake before hand
-
cn3m[m]
I don't think it is really easy to make a fake so 48 hours should be enough
-
cop-piller[m]
<Jimmehh[m] "hmmm well i was gonna ask about "> You should find out if your local police can legally use your fingerprints without our consent. And also realize that cops frequently will do it anyway even if they know it's illegal, then measure your risks. In some juristictions they will legally force you to provide the fingerprint. Fingerprint also can be faked, so anyone who has a scan of your finger could
-
cop-piller[m]
replicate the fingerprint.
-
cop-piller[m]
As far as I know making fingerprint copies is fairly easy, I saw it done with clingwrap IIRC
-
Jimmehh[m]
well the nation guard is the government lol
-
Jimmehh[m]
so thats why i'm concerned
-
Jimmehh[m]
another company(plasma donation) has my right middle fingerprint
-
gofigga[m]1
Fingerprint readers in phones arent known for their accuracy anyway. Even iohones need something like a 78% match or so
-
Jimmehh[m]
and i doubt they wouldn't not give it away if the government told them to
-
gofigga[m]1
* Fingerprint readers in phones arent known for their accuracy anyway. Even iphones need something like a 78% match or so
-
Jimmehh[m]
but maybe i'm just paranoid
-
cop-piller[m]
<Jimmehh[m] "and i doubt they wouldn't not gi"> This can and will be done even if it is illegal. Your only defense is not have sensitive or incriminating information on there.
-
Jimmehh[m]
i'm more so worried about the national guard and my index fingerprints
-
Jimmehh[m]
hmm i suppose, i guess i don't plan on doing anything really besides browsing the web, playing chess, texting and calling, and listening to music
-
Jimmehh[m]
i just don't like knowing they can get access to it like that
-
Jimmehh[m]
just doesn't sit right in my stomach
-
Jimmehh[m]
the 4a seems like the almost perfect phone(i realized its better than the se in every way besides soc) but having a finger print reader worries me a little
-
Jimmehh[m]
at least a rear fingerprint reader
-
Jimmehh[m]
but like i said maybe i'm just paranoid
-
cop-piller[m]
Think more about your threat model
-
Jimmehh[m]
yeah that's true, i can't really go into detail but one thing does worry me
-
Jimmehh[m]
but in most situations my threat model is getting away from google and such
-
cop-piller[m]
Then this is fine
-
Jimmehh[m]
yeah that's true
-
cop-piller[m]
Anyway they can beat you until you tell them the password. Even if you don't enable fingerprint.
-
SEWaRybdALEy[m]
yeah I dont see how fingerprint as biometric is inherently more dangerous than password/code, can someone tell me?
-
SEWaRybdALEy[m]
face ID? now thats another issue
-
SEWaRybdALEy[m]
if you are detained
-
louipc
i guess thats better for offtopic discussion or no?
-
SEWaRybdALEy[m]
yeah lol
-
cop-piller[m]
#grapheneos-offtopic:matrix.org