-
strcat[m]
zrtjjtaher: what you're saying simply isn't how it behaves
-
strcat[m]
and closing app activities is not required for permission changes to take effect
-
strcat[m]
that's not accurate
-
strcat[m]
they take effect immediately and if a permission is actually designed in a way that it requires an app restart the OS does that itself
-
rny
zrtjjtaher[m]: you should reinstall
-
strcat[m]
Network doesn't require that
-
zrtjjtaher[m]
<strcat[m] "did you remove permissions from "> I think I do not have enough knowledge of Android/GOS to be able to do that!! :-))
-
strcat[m]
Network also isn't really something we created, we just made a toggle for it
-
strcat[m]
along with proper handling for it being toggled dynamically
-
strcat[m]
rather than just being a low-level non-user-facing install time permission
-
strcat[m]
disabling Network disallows low-level socket access and indirect use of network via INTERNET perm
-
zrtjjtaher[m]
<strcat[m] "and closing app activities is no"> A user suggested to try to close the app and start it again. I had nothing to lose and tried. As you said, the test was irrelevant.
-
strcat[m]
no app restart required (for any toggles)
-
strcat[m]
I suggest by starting by using Auditor and making sure you do not have device managers or accessibility services
-
strcat[m]
if you have a device policy manager or device manager then that's probably your issue
-
strcat[m]
don't use those
-
zrtjjtaher[m]
<strcat[m] "I suggest by starting by using A"> what are "device managers" or "accessibility services"?
-
strcat[m]
start by using Auditor to verify the device is running GrapheneOS without either of those kinds of things enabled
-
nux
I just cracked open the box of a brand new Pixel 5 and am getting ready to, "GrapheneOS-ize" it! :P
-
strcat[m]
device managers can break how the lockscreen works and permissions if you granted them those abilities
-
zrtjjtaher[m]
<zrtjjtaher[m] "what are "device managers" or "a"> I don't think I installed special things: A 2FA app, VLC, Linphone, Signal, etc... Quite classic, I guess!
-
sjsndnjdejd
<nux "I just cracked open the box of a"> noice
-
zrtjjtaher[m]
<strcat[m] "start by using Auditor to verify"> Can I use Auditor if I have not used it so far? Since I got GOS from the official site and verified it before install, I did not think I needed to use Auditor (but I am perhaps mistaken!!)
-
nux
sjsndnjdejd: Yeah, pretty excited about it! I probably didn't need to upgrade from the 4a but the scarcity of ICs and general supply chain issues forced my hand! Who knows if/when it will be too difficult or expensive to upgrade in the near future?!!!
-
rny
strcat[m]: the internet perm is named network in the permission toggle
-
strcat[m]
zrtjjtaher: you can use it at any time
-
strcat[m]
rny: aware, and it applies to network, not internet
-
strcat[m]
including localhost
-
rny
should we make a internet-specific one?
-
rny
do android apps even open sockets for localhost connections?
-
rny
@_@
-
rosie
@nux Have fun! I just installed GOS on a couple of 4as today. Pretty easy if you use the Web installer.
-
rny
i dont think i've used one that requires localhost sockets, should apps even do IPC via localhost sockets?
-
rosie
The 5 is out of my price range, though.
-
zrtjjtaher[m]
<strcat[m] "zrtjjtaher: you can use it at an"> OK, if you tell me that Auditor may help solve my problem, I will look at it and come back if I still have the problem.
-
zrtjjtaher[m]
Thank you very much for your support, Daniel!!
-
strcat[m]
no it won't help your problem
-
nux
rosie: I've done a few 4a devices via CLI but never the Web installer. I'm more comfortable with the CLI anyway. I like to see stuff at the CLI as it progresses.
-
strcat[m]
but it will help you determine if you are actually running GrapheneOS and whether you have enabled an accessibility service or device manager
-
rosie
@nux I don't know whether things have changed since you last installed GOS, but the Web installer is very much the recommended method now.
-
zrtjjtaher[m]
<strcat[m] "but it will help you determine i"> Not sure how I could not run GOS or how a device manager or accessibility service (not sure what both of these are by the way) could have arrived in my phone but I am happy to try and learn more about the Auditor!
-
nux
rosie: As long as the cli method is complete and functional, I'll go that route.
-
strcat[m]
zrtjjtaher: if you installed + enabled it in Settings
-
nux
rosie: I have the evironment already set up on my Arch box so unless things changed drastically, it should be fine.
-
zrtjjtaher[m]
<strcat[m] "zrtjjtaher: if you installed + e"> Not sure what you mean
-
strcat[m]
zrtjjtaher: have you disabled usage stats special access in Settings?
-
strcat[m]
have you enabled a device manager or accessibility service?
-
strcat[m]
you'll need to provide answers to those questions
-
strcat[m]
as I recommended earlier, start with Auditor
-
zrtjjtaher[m]
<strcat[m] "have you enabled a device manage"> I don't remember having seen those terms so I guess the answer is simply "no".
-
strcat[m]
did you use the Settings app to disable system apps and disable permissions for them?
-
strcat[m]
it's entirely possible at the moment to break important stuff by toggling off usage stats perm for system apps, etc.
-
strcat[m]
we have added a few things as disallowed that are inherently broken to do but it would be too much for us to go through and disallow doing anything broken
-
zrtjjtaher[m]
<strcat[m] "did you use the Settings app to "> That's easy! Answer is clearly NO!
-
zrtjjtaher[m]
<zrtjjtaher[m] "That's easy! Answer is clearly N"> easy to answer, i mean
-
rosie
@nux I fought with Arch for two days before I gave up and went with Debian. And then I ended up using my Samsung 8 to actually install GOS because I don'
-
rosie
I don't have a computer with a USB-C port.
-
strcat[m]
installing from macOS and Windows works fine too
-
strcat[m]
Arch is the easiest traditional Linux distribution to use (ChromeOS and Android via web install are easier) since it has proper packages available
-
rosie
I don't have macOS, and my only access to Win10 is from a VM inside of Linux (which is not recommended for GOS install). And I would still have the issue with the USB-C.
-
rny
i wish arch had an option to not use gnu binutils
-
rosie
In the end, using the Samsung 8 was fine (except the Samsung shut down twice because it was overheating). After I got GOS on the first Pixel, I used that to install GOS on the 2nd one.
-
rosie
I just couldn't make Arch work for me.
-
rosie
It's very configurable, but it's NOT user-friendly. And I couldn't find enough documentation that I could make sense of.
-
zrtjjtaher[m]
<rny "zrtjjtaher: your claim about sig"> And by the way, @rny, thank you for your welcoming words! Much appreciated!!
-
rny
are you trolling?
-
strcat[m]
I get a strange impression from the replies and the initial story, waiting for more information such as Auditor results
-
strcat[m]
best way to start resolving it is doing a local verification with Auditor
-
entry1
@rny you're right 100% if network permission is denied, the app won't even open. I had no idea that would occur
-
strcat[m]
entry1: it disallows apps from creating network sockets rather than simply making connections fail, some apps don't do proper error handling
-
strcat[m]
it has to do work this way because it prevents leaks
-
strcat[m]
it prevents app listening for connections even via localhost
-
strcat[m]
and prevents them using indirect networking too
-
strcat[m]
the typical approach doesn't work and I don't do things that way
-
strcat[m]
you can get `adb logcat` output and report it to app developers
-
strcat[m]
they can change their code to catch the exceptions
-
strcat[m]
they should be doing that if they write robust code
-
entry1
strcat very cool, my comment wasn't a complaint by any stretch. Thanks for the explanation!
-
strcat[m]
zrtjjtaher: are you checking with Auditor?
-
akc3n[m]
<entry1 "@rny you're right 100% if networ"> Yup, never had an issue with that, whenever I'd disable network for signal, it wouldn't not work.
-
strcat[m]
well, I found that discussion odd
-
strcat[m]
so, to go into why it's so odd: they just joined the room a while before they started on this
-
strcat[m]
so, they're a new user to the room
-
strcat[m]
they report having a strange problem that seemingly no one else has ever encountered, which is always odd when we know people have the same small set of hardware and high assurance they have unaltered firmware + entire OS, same as everyone else
-
strcat[m]
the use of exclamation points and the fact they knew who I was based on username is a bit strange
-
strcat[m]
so, new user, just joined the channel, but knows who this is and calls me by my first name, which is just weird for someone who doesn't know me to do in a context where I'm not using my real name
-
strcat[m]
now, unfortunately, this channel is being consistently raided by people aiming to concern troll by pretending to be GrapheneOS users, often with the goal of pretending something is wrong or causing drama/conflict
-
strcat[m]
sometimes it is really hard to tell
-
strcat[m]
but this gives me pretty bad vibes
-
strcat[m]
someone pinged me in PM about it because it gave them bad vibes and that was before certain things like calling me by my irl first name
-
strcat[m]
as a new user to the channel who as far as I know hasn't ever interacted with me and has little reason to call me that
-
entry1
<strcat[m] "the use of exclamation points an"> Yeah exactly, I was in this room like a dipshit for 2 months not knowing who you were. Very low chance of a true new user. I'm glad you give everyone the benefit of the doubt initially.
-
snooopy
I needed two/three weeks to find out who strcat[m] is. :')
-
strcat[m]
and I wanted them to use Auditor because it would check if they are really using GrapheneOS + if there is a device manager / accessibility service
-
strcat[m]
didn't seem to go anywhere? no questions about how to use it etc.
-
strcat[m]
it was step 1 to do
-
rosie
Is your IRL identity supposed to be a secret? I figured it out pretty quickly the first time I logged in here. Maybe I'm just more intuitive than most? I dunno.
-
strcat[m]
and replies to my attempts to figure out what might be wrong were just strange and then they disappeared
-
rny
could have read the logs
-
strcat[m]
rosie: no, but someone who just joins the channel and is calling me by my irl first name is strange
-
strcat[m]
calling someone by their real name which you have gotten somewhere else when you don't know them is just weird, no?
-
strcat[m]
and I don't get pinged from someone saying that
-
strcat[m]
unless someone knows me why would they me calling me that? you don't find that weird? cause I do
-
strcat[m]
and it's just one of multiple weird, off things about it
-
rosie
Fair point. Even though I knew your identity right away, I've never addressed you that way, just because I was "brought up" that that's bad 'netiquette.
-
strcat[m]
yeah I mean it is weird to call someone by their real name when you don't know them and they are using a username
-
rny
strcat[m]: i'll start calling you by your first name after we meet for a coffee :P
-
strcat[m]
I am certainly not meant to be at all anonymous
-
rny
☕
-
rny
strcat is a great name, there's only so many unsafe C functions from the C standard library.
