Oddbean new post about | logout

Notes by Final | export

 Android Auto with GrapheneOS on OSMand maps

nostr:nevent1qqs8vg9fym7gv3jwhy30edmvejzque7uw8ky05vc3wyql4y0rn8fklspzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtczyq89gkx4qje3xanx0fc36krcl29es7zpjmn6fsr2ms9dfmvu9pf5sqcyqqqqqqghxmyu9 
 GrapheneOS statement regarding a highly misleading and inaccurate article from Cybernews about the Pixel 9 'phoning home'

https://discuss.grapheneos.org/d/16338-highly-misleading-and-inaccurate-article-from-cybernews-about-the-pixel-9 
 TLDR: Tech 'journalism' sensationalizing something that happens on every other Android device to be a Pixel 9 issue to scare people away from Pixels into less secure platforms. 
 Tor Browser users, please update your browser.

https://blog.torproject.org/new-release-tor-browser-1357/

Latest update patches a remote code execution vulnerability confirmed to be exploited in the wild. 
 New GrapheneOS update out now folks. Contains this month's security patch level and some fixes with memory tagging by patching some Android memory bugs.

nostr:nevent1qqsvvwunwpzx4492p3j3vx0t5vw78mk943f7nsz9awh3pd4pfngtg8gpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtczyp2x308wkaxwxh95zu7uext5hhdvn6y55a9l84z0nj5tw42xqhy76qcyqqqqqqg9x7e5q 
 So, I have my #Vanadium browser homepage set to check.torproject.org, and proxy set to use #Orbot... 
 That npub was burned, I don't use that one anymore.

(Check GrapheneOS forum profile for npub so you don't click a sketchy from me.)

It's not something we come across, but we are aware Orbot has some problems, that's why a Tor VPN app is being redone (not by us) in the future.

We are aware of leaks caused by some VPN apps and we keep making patches to fix it but they end up breaking said apps and force us to revert. It's predominantly an app issue, look at the posts on my old npub about Mullvad to get what I mean here.

Latest build added a second-generation leak prevention mechanism but for it's for multicast leaks: https://grapheneos.org/releases#2024092900

I'd contain Tor usage in its own profile so I don't see this happen. I guess if it happens right when Orbot is connecting, give it a few seconds after connecting before doing something? 
 Top of Stacker News, thank you so much. 
 GrapheneOS features don't just stop exploitation of vulnerabilities, but uncovers potential vulnerabilities in apps.

nostr:nevent1qqsdhlnf5ezmjkdvc08gdmljex320jh5etyyxxcdlfazgmx8ppsmjaspzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtczyp2x308wkaxwxh95zu7uext5hhdvn6y55a9l84z0nj5tw42xqhy76qcyqqqqqqgtw6and 
 #GrapheneOS: The Purpose, The Strategy, and The Why [Article]

This post explains a bit about the development approach, reasoning and strategy behind GrapheneOS security innovation and how power users protect themselves. 

On SN: https://stacker.news/items/705242 
 cc: nostr:nprofile1qqsyawyrzrttfmv4cmtx5w2m85702kdct7hv3amfrkhagpdf9cz46mgprpmhxue69uhkv6tvw3jhytnwdaehgu3wwa5kuef0qyghwumn8ghj7mn0wd68ytnhd9hx2tcpydmhxue69uhkv6tvw3jhytnwdaehgu3wwa5kuef08ankcmmzv9kr6ctvds20l3q3 believe I mentioned making a post like this to you before, here it is. 
 Using an app that locks with the OS credential  like Phoenix Wallet in GrapheneOS allows you to trigger the device duress password when starting the app because the duress feature also extends to any OS credential input. This doesn't extend to apps exclusively doing their own implementation of a PIN though. 
 Graphene os was really easy to install. It took less than 30mins. It would have been quicker if I... 
 The older generation face scanning hardware was far more robust and secure and the current face unlock options are far less. 
 Every time a GrapheneOS post trends on SN I feel like delaying my big post I promised a year ago because I don't want to oversaturate the trending with the project. Suffering from success... 
 What would you want to see in a post about #GrapheneOS? Preferably something you've not seen in posts before. I want to be unique here. Is there a feature you want to understand the technical details about? Maybe a justification on X? Would be inrerested to know.


nostr:nevent1qqsrk40h6yrmwsm7lmgjylpulecz3khpy8yncp8havkkulglvcql9rspzpmhxue69uhkummnw3ezumt0d5hsyg9e3hk5e6h2ypusm09ncv2qq6fqp8f5clueylpgdq66nxm5sxjuygpsgqqqqqqstru8hv 
 Why not create a new nsec/npub first, post from your original identity indicating the new npub, t... 
 Wasn't really something I looked into since it was extremely unexpected. Also up to believe official GrapheneOS platforms would suffice in announcing my key change. I dont want to spread fear by people misunderstanding a personal and isolated incident as a GrapheneOS one.
 
