It just stubs out all the Google apis that gcam requires.

Grapheneos has been great for me, not just privacy wise, but abstractly as well. The limitations make you really consider what apps sit on your phone and what you use a phone for.

I used to buy Samsung phones bc of the cameras and Samsung pay, but now I realize I don't take many pictures and chip cards are just as convenient as spay.

I can surf the net privately, contact my friends securely, and take a solid picture. All without telling a private corporation my every move. Can't beat that.

Hey anyone have any idea about why a Bluetooth connection that requires a passcode would fail? I never get prompted. Other devices can connect, just not my pixel.

Ran an adb logcat during the attempts

Just see that the session terminates but no smoking gun as to why

This is for my car using a2dp; regular phone Bluetooth connection is fine, that setup does not require passcode

OK so update for all pixel 4 and pixel 4 xl users with screen flicker bs: the adb commands to set screen refresh to be capped at 60hz solve the problem almost entirely, and DO NOT wipe your personal data. I can confirm a bit more battery life too.

burlycootz: There's an option in developer options to disable a2dp offload, try toggling that setting, it might help.

Yeah should have mentioned that, I did search for answers, tried that previously

Sadly did not work

Found this in the logs

08-26 22:01:21.420 22230 22282 W bt_stack: [WARNING:connection_handler.cc(328)] auto bluetooth::avrcp::ConnectionHandler::AcceptorControlCb(uint8_t, uint8_t, uint16_t, const RawAddress *)::(anonymous class)::operator()(bluetooth::avrcp::ConnectionHandler *, uint8_t, uint16_t, uint16_t, uint16_t) const: No device found for handle: 0x01

After that it disconnects

Never prompts for passcode and I don't have an option in my stereo to connect without passcode

You may need to reset the BT connector in your car, if you're not sure how to then you may need to check the car manual to find out how to do that.

I did pull the battery cable a while back, that was actually the start of the issues; it forgot all Bluetooth connections and I couldn't get reconnected. Worked fine before, no issue with connecting. Just can't understand why every other phone I've tried will prompt but the pixel.

Appreciate the advice though

No worries. Not sure it will be a good idea for a car but when the BT on my PC goes haywire I pull the power and turn it on to drain any excess electricity, after that it connects.

Tried an old BlackBerry and got connected. Passcode prompt showed up

Log notes that com.android.settings generates /.Bluetooth.bluetoothpairingdialog

I'm honestly not sure then buddy, sorry I couldn't help.

Eh no worries. I shall keep digging. There has to be something. Might just wipe again.

Appreciate the help

Question: when GrapheneOS moves to android 11, it is likely that it can be done via and ota update, or will we have to do a fresh install to move up to 11?

I ask because I am thinking about installing gos for a nontechnical relative since I've has such good luck with gos and it is locked down pretty well.

It will be an OTA update

99.9%

hello everyone, im in the market for a phone and my two options are iphone se 2020 / pixel 4a w graphene os when its supported ..

<niky "hello everyone, im in the market"> whats your threat model?

im quite new to this idea of privacy n security , but after reading tons of comments and article abt how companies use and sell our data i wanted to change

im just a normal person with no one in paricular targetting me

<niky "im just a normal person with no "> but like, who do you want to defend your data from?

i want opt out of mass surveillance and data collection

I would say there is no one-size-fits-all privacy device, so here are some pros and cons and you can decide which one suits you

could you help me understand that pls

ive read daniel micays ios vs aosp vs graphene os on reddit

but thats a year old now

<niky "ive read daniel micays ios vs ao"> ah that is a good synopsis. I saw one of the guys here made a list of his Matrix comments too one sec

<niky "but thats a year old now"> it is still up to date mostly

Apple pro: great security updates supports (5 years), great security and privacy features (like proximate locations), and if you happen to have lots of friends who have iphones but wont switch to imessage

<cn3m[m] "ah that is a good synopsis. I sa"> reddit.com/r/privacy/comments/ifllg…e=reddit&utm_medium=web2x&context=3

> <@cn3m:privacytools.io> ah that is a good synopsis. I saw one of the guys here made a list of his Matrix comments too one sec

* reddit.com/r/privacy/comments/ifllgs/pixel_or_iphone/g2sazav

what does it mean to want to opt out of mass surveillance and data collection?

do you even read the ToS for the services that you consume?