-
rosie
I also tend to be a reader/researcher, so I've read a fair amount of the GOS history, as well. But that also was what set my mind more at ease that I was making the right choice to go with GOS.
-
strcat[m]
in my experience meeting people I've known online for a long time irl we still think of each other via online nicks and only awkwardly use real name to avoid confusing other people
-
strcat[m]
not really at all weird, it's just the nickname you know them by
-
entry1
Its odd no doubt, I'm in the same boat. It would be different if they approached the situation in a different manner too. It isn't like they called you by the first name in a normal way to how they were exposed to the project/room prior, and they didn't sound like they wanted to do your suggestion with any urgency.
-
rosie
I generally try to avoid meeting people IRL that I met online. Creeps me out a bit.
-
grapheneos_user_
<strcat[m] "in my experience meeting people "> All good until someone else joins the conversation and gets confused
-
strcat[m]
entry1: yeah I mean look back at it
-
strcat[m]
entry1: from the start, it is weird
-
strcat[m]
entry1: maybe it is really someone with a real problem
-
strcat[m]
they were at least making it seem that way but they do not seem to want to get it resolved
-
strcat[m]
look at the response to asking about accessibility service / device manager
-
strcat[m]
totally possible it is a real issue
-
strcat[m]
not leaning that way
-
strcat[m]
feel like it's an attempt to claim something is wrong and then get reactions to use to attack the project as has happened repeatedly these past months
-
strcat[m]
unfortunate that it happens multiple times a day so if someone does actually have something wrong they are viewed with suspicion
-
strcat[m]
I also get contacted a lot by email by people supposedly compromised that is largely / entirely trolling or people with delusions
-
strcat[m]
waste time looking into it, pretty much always clear they are making stuff up
-
strcat[m]
they'll claim something in the UI is odd and that it means they are compromised and vans are following them around hacking their phone or whatever
-
strcat[m]
it's a daily thing
-
grapheneos_user_
<strcat[m] "they'll claim something in the U"> Dayum
-
strcat[m]
waste so much time
-
grapheneos_user_
Do they not have lives
-
strcat[m]
a lot is trolling
-
entry1
Yep, but you/we are giving them the benefit of the doubt still. You have a good approach and attitude because there can be anomalies and it is a mature mindset. It is a shame because you being very helpful and giving detailed explanations to people can cause a headache when there are trolls.
-
nux
strcat[m]: Their goal is to waste your time. Unfortunate reality...
-
strcat[m]
sometimes it is people who genuinely believe they are being hacked and have some really weird ideas
-
strcat[m]
if someone had something truly interesting to support they'd have to deal with the fact that all these people have wasted my time and made me uninterested in looking at those kinds of emails seriously
-
strcat[m]
btw our servers are under DDoS attacks again today
-
strcat[m]
it doesn't really impact anything
-
grapheneos_user_
Imagine trying to DDoS a datacenter
-
strcat[m]
it doesn't even slow things down significantly
-
grapheneos_user_
How stupid are these people
-
strcat[m]
well OVH just diverts / mitigates most of it
-
strcat[m]
and our web services are hardened against it, although need to adjust them into a DDoS fighting mode if necessary
-
rny
strcat[m]: put them behind cloudflare
-
rny
:P
-
strcat[m]
the values aren't super strict by default to avoid causing problems for people on very slow connections or CGNAT
-
entry1
Plus this project can get a lot of attention because it comes up as the most secure phone and people with schizophrenia can flock to it. Schizophrenia is a really big thing and I feel so bad for people who have it because they aren't trolling and they have no one to turn to. Good stuff being able to deter the DDoSing assholes
-
strcat[m]
rny: don't need it and won't help if they know the IPs anyway
-
strcat[m]
I might have to put nginx in front of the mail server since they're attacking the mail server now
-
rny
well another upside is that our users benefit from cloudflare's edge to origin routing
-
akc3n[m]
<strcat[m] "calling someone by their real na"> Yes, very weird.
-
rny
better latencies and potentially throughput on better internet paths
-
rny
ovh peers are not great
-
strcat[m]
rny: I'd rather set up multiple VPS for grapheneos.org around world and use geodns ourselves
-
private99[m]
Hi
-
strcat[m]
and still control it
-
private99[m]
Hi guys. I have a problem
-
snoopy
rny: Not sure cloudflare is a good idea for a project which tries to improve privacy
-
strcat[m]
rny: we use round-robin DNS for releases.grapheneos.org now, can add more servers as needed
-
rny
just using their network and nothing private is being communicated
-
private99[m]
In my second profile I can't install apps I they downloading fdroid but when I go to install it says "app not installed"
-
strcat[m]
private99: because you can't install an older version there
-
strcat[m]
private99: it's an issue with F-Droid's site: they link an out-of-date version of the app as the main download, recommend reporting the issue to them
-
private99[m]
Ahh OK
-
strcat[m]
private99: go to the F-Droid page on their site and ignore the main F-Droid download link, instead download the most recent stable release
-
private99[m]
Thank you
-
private99[m]
Will try that now
-
strcat[m]
-
strcat[m]
f-droid.org/en/packages/org.fdroid.fdroid see there, the "download f-droid" button is a generic link on every page
-
strcat[m]
and gives you an out-of-date version
-
strcat[m]
it's very strange that they are resistant to fixing this and I think more people need to report the issues it causes
-
private99[m]
A secondary question. There is an app called "locker" on fdroid which after a certain amount of failing password entry's from the google lock screen it will wipe device
-
private99[m]
Is that good to use?
-
private99[m]
Or won't work eight grapheme
-
private99[m]
Grapheme*
-
strcat[m]
don't know what you mean by google lock screen
-
strcat[m]
private99: I wouldn't recommend using a device manager
-
private99[m]
The lock screen when entering phone
-
strcat[m]
-
private99[m]
OK thanks
-
strcat[m]
a software enforced limit doesn't add much
-
private99[m]
Gonna check that out
-
strcat[m]
even with a fully random 6 digit PIN you are secure against a brute force even if the attacker compromises the OS completely with exploits
-
strcat[m]
they would have to compromise the hardened secure element
-
strcat[m]
to brute force
-
private99[m]
<strcat[m] "they would have to compromise th"> Ahh interesting
-
strcat[m]
setting a software limit on attempts does very little
-
private99[m]
That my main threat model which is someone phsically trying to enter the phone
-
strcat[m]
yeah so, a software limit could be bypassed if they have exploited the OS
-
strcat[m]
the hardware-based throttling is far more useful and already quickly throttles to 1 day per attempt
-
private99[m]
In that scenario I would be better off using a secondary user profile for most things correct ?
-
strcat[m]
the reason it's useful to use a secondary user is primarily because the Owner profile has to be unlocked after booting
-
strcat[m]
in order to use the phone
-
private99[m]
That hardware based throttling is based on the titan chip ?
-
strcat[m]
private99: that part of it is, yes
-
strcat[m]
-
rosie
Question about settings: in Permitted Networks (for system updates), which selection do I need to force GOS to update only over wifi? It's not clear to me from the Usage Guide.
-
strcat[m]
the SoC encryption support provides hardware-bound, hardware accelerated key derivation
-
private99[m]
Thanks appreciate it the info and help
-
strcat[m]
that adds a short delay to each key derivation from a passphrase, etc.
-
private99[m]
This is very good work and really appreciate the community and devs putting in their efforts into this .
-
strcat[m]
it accomplishes little for a weak credential like a PIN
-
strcat[m]
the Titan M provides a Weaver implementation which offers hardware enforced throttling growing with failed attempts up to 1 day per attempt delays
-
strcat[m]
the OS takes your credential, derives key with scrypt
-
strcat[m]
then it has ~10 or so uses of that derived key, for each one it trivially derives a new key with personalization string using sha512
-
private99[m]
Interesting
-
strcat[m]
one of the uses of the key is sending a derived key to Titan M as part of Weaver, and Titan M gives back a token that was randomly generated earlier
-
strcat[m]
that token is an extra required input to derive the disk encryption keys
-
private99[m]
So in that case would it be makes sense to put for the owner profile a alphanumeric password
-
strcat[m]
if you don't provide correct credential-derived key to Titan M, it won't give back the token
-
private99[m]
While secondary profile a 8 digit pin
-
strcat[m]
and it throttles via a secure tamper resistant internal timer
-
strcat[m]
private99: all depends on how you want to use it
-
strcat[m]
private99: encryption is per-profile
-
strcat[m]
owner profile also encrypts certain device-wide data
-
private99[m]
Ahh
-
strcat[m]
encryption is per-profile based on the profile's lock method
-
private99[m]
Okok I was gonna do it so they would have to break into owner first and then try again to break into the secondary profile
-
strcat[m]
if you have super sensitive data you rarely need to access, put it in a dedicated user profile with a strong passphrase and rarely unlock the profile
-
strcat[m]
and use the 'end session' button when finished with it
-
private99[m]
OK that's perfect
-
strcat[m]
which clears away encryption keys from memory/hardware
-
private99[m]
Thanks for the help and info
-
strcat[m]
for most people, using Owner profile as main profile is fine, and if you have super sensitive data put it in a secondary profile
-
strcat[m]
if you want to take maximum advantage of how things work you can use a secondary profile as your main one
-
private99[m]
Yah I think IMA prefer that method
-
strcat[m]
so then, you can boot up the device, unlock Owner profile, and create/delete new users, or use it for basic usage
-
private99[m]
Secondary profile
-
strcat[m]
and your main profile is still at rest
-
strcat[m]
so, as an example, say you want to delete your main profile
-
strcat[m]
if it's a secondary profile
-
strcat[m]
you can delete it without unlocking it
-
strcat[m]
from Owner
-
strcat[m]
the only way to completely wipe Owner is via factory reset, although you could do via recovery wipe data
-
private99[m]
Hmm
-
strcat[m]
-
rosie
Where is the "end session" button? Is that only for multiple profiles?
-
strcat[m]
there is no best option or specific recommendation
-
strcat[m]
rosie: it's only for secondary profiles
-
strcat[m]
rosie: end session for Owner is reboot
-
private99[m]
So in an emergency situation its possibpy to quickly delete the second pro
-
rhclayto
Suppose you are using the owner profile, you put it into Lockdown mode, somebody gets physical possession of your phone. What do they need to do to bypass the lockscreen, & what does GrapheneOS do to make that job harder?
-
strcat[m]
rosie: since Owner has data needed for other profiles to work, etc.
-
rosie
So there's no way to close all running apps at once other than a reboot?
