In case you weren't aware dependent on what your threat model is and reason for using a VPN on iPhone, iOS 16 does communicate with Apple services outside an active VPN tunnel. Worse, it leaks DNS requests. #Apple services that escape the VPN connection include Health, Maps, Wallet.
The Lockdown Mode leaks more traffic outside the VPN tunnel than the "normal" mode. It also sends push notification traffic outside the VPN tunnel.
This is also the reason why VPN clients like IVPN and Proton have removed their iOS app kill switch features.
This was discovered last October and as yet I am unaware of Apple addressing it.
Alleged penis biter here then π€£ yes, it is an urban legend. However if you're frightened of the support room, you've got me here.
Regards the differences I have the following note to save me retyping it...
LineageOS always uses multiple Google services while giving them privileged access even if users don't use microG. It would be wrong to imply they don't. GrapheneOS doesn't use Google services by default.
To clarify further for what they always use Google services for even without microG, they use them for:
Connectivity checks
Network time
Attestation key provisioning
SUPL
DNS fallback
PSDS (Pixel 6 and 7)
eSIM activation
and more enabled by default.
GrapheneOS is a full production ready OS. I've been using it as a daily driver since the Pixel 3 and before sandboxed Play Services was available. If there is anything specific concerning you then please let me know, such as specific use case or requirements.
I don't believe your wording suggests the following however replying to avoid confusion for anyone that may read and misinterpret.
Flashing GrapheneOS does NOT require root, and does NOT require USB debugging.
Unlocking of the bootloader is required but so is relocking it afterwards to ensure full verified boot as GrapheneOS is a full production ready OS and not a custom ROM (misnomer).
Datura Firewall is a frontend for the leaky LineageOS network toggles. It presents options that it's not capable of providing correctly.
Packet-based firewalls are inherently leaky compared to say, the GrapheneOS Network toggle. The Network toggle disables direct socket access like a firewall but also disables indirect access via APIs requiring the INTERNET permission eliminating all known leaks via the OS.
GrapheneOS Camera has HDR+ on Pixels. It's a less aggressive variant of HDR+ than what's used by Google Camera. It captures and combines fewer frames than Google Camera tends to use at the same light level so the photos look more natural but it doesn't reduce noise as much.
GrapheneOS has the same camera features and quality as the stock Pixel OS within the same apps. It's your choice if you want to use Google Camera for the full feature set. You still have HDR+ without it. Night, Portrait, etc. will be available in GrapheneOS Camera eventually too.
GrapheneOS Camera app will have more of the features in the future too. It already has multi-camera zoom since the Pixel 4, a light form of HDR+ since the Pixel 2, HDRnet for preview since Pixel 4a, EIS, etc. HDRnet for video likely works fine everywhere it's supported too. This will come as the CameraX API evolves and as Google adds the required vendor extensions. (Samsung users can already see how full featured GrapheneOS Secure Camera is as they've already provided these for their devices.)
These should come with Android 14 for some devices and/or the Pixel 8. However, it may initially require sandboxed Google Play.
That said Google Camera with all it's features can be used without sandboxed Play Services installed and with improved privacy by disabling permissions including network. (Sensors will stil be required for orientation however.)
Incredibly happy to see David talking about GrapheneOS. However be aware there are some discrepancies here.
You don't for instance require USB Debugging enabled.
Our advice is to always use the directions provided at grapheneos.org/install
We actually reached out to David to work together on future content to help avoid any further minor mistakes such as this. I don't believe he has taken the offer up as of now though.
Us supporting other devices is the wrong paradigm, the correct paradigm is why they don't offer the level of hardware and support Pixels do as a baseline to support us.
Take Samsung as the example, their hardware does indeed come close. However upon unlocking the bootloader to be able to flash an alternate OS Knox blows an efuse disabling their security specific hardware as well as crippling other functionality, making it useless even if you reflash stock.
We would support more than Pixels if there were Android devices other than Pixels meeting basic security requirements with proper alternate OS support. Unfortunately there are currently no other devices for us to support since we won't support insecure ones.
No you do not need to stop using the premier privacy and security focused OS.
Daniel is not longer the lead dev he stepped down from public and leadership roles due to harassment.
Daniel stepped down due to an intense harassment, bullying and character assassination campaign which had recently escalating to swatting attacks followed by a major influencer jumping on board with the attacks.
Attacks have continued and even escalated in some ways since then, including the admin of a Mastodon instance related to a popular podcast deciding without provocation or having any previous interaction with the project taking part not only there but across the web.
This person had never communicated with us and chose to start insulting our developers and spreading fabrications about them with the clear aim of directing more harassment towards them.
They started with personal attacks on one of our developers , and I repeat, without ever interacting with us in an attempt to discourage users there from using GrapheneOS.
Both the influencer and the system admin of the mastodon server both happen to be involved on an infamous site where doxxing against him also took place.
Daniel is still a GrapheneOS developer. Our hope is/was that he won't be targeted nearly as much if he doesn't have much of a public role in the project and isn't the leader of the organization or the open source project. Harassment and fabrications targeting him became very extreme.
That hope however continues to be challenged to extremis especially when people as above continue to seek him or us out to propagate it.