GrapheneOS and iOS won't fix terrible habits ^

no such thing as a silver bullet

people with terrible habits are just asking to be spied on and getting taken advantage off, no OS can save you from yourself

well fuck it Im not gonna top that summary lol

although I would say, and its just my opinion, when the new iOS 14 come out, iOS is just better than stock Android, its not just trading blows anymore

iOS has always been better. So has GrapheneOS

I trust them both ad tracking was my job. I trust iOS and GrapheneOS to restrict apps far more

<cn3m[m] "iOS has always been better. So h"> yeah but in the article it says they are trading blows, but that article is an year old

the ad data and analytics they collect , be it location or audio ,etc

yeah, if you goes thru all the hoops and flashed Graphene, but the first thing you did was installing Facebook.................

I mean...

yes i understand but id like improve so just wanted to know what should i go for ios or graphene os

the issue with fb is not so much about using fb directly

but what they do in the internet in general, but that's offtopic anyways

no im not on any social media

niky: sure, but the sites you visit use their services

and FB screws you over indirectly.

do you even read the cookies policy?

Higher problem is on devices which ships with Facebook as system service. Many OEM Roms like Xiaomi have FB services as system app and many of their inbuilt apps have intents to communicate with that service app. Not sure what sort of deal FB made with manufacturer but it's clear they are buying our data.

lets move this to offtopic if anyone needs an invite let me know

theultron[m]: that's none of our concern and its a non-issue on grapheneos

^

we dont ship any built-in services besides what's shipped via aosp

yes renlord i do read the policies and i use vpn or tor to surf

im not completely ignorant but im no where close to u guys in terms of knowlegde

Ofcourse. I was just saying that using FB app on something like GOS won't invade your privacy.

What you do inside the app is a different thing!

niky: madaidans-insecurities.github.io I would read this site especially the VPNs and the Browser Tracking article

I hate the fact that I brought up Facebook...its just an example guys!

hence i thought talking to you guys might increase my insight which it actually is right now

this is probably the best starter guide and of course the GrapheneOS official FAQ and Usage Guide

ive watched installation guides too for graphene os

but im confused guys

look, here's the thing. More metaphors coming

niky: the point is that you need to practice opsec, as oppose to relying on an OS to save you

should i buy an se or a pixel 4a

where should i start ?

using a nice OS is a good start, but you need more than a nice OS to achieve your goals

a nice OS is a not a panacea

you going to a knife fight, but you have a machete and you have a baseball bat, the question shouldnt be which one should I take with me, rather how I use them

i dont have a list of reading material to recommend, but its a lot of work to realise what you want

I will say go out and try both the devices. Buy what you like the feel, size and the experience.

cuz in some situations, Id argue that Apple is better than Graphene!

SEWaRybdALEy[m]: depends on trust model

where is graphene os better than ios ?

so it would be irresponsible to say that...oh graphene is just better! pick graphene!

<niky "where is graphene os better than"> First Party Privacy.

renlord i completely understand your examples but all im looking for is a good start

<renlord "SEWaRybdALEy: depends on trust m"> yeah! exactly, it depends on your threat model and what kind of situation you are in

and gradually change my digital habits

[aside] apple is a for-profit company beholden to very greedy shareholders that expect good QoQ growth

i dont know how well that agrees with security/privacy in the long-run

speculative opinion, dont take too seriously

<niky "and gradually change my digital "> You can start at reddit privacy, reddit privacytoolsio, privacytoolsio discussion on matrix and techlore.

niky: iPhone SE and Pixel 3a is what I would get since both are available right now

4a is not guaranteed support

yeah, if you have the money, Id rather buy SE and a 3a both too

4a is now available in AVP

*APV

cuz graphene is privacy and secure, but its not for everyone

kernel port next

May be you can buy both used iPhone SE and 3A.