-
strcat[m]
-
strcat[m]
rosie: not clear what you mean by closing all running apps or why you want to do that
-
strcat[m]
doesn't seem related to stuff above
-
strcat[m]
by all apps do you mean all system components? seems to imply rebooting
-
strcat[m]
rhclayto: lockdown simply disables secondary unlock methods, does not do what you seem to think, and 'bypass lockscreen' is not 'break encryption'
-
strcat[m]
rhclayto: you'll need to read
grapheneos.org/faq#encryption and ask a clearer question
-
vanderPoel
is it recommended to install it on some older device from 2015 I wanted to first test run it on such
-
vanderPoel
?
-
strcat[m]
rhclayto: lockdown != end session
-
strcat[m]
different options
-
strcat[m]
vanderPoel: no, recommended cheapest device is a Pixel 4a
-
rhclayto
Hi strcat. I read that FAQ, & it was very informative, but my grasp of the encryption & security mechanisms of GrapheneOS are not I think good enough to map that information onto certain hypothetical scenarios.
-
strcat[m]
rhclayto: well, going to be difficult to answer then, beyond the information that's already there
-
strcat[m]
rhclayto:
grapheneos.org/features and
grapheneos.org/faq#encryption is really all the info that can be provided
-
vanderPoel
and there is any unofficial list of confirmed phone models ?
-
strcat[m]
-
rhclayto
So in the scenario where the session is not ended, what is the procedure someone would use to bypass the lock? Those kinds of scenarios, what protection is offered (or lack thereof) in various states of locked/unlocked, session active/session inactive, would help general users grasp what is going on.
-
rosie
you mentioned an end session button, and that brought up a question I had been wondering about. With both my Samsung and Pixel 4a, there's a button that will bring up all running apps and let me switch among them. With the Samsung, there is also a button to close all of the running apps at once. I'm not finding a similar button on the Pixel
-
rosie
4a. The end session button you referred to sounded similar, but apparently it's not.
-
strcat[m]
-
strcat[m]
rosie: that button doesn't close all running apps
-
strcat[m]
the recent apps page are user-facing activities not 'running apps'
-
strcat[m]
clearing them away doesn't mean stuff isn't running
-
rosie
Ok, is there a way to close all of those user-facing activities at once?
-
strcat[m]
and 'end session' is simply 'logout' rather than 'lock screen'
-
strcat[m]
and since encryption is per-profile, it was designed to purge the encryption keys in RAM/registers
-
strcat[m]
to put the profile fully back at rest
-
strcat[m]
rhclayto: you're just not going to get better info than we have on the site
-
strcat[m]
rhclayto: this isn't a medium where I can provide more detailed info than we do there, the info on the site is the best you are going to get
-
strcat[m]
unclear what you want to be covered there that's not covered already
-
strcat[m]
and I am aware it is quite detailed but that is necessary
-
rhclayto
Well, I think it would be great if the GrapheneOS project gets to the point where it can afford to hire professional copywriters, because that FAQ might explain a lot to people who are already well-versed in security & encryption, but it leaves much to be desired for a more general audience.
-
strcat[m]
rhclayto: I don't expect a general audience to end up with a technical understanding of how things work
-
strcat[m]
the FAQ is answering how encryption is implemented
-
strcat[m]
it is a technical answer
-
strcat[m]
it is not giving advice on using the OS, that wasn't the question it is supposed to answer
-
sjsndnjdejd
<strcat[m] "rosie: that button doesn't close"> “end session” doesn’t closes all but closes apps inside the session right?
-
strcat[m]
if you want advice on how to use the OS, that's much different than a technical question
-
rhclayto
Right, that is what that FAQ gives, a technical underartanding. What it doesn't give is an understanding of what the technical details mean for practical usage in various scenarios.
-
strcat[m]
if you ask a technical question, you get an technical answer
-
strcat[m]
* if you ask a technical question, you get a technical answer
-
vanderPoel
ok one question, I read it so if I don't have a google phone then graphene os is not for me ? Samsung galaxy 20
-
strcat[m]
rhclayto: so, here's the problem: you're asking how it protects against something and what guarantees it provides, etc.
-
strcat[m]
technical question -> technical answer
-
strcat[m]
rhclayto: you're asking how it would be attacked, etc.
-
grapheneos_user_
<strcat[m] "technical question -> technical "> Mind-blowing
-
strcat[m]
you aren't asking for usage advice
-
rhclayto
I asked for a non-technical explanation, actually. The FAQ gives a somewhat technical explanation.
-
nux
Wow! GrapheneOS install on Pixel 5 was smooth as buttah! :P
-
strcat[m]
rhclayto: you can't really get a non-technical explanation for a highly technical question
-
strcat[m]
you'll need to ask a question that's not so technical then
-
strcat[m]
don't ask how things work on a technical level?
-
strcat[m]
if you ask a very broad, technical question
-
strcat[m]
that is what you are going to get in response
-
strcat[m]
if you ask a much more specific question that's not about the implementation details and how things work that's a different thing
-
tor3nduser[m]
<strcat[m] "rhclayto: you can't really get a"> are you part of the graphene team?
-
strcat[m]
why?
-
tor3nduser[m]
you seem to know alot
-
tor3nduser[m]
.. why? lol
-
grapheneos_user_
He's just a user
-
tor3nduser[m]
no.. yes. ?
-
strcat[m]
the FAQ answers "How is disk encryption implemented?"
-
sjsndnjdejd
<tor3nduser[m] "no.. yes. ?"> yes, lead dev
-
rosie
vanderPoel, Yes, that's correct. The only phones supported are in that list. If you believe that GraphenOS is the right OS for your phone, you have to get one that is supported, rather than try to make GraphenOS fit the phone you have/want.
-
rhclayto
I asked what an entity who gains possession of your device in locked but session-active mode would have to do to get into your data. I guess you could call that 'technical', it's a matter of semantics, but in nay case it's not clearly answered in the FAQ you referenced.
-
strcat[m]
it is clearly answered there
-
strcat[m]
it's not the question it is answering but it does provide all that info
-
tor3nduser[m]
<sjsndnjdejd "yes, lead dev"> shut up lol
-
strcat[m]
and in the last paragraph it mentions apps being able to use the keystore to keep data at rest
-
-
grapheneos_user_
<tor3nduser[m] "shut up lol "> No he actually is
-
strcat[m]
when logged in by locked
-
rhclayto
If it is a question it answers by indirect inference, then it's not clearly answered to a non-expert audience.
-
strcat[m]
* when logged in but locked
-
strcat[m]
rhclayto: it answers the question
-
tor3nduser[m]
<grapheneos_user_ "No he actually is"> daniel micay?..
-
tor3nduser[m]
lol no.
-
rosie
Here we go again?
-
grapheneos_user_
This debate could not come at a better time
-
grapheneos_user_
Or at least a more coincidental time
-
tor3nduser[m]
strcat is daniel micay ?..
-
strcat[m]
rhclayto: do you understand what it means by data being at rest?
-
grapheneos_user_
<tor3nduser[m] "strcat is daniel micay ?.."> Yes
-
rhclayto
You guys need a PR department. I mean, insisting that everything is already explained well-enough, in the face of users who say it's not, is just really bad communication.
-
rhclayto
No, I actually don't understand that or the implications of it.
-
rny
rhclayto: #grapheneos is not a business
-
strcat[m]
I consider it pretty rude to suggest it is badly written rather than it being a technical answer to a technical question
-
akc3n[m]
<rhclayto "You guys need a PR department. I"> That's your opinion. This is a nonprofit
-
rhclayto
I know it's not a business, but I assume it has a desire to spread its goodness to a wide audience? or just a small insider's group?
-
strcat[m]
if you think that I cannot write documentation and explanations that are non-technical you couldn't be more wrong
-
rny
akc3n[m]: not even, its just an open source project with loosely coordinated developers
-
rny
:P
-
GrapheneOS-Teleg
<deadlypayload> looking for someone to help me make GrapheneOS rom changes. BTC Reward available.
-
rny
with a lead developer taht goes above and beyond to write excellent technical documentation
-
strcat[m]
I find it pretty rude implying that the docs there are badly written
-
rny
only to have users ignore what is being written
-
rny
😢
-
strcat[m]
the question it is answering is how encryption is implemented
-
tor3nduser[m]
i didnt see a problem with any of the documents.
-
akc3n[m]
rhclayto: and the docs are very well written. I used to have a hard time with them at first, but like anything else in life, applying yourself and learning about what everything means...
-
strcat[m]
not "what end users should know about encryption"
-
strcat[m]
that's a different question
-
tor3nduser[m]
pretty straight forward to me.
-
strcat[m]
type of answer varies based on the question
-
strcat[m]
you ask how stuff is implemented and how it would be attacked? that's going to inherently be a pretty technical and nuanced answer to a very broad question like that focused on technical details
-
strcat[m]
I'm not going to give an inaccurate answer or oversimplication so ask a simpler / more specific question if you want a simpler answer
-
strcat[m]
do you understand what it means for data to be at rest?
-
akc3n[m]
* rhclayto: and the docs are very well written. I used to have a hard time with some technical wording at first, but like anything else in life, applying yourself and learning about what everything means...
-
rhclayto
My goodness, you guys take this stuff personal, don't you? I actually asked a specific question, you referred me to a FAQ that does not answer that specific question, you say the answer to it can be inferrred from what is written there, I say I don't feel competent to make that inference, you say 'well, there's nothing that can be done, the documentation is as good as you're going to get', & that it's rude to question the quality of the
-
rhclayto
documentation. It may be great documentation, for a certain audeince, but completely unhelpful to another. That is what professional copywriters do, write for their audience. it's not an insult to hope for you guys that you can hire the right people to do that job. Grow up.
-
nux
rosie: So I'm interested to try the Web interface installer at some point, based on your comments. I think it's also interesting that you flashed a phone with a phone! :)
-
th0mcat
<nux "rosie: So I'm interested to try "> Flashed a Pixel 3 XL a couple hours ago via the web installer. It literally couldn't be simplier
-
rhclayto
So nevermind.
-
grapheneos_user_
<nux "rosie: So I'm interested to try "> Well, a smartphone is a computer after all...
-
nux
th0mcat: Yeah, they've got it dialed in pretty well.
-
nux
grapheneos_user_: Really? ;)
-
grapheneos_user_
<rhclayto "documentation. It may be great d"> Chill
-
tor3nduser[m]
<rhclayto "So nevermind."> i agree
-
strcat[m]
rhclayto: doesn't really seem you want a question answered
-
nux
th0mcat: I haven't tried the Web installer yet but I think I will try it on my next load.
-
tor3nduser[m]
you know if you are really the lead dev on graphene. more power to ya really. you guys do a great job. but my god being nicer would be cool
-
rhclayto
No, you just can't answer it. And so . . . much . . ego.
-
nux
th0mcat: I just used the CLI method on a brand new Pixel5 and it was very easy.
