Wired was manipulated into spreading misinformation to market Palantir and iVerify by misrepresenting a vulnerability in a disabled demo app as being a serious problem which could be exploited in the real world. They should retract the article but won't.
https://wired.com/story/google-android-pixel-showcase-vulnerability/
iVerify are scammers and anyone paying them money should rapidly stop doing it and remove their malware from their devices. The real security risk is giving remote code execution on your devices to one of these sketchy EDR companies lying about their capabilities and discoveries.
Wired was manipulated into spreading misinformation to market Palantir and iVerify by misrepresenting a vulnerability in a disabled demo app as being a serious problem which could be exploited in the real world. They should retract the article but won't.
https://wired.com/story/google-android-pixel-showcase-vulnerability/
nostr:npub1w5204dgugjupzzcq6x2lvd2m46ard44mpjz2f2sqls3jf99h5xwq96rqkr Do you think apps like Signal/Molly or Organic Maps are spying on you? You choose which apps you use.
nostr:npub1w5204dgugjupzzcq6x2lvd2m46ard44mpjz2f2sqls3jf99h5xwq96rqkr You won't have privacy/security using carrier-based calls rather than end-to-end encrypted messaging. Decent smartphones are also much more secure than desktops or laptops.
Action is still urgently needed to address the highly anti-competitive Google Mobiles Services licensing system and the Play Integrity API which are a major part of Google maintaining their monopolies over search and many parts of the mobile market.
We've become aware of another company selling devices with GrapheneOS while spreading harmful misinformation about it to promote insecure products. We're making our usual attempt at resolving things privately. However, we need to quickly address what has been claimed regardless.
We're going to be making another attempt at shipping DNS leak prevention for third party VPN apps. The last attempt resolved a lot of the compatibility issues with the previous approach, so we've made some progress. We don't what's wrong with Proton VPN and certain other apps.
The article unfortunately leaves out most of the points we made in the thread.
GrapheneOS supports hardware-based attestation and it's entirely possible for Google to allow it as part of the Play Integrity API. They choose to ban using GrapheneOS.
Unplugged has simply doubled down on false claims about GrapheneOS security, pretending people cannot buy devices with GrapheneOS installed and pretending it's hard to install along with promoting their blatantly insecure products with false marketing.
https://beacondb.net/ is a promising project aiming to allow anyone to host the service or use it from a local client with the same data.
Don't contribute your data to a service trying to centralize control, particularly one from the folks behind the astounding insecure /e/OS.
Chromium's V8 Optimizer toggle for disabling JavaScript JIT compilation was changed to only disable the 2 higher tiers of JIT compilation while still leaving the baseline JIT compiler enabled. This also caused the device management policy for JIT predating this to change meaning.
Vanadium version 126.0.6478.122.1 released:
https://github.com/GrapheneOS/Vanadium/releases/tag/126.0.6478.122.1
See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.
Forum discussion thread:
https://discuss.grapheneos.org/d/13871-vanadium-version-126064781221-released
#GrapheneOS #privacy #security #browser
GrapheneOS Info app is now available through our app repository and will be included in the next release of the OS. It supports viewing recent OS release notes, provides info on our chat rooms, forum and active social media accounts along with offering all the donations methods.
nostr:npub1tk9herh0s4y2rzpqwxuavycwpserdaxglwjmkjcgnmk8jf4edarsapg5ax We do plan to move that to the main screen in Auditor but it hasn't happened yet.
We'd greatly appreciate if more GrapheneOS users helped with the Alpha/Beta testing of Vanadium releases. Can enable the Alpha/Beta channel by selecting Vanadium in the app repository client (Apps) and changing release channel with the menu. We might need to make it more visible.
Leader of the Privacy Guides project is now pushing the narrative privacy/security are only for criminals:
Everyone with integrity already left the Privacy Guides project a while ago due to their heavy involvement in harassing GrapheneOS project members.
Vanadium version 125.0.6422.113.0 released:
https://github.com/GrapheneOS/Vanadium/releases/tag/125.0.6422.113.0
See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.
Forum discussion thread:
https://discuss.grapheneos.org/d/12994-vanadium-version-125064221130-released
#GrapheneOS #privacy #security #browser
We've had around 2.5 years to evaluate impact of Generic Kernel Images. Our conclusion is that this caused more harm than good to GrapheneOS.
Generic Kernel Images are supposed to make kernel updates easier via a stable ABI, but Pixels update all drivers for GKI updates anyway.
Linux kernel becoming their own CVE Numbering Authority (CNA) is wasting resources they'd have previously put towards higher quantity and quality backporting. We've noticed a drop in both for the stable/longterm branches and particularly Android Generic Kernel Image LTS branches.
Vanadium version 125.0.6422.72.1 released:
https://github.com/GrapheneOS/Vanadium/releases/tag/125.0.6422.72.1
See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.
Forum discussion thread:
https://discuss.grapheneos.org/d/12961-vanadium-version-12506422721-released
#GrapheneOS #privacy #security #browser