2 devices is better for security and privacy due to isolation.

I wasn't suggesting both

I was suggesting one

<theultron[m] "2 devices is better for security"> double the attack surface

i can afford only one device and like cn3m said 2 devices mean more surfaCe attacks

1 device would be ideal

i have used ios and stock andriod both

im comfortable with both

For example if you could pull it off you can't beat the iPhone + iPad pair for security and privacy since it has only one OS and chipset as attack surface and it is a hardened mobile OS.

Though GrapheneOS uses Chromium which you probably use on your PC.

but if im buy an android device it will be a pixel coz of titan m and updates

but at the end of the day

your phone is far more secure than your desktop if you use either option

well you kinda have to buy a pixel since graphene only supports pixel

yes exactly SEWaRybdALEy[m]

and on those privacy based sites they have graphene os as a safe os no mentions of ios

<niky "and on those privacy based sites"> yes, thats true. but with graphene OS it comes with a price, you have to absolutely sure that your daily life isnt hindered by that

It took me a year to adapt to graphene and sometimes I still dont get used to it

Those privacy based sites will never mentioned iOS because iOS source code is not open to inspect. With GOS you can read and see the code for yourself./

but the peace of mind it offered was amazing

well thats other people whose threat model values open and transparency

thats not necessarily for you

not saving you dont need openess and transparency, but gos, it comes with a price

"It took me a year to adapt to graphene" wdym

like getting used to it

it's android?

yeah, first week, lost 50% of my apps, so I scrambled for weeks to finally get my life back together

also, im in Canada, so iMessage or WhatsApp

and suddenly, I lost iMessage, and I hate Whatsapp

SEWaRybdALEy[m] what is your threat model ? why do you use gos ?

me too lol

i dont use imessage but will use whatsapp in shelter or island thats possible right ?

so it took me a month or two to familiarize my graphene os's features and tweak it to my usage

still lost some apps, but fortunately, I bought an used iPhone

so I can get rid of my whatsapp reliance

<niky "i dont use imessage but will us"> yeah but you lost notifications and even so, the idea of giving my data to Fecesbook, I hate it

<niky "i dont use imessage but will us"> now I rarely use it and I put them in my Shelter and freeze it most of the time

SEWaRybdALEy[m] so using whatsapp in shelter via gos is safe right ?

iMessage only works for iOS users

thats the only app in need due to work

niky if you've got this much interest in these topics you probably aren't gonna be happy unless you use graphene

<niky "SEWaRybdALEy so using whatsapp i"> Facebook can still get a lot of info of you just by you using that service though

<niky "SEWaRybdALEy so using whatsapp i"> its secure, but its still not private

so, as you can see, I prioritize not giving FB anything, so I value iOS in that respect

in a iOS dominant country

niky: if you really wanna achieve your goals

dmatrixs[m] im very interested in trying gos but i dont have a device atm & i have to get a new phone so it can either be pixel or the se hence im here asking for views

the inconvenience you get from using graphene os pales in comparison to the opsec daily practices you are expected to be practising

If you prefer a little more freedom choose the Pixel if you prefer being able to keep your phone for more than 3 years(more like 6) then go for the SE

the only reason i need whatsapp is for work groups t

This is not as complicated as it sounds

i personally would love to hear more about what those are, at least the more inconvenient ones lol

yeah, if you want a long term phone, iOS...

renlord:

so you see its impossible to give recommendations

unless we know your threat model

niky: just read the privacy policy and compare it to graphene os

in our case, we have none since we dont log nor need to log since we have no helpdesk to help you

lol

is there any way i can try graphene without buying a pixel?

like just to taste it

niky: maybe, emulator

very clunky thouhg

<niky "is there any way i can try graph"> nope

Is there any x86 image for GOS?

niky: but its just like stock AOSP

just flash stock aosp and try

the user experience is very similar

minus apps that run with google services

aosp has no google services

so u guys gearing up for pixel 4a/5?