-
rosie
@nux the documentation does state that you can use one phone's browser to flash another phone using the Web installer, but I had initially interpreted that to mean a phone that already had GOS installed. I would never have thought of it if one of the mods here hadn't suggested it, and by golly, it worked!
-
grapheneos_user_
rhclayto: if you want a basic high level explanation
-
nux
rosie: That's pretty cool!
-
nux
th0mcat: rosie: Now I just need to wait for my Pixel 4a to backup to my Nextcloud instance so that I can import everything over to the Pixel 5.
-
entry1
<rhclayto "So nevermind."> I think you went about this the wrong way and telling the lead developer to grow up isn't very kind. A more suitable question would be "Is there a difference with GrapheneOS data at rest (before unlock) and after first unlock, and are there any known vulnerabilities for companies like Cellebrite (who work with law enforcement) to unlock a GrapheneOS device.
-
grapheneos_user_
<entry1 "I think you went about this the "> He's banned
-
entry1
Nvm, sorry you're getting attacked today
-
entry1
<grapheneos_user_ "He's banned"> Yep lol
-
strcat[m]
think those are the same person and not acting in good faith
-
grapheneos_user_
<entry1 "Yep lol"> Hehe
-
grapheneos_user_
:P
-
th0mcat
Yeah that was super concern-trolly
-
strcat[m]
again, some very weird stuff going on there
-
strcat[m]
similar to earlier
-
strcat[m]
hope people can see that
-
grapheneos_user_
How is strcat supposed to write non technical documentation for a technical answer
-
grapheneos_user_
Makes no sense whatsoever
-
strcat[m]
I wrote nearly all the docs on the site and there are plenty of non-technical docs there
-
grapheneos_user_
* How is strcat supposed to write non technical answers for a technical question
-
strcat[m]
don't appreciate someone claiming that I'm not capable of writing good documentation and teaching people things in a way they can understand
-
entry1
He was in here yesterday and name dropped JollyRoger, but that could have been a way to seem innocent. For anyone reading the logs or who hasn't seen what was deleted, he insulted the lead developer who was trying to assist him kindly and insulted him again. Another user joined in together.
-
strcat[m]
you can see I asked several times if they knew what at rest meant and was fully willing to explain it in detail
-
grapheneos_user_
Wow
-
strcat[m]
they wouldn't respond
-
strcat[m]
entry1: who was?
-
strcat[m]
yesterday I mean
-
grapheneos_user_
<strcat[m] "they wouldn't respond"> "that answer can't stop me because I can't read!"
-
grapheneos_user_
What it seems like
-
entry1
Yes, you did strcat. Completely justified. strcat rhclayto
-
strcat[m]
can explain what exactly happened yesterday?
-
strcat[m]
there have been raids on the channel in the past few days, as expected
-
entry1
He was in here and said he was referred by PeterEaston to the room. It seemed innocent enough and he could have been lying 100%
-
strcat[m]
entry1: doesn't really seem problematic?
-
entry1
We pointed him to the OT room as well.
-
entry1
Trying to think exactly what he asked. No, he seemed innocent enough but today he acted very hostile towards you.
-
sphinx[m]
<strcat[m] "you can see I asked several time"> > rhclayto
-
dhsjwbbsjxndbs
tf is going on
-
akc3n[m]
<strcat[m] "hope people can see that"> Ya I've been catching on to patterns lately, and thanks for laying out how they operate.
-
strcat[m]
sphinx: and I was going to explain it in detail to them and they kept insulting my writing instead and implying I need to hire someone to write for me
-
strcat[m]
which is actually pretty insulting
-
strcat[m]
and by the way I got involved in open source initially by writing documentation
-
linuxwolf[m]
would installing stock android aosp on a second device provide any type of security or is it pretty open?
-
strcat[m]
linuxwolf: there are no official AOSP releases as a whole OS
-
strcat[m]
unclear what you mean by 'stock android aosp'
-
strcat[m]
stock is used to refer to what comes on the device from retail / factory
-
strcat[m]
AOSP is the open source OS forked by vendors and others to make stock OSes and alternate OSes for the devices
-
strcat[m]
AOSP doesn't have releases itself
-
strcat[m]
* AOSP doesn't have releases with builds itself
-
strcat[m]
it has source code releases
-
linuxwolf[m]
i guess i meant if you download and build aosp fro. source
-
linuxwolf[m]
from*
-
linuxwolf[m]
<strcat[m] "stock is used to refer to what c"> yea true lol. i just meant nothing done to it
-
strcat[m]
AOSP requires device support code to be added
-
linuxwolf[m]
ah i see
-
strcat[m]
so, you'll need to clarify more what you're trying to do
-
dhsjwbbsjxndbs
<strcat[m] "and by the way I got involved in"> archwiki administrator 0 0
-
strcat[m]
you can't simply build AOSP for a device, you need to add the device support code for it
-
strcat[m]
yeah I got involved in editing the Arch Linux wiki and was an administrator there
-
strcat[m]
and I wrote a lot of the content on it
-
linuxwolf[m]
im not trying to do anything. i just wanted to know if any security is implemented in it for my old pix 3a
-
strcat[m]
including a lot of the install guide, etc.
-
strcat[m]
and I've written a lot of other docs
-
linuxwolf[m]
ah ok. i may check that out
-
strcat[m]
some highly technical, some fairly technical, some not very technical at all
-
strcat[m]
FAQ answers vary in how they address it based on the question
-
akc3n[m]
<strcat[m] "and I wrote a lot of the content"> That's pretty sweet... Never knew that, thanks! I'm on their lots.
-
linuxwolf[m]
yea really. arch wiki is awesome 😆
-
strcat[m]
the one about how encryption is implemented is meant to be a technical answer, avoiding saying things requiring being a developer to understand, but assuming background in understanding encryption
-
strcat[m]
it's not meant to explain how disk encryption or key derivation work as concepts
-
strcat[m]
it's meant to be an answer for people who want the technical details and understand those topics
-
strcat[m]
if you don't want technical details, that isn't a question/answer for you
-
strcat[m]
if you want advice on how to use the OS, that's not meant for that
-
linuxwolf[m]
what documentation are you referring to?
-
strcat[m]
I'm referring to the fact that I don't appreciate someone trying to imply that I'm bad at writing and need to hire 'professional copywriters' because they don't like the answer I gave to their question
-
entry1
<akc3n[m] "That's pretty sweet... Never kne"> Always learn something new everyday in here. Dude is a walking book of knowledge and releases everything to the world for free and open source. Needs a book written on him, but an autobiography would be the best tbh because another author would mess it up 😂
-
strcat[m]
that section is supposed to be technical and requires knowing encryption terms
-
nux
Is there a GrapheneOS forum where one may post devices installed with GOS for sale? I'd list my Pixel 4a on Gazelle or Swappa but I suspect it wouldn't appeal to the average security-unconcious person with GrapheneOS running on it.
-
strcat[m]
that's the point of it
-
strcat[m]
it's actually quite frustrating putting so much effort into writing that stuff and then having that response to it
-
strcat[m]
and once I put substantial effort into making content there I want to use it as an answer, that was the point of writing it
-
strcat[m]
grapheneos.org/faq#notifications here's an example of a section that's meant to get across a lot of non-technical info while providing technical details as a bonus
-
strcat[m]
but that encryption section is literally "how is encryption implemented?"
-
strcat[m]
which from my interpretation what was basically what they were asking here: how is it implemented and how would it be attacked
-
nux
Probably best just to re-flash it back to Google's OS and sell it that way but figured I'd ask.
-
entry1
<strcat[m] "it's actually quite frustrating "> You're not falling on 100% deaf ears, I can assure you that. Can't imagine your pain when you're the epitome of a "good" person trying to better the world
-
linuxwolf[m]
<strcat[m] "it's actually quite frustrating "> idk i think you guys did a good job. i understand the documentation on the website..
-
strcat[m]
I could make another encryption section about more specific things
-
strcat[m]
I wanted to make one about the keystore
-
strcat[m]
I do not really want to make one with 'advice'
-
strcat[m]
because there is no one size fits all advice
-
strcat[m]
what I can do is explain how things work, like that section
-
strcat[m]
or provide a section on advantages/disadvantages to different approaches
-
strcat[m]
people ultimately have to choose what's best for their needs
-
strcat[m]
there can be more info on encryption there
-
akc3n[m]
<strcat[m] "I could make *another* encryptio"> Do you think you would do that then? I would love to learn from it.
-
akc3n[m]
As I'm sure others will too
-
strcat[m]
maybe but not as a response to this
-
akc3n[m]
I understand. And agree.
-
strcat[m]
stuff like this discourages me from writing it
-
akc3n[m]
No. Please. Your writing is amazing. And extremely beneficial to everyone and anyone who wants to learn. Please don't be discouraged by idiot trolls.
-
strcat[m]
anyway if you read that section I think you can see I did try to make a technical answer as understandable as possible but defining terms, etc. isn't in scope
-
nux
akc3n[m]: +1
-
grapheneos_user_
<nux "Is there a GrapheneOS forum wher"> Off topic, will answer in that channel
-
nux
grapheneos_user_: Oh yeah, I forgot about that channel. Thanks!
-
strcat[m]
> All data, file names and other metadata is always stored encrypted.
-
strcat[m]
it says that pretty early
-
strcat[m]
anyway point of the section is not to define terms or how disk encryption works in general
-
strcat[m]
it's specifically meant to say how it is implemented in AOSP with a modern device fully providing the hardware features for it and what GrapheneOS changes
-
strcat[m]
it is not "what is disk encryption?" "how does disk encryption work?" etc
-
strcat[m]
and it's not "what are the security properties of the approach to disk encryption?" either
-
strcat[m]
that's just meant to be implied, for people who understand what it's talking about
-
entry1
The advantages and disadvantages for comparisons in opsec would be huge to read, but again you have a lot on your plate already. You could write a book(s) about the operating system and underlying security features and enhancements and I'd want to read every page. You always remain as impartial as possible, but most laypeople want "absolutes" and ultimately your opinion (even though you always specify their isn't a one
-
entry1
size fits all approach and that it can get too technical). The website is an amazing tool and when people have questions, I always try to link it directly since it answers them better and can answer a ton of other questions that will arise.
-
strcat[m]
yes people want overly simple answers to a very broad a nuanced question
-
strcat[m]
if you ask a question about the security properties and how it could be attacked you really need to start by understanding that section
-
strcat[m]
and go from there
-
strcat[m]
otherwise I could make an overly simplified take on it
-
strcat[m]
and I can't read minds, I can't know if someone really just wants some simple reassurance or basic explanation
-
strcat[m]
if they ask how it works I take that as what it means
-
strcat[m]
> GrapheneOS enables support for ending secondary user profile sessions after logging into them. It adds an end session button to the lockscreen and in the global action menu accessed by holding the power button. This fully purges the encryption keys and puts the profiles back at rest. This can't be done for the owner profile without rebooting due to it encrypting the sensitive system-wide operating system data.