Most do yes, some in the default configuration, some requiring sandboxed Play Services to be present. In exxeptional circumstances they could require toggling off some hardening features.
Can also check this link and the associated issue tracker.
https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/
If you need me I'm here to answer any questions, please don't hesitate, happy to help.
Also regards the idea the project is a honeypot one of the reasons behind the split from the projects sponsor under the Copperhead branding was due to the takeover attempt being tied to a Raytheon contract the company sponsoring the project under the Copperhead branding was chasing.
Daniel removing their access to the code lead directly to this Raytheon deal falling through. Contract required compromising security of the infrastructure. He protected people from this.
It was directly in contravention to the values and principles Daniel and the GrapheneOS project stand for. This wasn't what started our open source project down the path of splitting from that company but it finished it.
Please read what we posted as a project and what Daniel posted. It does not say that he's leaving the project. It says he's stepping down from public and leadership roles due to harassment. It has been misinterpreted elsewhere. Our words are the only source that should be used.
Daniel stepped down due to an intense harassment, bullying and character assassination campaign which had recently escalating to swatting attacks followed by a major influencer jumping on board with the attacks. Attacks have continued and even escalated in some ways since then, including the admin of a Mastodon instance related to a popular podcast deciding without provocation or having any previous interaction with the project deciding to take part.
We didn't announce that anyone is leaving the project as it has been misinterpreted elsewhere. The aim was protecting Daniel from further harassment, not abandoning him to it.
Daniel is still a GrapheneOS developer. Our hope is that he won't be targeted nearly as much if he doesn't have much of a public role in the project and isn't the leader of the organization or the open source project. Harassment and fabrications targeting him became very extreme.
That hope however continues to be challenged to extremis.
Some people may have noticed, however others may not (likely most as I'm not conceited π) that I have been absent from Nostr and only been tenatively involved where required in my mod duties due to a bereavement in the family.
Hopefully anyone looking for me or wondering if I was neglecting you etc can understand.
Glad to be back though and will be getting back up to speed and to the same level of responsiveness as we approach the end of the week.
Hope you've all been well.
GmsCompatConfig (sandboxed Google Play compatibility layer configuration) version 67 released:
https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/releases/tag/config-67
See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.
Forum discussion thread:
https://discuss.grapheneos.org/d/6904-gmscompatconfig-version-67-released
We need feedback on whether anyone has donated via the Bitcoin BIP47 / PayNym donation method we recently added. Our wallet/node hasn't detect any incoming donations and we're concerned that it's not working properly. It'd be helpful if someone could make a small test payment.
Started there myself...
Not that GrapheneOS does not need to trust the hardware we evidently do by releasing our OS on and using it.
As anyone would have to, along with the OS in choosing to use it, just as with any hardware/software. However I was referring to trust that it hasn't been compromised.
The simplest way is to direct you to our features page:
https://grapheneos.org/features
As well as how we use Hardware attestation to ensure the system has not been tampered with, info for which can be found here:
The majority of which is only possible with the industry leading secure hardware provided by the Pixel platform.
Who is closest to calling itself "freedom tech" in the hardware space? Everyone says to use GrapheneOS but that means getting your hardware from Google - I mean, wtf have we learned nothing?
I would love to have open source hardware, both for phone and computer (laptop or desktop). Ready to pay a premium for it. I hear Start9 has fairly open hardware but they only see it as a side quest.
nostr:npub1qny3tkh0acurzla8x3zy4nhrjz5zd8l9sy9jys09umwng00manysew95gx
There isn't currently a usable open hardware SoC, Wi-Fi radio, cellular radio, SSD, touchscreen, etc.
Running an open source OS doesn't make hardware open. Using an open source late stage boot chain (coreboot, etc.) doesn't make the firmware open, as that's a tiny part of it and it still begins from closed source hardware/firmware.
Having the sources for an open hardware SoC doesn't mean you can simply build it yourself. You need a manufacturer to build it for you, and their manufacturing process will be closed source. The end result is not really open, and even if it was, individuals in the main couldn't verify that it is.
Pixel phones uses their open source Trusty OS for the TEE (TrustZone) and secure core (core in SoC which talks to secure element). Pixel-specific variants of Trusty OS are not published yet, as far as we know, but we may just be missing where they publish it (unlikely though).
Secure element has https://opentitan.org as an open source project. Titan M2 is a RISC-V core sharing a lot with this, but similarly the Pixel-specific code isn't published yet. They said they'd publish it but it's takign a long time to do it. ARM NDA likely blocked it before.
GrapheneOS goes a long way toward not having to trust the hardware, any compromise of it, would then also require a further OS based exploit to compromise your data. There does not exist any disclosed exploits for GrapheneOS and we are a high value target.
Are you using the latest Alpha/Beta releases?
Yeah so, the PSP modding hasn't stopped at software, decided to do a battery mod. Downside is, didn't finish today, the battery I had wanted to use won't fit. Removed the UMD, rotary tooled the sh*t out of the UMD door and battery compartment wall, but no joy. Damn thing has a thicc end. 2mm out.
Some alternatives on the way though...
If you have any questions or wish to seek clarity on anything you come across etc, please do reach out and connect. I and the core team would be happy to help to alleviate any misunderstandings etc to ensure the most accurate information is provided.