<louipc "so u guys gearing up for pixel 4"> 4a yes!

guys can i just know how gos is better than ios other than first party privacy ?

like i know ios and gos trade blows

but where does gos come on top of ios

ive read alot of pro for ios

n

but not specifically for gos

<niky "guys can i just know how gos is "> it is not that simple iOS is better at restricting third party and iOS is better verified boot. Otherwise it gets really complicated

like I said they both beat your PC

The differences really don't matter

which lets you do what you want to do better?

graphene is open source so its more easily customizable to the minute detail

that^

gos being open source, take that ios!

but then u can't call it graphene if you change it

and u have to do all security update builds yourself

louipc but im not going to change the code and like daniel had said in a comment that just becoz a code is open soucre doesnt mean it better than closed one

im blindly going to trust gos and install it

not alter it in any way

and gos is extra hardening security

niky: doesnt mean its better for security, but maybe better for other things

and gos supports multiple user profile, it might be nothing, and it might be super useful privacy feature, its really up to how you use it

can you enlighten me ? even if the user is using linux debian or tails?

SEWaRybdALEy[m] so different user profiles means that apps in one cant talk to the other ?

<niky "SEWaRybdALEy so different user p"> yep

also, it compartmentalise your data

you wouldnt wanna install whatsapp and give it permission to ALL your photos would you

and this is where ios wins, ios have the option for users to select the photos that an app can access

so as you can see, ios, gos, which one is more private? its really complicated

hey but maybe it is better for security... because you could remove 99% attack surface and make it into a flashlight or somthing.

only flashlight function

SEWaRybdALEy[m]if i give whatsapp access to my photos do they upload to their servers ?

louipc hmm got it

<niky "SEWaRybdALEy[m]if i give whatsap"> not that I know of but I know there are apps that do

whatsapp is just an example

what os do you use on a pc ? SEWaRybdALEy[m]

and like I said, I hate facebook just as a hobby lolll

mac and linux

got it SEWaRybdALEy[m] you have fb

Guys it's time to move over to off-topic channel.

<niky "got it SEWaRybdALEy you have fb"> yeah, unfortunately. but signed up with fake IDs and I use frost

btw did you read the tech new abt ios 14 cutting down data to apps like fb XD

#grapheneos-offtopic

^

* #freenode_#grapheneos-offtopic:matrix.org

SEWaRybdALEy[m] theultron[m] cn3m[m] louipc renlord and others that im forgetting to mention , thank you all so much

good luck

<theultron[m] "#grapheneos-offtopic"> they are an urc user

<cn3m[m] "they are an urc user"> Oh Ok. May be you can invite them into the off-topic channel.

Hello, I have a Pixel 3a and installed GrapheneOS a week ago. The security patch is 5 August 2020. I have a huge question: this means my phone is already patched for the vulnerabilities of the Qualcomm SDM670 chipset that they were published in the August Security Bulletin from Qualcomm website ? qualcomm.com/company/product-securi…etins/august-2020-security-bulletin

They are 33 vulnerabilities discovered in a month !

zombieworld: that is a general security bulletin

very few actually effect the Pixel

2 effect it and they are both moderate

there is one high severity vulnerability in the kernel

that was patched

I have no idea if GrapheneOS kills these 3 or not

Thanks a lot

Merging the vendor from google would have fixed it right?

I was amazed when I ve seen 33 vulnerabilities for the SDM670 chipset in a month

<theultron[m] "Merging the vendor from google w"> yes they are fixed

the pixel security bulletins is generally where I go

I have a second question. Because I cannot use Waze on Graphene, I will have to use a samsung s7 edge as a second phone, and I wish something as secure as possible on a samsung. I like PixysOS, can you recommend something better ?

join the offtopic channel

"zombieworld" (matrix.to/#/@zombieworld:matrix.org) matrix.to/#/!NKqyWWNTlbuXwOPMCt:mat…ols.io&via=matrix.org&via=tchncs.de

The link does not work, I use Element

I have to search for tchncs.de ?

