like fe. i have to use whatsapp due friends group but i only want whatsapp connecting through running vpn. in case i stop the vpn whatsapp would connect directly through wifi

r0tt0r: covered by grapheneos.org/faq#vpn-support

enable always-on VPN + block connections not going through the VPN

and then use the VPN's own configuration to have certain apps bypass it that you want to bypass it

ye thats what im doing currently

strcat: With all respect, that you don't want to share anything about your personal life.

May I ask what kind of education you got? Are you autodidact in all this knowledge about IT-security or have you read something like Computer Science?

r0tt0r: but, as explained above, you are likely going to have leaks if you try to do this kind of thing

instead of having a VPN for the profile as a whole

r0tt0r: I do not recommend using a VPN on a case-by-case basis, the recommendation is to use it for the whole profile

<strcat[m] "and then use the VPN's own confi"> For some reason, it does not do that on vpn like mullvad, when block connections not going through the vpn (aka split tunneling), which is a good way to block direct network access (but is redundant when you can just deny network permission)

otherwise you're responsible for reviewing code, manifests, etc. and making sure you aren't opening up leaks

for example if you permit DownloadManager to bypass the VPN, then of course apps with INTERNET can bypass the VPN via DownloadManager

but the same thing applies to third party apps providing APIs to other apps that they can use for internet access

recommendation: don't use a VPN on a case-by-case basis if you're using it for privacy reasons, use it for the whole profile

Makes me chuckle for a second there

ahh matrix... the application that makes IRC depend on an html browser

<madaidan[m] "> <@yzrhjocizuwkjlqocf:matrix.or"> That actually sounds plausible

* I choose to believe he came out of the womb with omniscience.

yzrhjocizuwkjlqocf: I'm self-educated, I learned programming, computer science, infosec, etc. on my own

<r0tt0r[m] "on resurrection rom i think i sa"> Anyways, had tested these in the past, and can vouch that INTERNET permission is more robust on at least preventing some ipc/intent gated by the same permission

<strcat[m] "yzrhjocizuwkjlqocf: I'm self-edu"> That's impressive. I know a lot of people are self-educated in IT. But your knowledge on the field is... Enormous

<strcat[m] "yzrhjocizuwkjlqocf: I'm self-edu"> Interesting, no formal education or degree about it

?

He's THE mighty strcat ^_^.

strcat can write `strcat` implementation in ASM with his eyes closed

severity and the ease of exploitation

<renlord[m] "strcat can write `strcat` implem"> Is this the GrapheneOS team's form of hazing?

pretty tough bar to meet to join the grapheneos team

anyways, if people thought its true, its a joke.

Heh.

<renlord[m] "strcat can write `strcat` implem"> What's so difficult about that?

I keep trying to hype myself to learn c#, but I can't drag myself through it. I need 1 on 1.

ultracard[m]: There is a writeup of weaver. I will fetch it for you later.

i wouldnt even know how to start

(This should explain one of the things the Titan chip can do)

I'm not going to finish it though

But something like that renlord

can you do armv8 also?

Kind of

I'd have to use ldr there iirc

It would be a lot more complex though

Remember this, you can immediate to memory, immediate to register, register to register and memory to register on x86

Knull[m]: can get x86 asm lessons from anupritaisno1[m]

Assume data is in memory

Now figure out a way to do memory to memory

if you can write asm, no need to bother with any programming languages or their respective toolchains

You can use movsb btw

#grapheneos-offtopic for all this stuff please

I'm on popOS (Ubuntu based) I've the the bootloader unlocked. "Sudo ./fastboot flash flash-all.sh" returns with "unknow partition 'flash-all.sh' fastboot error cannot determine image filename for 'flash-all.sh'. Everything else has gone smoothly until now. This is only the second phone I have ever flashed a custom ROM.

pebble2hr: follow the official instructions at grapheneos.org/install exactly as they're written

at no point do you use `fastboot flash` in the official instructions

and you also shouldn't be referencing it as `./fastboot`

just start over using the official installation instructions

Yeah, if you type "sudo ./fastboot" that's telling the computer "substitute user, then use fastboot in this directory with these arguments." It doesn't mean what you want.

we don't provide support for other ways of performing the installation

if your OS does not have working udev rules allowing fastboot to be used without root, follow the instructions as a whole as root

don't try to just work around it for specific commands

we can't provide lessons on using the CLI here

need to follow the instructions exactly as written on the site, no omissions or changes aside from putting the right device name and release version

Gotcha. Starting over correctly. Thank you.

