Android Auto with GrapheneOS on OSMand maps
nostr:nevent1qqs8vg9fym7gv3jwhy30edmvejzque7uw8ky05vc3wyql4y0rn8fklspzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtczyq89gkx4qje3xanx0fc36krcl29es7zpjmn6fsr2ms9dfmvu9pf5sqcyqqqqqqghxmyu9
TLDR: Tech 'journalism' sensationalizing something that happens on every other Android device to be a Pixel 9 issue to scare people away from Pixels into less secure platforms.
New GrapheneOS update out now folks. Contains this month's security patch level and some fixes with memory tagging by patching some Android memory bugs.
nostr:nevent1qqsvvwunwpzx4492p3j3vx0t5vw78mk943f7nsz9awh3pd4pfngtg8gpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtczyp2x308wkaxwxh95zu7uext5hhdvn6y55a9l84z0nj5tw42xqhy76qcyqqqqqqg9x7e5q
That npub was burned, I don't use that one anymore.
(Check GrapheneOS forum profile for npub so you don't click a sketchy from me.)
It's not something we come across, but we are aware Orbot has some problems, that's why a Tor VPN app is being redone (not by us) in the future.
We are aware of leaks caused by some VPN apps and we keep making patches to fix it but they end up breaking said apps and force us to revert. It's predominantly an app issue, look at the posts on my old npub about Mullvad to get what I mean here.
Latest build added a second-generation leak prevention mechanism but for it's for multicast leaks: https://grapheneos.org/releases#2024092900
I'd contain Tor usage in its own profile so I don't see this happen. I guess if it happens right when Orbot is connecting, give it a few seconds after connecting before doing something?
GrapheneOS features don't just stop exploitation of vulnerabilities, but uncovers potential vulnerabilities in apps.
nostr:nevent1qqsdhlnf5ezmjkdvc08gdmljex320jh5etyyxxcdlfazgmx8ppsmjaspzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtczyp2x308wkaxwxh95zu7uext5hhdvn6y55a9l84z0nj5tw42xqhy76qcyqqqqqqgtw6and
#GrapheneOS: The Purpose, The Strategy, and The Why [Article]
This post explains a bit about the development approach, reasoning and strategy behind GrapheneOS security innovation and how power users protect themselves.
On SN: https://stacker.news/items/705242
cc: nostr:nprofile1qqsyawyrzrttfmv4cmtx5w2m85702kdct7hv3amfrkhagpdf9cz46mgprpmhxue69uhkv6tvw3jhytnwdaehgu3wwa5kuef0qyghwumn8ghj7mn0wd68ytnhd9hx2tcpydmhxue69uhkv6tvw3jhytnwdaehgu3wwa5kuef08ankcmmzv9kr6ctvds20l3q3 believe I mentioned making a post like this to you before, here it is.
Using an app that locks with the OS credential like Phoenix Wallet in GrapheneOS allows you to trigger the device duress password when starting the app because the duress feature also extends to any OS credential input. This doesn't extend to apps exclusively doing their own implementation of a PIN though.
Every time a GrapheneOS post trends on SN I feel like delaying my big post I promised a year ago because I don't want to oversaturate the trending with the project. Suffering from success...
What would you want to see in a post about #GrapheneOS? Preferably something you've not seen in posts before. I want to be unique here. Is there a feature you want to understand the technical details about? Maybe a justification on X? Would be inrerested to know.
nostr:nevent1qqsrk40h6yrmwsm7lmgjylpulecz3khpy8yncp8havkkulglvcql9rspzpmhxue69uhkummnw3ezumt0d5hsyg9e3hk5e6h2ypusm09ncv2qq6fqp8f5clueylpgdq66nxm5sxjuygpsgqqqqqqstru8hv
Wasn't really something I looked into since it was extremely unexpected. Also up to believe official GrapheneOS platforms would suffice in announcing my key change. I dont want to spread fear by people misunderstanding a personal and isolated incident as a GrapheneOS one.
Hi all, Final from #GrapheneOS again.
Due to an extraordinary event (not a breach!) and a change causing me to up my security requirements, I have burned the previous npub I used. This is my new npub. My security requirements are above people's conveniences, I apologise for these inconvenience but I don't regret necessary actions either.
- I will use this npub for post comments and support.
- I will refrain from constant GrapheneOS reposts as Mastodon bridges fulfill that space. Rest of the team can also USUALLY see posts there. I believe I should be more diverse in my content here.
- In short, less GrapheneOS, and more Final.
I can be verified using the original Stacker News account (final) NIP-05, Bio and LN address.
I can be verified via the GrapheneOS discussion forum user page (final). You may also verify me in any official GrapheneOS platform you wish.
Thank you for the support.
-- final
1. npub is burned, can't post what I don't have the keys for.
2. Official GrapheneOS forum page: https://discuss.grapheneos.org/u/final
3. https://stacker.news/final
Trust me or not, it's up to you. All zaps are going to the original address the old npub has as you can see on my profile so I earn nothing doing this.
You're free to contact another GrapheneOS team member.
Metroplex: nostr:nprofile1qqsyxcm6xydptuwz2w6avpmc4d65ftrrnwywz688yf9fqr22gy5rrqcpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtc9zjrax
He was in Nostr before I was.
I understand. I imagine I have really annoyed a ton of people but oh well.
Key pairs for Nostr are great for verification but are a disadvantage towards certain security measures. Nsec is only as secure as the app that generated it and is only as secure as the least secure platform you stored/used it on. Takes a lot of responsibility, which I'm fine with, but most people aren't.
If you want to change security requirements (like me) you likely need to burn your key... I guess it's no different to PGP keys that expire on a set time but I'd really be waiting for a dedicated secure hardware signer before I ever share my Nostr nsec keys on any other app or device... and id probably also rotate my keys again if a device existed.
I didn't put the links as some people may have thought links may be phishing (IF YOU DO, GO FIND MY PAGES ON A SEARCH ENGINE INSTEAD! DONT TRUST ME!)
BUT, if you kinda trust me:
Official GrapheneOS forum page: https://discuss.grapheneos.org/u/final
My stacker.news page:
https://stacker.news/final
All zaps are going to the original address the old npub has as you can see on my profile so I earn nothing doing this if I was a real faker anyway.
All the text the LLM produced are just explaining the default features of Android (secure boot, disk encryption, data collection etc). Doesn't go into the features of any of them. Also some features like "secure boot" (likely means Verified Boot) depends on device support. Replicant definitely doesn't have that.
Id look at: https://eylenburg.github.io/android_comparison.htm
RE: Chainalysis
Companies targeting users of cryptocurrencies like Blockchain analysis firms being a fan of the tech would be expected. I would expect they use it on a daily basis and would know more about it than the typical maxi would. In conferences i've met FBI digital forensics lab staff who hold Bitcoin because of learning more about it during seizures.
We have a similar two-faced relationship with forensic companies who try and target GrapheneOS and the Pixel platform. Hate that we do whatever we can to break their capabilities but some definitely use GrapheneOS because they are impressed by the security offerings. I also find some of their tools interesting. Chainalysis is a very well made application.
Believing they are using the literal definitions to base their statement here... For data to be uncensorable it needs to be known and distributed to everyone. Online privacy is about reducing, hiding, or anonymizing data so it's not known. Some privacy techniques involve self-censorship.
You can use censorship resistant platforms with privacy technologies like onion routing to make the connection between your identity and the platform private, but what you create on the platform is never private.
Notes by Final | export