Or what ?

invited you

cn3m: thanks

hnfpz5w6jg9hfjk3: its becouse you don t have Google sevices for push notifications I think. Signal uses that.

Signal uses it if you don't download from the site

I got signal from Aurora store, it works fine and notifications work as well

Im currently on 69.2, so jo ig, im gonna update to 69.6

Auto updates arent really an issue if you have a routine check where u update all apps

But yes, under settins in aurora, then updates, you are able to enable automatic updates

Although i havent tested this yet on degoogled android

<hnfpz5w6jg9hfjk3[m] "Are there other private messagin"> I personally think, id use signal or element, and then arrange to meet whoever im chatting with, put phones in a faraday pouch

And if your worried bout corona wear a gas mask :D

hazmat suit

<hnfpz5w6jg9hfjk3[m] "Are there other private messagin"> Signal, Element are some of the best options, though Signal will serve your purpose more provided they'll be there as well

I always get Signal from Aurora store, never from the website. I've never had any issues. It just detects that no play services available and asks to run a background service to get around it

<cn3m[m] "like I said they both beat your "> Entirely depends what PC you're using and how. PCs can run more powerful hardware and therefore use things as virtualization.

<djee737ejdd[m] "Entirely depends what PC you're "> What OS**

But that is probably off topic

Sans virtualization maybe

Since the context is about the OS itself

Autopsy: The first two above, I have called that number and it says I have two voicemails, and there is a notification on the pull down stating I have to voicemails giving the number above. I use FreeUp as service provider and , as far as I know, have not headed any indication of a FreeUp voicemail service. What action would you advise to remedy this issue?

<djee737ejdd[m] "Entirely depends what PC you're "> most vms are pretty weak compared to mobile security layers

<applescruff_53[m "Autopsy: The first two above, I "> Block the numbers, call up FreeUp Voicemail and see if there's anything there. If there is, listen and delete if it isn't important.

my iPad is essentially is running 2 kernels(Darwin and the master PPL) and using the CPU to enforce rules like KTRR to further isolation the system

GrapheneOS of course has many layers of protection as well

so you are looking at overall

a much more in depth defense on mobile OSes

verified boot.

etc

<cn3m[m] "most vms are pretty weak compare"> Things as Qubesos arent. Daniel himself has said GrapheneOS could work towards that.

djee737ejdd: Qubes doesn't have verified boot. Also yes virtualization is better than not having it, but it doesn't make Qubes more secure than GrapheneOS

Qubes has Anti Evil Maid, which is a form of verified boot not based on trusted computing. But again, that is offtopic x this channel.

<ruddo[m] "Qubes has Anti Evil Maid, which "> no it is not at all verified boot and it doesn't even accomplish it's goals

Offtopic. Go argue with the Qubes devs if you want.

<ruddo[m] "Offtopic. Go argue with the Qub"> you are spreading misinformation. I am going to correct that

Qubes is insecure

It's just an outdated fedora

Running an easily bypassable hypervisor

Whats the off topic channel anyone? Cant seem to find it when i search for it

anupritaisno1: ^

BTW

<zugzwang[m] "Whats the off topic channel anyo"> matrix.to/#/!NKqyWWNTlbuXwOPMCt:mat…g&via=privacytools.io&via=tchncs.de

Many of my sessions were logged off

I accidentally reset my phone and one of my HDDs failed

<anupritaisno1[m] "Many of my sessions were logged "> Mine too

I did cross sign the new sessions

But if you want to know why almost all my keys changed

That is why

<anupritaisno1[m] "Running an easily bypassable hyp"> Xen is a poor example of well designed security

<cn3m[m] "matrix.to/#/!NKqyWWNTlbu"> Thank you

Off-topic but Xen is widely used also. AWS, Citrix?

cn3m: BTW I have a new and more secure way of flashing glassrom on pixels

Maybe I'll do it on grapheneos

Maybe

<anupritaisno1[m] "cn3m: BTW I have a new and more "> how so?