-
strcat[m]
> Using a secondary profile for regular usage allows you to make use of the device without decrypting the data in your regular usage profile. It also allows putting it at rest without rebooting the device. Even if you use the same passphrase for multiple profiles, each of those profiles still ends up with a unique key encryption key and a compromise of the OS while one of them is active won't leak the passphrase. The
-
strcat[m]
advantage to using separate passphrases is in case an attacker records you entering it.
-
strcat[m]
I think this is a really good explanation
-
strcat[m]
I don't understand what is wrong with it
-
linuxwolf[m]
question. what is meant by "user facing" firewall.
-
strcat[m]
linuxwolf: toggles, knobs, frills for end users to change
-
linuxwolf[m]
ah. thanks
-
entry1
Exactly, and you can open a can of worms because you are so often quoted. If there is misinterpretation of the person's question and an oversimplified answer given, it could lead to other people being confused and even more questions.
-
strcat[m]
a lot of care went into writing stuff in a way that it doesn't get misinterpreted and I edit it if that's happening
-
strcat[m]
it has to be nuanced and detailed sometimes
-
strcat[m]
someone having your device while a profile is logged in doesn't mean they inherently get data from it
-
strcat[m]
they would have to exploit the OS
-
strcat[m]
and as it explains in the final paragraph apps can keep data at rest when locked
-
strcat[m]
using keystore
-
strcat[m]
imo those 2 paragraphs are a good answer and a lot of information beyond what they explicitly state is implied by them
-
strcat[m]
there could be a separate question about that kind of thing but it's not going to be what people want since it's all going to have to be nuanced and detailed in the same way
-
strcat[m]
profile logged in means the OS has access to most of that profile's data
-
strcat[m]
not all, particularly when locked, but most, and it's up to apps to use keystore
-
linuxwolf[m]
any plans to implement the ability to utilize the pixel 5s adaptive charging feature?
-
strcat[m]
so, sorry for not putting misleading or dishonest marketing BS / claims on the site like nearly anyone else...
-
strcat[m]
linuxwolf: all the normal charging stuff works fine
-
strcat[m]
linuxwolf: no plans to implement machine learning of your habits to adjust things like brightness, charging, etc.
-
linuxwolf[m]
i was referring to the feature where if an alarm is set then the phone will charge slower throughout that time period to reach 100% just prior to the alarm going off
-
linuxwolf[m]
i think they call it adaptive charging
-
rny
why'd this be something controlled by the clock app?
-
rny
its the battery controllers job to decide how many amps to pull from the charger
-
entry1
Thank you for being a good person. I seriously hope you don't get too overburdened with the constant trolling/attacks to just stop what you're doing overall and become probably one of the best blackhat hackers there could possibly be. You deserve more resources and help than you get.
-
strcat[m]
linuxwolf: which uses machine learning type stuff
-
strcat[m]
linuxwolf: and also what happens if you need to get up early and your phone is half charged
-
strcat[m]
we have all the standard charging throttling stuff based on heat, capacity, etc.
-
rny
🙃
-
strcat[m]
charges slower near max capacity, avoids making it too hot, etc.
-
strcat[m]
standard USB-PD stuff integrated into SoC + battery
-
strcat[m]
very sophisticated already
-
rny
ML coerces people into 16/8 day-night cycles
-
rny
:P
-
linuxwolf[m]
<strcat[m] "we have all the standard chargin"> thats good to know. i just noticed yesterday that my phone said it was rapid charging.
-
linuxwolf[m]
which led me to look for a way to turn off rapid charge
-
d3nm6ugnffwftn2j
Hi, recently I've been noticing from a certain update some apps are not adjusted to System Language. I have Japanese language set on my phone, it used to be that the software downloaded would correctly show Japanese but now they all revert to English for some reason. Noticable apps are Google Maps, Google Photos, Deezer, Shazam and many more. I would appreciate if anyone knew what went wrong. Thanks a lot
-
TheJollyRoger
entry1: ah, crap, looks like I got back a little late. He appeared on my github asking me some questions. Some I answered, but a few I didn't exactly feel qualified to answer so I just linked the FAQ and the IRC channel. Nevermind that though, if he's been disrespectful, that has noplace here.
-
TheJollyRoger
Ah well. In the future, I might take my old drafts down because they're only up there for historical preservation, they're not curated.
-
TheJollyRoger
For the record, the existing documentation's much better than what I could do, with my understanding of the operating system at this point in time. I'm not sure I could break it down much further without it starting to sound condescending...
-
dhsjwbbsjxndbs
<d3nm6ugnffwftn2j "Hi, recently I've been noticing "> If you use aurora Store that could can be where the issue is from
-
d3nm6ugnffwftn2j
<dhsjwbbsjxndbs "If you use aurora Store that cou"> I see. Is it because their recent 4.0 update that doesn't do language spoof very well?
-
dhsjwbbsjxndbs
It pretty widely reported after v4 release
-
dhsjwbbsjxndbs
a lot of new shared accounts are UK Google accounts
-
dhsjwbbsjxndbs
you can use a Japanese account download, apps that are more localized to Japan
-
d3nm6ugnffwftn2j
Oh that's the reason why. I'll go and try that. Thanks a lot for the help!😄
-
entry1
<TheJollyRoger "entry1: ah, crap, looks like I g"> Oh no worries! Thanks for all your help in the room to and to pointing him here! It was a shame it came to that and I only mentioned your name since I remember him joining yesterday and mentioned how you helped him out. Wasn't calling you out whatsoever my man
-
TheJollyRoger
entry1: Oh, hehe, no callout taken mate! Thanks for the heads-up, all is well.
-
TheJollyRoger
Sorry if that was a bit gruff.
-
TheJollyRoger
Wasn't my intention!
-
entry1
You're not referring to me right? (Not to make things about myself lol)
-
TheJollyRoger
entry1: oh no no no, not referring to you, ahaha.
-
TheJollyRoger
You're good P.-)
-
John69
-
akc3n[m]
Spam ^
-
hopethisisuniq
I'm running into an issue and before I submit a bug report I thought I'd ask here if anyone else has encountered this:
-
hopethisisuniq
I installed Signal (through Aurora Store) and went through the setup and registration, including restoring messages from a backup, but within a few seconds after that the app closed suddenly. Now when I try to open it it will open to a white screen (for about a quarter of a second) and then close. In my notifications bar it tells me that Signal has
-
hopethisisuniq
a background connection enabled. I've tried force stopping it and rebooting the phone to no success.
-
hopethisisuniq
This is my third time trying to set up the app. I did the same thing yesterday with the same problem. I then uninstalled Signal and reinstalled it but did not restore from a backup. But because I want my old messages I then tried setting it up again today and once again restoring from a backup. Anyone have any thoughts? Or should I just submit a
-
hopethisisuniq
bug report? Thank you.
-
TheJollyRoger
Hello hopethisisuniq, I'm running the latest of Signal, haven't seen what you're seeing. If you have access to the developer options, you can capture and send a tombstone.
-
hopethisisuniq
OK I'll do that
-
hopethisisuniq
Hmmm this is happening on a secondary user account so maybe I can't activate developer options?
-
TheJollyRoger
Hmm, haven't had any problems with Signal on a secondary user account either.
-
hopethisisuniq
I more meant that I can't seem to activate developer options from within a secondary account. I'll try to replicate this in the phone's owner account
-
TheJollyRoger
Great!
-
ihopethisisuniq
Hmmm... reinstalled and registered signal on my owner account and now it isn't crashing. I'll try to figure out how to replicate the problem but if I guess I'll try reinstalling it on the secondary account where I was running into the issues.
-
ihopethisisuniq
*if I can't replicate the crashes
-
ihopethisisuniq
OK now it's crashing again and I tried to capture a bug report but I'm not sure if I'm doing it right:
-
ihopethisisuniq
I went to Developer options and clicked on Bug report. I then opened signal to replicate the issue and then clicked on Details under the bug report notification. I gave it a title and summary and clicked Save and then chose to share it. And then it went to a blank screen. Am I doing this right?
-
Ann_Caleb78
Hello All!
-
Delta[m]1
<ihopethisisuniq "Hmmm... reinstalled and register"> I think for GrapheneOS you still have to install an actual Signal .apk and not the Aurora store/Google Play version? I think that might be your problem.
-
Ann_Caleb78
i have graphene installed on my Pixel 4a. anybody know why, when enabe DND, that DND doesn't work unless I enable DND and have to cut my Volume all the way down, also, to get DND to work?
-
helloworldkk87[m
<Delta[m]1 "I think for GrapheneOS you still"> The aurora store gets the same apk from playstore
-
helloworldkk87[m
Should not matter
-
Delta[m]1
<helloworldkk87[m "The aurora store gets the same a"> I meant this
signal.org/android/apk
-
helloworldkk87[m
That version just has the bult in updater
-
Delta[m]1
And notifications
-
helloworldkk87[m
Notifications work on both
-
Delta[m]1
They never used to
-
helloworldkk87[m
Right
-
Delta[m]1
You used to have to specifically install this version for GrapheneOS, which was completely independent of Google services
-
Delta[m]1
i.e the notifications
-
helloworldkk87[m
Right
-
helloworldkk87[m
Also lets take this to off topic
-
kskdj[m]
<Delta[m]1 "You used to have to specifically"> Which one
-
helloworldkk87[m
#grapheneos-offtopic:matrix.org
-
Delta[m]1
<kskdj[m] "Which one"> The .apk offered on their site
-
Ann_Caleb
wth just happened?
-
Ann_Caleb
wth just happened? anybody know?
-
iccedlemontea[m]
Hey guys what is the "sensors" permission?
-
helloworldkk87[m
-
helloworldkk87[m
That explains it well
-
iccedlemontea[m]
That explained it very clearly. Thanks for sharing that resource
-
GrapheneOS-Teleg
!PrivacyGoods has joined the Telegram Group!
-
lkjlpojnk
Hi, I am preparing to flash my Pixel 4a 5g with GrapheneOS. In the official Web installation guide, it says to turn on oem locking, but it says nothing about enabling USB debugging. Is it correct to leave USB debugging off? I was under the impression this was needed.
-
lkjlpojnk
Sorry for this question, I am doing this for the first time and just like to double check so as to avoid bricking my phone
-
lkjlpojnk
*oem unlocking* of course
-
sphinx[m]
lkjlpojnk: yes, don't deviate from the guide
-
lkjlpojnk
Ok, so I leave USB debugging toggled off, correct?
-
sphinx[m]
correct
-
lkjlpojnk
Thanks!