Got it. Thank you!

Great!

Welcome aboard the ship!

So I'm trying to run StreetComplete and I'm getting a memory management issue

Is there anything I can do to try to get it to run?

Is there a reason this room is still at v1?

<Dylanger[m] "Is there a reason this room is s"> irc bridging

Hm, okay

And probably logging too, as the offtopic is bridged but at v5

agh this is probably a really obscure issue

how do you debug java that calls C++ that calls java

Which camera app people are recommending the default one is super buggy ?

<dazinism "TAsn (EteSync): I think folks wo"> Yeah, that's a great idea, thanks! I've been talking with the Replicant people about writing an encrypted backup agent because I've never heard about seedvault before.

<adeus[m] "Which camera app people are reco"> None

adeus[m]: you can try OpenCamera if you like. If you have Pixel Visual Core, turn on the Camera2 API, it will give you very good results compared to software-only HDR.

The software-only HDR often has its colours come out oversaturated and sometimes its lines are a little bit blurry. This often doesn't look so bad when you're viewing it on a tiny 6" screen, but it will make a big difference when you view it on a large monitor later.

<TheJollyRoger "adeus: you can try OpenCamera if"> It has not been updated for months, and still uses legacy storage access. It works and is enough for what it can do, but it's far cry from being recommended (at least on android 11 privacy/security standards)

Maybe give it a year and some good alternatives to gcam will appear with updated APIs, gcam is still not a good choice due to needing a debug apk for it to work, along with it exposing an unnecessary attack surface

<TheJollyRoger "The software-only HDR often has "> For camera quality, I agree.

Reimu[m]: ah, crud, so I see. >_<.

Thanks for the heads-up!

Thanks for answers re camera

<Reimu[m] "It has not been updated for mont"> What do you mean legacy storage açcess and what is implications?

hello

so im currently at the flash-all portion of the install but the .bat isn't executing at all, double click and a closed window

update, now its telling me my flashboot is too old, even though it's the latest one from sdk

It's a reason they implemented scoped storage on Android 11

could my issue be due to me updating to android 11?

Check which fastboot

Maybe it's loading an installed fastboot somewhere else

thats all its giving me

i'm fairly new to all this so im just going off what two videos and a couple reddit threads

Ah, you should have followed the offical guide in website, and nothing else, as recommended by devs here: grapheneos.org/install

That's what I did

Welp, try going back to step one, set the $PATH, $env, and assuming you have the platform-tools folder, $device-build-number folder in the same directory, then execute {./}flash-all.{sh/bat} on terminal/powershell

redoing that now

strcat: my first ever pull request send, pls dont be too tough with a pull virgin

Hey folks, im playing around with GrapheneOS. Very nicley done. Two Questions though. (How) Can i add an eSIM? And is there any known way to add an Exchange Accounts?

<vorletzter[m] "Hey folks, im playing around wit"> no e-sim support; outlook app works with exchange accounts.

(there may be other apps too that work with exchange)

allrighty, thanks. Thats what i feard. I need eSIM though. Any Chance that this is comming soon-ish? Is this an Graphene or AOSP Issue?

<r0tt0r[m] "strcat: my first ever pull reque"> You forgot 3xl

Oh, it was a comment line

strcat: strcat Hi strcat Are you a moderator on GrapheneOS? I am new to the channel

<vorletzter[m] "Hey folks, im playing around wit"> esim is gms dependent as of now apparently

<vorletzter[m] "allrighty, thanks. Thats what i "> not that i know ..

With the 4a 5G, are there options to disable things like 2G and 5G? Or is it all or nothing?

golli[m]2: You may already choose your preferred network type. That's nothing new. Settings > Network & internet > Mobile network > Preferred network type

<golli[m]2 "With the 4a 5G, are there option"> device is not supported right now..