<theultron[m] "Off-topic but Xen is widely used"> KVM

<cn3m[m] "how so?"> Modify the boot control block + force recovery into sideload

I think AWS is KVM

A simple script can be used to just download and verify 100mb of a boot.img

<cn3m[m] "I think AWS is KVM"> They are shifting to KVM. But majority is still Xen.

<anupritaisno1[m] "Modify the boot control block + "> oh interesting

The recovery verifies what is being flashed next

There is also zero risk of bricking due to A/B

You always flash to the inactive slot

You built a custom recovery?

No

AOSP recovery is sufficient

anupritaisno1: what is the threat model here?

None

It's safer because you don't have to rely on getting the fastboot tools at all

Any adb works

As long as it isn't a dinosaur

hmm interesting

In case of a failed install

You'll just boot back to the stock ROM

Also you download about 100-200 mb less than a fastboot image

Nice.

interesting

<anupritaisno1[m] "Also you download about 100-200 "> So, for all intents and purposes, it's similar to just flashing an update?

Through recovery ^

Yep

Nice. If it works well, it may save people being confused with the current method

you'd still need fastboot to unlock, flash avb key, and the boot.img though

(and relock)

<anupritaisno1[m] "Running an easily bypassable hyp"> What makes you say that. There are well known security researchers working on the project.

djee737ejdd: it is not at all designed with security in mind, the marketshare is plummeting, and the track record is poor. Sure the gold standard is something like Hyper-V which is frankly quite amazing. However, Xen fails to hold up even to KVM

Fingerprint unlock for my apps and stuff is great, however it is not so good for unlocking the phone for several reasons I'm sure you are aware of. There is the lockdown feature on graphene , however I still need to remember to use it every time. Is there any chance of getting a lockdown always on feature?

lovethere sausagetheres a feature in AOSP that is accessible for corporate device management apps, that achieves this.

<cn3m[m] "djee737ejdd: it is not at all de"> Do you have any source on that though? Its recommended a lot by actual cybersecurity experts and non just normies like r/privacy. Some well known researchers are working on it and GrapheneOS wants to work towards it.

For security reasons someone could code a patch for GrapheneOS to show a toggle to enable this

Actually it wouldnt be a toggle, but you'd set the time, for your desired case, very low

I think a patch for this is likely to be accepted if someone submitted it

Great :) will submit it

<cn3m[m] "djee737ejdd: it is not at all de"> qubes-os.org/statistics

Gold market share has also never been so high

<anupritaisno1[m] "Gold market share has also never"> Just proved his point wrong. Never said that market share makes it good.

<anupritaisno1[m] "Gold market share has also never"> *Fairphone, is that you?*

<djee737ejdd[m] "Just proved his point wrong. Nev"> Sure makes chrome good, no doubt

QubesOS is trying to make a secure environment for running "insecure" OS and it does that damn well. They have focused too much on Linux for sure and should add better support for Windows.

<anupritaisno1[m] "Sure makes chrome good, no doubt"> Agree with that.

Biggest market is with VMWare. I think it's greater than combined all other hypervisors.

Eh I like hyper v

In my basic use I found it sufficiently secure

As Rotkowska said, its an non egocentric way of getting privacy and security.

Not everyone need to change to something you use. You can use the software other people use in a secure way.

Okay. VMWare market is share is close to 75%. They dominate the market.

Xen is at 2nd with close to 10%.

Ofcourse all thanks to Citrix

<lovesausage[m] "Great :) will submit it"> If you do that, and feel like you are on a roll, providing a way to stop user profiles would be super nice to have developer.android.com/reference/and…onentName,%20android.os.UserHandle)

<theultron[m] "Xen is at 2nd with close to 10%."> I doubt that Xen is so insecure.