-
Babe69
-
Babe69
-
helloworldkk87[m
Tf is this xd
-
DHFuchsiaOSwhen
Some random spamming
-
lkjlpojnk
Hi, I am in the process of flashing GOS via WEB Installer and ran into an error
-
lkjlpojnk
the Web Installer says "Error: Unable to claim Interface", and the device shows fastbootd with the options to reboot system now, enter recovery, reboot to bootloader or power off
-
DHFuchsiaOSwhen
<lkjlpojnk "the Web Installer says "Error: U"> reboot again to bootloader, flash it using different usb port or usb cable
-
DHFuchsiaOSwhen
<DHFuchsiaOSwhen "reboot again to bootloader, flas"> Try doing this btw (assuming the cable that came with the phone is not used)
-
lkjlpojnk
I am using the original cable and no adapter. Should I use a different port?
-
OffTopic
Hello, this is off topic, but everyone here seems to be intelligent on the subject of privacy and security.
-
OffTopic
What messaging app, would you guys suggest ? Signal ? or FOSS-Molly ?
-
DHFuchsiaOSwhen
<lkjlpojnk "I am using the original cable an"> Yeah
-
lkjlpojnk
I rebooted into bootloader, plugged the cable into a different port and pressed the Flash Release button, but it says "Error: An operation that changes interface state is in progress."
-
helloworldkk87[m
#grapheneos-offtopic:matrix.org
-
DHFuchsiaOSwhen
<lkjlpojnk "I rebooted into bootloader, plug"> Refreshing may help
-
DHFuchsiaOSwhen
<OffTopic "What messaging app, would you gu"> A shorthand answer, FOSS-Molly for having separate passphrase and having encryption at rest, Signal for lesser parties to trust
-
DHFuchsiaOSwhen
<OffTopic "What messaging app, would you gu"> (Also, the offopic room is at #grapheneos-offtopic)
-
lkjlpojnk
Thanks, refreshing worked.Its flashing now
-
OffTopic
Ok, thank you !!
-
lkjlpojnk
Thank you so much DHFuchsiaOSwhen , the installation worked perfectly with the other port
-
lkjlpojnk
Hi, how do I verify apk files on GrapheneOS?
-
signalarch[m]
<lkjlpojnk "Hi, how do I verify apk files on"> If you are trying to on your phone I believe
f-droid.org/app/com.oF2pks.classyshark3xodus will show the sha256 of apks
-
Stephen[m]
Anyone have an issue with occasions of GrapheneOS on a Pixel 3XL freezing up? I'm trying to figure out if its just if I have to many apps running in the background or something.
-
tom-griffin[m]
<Stephen[m] "Anyone have an issue with occasi"> I have the same problem
-
tom-griffin[m]
But I'm on a 4xl
-
Stephen[m]
I usually check RAM usage, but mine typically stays at 3.4gb/3.8gb
-
DHFuchsiaOSwhen
-
Stephen[m]
I'll check it out
-
Stephen[m]
Ah, yes. Sounds like it is related. I usually notice it on my phone if I'm watching newpipe, vinyl music player, or bromite. But it is really random. I need to see if I can log what happens before it freezes
-
Stephen[m]
Does anyone know how I could go about logging data when the phone freezes up?
-
DHFuchsiaOSwhen
<Stephen[m] "Does anyone know how I could go "> Bug report toggled on in developer options
-
DHFuchsiaOSwhen
or adb logcat with adb debugging on
-
Stephen[m]
Good stuff. I'll try it out
-
Stephen[m]
<DHFuchsiaOSwhen "Bug report toggled on in develop"> So I would probably just run the bug report right after a SystemUI freeze correct?
-
-
mrx777[m]
Hello guys
-
Stephen[m]
Sup
-
Babe69
-
cacheline
I'm interested in GrapheneOS for my personal device. But, I'm wondering if there's an easy way to figure out which of my apps do NOT use the Play Services library. Are there any ways to determine this without first trying to install & use the app?
-
cacheline
Also, since Project Treble is using play services to distribute OS updates, as far as I understand it, how does that work for OS updates for GrapheneOS?
-
cacheline
And as an Android app dev, would I need to skip using a lot of the AndroidX libraries and such in order for apps to work on GrapheneOS? Or is it strictly things like maps, gms, and other play-* maven artifacts that won't work in GrapheneOS?
-
cacheline
Is there an easy way to install GrapheneOS on the standard emulator bundled with Android Studio, so I can test it out?
-
p8tuahpirua5ra[m
who here uses signal with grapheme?
-
p8tuahpirua5ra[m
no matter what I do I can't get it to vibrate or ring when someone texts or calls. its permanently stuck on silent. how do I get it off silent?
-
cacheline
I haven't tried it, but have you gone to the Settings app to the Signal settings, and adjusted the notification channel settings there?
-
Stephen[m]
<cacheline "I haven't tried it, but have you"> Yes, I would check this
-
p8tuahpirua5ra[m
its under settings accounts then signal?
-
cacheline
Long press on the Signal icon and choose the app info option (may look like an "i" in a circle)... then click Notifications
-
cacheline
Will look approximately like this:
i.stack.imgur.com/zpwUb.jpg
-
cacheline
The UI tends to change slightly across Android releases, so it may look somewhat different.
-
Stephen[m]
<p8tuahpirua5ra[m "its under settings accounts then"> Settings>apps and notifications> notifications
-
p8tuahpirua5ra[m
it's turned on
-
p8tuahpirua5ra[m
but still stuck on silent
-
Stephen[m]
Are you getting a notification for background connection enabled on signal?
-
cacheline
Well, it's more than just turned on. In Android 8, they added "notification channels", so apps could have different settings for various types of notifications (vibrate, sound, blinking led, etc). You need to adjust all the settings for the notification channel in question
-
p8tuahpirua5ra[m
yea I am
-
akc3n[m]
<cacheline "Is there an easy way to install "> Have you checked the build page on Grapheneos.org?
-
p8tuahpirua5ra[m
it's there but its not showing right now
-
p8tuahpirua5ra[m
how do you turn it on?
-
Stephen[m]
Mine just shows up when the signal background service is running
-
Stephen[m]
You could try force stopping, then open the app, see if that does anything
-
cacheline
akc3n[m] not as of yet. So, I'll need to build for an emulator target?
-
p8tuahpirua5ra[m
I restarted my phone now it shows up
-
akc3n[m]
<cacheline "akc3n not as of yet. So, I'll n"> Please read
grapheneos.org/build it has all the information
-
cacheline
Another thought occurs to me: since GrapheneOS doesn't have the Play Store, how can I obtain an app if it's not on F-Droid? Do I have to hope the devs published an APK somewhere that I can sideload?
-
p8tuahpirua5ra[m
I use apkpure
-
Stephen[m]
Also the Aurora Store is a good opt
-
Stephen[m]
<p8tuahpirua5ra[m "I use apkpure"> Might want to double check those apks b4 u install
-
cacheline
Interesting. Seems to have a few apps I use just from a basic perusal. I even see my company's app there. So, super curious, how do they do it? Do they just manage to scrape the Play Store? (Not upset about it, genuinely curious)
-
tony_l[m]
<p8tuahpirua5ra[m "I use apkpure"> apkmirror publishes hash and cert fingerprint
-
p8tuahpirua5ra[m
signal still won't allow me to get notifications
-
p8tuahpirua5ra[m
the message shows up butnit won't vibrate or ring. its stuck on silent
-
Stephen[m]
<cacheline "Interesting. Seems to have a fe"> I believe it uses fake gmail accounts generated and they use those to allow you to download apps
-
cacheline
Anyway to send a link to screenshots of the Signal notifications settings you used?
-
Stephen[m]
They call it their tokenizer or something
-
cacheline
So, it proxies the download? Or it uses the accounts to get the APK and mirror on their server?
-
Stephen[m]
<cacheline "Interesting. Seems to have a fe"> Aurora - App Store
-
Stephen[m]
<cacheline "So, it proxies the download? Or"> Not sure, but lots of info on their telegram server and gitlab I think
-
cacheline
-
GrapheneOS-Teleg
<themikep> java.io.FileNotFoundException: open failed: ENOENT (No such file or directory) at android.os.ParcelFileDescriptor.openInternal(ParcelFileDescriptor.java:344) at android.os.ParcelFileDescriptor.open(ParcelFileDescriptor.java:231) at androidx.core.content.FileProvider.openFile(:2) at android.content.ContentProvider.openAssetFile(ContentProvider.java:2004) at android.content.ContentProvider.openTypedAssetFile(ContentProvider.
-
Stephen[m]
Yes, but I feel like softonic is sketch, its on fdroid
f-droid.org/en/packages/com.aurora.store
-
GrapheneOS-Teleg
<themikep> I get thsis error when I try to update some Apps via Aurora
-
mrx777[m]
<p8tuahpirua5ra[m "no matter what I do I can't get "> Via Home screen bubble then click on the settings icon
-
cacheline
Stephen[m] well, I was wondering more about if there's a web interface for Aurora, just so I could see what they have while on my laptop :-)
-
cacheline
thanks, for all the info btw
-
Stephen[m]
Ah gotcha. Its an exact mirror of the play store, so it should have all the same apps
-
Stephen[m]
*I think
-
cacheline
Sweet... I love Android, but am increasingly leery of Big Tech's hooks into everything. Just trying to figure out the pieces to do a switch & what apps, if any, would break for me in switching over
-
danielk[m]
Switched from Android to GrapheneOS some months ago...with F-droid and Aurorastore for Banking Apps absolut great decision in my opinion! Thx to the Dev(s)! And also great having to possibility to support via Monero!
-
GrapheneOS-Teleg
Z1fX4DYhtGBmPVPUcHFh shared a photo on Telegram with caption: ''
-
mrx777[m]
<Stephen[m] "Might want to double check those"> You mean chexk the apk from aurora store?
-
Stephen[m]
<mrx777[m] "You mean chexk the apk from auro"> I was just thinking it is probably a good idea to check hash of the apk if its downloaded from the internet
-
mrx777[m]
What is the fastest way to install apps on Graphene?
-
Stephen[m]
Fdroid, then Aurora if you need apps from the play store
-
helloworldkk87[m
If you install apps from Aurora store they are verified. No need to check hash
-
mrx777[m]
<Stephen[m] "I was just thinking it is probab"> Maybe downloading the apk via the official website and install it via adb
-
mrx777[m]
<helloworldkk87[m "If you install apps from Aurora "> You sure??
-
helloworldkk87[m
Well 99% sure :D
-
Stephen[m]
If you check auroras website they probably go into some detail about it
-
helloworldkk87[m
Also there is off topic channel where we usually talk about this kinda stuff
-
helloworldkk87[m
You can join here -> #grapheneos-offtopic:matrix.org
-
mrx777[m]
With Graphene you can create a image and deploy it on other devices?
