Oddbean new post about | logout
Ava | 10 months ago (raw) | root | parent | reply | flag 
 ignore the troll everyone. this person keeps creating what they think are "anonymous" accounts, they post nothing, only harass
Ava | 10 months ago (raw) | root | parent | reply | flag 
 @matata @bitcoin.rocks...they also have no idea what they are talking about.

Privacy by default

GrapheneOS doesn't include or use Google apps and services by default and avoids including any other apps/services not aligned with our privacy and security focus. Google apps and services can be used on GrapheneOS as regular sandboxed apps without any special access or privileges through our sandboxed Google Play feature, but we don't include those apps by default to give users an explicit choice on whether they want to use those apps and which profiles they want to use it in.

We change the default settings to prefer privacy over small conveniences: personalized keyboard suggestions based on gathering input history are disabled by default, sensitive notifications are hidden on the lockscreen by default and passwords are hidden during entry by default.

Some of our changes for attack surface reduction can also improve privacy by default by not exposing unnecessary radios, etc. by default and avoiding the impact of potential privacy bugs with the hardware.

By default, we also use GrapheneOS servers for the following services instead of Google servers:

Connectivity checks
Attestation key provisioning
GNSS almanac downloads (PSDS) for Broadcom and Qualcomm (XTRA)
Secure User Plane Location (SUPL)
Network time
Vanadium (Chromium) component updates

We provide a toggle to switch back to Google's servers for connectivity checks, attestation key provisioning and GNSS almanac downloads along with adding proper support for disabling network time connections. This combines with other toggles to allow making a GrapheneOS device appear to be an AOSP device. This is only particularly important for connectivity checks since the other connections get routed through a VPN which is needed to blend in on a local network in practice.

In addition to our SUPL privacy improvements, we override the SUPL server to our proxy by default. We also add a toggle for users to switch to the standard SUPL server for their carrier (usually supl.google.com) or disable it entirely.

https://grapheneos.org/faq#default-connections
Ava | 10 months ago (raw) | root | parent | reply | flag 
 the opening paragraph below says it all. but do take the time to read the rest

nostr:nevent1qqsgstrx39fasr2nqssn0l8yq699d50gn25whmjxk6vleu6a08esppqpp4mhxue69uhkummn9ekx7mqzyppkx733rg2lrsjnkhtqw79tw4z2ccum3rsk3eezf2gq6jjp9qccxqcyqqqqqqg4qdyza
96b171f1 | 10 months ago (raw) | root | parent | reply | flag +1 
 Do not rely on opinions of privacy/security 'experts'

They are here to build their position to monetise it later.

Look.

The same people promote GrapheneOS, Protonmail or Tutanota.

People with basic skills in cybersecurity know that mentioned services are not as secure as they are promoted.

Think about it!