Guys this is offtopic

<theultron[m] "I doubt that Xen is so insecure."> It really isn't. Some people on here think that GrapheneOS is the ONLY choice out there for an OS.

<lovesausage[m] "Fingerprint unlock for my apps a"> Just remove fingerprint unlock/face unlock? Using pin/pass is same as lock down mode?

<theultron[m] "Just remove fingerprint unlock/f"> As I said using it for my apps is great for unlocking not so much. There is no way of doing this at the moment without root or device managers.

So you want to disable fingerprint for keyguard and use it for apps.

Yes

when will pixel 4a be supported?

i want to buy new smartphone, should I wait for the support or just buy pixel 4 /XL?

any opinion?

<djee737ejdd[m] "It really isn't. Some people on "> It is

Don't use wifi lol

Jk

That was a joke of course

<za_vilfp8kn0pcyh "Don't use wifi lol"> Use ethernet

Find a phone with better IOMMU isolation, and HAL sandbox among Android phones

Plus, among android, only Pixels iirc has proper implementation of MAC randomization

If that is a problem too

Android 10 iirc also prevents apps reading non-resettable hardware identifier unless given READ_PRIVILEDGED_PHONE_STATE (not sure if that is the right one)

<lovesausage[m] "Great :) will submit it"> Actually, submitting a patch for 2 factor (fingerprint and pin) lockscreen unlock, allowing long passphrase to be needed for device boots, is what GrapheneOS really wants. Maybe this would also work for you?

Every single device has closed source components like on firmware anyways, it just depends on how the isolation and mitigation is implemented.

I recommend reading grapheneos.org/faq as well

* Find a phone with better IOMMU isolation, and HAL sandbox among Android phones than Pixels

Don't use text messages as well, you don't have to be the government to intercept them anyways

Not sure if that answers everything, and forgive my tone. Just annoyed of black box crap, as if there is a device without a single component that is closed source

lovesausage that would be more desirable, although faceunlock devices wouldn't be supported. And implementing similar for them would be a whole different job

djul77: Yes, unless the question is whether or not the Pixel 4a is currently supported or will be supported in the near future 😉

(it probably will be, but not for a few months) You can also search the logs of the channel for common questions.

Google devices are the only devices that allow for flashing custom OSes and Secure Boot.

No chip in the device phones home to Google, that's all software, which GOS does not carry.

djul77: no secure bot for Samsung

Make an encrypted backup with TWRP and come back to it as often as you want. It takes just 2 minutes !

* Make an encrypted backup with TWRP and come back to it as often as you want. It takes just 2 minutes !djul77

> <@djul77:matrix.org> My other point is for an eventual feature on GrapheneOS

> I think apps can access the device id and thus uniquely identify them. I think it would take a random ID generator that would provide a different ID to each app to stay anonymous.

If you mean IMEI, not really

went to a local store today looking for a pixel 3a. the guy couldnt tell me whether it was a locked or unlocked model. Is there a way to find out? I have the SKU

anyone here?

If itbwas without a contract it should be unlocked

* If it was without a contract it should be unlocked arept

arept: there are alsobwebsites were you can check by IMEI

* arept: there are also websites were you can check by IMEI

arept: basically, if it's not the Verizon model, it's unlocked and the bootloader can be unlocked

I don't know if the SKU is different between them

OK, update on WiFi calling: testing with friends SIMs (details above) and finding WiFi calling worked on Verizon, I bought a Verizon SIM. It does NOT work with WiFi calling on GOS (have not tried stock yet). After many calls to tech support, they basically say it is googles fault for not including some of their required patches in stock image, which sounds like BS to me.

Tried friends SIM again and it works. The only thing we can figure is that since his SIM was registered on a Verizon phone first, that might have something to do with it on Verizon's back end.