-
p8tuahpirua5ra[m
I need help. why is my entire phone silent?
-
p8tuahpirua5ra[m
texts from anything don't make a sound or vibrate
-
mrx777[m]
Go to..
-
mrx777[m]
<p8tuahpirua5ra[m "texts from anything don't make a"> Try Settings > Display > Advanced > Lock Screen > Notifications on lock screen
-
mrx777[m]
Settings > Apps &Notifications > make sure the settings is right.
-
p8tuahpirua5ra[m
notifications on lock screen what should I put it as?
-
helloworldkk87[m
Depends
-
helloworldkk87[m
I use show notifications when decice unlocked
-
p8tuahpirua5ra[m
that didn't do anything
-
p8tuahpirua5ra[m
all it did was show apps running on my lock screen. still no sound
-
helloworldkk87[m
Ohhh it has nothing to do with that
-
fomijafi[m]
Settings - Sounds - ring & notification volume ???
-
fomijafi[m]
don't mean to be dense but just making sure you've checked the system settings
-
GrapheneOS-Teleg
P (@ppp1234ppp) has joined the Telegram Group!
-
bikeman1234[m]
Hi! I have a pixel 5 and a Pixel 4a with GrapheneOS, on both i experience some problems with SMS, but only in alternative profiles not the owner profile. Sometimes I get a notification about SMS but i cant find the SMS, i know there should be one as I have tried texting myself. This happens almost everyday and it works again when i restart the phone, at all times the notifications only vibrates no sound even if
-
bikeman1234[m]
the settings say it should make sound and the volume is max
-
bikeman1234[m]
Owner profile no problems
-
southron[m]
With the default messaging app I always receive SMS but it vibrates only in user profile. The only time I received no notification was with 3rd party SMS apps.
-
bikeman1234[m]
I have the default one
-
southron[m]
The built in app is pretty ancient. Maybe it doesn't fully support user profiles or there is a setting I haven't figured out.
-
bikeman1234[m]
I want to use signal as SMS app but it seems it cant be signed in on multiple profiles
-
kepoff[m]
<bikeman1234[m] "I want to use signal as SMS app "> you could use something like Molly for this, which is basically hardened Signal
-
kepoff[m]
But it might be better to ask this on the off topic channel: #grapheneos:matrix.org
-
bikeman1234[m]
ok
-
kepoff[m]
#grapheneos-offtopic:matrix.org
-
kepoff[m]
oops
-
kepoff[m]
* But it might be better to ask this on the off topic channel: #grapheneos-offtopic:matrix.org
-
odinos[m]
For the license of a paid app I need to have a certain email address registered in my OS
-
odinos[m]
How do I accomplish this without a native email app?
-
odinos[m]
"The Pro version will only work on Android devices where this email is registered as an Android account." it says on the paypal payment page
-
entry1
<odinos[m] "For the license of a paid app I "> There isn't an email exactly registered in an OS. You can just have access to the email?
-
entry1
Unlike a Google account signed in or an iOS email
-
odinos[m]
I dont understand
-
TheJollyRoger
odinos[m]: don't quote me on this, but if I recall correctly, paid apps are handled via Play Services. Some aspects of play services are privacy invasive and need to be deeply integrated into the operating system in order to function, so GrapheneOS does not bundle them.
-
TheJollyRoger
In other words, the device needs to be linked to a Google account.
-
odinos[m]
No this licensing method was specifically made for people without play services
-
TheJollyRoger
Alright, you'll have to take it up with upstream directly, then.
-
odinos[m]
-
TheJollyRoger
Yep, you'll have to take it up with them, then.
-
TheJollyRoger
I can't help you with that, unfortunately.
-
odinos[m]
Well their dev is saying to contact the rom dev
-
odinos[m]
I just need to register an email as android account
-
odinos[m]
youre saying this is not possible? regardless of the licensing thing
-
odinos[m]
-
TheJollyRoger
Well, under settings that's handled by the app.
-
odinos[m]
When I press add account in OS settings there is no option to enter an email
-
TheJollyRoger
Yeah. That should be handled by the app.
-
odinos[m]
what app
-
TheJollyRoger
The app you're trying to use.
-
TheJollyRoger
Apps like Signal, Linphone, OpenKeyChain that use account sync should populate that automatically.
-
odinos[m]
On other roms adding an email account is handled by a default mail app
-
odinos[m]
I'm only asking how I can achieve this in GOS
-
TheJollyRoger
Yeah. I think I'm out of ideas for you, someone else is going to have to step in here.
-
TheJollyRoger
Sorry mate.
-
odinos[m]
okay no problem
-
TheJollyRoger
(I'm not a developer, I'm just the channel greeter)
-
TheJollyRoger
(So ahoy!)
-
sizzyb
greetings. would there be a reason that my PIN is no longer working?
-
TheJollyRoger
Ahoy!
-
TheJollyRoger
Your unlock pin?
-
sizzyb
ya. my unlock PIN isn't working. I literally unlocked it, 2 seconds later attempted to turn off Location from top pulldown menu, and it requested a PIN. I entered the same PIN to unlock the device in the first place, and it's not working
-
TheJollyRoger
Might've mistyped it?
-
sizzyb
I'm on my 13th attempt... have meticulously entered to ensure no extra numbers, right order, etc etc
-
TheJollyRoger
That's all I can think of. A few people here have ended up forgetting their lock pins and having to start over again by resetting from recovery.
-
TheJollyRoger
Dunno, there's not much of a reason this would happen.
-
sizzyb
I have no problem doing that... it's just really weird... I'll attempt to reset & see if I can replicate the problem...
-
TheJollyRoger
Sure. If you need to reset via recovery I'll walk you through the process.
-
sizzyb
In the absence of an online guide, that would be incredible
-
TheJollyRoger
Sure. Alright, so... first thing first, this is the only warning you will get when doing this: if we reset your phone via recovery, there is no way back, because the security chip will shred its access tokens and generate new ones. So even if you do find the password at a later date, even if the SSD is intact, the contents can't be recovered.
-
TheJollyRoger
So try to exhaust all other options before we try this, if there's anything you value on that phone.
-
TheJollyRoger
There is no "oops" switch.
-
sizzyb
Understood. Luckily only installed last week, so losing valuable info is a non-issue
-
TheJollyRoger
Great! Ok, so the first step is, we're going to reboot to the bootloader, I want you to power off your phone via the power menu.
-
TheJollyRoger
Once it's powered off, I want you to press and hold down the VOLUME DOWN key, then press and hold the POWER key until you see the black "Fastboot Mode" screen.
-
TheJollyRoger
Once you get there, use VOLUME UP or VOLUME DOWN to scroll through the options until you get to "Recovery mode" Select it by tapping and releasing POWER once.
-
TheJollyRoger
You'll see the yellowscreen "different operating system" warning (you can skip it by double tapping POWER) followed by the OEM logo, and then it'll drop you at a black screen with the Green Robot lying on its back with a "!" and "No Command."
-
TheJollyRoger
Once you see that, I want you to do this part very quickly:
-
TheJollyRoger
You need to quickly press and hold POWER, then tap and release VOLUME UP then let go of VOLUME UP and then let go of POWER.
-
TheJollyRoger
You should arrive at a menu labelled: "GrapheneOS Recovery" which should have several options, "Wipe Data/Factory Reset" should be near the middle of the menu.
-
TheJollyRoger
This should get you back to a fresh start of GrapheneOS.
-
sizzyb
Ahoy! Thanks TheJollyRoger
-
TheJollyRoger
Arr, hope this helps!
-
sizzyb
I couldn't replicate the issue, but I believe last boot I didn't allow apps access to location at all. This boot I allowed location upon permission
-
osm2lis
Hi, does anyone know how I can sync my Pixel 4a 5g with my laptop running Ubuntu 20.04? If I connect it via USB-C cable, it can be mounted, however the file browser shows the phone as empty and I cannot modify anything
-
entry1
<osm2lis "Hi, does anyone know how I can s"> Did you enable data transfer on the device itself when you have it unlocked?
-
osm2lis
I don't think so. How do I do that?
-
osm2lis
Got it, thanks for the pointer!
-
entry1
No problem! Sorry, missed that message earlier. Glad you got it, very common question
-
chile09[m]
Hello
-
chile09[m]
Is it possible to install GrapheneOS on a nexus 6P
-
jpds
chile09[m]: No, the supported devices are on the website
-
chile09[m]
So it's just the Google Pixel models?
-
jpds
chile09[m]: Yep
-
chile09[m]
Is there something which prevents GrapheneOS from being ported to a different device?
-
tony_l[m]
<chile09[m] "Is there something which prevent"> rtfm
-
skwisgaar[m]
chile09: the security/privacy goals of GrapheneOS only can be accomplished on Pixel devices at this point in time. You could port it but it wouldn’t be the same.
-
tony_l[m]
*
-
tony_l[m]
-
skwisgaar[m]
tony_l: you can point people to documentation without being a dick
-
helloworldkk87[m
Lol
-
chile09[m]
So the pixel has certain firmware features unavailable in other devices
-
helloworldkk87[m
-
chile09[m]
It has IOMMU support
-
helloworldkk87[m
This also shines alot of light on topic:
-
helloworldkk87[m
-
Cliff[m]
Hello everyone, my graphene device keeps autocorrecting my words to english words, i already switched off settings -> system -> language and input -> spellchecker , but I can't find autocorrect?
-
Lynn[m]
Cliff You have to go into the keyboard settings, I believe.
-
Cliff[m]
Lynn 🏳️🌈: could you point me in the right direction
-
Lynn[m]
Settings -> System -> Language and Input -> Virtual keyboard -> Select your keyboard
-
jcenny[m]
Hi, does anybody had a problem with ReactNative apps and update 2021.03.19.14 on Pixel4a devices? I'm getting a SIGSEGV on startup. On 2021.03.06.00 the crash wasn't happening, same App version. Thank you
-
jcenny[m]
*on app startup
-
Cliff[m]
Lynn 🏳️🌈: finally found it thank you!
-
chile09[m]
-
snoopy
jcenny[m]: Do you have an example for a reactnative app?
-
jcenny[m]
yes, the app that's crashing is com.sella.BancaSella ( libc : Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x430979814030 in tid 19921 (mqt_js), pid 19866 (ella.BancaSella)
-
jcenny[m]
banking app
-
GrapheneOS-Teleg
Cloud (@Spektrum_light) has joined the Telegram Group!
