It's likely they've already come to that conclusion and it's why it makes sense for the Pixel 8 and Pixel 8 Pro to have at least 7 years of major OS updates to go along with a minimum of 7 years of security patches. It's easier rather than harder for them to do both, especially with Treble.
https://grapheneos.social/@GrapheneOS/111177520771016371
The alternative to updating 6th and 7th generation Pixels to the latest major OS release until their end-of-life would be continuing to develop an older major release and continuing to have releases for it. We think it's much more likely they give them 5 years of major updates.
https://grapheneos.social/@GrapheneOS/111177515169775954
Android only has a single active stable branch, which is the latest major OS release. For example, Android 14 has now replaced Android 13.
Android 11, 12 and now 13 only have standalone backports of Critical/High severity patches and a subset of Moderate/Low severity patches.
https://grapheneos.social/@GrapheneOS/111177512600257455
In Canada, the government sends every alert as a presidential alert instead of using the separate categories for extreme threats, severe threats and AMBER alerts. They do this to prevent disabling any of the alerts on normal operating systems and it's why we added this feature.
https://grapheneos.social/@GrapheneOS/111175241753485073
Pixels will only be supported by Android 14 going forward so the many patches for firmware, drivers and other hardware-related code will only be available via Android 14. This is why GrapheneOS has focused so much on porting to Android 14 in order to quickly migrate over to it.
https://grapheneos.social/@GrapheneOS/111169964801604661
The full set of patches is provided by the monthly, quarterly and yearly releases of Android. Their policy is for every Critical/High severity AOSP patch to be backported. Most Moderate/Low severity patches aren't backported. However, severity levels are often very arbitrary.
https://grapheneos.social/@GrapheneOS/111169964332327556
Android 14 will likely be released on October 4th and Android 13 will no longer have monthly or quarterly stable releases. Android 13 will only have the monthly release of the Android Security Bulletin (ASB) patch backports to 11, 12, 13 and soon 14. Those aren't all the patches.
https://grapheneos.social/@GrapheneOS/111169963900947671
Being distressed about having people repeatedly trying to have you killed by the police isn't insanity. An influencer who openly uses Kiwi Farms and made no secret of their support for harassment trying to portray themselves as a victim for being privately confronted is nonsense.
https://grapheneos.social/@GrapheneOS/111153328852869643
The way we've protected our team led to increasingly more targeted harassment towards the only person who had a public-facing role. The attacks shifted from technical misinformation to bullying/harassment based on misrepresentations/fabrications referencing the past harassment.
https://grapheneos.social/@GrapheneOS/111153328383109060
We have a substantial amount of funding available to the non-profit that's not yet being used because of the difficulty in expanding the team under these adverse conditions. We could have 12 full time developers or more, but we don't because of these attacks on the project.
https://grapheneos.social/@GrapheneOS/111153245567275299
Due to the extreme attacks on GrapheneOS, most of our project members aren't comfortable with a public facing role. It's why there are so few interviews with our team, and part of why it's so difficult for us to build up the non-profit since people don't want to become targets.
https://grapheneos.social/@GrapheneOS/111153245069516051
We have a team of 6 full time developers that's growing along with people working on the non-profit organization. Nearly all have been involved for many years. We've avoided other project members being targeted with significant harassment by minimizing their public exposure.
https://grapheneos.social/@GrapheneOS/111153244486316158
We explained in detail how we were moving forward by transferring responsibilities to the GrapheneOS Foundation and the new lead developer. We explained it would be a long process. We don't understand how what we posted was so widely misinterpreted as someone leaving the project.
https://grapheneos.social/@GrapheneOS/111153207915292421
There has been a significant effort to spread fabrications and spin targeting our project members with the clear aim of directing harassment towards them. Our founder stepped down as lead developer due to extreme level of harassment including multiple extreme swatting attacks.
https://grapheneos.social/@GrapheneOS/111153207099049113
We're continuing to make progress towards moving stewardship of GrapheneOS to the non-profit GrapheneOS Foundation. We'll be replacing our previous announcement with more detailed info on our website. We removed the thread here since it was being misunderstood and misrepresented.
https://grapheneos.social/@GrapheneOS/111153144131887939
Despite our
We've deferred shipping most of our newly developed features until after Android 14 including duress PIN/password and several new per-app toggles for enabling additional security features we already had implemented but couldn't enable globally due to some apps being incompatible.