So be warned, WiFi calling on GOS doesn't work out of the box with Verizon. At least not in my case. If there is anything devs can do (like the guy in the above linked github thread that got WiFi calling working on a Verizon reseller) I'd be very greatful. Im not technical enough to help sadly.

With Verizon and AT&T getting ready to go VoLTE/WiFi calling only in the nearish future, that's going to be needed anyways. :(

so its only the verizon model? What do you mean with contract? Sim?

are the verizon models the only ones with locked bootloaders?

yes

> My other point is for an eventual feature on GrapheneOS

> I think apps can access the device id and thus uniquely identify them. I think it would take a random ID generator that would provide a different ID to each app to stay anonymous.

Please read the FAQ. That's not possible.

djul77: grapheneos.org/faq#hardware-identifiers

hnfpz5w6jg9hfjk3: that video is not accurate and definitely not relevant to GrapheneOS

strcat[m]: thanks

@za_vilfp8kn0pcyh-tfcfvapg77a:privacytools.io: secure boot is still an accurate term for part of how it works and was used for this before it was corrupted by Microsoft and Linux distributions to refer to an incomplete and totally useless implementation with no security properties for users

<strcat[m] "yes"> Thx

@za_vilfp8kn0pcyh-tfcfvapg77a:privacytools.io:

Secure boot is good indeed

It prevents untrustworthy kernel code from running

However

Your userspace must have additional verification

On grapheneos you are actually using both secure and verified boot

It is your responsibility to set up verified boot along with verity

Secure boot only protects the boot code

It is not responsible for what that code does

That code must verify the rest of the system

hey does anyone know about biometrics and laws related to unlocking phones?

<Jimmehh[m] "hey does anyone know about biome"> varies wildly, though for AFU reasons rebooting the device is always recommend when leaving it unattended

hmmm well i was gonna ask about if i should worry about using my index fingers as fingerprints if the national guard has them

<Jimmehh[m] "hmmm well i was gonna ask about "> it times out after 48 hours

someone would likely have to preplan and make a fake before hand

I don't think it is really easy to make a fake so 48 hours should be enough

<Jimmehh[m] "hmmm well i was gonna ask about "> You should find out if your local police can legally use your fingerprints without our consent. And also realize that cops frequently will do it anyway even if they know it's illegal, then measure your risks. In some juristictions they will legally force you to provide the fingerprint. Fingerprint also can be faked, so anyone who has a scan of your finger could

replicate the fingerprint.

As far as I know making fingerprint copies is fairly easy, I saw it done with clingwrap IIRC

well the nation guard is the government lol

so thats why i'm concerned

another company(plasma donation) has my right middle fingerprint

Fingerprint readers in phones arent known for their accuracy anyway. Even iohones need something like a 78% match or so

and i doubt they wouldn't not give it away if the government told them to

* Fingerprint readers in phones arent known for their accuracy anyway. Even iphones need something like a 78% match or so

but maybe i'm just paranoid

<Jimmehh[m] "and i doubt they wouldn't not gi"> This can and will be done even if it is illegal. Your only defense is not have sensitive or incriminating information on there.

i'm more so worried about the national guard and my index fingerprints

hmm i suppose, i guess i don't plan on doing anything really besides browsing the web, playing chess, texting and calling, and listening to music

i just don't like knowing they can get access to it like that

just doesn't sit right in my stomach

the 4a seems like the almost perfect phone(i realized its better than the se in every way besides soc) but having a finger print reader worries me a little

at least a rear fingerprint reader

but like i said maybe i'm just paranoid

Think more about your threat model

yeah that's true, i can't really go into detail but one thing does worry me

but in most situations my threat model is getting away from google and such

Then this is fine

yeah that's true

Anyway they can beat you until you tell them the password. Even if you don't enable fingerprint.

yeah I dont see how fingerprint as biometric is inherently more dangerous than password/code, can someone tell me?

face ID? now thats another issue

if you are detained

i guess thats better for offtopic discussion or no?

yeah lol

#grapheneos-offtopic:matrix.org