What's the best way to get this on GOS? It is the only way that I can have in-browser page translation on GOS it seems (which I happen to need sometimes) - blog.mozilla.org/addons/2020/09/29/…port-in-firefox-for-android-nightly

^ basically says that Firefox nightly allows for desktop FF extensions instead of only "android" extensions.

<nscnt "Golli: You may already choose yo"> Yes, but are you able to entirely disable specific network types?

<dar_gomml[m] "device is not supported right no"> I'm aware that for now, it's not supported.

<BeingFrey[m] "Hello Good GrapheneOS folks! =) "> @freenode_DonaldBiden:matrix.org: BeingFrey Sygic

* @freenode_DonaldBiden:matrix.org: BeingFrey

Sygic

* @freenode_DonaldBiden:matrix.org: BeingFrey

Sygic

G'day GrapheneOS folks I am a complete noob and have jumped headlong into this OS and love it so far. I have used the search bar but cant find any solutions to the Signal app sucking all my battery power. Is there a tutorial for a work around with this? Thanks for your support.

<adeus[m] "Which camera app people are reco"> You might want to try a Google Camera port and lock down Location and Network permissions.

It's an option, but not recommended, just like OpenCamera

"There are downsides to having this SELinux domain exposing a huge amount of attack surface for something that cannot be supported and is very likely to stop working."

Not only you are suggesting a gcam app that has already risks due to sepolicy access, you are suggesting a modded apk which content, authenticity and integrity of the code is not assured without decompiling the code. Might as well use OpenCamera even with full /home access on secondary user.

Still up to the user discretion whether to use that link or not, as the original gcam works anyways with gcamprovider debug apk

(Which is available in apkmirror)

Not meant to offend the user, just my point of view on the choices of camera app to be used on GrapheneOD

Not meant to offend, just my point of view on the choices of camera app to be used on GrapheneOS

am i the only 1 who uses the default built-in camera that graphene comes with?

ive had no prob with it. I press a button, it takes a picture.

<Knull[m] "ive had no prob with it. I press"> It is actually has an alright quality in hardware itself already

<Knull[m] "am i the only 1 who uses the def"> I don't have problem with it as well.

Is it peculiar that I don't use my phone that much for photography? Or is it the usual selling value of Pixels outside GrapheneOS?

The right way to use your phone is: however you want.

casual picture quality is pretty alright on built in cam plus you'll have to trust the OS and its components anyways (which include system apps)

<alzxjm[m] "The right way to use your phone "> Yeah

I really like taking great photos, so I use Google Camera most days.

No problem with it, better off knowing the tradeoff and risks

Apkmirror usually gets the apk as-is from Google Play, right?

🤯 google?

Reimu: I believe so.

<Knull[m] "🤯 google?"> Hate to say this but, there is no good foss keyboard for other languages

I used `adb pull` to get the APK off my stock Pixel and installed that on GrapheneOS.

I've always been able to update the Google Camera app using APKMirror, which as I understand it means it's the same app (same signing signature) and thus it's safe.

* I've always been able to update the Google Camera app using APKMirror, which as I understand it means it's the same app (same signature) and thus it's safe.

As much as I don't want anything to do with Google, there is no keyboard for the language I need in AOSP keyboard

(And its foss equivalent/component is pretty much abandoned/unstable)

<alzxjm[m] "I've always been able to update "> The signatures and hashes will tell

It seems...kinda unlikely that Google is spying on your keyboard? I mean I guess you can't really rule it out but it seems fairly safe to use it on GrapheneOS with Network denied. I dunno. I'm not an expert.

Google has so many easier ways to collect data from its users.

<alzxjm[m] "Google has so many easier ways t"> This I agree, but it does not affect that stand of minimizing Google apps

I usually use the GrapheneOS keyboard but sometimes I need to gesture type so I keep it installed.

gboard, that is.

check*

Does not matter that much, to be honest, if it's on secondary users, as "profiles" is within a user anyways

<alzxjm[m] "I usually use the GrapheneOS key"> It still is a great keyboard app, and even if you use foss, you'll still have to trust the app and its code anyways

golli[m]2: On my Pixel 3a I can choose 4G, 4G only, 3G, 2G. I think it's just a matter of what AOSP chooses to show the user. I guess the underlying APIs should be there and it's just a matter of what gets implemented.