 Hi all, Final from #GrapheneOS again.

Due to an extraordinary event (not a breach!) and a change causing me to up my security requirements, I have burned the previous npub I used. This is my new npub. My security requirements are above people's conveniences, I apologise for these inconvenience but I don't regret necessary actions either.

- I will use this npub for post comments and support.
- I will refrain from constant GrapheneOS reposts as Mastodon bridges fulfill that space. Rest of the team can also USUALLY see posts there. I believe I should be more diverse in my content here.
- In short, less GrapheneOS, and more Final.

I can be verified using the original Stacker News account (final) NIP-05, Bio and LN address.

I can be verified via the GrapheneOS discussion forum user page (final). You may also verify me in any official GrapheneOS platform you wish.

Thank you for the support.

-- final
 
 #plebstr #nostr #newstr (winks)

nostr:nevent1qqs8d4xg7f0fyfl29wjfxyest6fshsy7x2te298cfs2xj7sema4zh7cpz4mhxue69uhkummnw3ezummcw3ezuer9wchsyg9e3hk5e6h2ypusm09ncv2qq6fqp8f5clueylpgdq66nxm5sxjuygpsgqqqqqqspt0sq8 
 1. npub is burned, can't post what I don't have the keys for.

2. Official GrapheneOS forum page: https://discuss.grapheneos.org/u/final

3. https://stacker.news/final

Trust me or not, it's up to you. All zaps are going to the original address the old npub has as you can see on my profile so I earn nothing doing this.

You're free to contact another GrapheneOS team member.
 
 Metroplex: nostr:nprofile1qqsyxcm6xydptuwz2w6avpmc4d65ftrrnwywz688yf9fqr22gy5rrqcpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtc9zjrax

He was in Nostr before I was. 
 He has bursts of being quite busy. 
 I understand. I imagine I have really annoyed a ton of people but oh well. 

Key pairs for Nostr are great for verification but are a disadvantage towards certain security measures. Nsec is only as secure as the app that generated it and is only as secure as the least secure platform you stored/used it on. Takes a lot of responsibility, which I'm fine with, but most people aren't.

If you want to change security requirements (like me) you likely need to burn your key... I guess it's no different to PGP keys that expire on a set time but I'd really be waiting for a dedicated secure hardware signer before I ever share my Nostr nsec keys on any other app or device... and id probably also rotate my keys again if a device existed.  
 I didn't put the links as some people may have thought links may be phishing (IF YOU DO, GO FIND MY PAGES ON A SEARCH ENGINE INSTEAD! DONT TRUST ME!)

BUT, if you kinda trust me:

Official GrapheneOS forum page: https://discuss.grapheneos.org/u/final

My stacker.news page:
https://stacker.news/final

All zaps are going to the original address the old npub has as you can see on my profile so I earn nothing doing this if I was a real faker anyway. 


 
 That would be the standard procedure, but circumstances about the event meant I couldn't. Users should announce change of keys if able to. 
 If a nation state had been in my old phone I'd almost consider it a compliment because I am fucking boring 🫡 
 was looking at Graphene alternatives on Venice AI and got this breakdown. Not sure the quality of... 
 All the text the LLM produced are just explaining the default features of Android (secure boot, disk encryption, data collection etc). Doesn't go into the features of any of them. Also some features like "secure boot" (likely means Verified Boot) depends on device support. Replicant definitely doesn't have that.

Id look at: https://eylenburg.github.io/android_comparison.htm

 
 Didn't have the zap address back, only the NIP-05 (which is the same as the zap address) 
 RE: Chainalysis

Companies targeting users of cryptocurrencies like Blockchain analysis firms being a fan of the tech would be expected. I would expect they use it on a daily basis and would know more about it than the typical maxi would. In conferences i've met FBI digital forensics lab staff who hold Bitcoin because of learning more about it during seizures.

We have a similar two-faced relationship with forensic companies who try and target GrapheneOS and the Pixel platform.  Hate that we do whatever we can to break their capabilities but some definitely use GrapheneOS because they are impressed by the security offerings. I also find some of their tools interesting. Chainalysis is a very well made application. 
 We're the ones who published these documents on the GrapheneOS social media account. 
 Also, this is outdated and we published the July version as well. These docs don't reflect newer iOS versions or iPhone 16 
 Believing they are using the literal definitions to base their statement here... For data to be uncensorable it needs to be known and distributed to everyone. Online privacy is about reducing, hiding, or anonymizing data so it's not known. Some privacy techniques involve self-censorship.

You can use censorship resistant platforms with privacy technologies like onion routing to make the connection between your identity and the platform private, but what you create on the platform is never private.