-
GrapheneOS-Teleg
<Spektrum_light> Hello all; I'm really intrested in degoogling my phone, but I saw that grapheneOS is exclusive to pixels; tho in the build section of the website there are generic target: my question is: is it worth it build a rom for a generic target (because apparently you lose like 70% of graphene features) =
-
failbetter[m]
Is it possible to get gesture typing working with the graphene os keyboard?
-
snoopy
jcenny[m]: I just istalled and started "etesync" github says its also react native and it works on my pixel 4a.
-
helloworldkk87[m
<GrapheneOS-Teleg "<Spektrum_light> Hello all; I'm "> Not in my opinion. And if you think GrapheneOS is just de-googled phone you are missing 95% of the point. GrapheneOS is to protect you from memory corruption vulnerabilities and software exploits, and contain apps you've installed on your device and prevent them from exploiting your operating system. And alot the security is tied to the hardware and only Pixels
-
helloworldkk87[m
have it right now
-
helloworldkk87[m
Just my opinion tho
-
snoopy
failbetter[m]: It may be possible, but there need to be someone who puts time and effort in it to make it reality
-
jcenny[m]
snoopy: yes, not all apps are behaving like the com.sella.bancasella. I'm trying to understand why that app is crashing.
-
snoopy
jcenny[m]: Maybe the app got an update?
-
jcenny[m]
nope, same version
-
snoopy
And crashes if it doesn't find a stock android with google? :x
-
jcenny[m]
working before grapheneos upgrade
-
jcenny[m]
it was complaining about google services missing, but it was working fine
-
jcenny[m]
The crash log is always the same
-
jcenny[m]
this:
facebook/react-native #25060 is a very similar error
-
snoopy
I assume the app isn't open source?
-
jcenny[m]
Yes, that's not opensource
-
snoopy
I don't see much changes in the update, not sure what could've happened here
-
jcenny[m]
could a full crash log help in finding the problem?
-
snoopy
jcenny[m]: More information is more helpful, I guess
-
jcenny[m]
Should I have to file a bug on github?
-
private99[m]
Got a question. I run graphene with mullvad VPN always on and DNS is the mullvad adblock server.
-
private99[m]
I want to install one of those VoIP apps like textme or textfree from the aurora store . however I noticed it has a lot of trackers on it. If I download it is the app sandboxed or will it be able to report and track what I do across graphene os and websites I visit
-
private99[m]
What information about the phone will it have other than phone model? Will it have android I'd ?
-
arcibald[m]
Hello. Is there any open source / trusted MDM for pixels with graphenos on them?
-
TheJollyRoger
Hello private99[m], apps are always sandboxed, and with respect to "trackers" on Aurora store,
-
TheJollyRoger
arcibald[m]: There aren't. We recommend against third party device administrators, they present a lot of attack surface
-
TheJollyRoger
private99[m]: with respect to trackers on Aurora Store, something you ought to know is that just because an app includes a library such as firebase, that's not actually a sign of it being invasive or not. It's actually at the discretion of the app developers to use the librariesand what for.
-
TheJollyRoger
Consequently, them merely being included is not a "smoking gun" of the app being invasive, nor is the lack of them an indication that the app is trustworthy.
-
TheJollyRoger
Because it's up to the app developers to determine how they are used and what they do.
-
TheJollyRoger
private99[m]: apps on GrapheneOS are always sandboxed, all the time, and this cannot be turned off nor disabled by you. Apps are only able to see what data you permit them to see, and they can only enumerate other apps within their own respective profile.
-
TheJollyRoger
Sandboxing cannot be disabled by you, nor can apps "opt out" of it. Similarly, interprocess communication (which is limited to apps in the same profile) is a two-way street: even if an app was written by the NSA that whitelisted every other app in the world for interprocess communication, that wouldn't count for anything unless all the other app authors that they wanted to communicate with
-
TheJollyRoger
became complicit.
-
ahmouse
Does anyone know how to verify that secure boot works properly?
-
ahmouse
Or just point me in the right direction
-
jj1013[m]
<ahmouse "Does anyone know how to verify t"> First you must check the device boots correctly after locking the bootloader, then you verify the authenticity of the OS with Auditor.
-
jj1013[m]
> <@freenode_ahmouse:matrix.org> Does anyone know how to verify that secure boot works properly?
-
jj1013[m]
* First you must check the device boots correctly after locking the bootloader, then you verify the security of the OS with Auditor.
-
strcat[m]
@room Copperhead stopped most of their attacks on the project a couple weeks ago. It's likely that will be coming to an end in the near future. Unfortunately, there are others doing far worse things than Copperhead has ever done. CalyxOS and their community are engaging in incredibly underhanded attacks on the project involving harassment, bullying and spreading misinformation about the project. Itworse than anything
-
strcat[m]
Copperhead has ever done. They attempt to portray us as the perpetrators for correcting their false claims and defending ourselves from them. It's not the case.
-
strcat[m]
* @room Copperhead stopped most of their attacks on the project a couple weeks ago. It's likely that will be coming to an end in the near future. Unfortunately, there are others doing far worse things than Copperhead has ever done. CalyxOS and their community are engaging in incredibly underhanded attacks on the project involving harassment, bullying and spreading misinformation about the project. It's worse than
-
strcat[m]
anything Copperhead has ever done. They attempt to portray us as the perpetrators for correcting their false claims and defending ourselves from them. It's not the case. They've already done immense damage and we're working on putting together a plan to start addressing it.
-
strcat[m]
any further raids on the channel, concern trolling, harassment, etc. is unlikely to be connected to Copperhead but rather most of it is now perpetrated by CalyxOS and their core community including people they support and collaborate with
-
tony_l[m]
-
vata0[m]
What’s going on with calyx?
-
backupaccmovedto
im not very familiar what is happening with the Copperhead thing?
-
backupaccmovedto
that is it about exactly?
-
backupaccmovedto
(i just know that it was the predecessor of grapheene os)
-
strcat[m]
-
strcat[m]
-
vata0[m]
I know copperhead was trying to sue the dev from here
-
Felix[m]4
I'm also quite confused. What exactly is happening? I'm really out of the loop
-
vata0[m]
But I didn’t know anything about there being something funky with calyx
-
Superstig[m]
Yeah, what's going on with Calyx?
-
strcat[m]
vata0: Copperhead spent multiple years waging an all out war against us attempting to wipe out the project to benefit themselves
-
Superstig[m]
I'm out of the loop as well.
-
vata0[m]
Felix: pretty sure there’s a post on this sub Reddit about the copperhead shit
-
strcat[m]
because they see it as a competitor which harms their profits since GrapheneOS is much better, is the original project, and is free open source software
-
backupaccmovedto
i see
-
backupaccmovedto
btw why the hardened malloc?
-
backupaccmovedto
what is the issue with the original one
-
backupaccmovedto
* i see
-
backupaccmovedto
btw why the hardened malloc?
-
backupaccmovedto
what is the issue with the original one?
-
jj1013[m]
<vata0[m] "Felix: pretty sure there’s a pos"> Sure thing.
-
strcat[m]
-
chile09[m]
is LineageOS any good?
-
vata0[m]
I thought y’all was friendly with calyx
-
backupaccmovedto
<chile09[m] "is LineageOS any good?"> i like it a lot
-
vata0[m]
I’ve never heard them say anything bad and I’m in there a lot
-
Felix[m]4
<vata0[m] "Felix: pretty sure there’s a pos"> Alright, I'll check it out
-
chile09[m]
<backupaccmovedto "i like it a lot"> The security isn't as good as graphene obviously
-
backupaccmovedto
true
-
backupaccmovedto
it has more user freedom
-
backupaccmovedto
you can root it
-
backupaccmovedto
and microg is available
-
jj1013[m]
<chile09[m] "is LineageOS any good?"> It may be FLOSS, but it is a really big downgrade on security due to it depending on an always-unlocked bootloader.
-
Felix[m]4
<chile09[m] "is LineageOS any good?"> Really good privacy but not as secure
-
Superstig[m]
Depends on what you want to do with your Android ROM.
-
TheJollyRoger
Hi guys, Lineage isn't topical to GrapheneOS, but I'll entertain this one.
-
kradav[m]
<jj1013[m] "It may be FLOSS, but it is a rea"> it can work with locked bl
-
jj1013[m]
<backupaccmovedto "you can root it"> microG is not even near deGoogled.
-
backupaccmovedto
<jj1013[m] "microG is not even near deGoogle"> im aware
-
jj1013[m]
Also, root is also a security downgrade.
-
backupaccmovedto
but its useful
-
backupaccmovedto
i
-
backupaccmovedto
* but its useful
-
Superstig[m]
LineageOS trades user freedom for security.
-
TheJollyRoger
So, with respect to the old security and privacy debate, I'll put it this way: Privacy is a byproduct of security, and security is a prerequisite for privacy.
-
Superstig[m]
Just depends on what you want.
-
backupaccmovedto
i dont think it should be in there by default
-
backupaccmovedto
but the posibility to install it
-
exifran[m]
<backupaccmovedto "but its useful"> Not really
-
TheJollyRoger
That's our philosophy; GrapheneOS and LineageOS are very different projects, and are intended for two very very different audiences.
-
TheJollyRoger
If you want to play System Administrator or Power User with your phone, be my guest on Lineage, but be aware that LineageOS sees much of the security mitigations and policies as being antithetical to their approach to cater to power users who desire to do what they want, and don't want security to get in the way.
-
chile09[m]
<Felix[m]4 "Really good privacy but not as s"> could you explain further please; it is topical because both are Android ROMs and comparing them shows how they are different and potentially better/worse
-
TheJollyRoger
Ultimately, I chose GrapheneOS because I learned the hard way numerous times that sometimes being a power user isn't necessarily a compliment.
-
backupaccmovedto
<exifran[m] "Not really"> it depends on what you want
-
strcat[m]
vata0: the leader of their organization has directly participated in bullying/harassment against me and supports / promotes a content creator who is literally obsessed with me and essentially stalks me across platforms while organizing raids on the channel + harassment
-
kradav[m]
i wouldnt say, that it caters to different audiences. i would like to see a bigger overlap, with lineageos qol features and grapheneos security
-
strcat[m]
vata0: it's unacceptable, and it's at the point where I'm willing to ban people simply for supporting a project engaging in that
-
strcat[m]
the fact that they spent months putting together a bunch of lies/misrepresentations and doctored 'evidence' to misrepresent me defending myself like this against their attacks is ridiculous
-
vata0[m]
Dam
-
strcat[m]
they have caused immense harm
-
strcat[m]
going forward there is zero tolerance policy
-
Felix[m]4
<chile09[m] "could you explain further please"> Well for starters, it doesn't include Google service stuff out of the box which is good for privacy. It requires an unlocked bootloader though which is trash for security
-
strcat[m]
if you support a project engaging in that, you aren't welcome here