<nscnt "Golli: On my Pixel 3a I can choo"> And even then, Pixel 4a 5G has no maintainer to bringup it to GrapheneOS

Needs new configuration for 5G only soon

everything about 5G is bad for privacy, right? Only option is to disable?

Nevermind 5G, SIMs in general is bad for privacy and security

<Knull[m] "everything about 5G is bad for p"> But it makes things worse for cellular traingulation

<Reimu[m] "Nevermind 5G, SIMs in general is"> Not using SIM is not for everybody

is there a good voip to use without needing a phone number to sign up? Everything voip that i look into, i'm very uncertain about.

i'd think with that, no sim - no problem

not to mention, most of them seem tailored to businesses. Not some guy's cell phone.

<Knull[m] "not to mention, most of them see"> Yeah, like Twilio

Answered in offtopic, but tldr: there is not much I know of, maybe try TextNow?

Knull: check out jmp.chat

<dazinism "Knull: check out jmp.chat"> yea that one got mentioned. We picked up in off-topic. I'm just reading up on this jabber business, new to me.

<Reimu[m] "And even then, Pixel 4a 5G has n"> Yeah, I'm currently aware of it. I mean, the phone just recently came out so I've got to give it some time.

4a has a headphone jack too

I have 5 headphones, 1 have headphone jack

I would take wifi charging over headphone jack from the 70s every day

<dar_gomml[m] "4a has a headphone jack too"> Yes, but I come from the Galaxy line of phones. I need the screen space 😢

<nscnt "You're on a right track that you"> thanks :)

ultracard[m]: oh yeah. You asked about the Titan security chip a bit back, did you? I've got a bit of a moment now to discuss it.

Indeed, the Titan chip can bolster the security of a short pincode, if you decide to set a short pin code, by enforcing a timeout between attempts at guessing the pincode. After 50 attempts, the Titan will start doubling the timeout to a maximum of 1 day at 150 attempts (which will take roughly 2 weeks) so to completely exhaust the keyspace of a 4-digit pincode will take roughly 650 years. If

you choose to make a longer passphrase, GrapheneOS will also allow that.

It does many other things, not just disk encryption, but this is one of the big draws.

Google realized that not many people will enter EFF diceware passphrases onto their phones, this is their way of protecting users who have an expectation of security on their phones with a 4-digit unlock code.

about vanadium, is there a way to have it delete cookies and other info like that when one quits the app?

You can launch in Incognito, that's probably the easiest way to do it.

no quit (and delete cookies) option like firefox has?

I don't see one.

There is a context menu for Vanadium though, you can simply choose "Launch Incognito" every time and get into that habit.

**There is a tap-and-hold context menu

You can definitely submit the option in as a pull request to the Vanadium patch set though, if you can patch it in.

sorry, haven't done any coding for android, it would likely take quite a while

Neither have I, I'd like to someday though!

One thing to aspire to!

Reimu: a modded Google Camera won't have a valid signature matching the SELinux profile so it won't be able to access the DSP and Visual/Neural Core

so it would be software only

another question about vanadium, how does one keep it up to date?

updating the OS

ah, so it's bundled into the OS

renex: anything that comes with the OS is updated with the OS

it is possible to install out-of-band updates to certain apps

Yeah. I go and load Auditor whenever precompiled builds are available.

Since they're already installed into the OS and their certificates are pinned they're going to be verified when I load them.

the OS consists largely of apps and APEX components

both of which support out-of-band updates

we disable out-of-band APEX updates since they have the same release cycle as the OS and it makes no sense to use them for GrapheneOS (or any sane OS, really)

don't really accomplish anything for the stock OS on Pixels

they exist for devices not receiving proper updates

same applies to a lot of the app components, although for the stock OS they bundle a lot of apps with their own release cycles

we don't

there are 3 apps where out-of-band updates make sense for GrapheneOS: Auditor, PDF Viewer, Vanadium

so those apps are signed with their own keys used for the out-of-band releases too