https://grapheneos.social/@GrapheneOS/111147778949345576
Our policy for upstream Android vulnerabilities we discover has become fixing them downstream ASAP with a clear explanation in our release notes for the release including them. Filing a report upstream hasn't been part of our process for a while due to their related decisions.
https://grapheneos.social/@GrapheneOS/111147732221508664
Not having partner access makes quickly porting to major releases into an ordeal, but we still have to do it for security reasons. We only managed to have it done within around a week of launch of Android 13 and past releases via superhuman amounts of work hours and productivity.
https://grapheneos.social/@GrapheneOS/111147730036840370
Many of the privacy and security features we're built could be included in Android. It was always difficult to contribute without partner access, but we put in significant effort and achieved some positive results. We also reported a lot of firmware and software vulnerabilities.
https://grapheneos.social/@GrapheneOS/111147729490624768
The engineering side appreciates our work and multiple prominent people have tried to get full partner access for the GrapheneOS Foundation. Android's business side had our security partner access revoked and blocked progress. We've decided to stop making upstream contributions.
https://grapheneos.social/@GrapheneOS/111147728959978431
The Android security team wanted to collaborate with us and gave us security partner access. We hoped this would lead to us getting full partner access so that we could port to new major releases much earlier with the ability to build and test nearly all of the port in advance.
https://grapheneos.social/@GrapheneOS/111147728493183340
Stable releases of Android are open source. Pixel stock OS source tree matches the AOSP source tree with additional private repositories added for the Google/Pixel components/overlays. Beta releases and the development branches are mostly internal. Most isn't done in AOSP main.
https://grapheneos.social/@GrapheneOS/111147728040553474
Room upgrades don't work well and the notice isn't received by the many users no longer able to sync with bricked rooms. Extracting a list of users in the room and inviting them will miss the users who got dropped by the state reset and many people have invites notices disabled.
https://grapheneos.social/@GrapheneOS/111123966768253796
This has happened to us multiple times before. Each time, it disrupts our rooms and we lose a significant portion of our community on Matrix. Matrix has never fixed these issues and only option has been replacing the room via a room upgrade and inviting everyone to the new one.
https://grapheneos.social/@GrapheneOS/111123951570967675
Matrix's federation design makes it extremely vulnerable to abuse and it has very weak anti-abuse tools. One of the few tools available to us is making the rooms invite-only temporarily, but unfortunately the broken protocol and implementation leads to that bricking our rooms.
https://grapheneos.social/@GrapheneOS/111123928667126639
Their overly permissive moderation and the content in their podcasts wasn't a valid reason for us to block it. Blocking on a case-by-case basis worked fine without collateral damage.
Unfortunately, their community is a very receptive audience for the kind of fabricated stories and spin being propagated as part of the attacks on GrapheneOS and it has become a bigger and bigger issue.
We recently found the system administrator of the instance is involved in the harassment, and it's now blocked.
https://grapheneos.social/@GrapheneOS/110954050193388835
One of the servers on this list is connected to a conspiracy theory focused podcast. We aren't very similar with it and aren't sure to what extent it's tongue in cheek. One of the podcast co-hosts uses GrapheneOS.
A significant number of people there were following this account before today. Despite being a large instance permitting almost any legal content, we didn't experience much toxicity from it until May, but it has gotten very bad due to overlap with the main source of the harassment.
https://grapheneos.social/@GrapheneOS/110953976556842901
We've used blocking in response to our project and community being targeted with harassment, libel, racism, trolling, etc. rather than proactively blocking many servers. We tried to only block servers where the admins were either supporting the toxicity or bypassing blocking.
Our approach was working fine until the harassment massively escalated in April with multiple severe swatting attacks and threats of violence. A YouTuber closely involved with Kiwi Farms escalated it much further in May.
https://grapheneos.social/@GrapheneOS/110953815846182996
Our grapheneos.social Mastodon instance hosts official GrapheneOS project accounts and personal accounts for GrapheneOS project members including our developers, community managers and moderators.
Our project accounts across Matrix, discuss.grapheneos.org, grapheneos.social and elsewhere are shared accounts. Multiple project members have access to them.
Partly due to our experience having followers cut off from us when we were on infosec.exchange, we started with a very open federation policy.
https://grapheneos.social/@GrapheneOS/110953782633267987
Oddbean new post about login | logout
Notes by GrapheneOS (RSS Feed) | export