GrapheneOS will not (and will probably never) make a formal recommendation for a cryptocurrency wallet, and considering recent events regarding some popular offerings it is best to leave that responsibility to the users. If a project was endorsed that ended up having consequential events (unmaintained, a breach of trust, legal issues) then that would be terrible. Doing such a move is a dangerous slope. We are grateful wallet developers recommend and use GrapheneOS however.
Use a wallet that is up to date, maintained and trustworthy and follows app security practices. Avoid suspicious apps. If you use a cold wallet then use your official or endorsed by manufacturer apps to avoid as many trusted parties as possible.
However, it is up for recommendation to follow the core cryptocurrency security practices. Use GrapheneOS for funds you are okay with the potential risk of loss if you are using the device as your smartphone. Your phone will not protect your funds for a lifetime, if you are concerned you have been compromised or you no longer have access to the device holding those funds, move the funds to a new address/wallet as soon as possible. The security model for smartphone wallets are that you are expected to move the funds if you lose the device that accesses it.
Comments on Stacker News about mobile OS security, GrapheneOS and use of GrapheneOS with cryptocurrency wallets. May be useful.
https://stacker.news/items/464619/r/final?commentId=466606
Throwback to some comments from the past about setups involving #GrapheneOS with and the threat model of the former Samourai Wallet.
Anyone managed to get android notifications on Vanadium PWAs? cc nostr:npub1c9d95evcdeatgy6dacats5j5mfw96jcyu79579kg9qm3jtf42xzs07sqfm
Might require play services since PWA notifications uses Firebase:
https://discuss.grapheneos.org/d/2587-push-notification-not-working-with-pwa/
Mood π€
The greatest script kiddie diss track ever π€¨π€π₯
Weird Al Yankovic - Its All About the Pentiums
TURN IT UP! ππ₯
#cybersecgirl #weirdal
https://v.nostr.build/VwDQ7.mp4
"You gotta be the dumbest newbie I've ever seen
You've got white-out all over your screen
You think your Commodore 64 is really neato
What kinda chip you got in there, a Dorito?
You're usin' a 286? Don't make me laugh
Your Windows boots up in what, a day and a half?
You could back up your whole hard drive on a floppy diskette
You're the biggest joke on the Internet"
YT
FAQ, usage guide, installer:
If I had a dollar for every time someone made GrapheneOS anime girl fanart I'd have about 10,000 sats
And no, AI doesn't count.
Respectable opinion! I just find it hard to find what the selling point is... since in my experience many other browsers provides a similar option with side tabs and split tab views and whatnot... Vivaldi (and even Microsoft Edge) seems to do all of this just fine.
Chrome does slack off in the UI department though, I hate the layout where the tabs are just floating boxes now, but it's a very subtle issue.
Go is a fantastic language
Closest I can think of for a task like this is Gio UI. I've seen some work done on there and it's interesting but I've heard it's not the complete package yet. I want GUI libraries for Go to succeed. Think it would be a great starting block for cross-platform (Android and desktop in my case) Nostr/wallet apps.
Think web browsers should strictly be web browsers, any feature should exist to improve the browsing experience. I find software projects that are unnecessarily using the web platforms aggravating and I hate people making web browsers The Everything Appβ’οΈ when they're already a security nightmare.
I've seen irrelevant things like clipboard managers and ffmpeg GUI wrappers using Electron and it's absolutely disgusting. I'm very selective when it comes to it
Every new browser tries to reinvent the wheel when it doesn't need to be reinvented. Most browsers look the same because they are what people favour the most. Stop trying.
New UIs, service integrations, bundling VPNs and AI assistants, trying to ecosystem some shit no one wants is an example of reinventing the wheel that doesn't need to be. Browsers like Arc and Opera GX are just today's Maxthon Nitro or Comodo Dragon.
Browsers should be universal because the web is universal and everyone uses their own thing. Vivaldi has a ton of cool, optional features for this like an email client (for any service) and feed reader (used universally) and don't bug you to use theirs intrusively. These are FAR MORE important than Brave's AI assistant in my eyes. Edge has some awful features as well despite having leading browser security features at the same time.
Bundling an AI assistant or other services also doesn't make sense when you can just add sidebar page support and add an AI assistant you use as a sidebar (Note: Brave doesn't let you add other pages as a sidebar). I think you could even debloat browsers like Vivaldi and have these things like translators, notes or email clients be something the user sets up as a sidebar web page, instead of having them in the browser at all to be honest. I understand there's a user experience merit though!
Making a browser faster, more productive, more secure and private while making the web far more tolerable should be the way to go about things. Instead of trying to let users be unique, let users be themselves.
And Vanadium hardening when we're talking mobile ;)
Vivaldi UI and features with Brave state partitioning, anti-fingerprinting and content blocking would kill the browser game
Many of that depends on users but I would suggest reading the docs and guides on https://grapheneos.org for it. How and where people get their apps is down to who they trust to do the job.
We have expressed interest in adding Accrescent.app (a privacy and security focused app store) as a mirror to our app repository soon. It's app catalogue is very small and it is in early alpha but it's hopeful users add onto it. When that happens we will recommend users to use Accrescent further.
The forums also exist ( https://discuss.grapheneos.org ) as well for user questions
According to the indictment Keonne had links to the UK and SamouraiDev had France as well. These two also had a company registered in the UK which was dissolved a while ago.
I can't speak on their legal case but I imagine they weren't in their sights for long considering the publicity of their identities beforehand and their social media posts. I imagine most of the work went into seizing their infrastructure.
Because the data for that is *always* not at rest the moment you unlock the device once after boot. On a user profile you can put data at rest by pressing the end session button, you cannot do that for the Owner because the owner manages crucial OS functions. It is how Android works. To put Owner at rest you need to power off the device or restart it instead.
It's a more extreme move but it adds resistance to attacks especially in forensic situations.
Can be, but unless the threat model calls for it then sure.
I currently have 4 profiles, not counting the Owner which has nothing but a VPN on it for OS updates.
One is for normal use
One for Google Play required apps
One for handling cryptocurrencies separately (that way data is only not at rest when not using it)
One for Tor only usage (very rare and unused)
I rarely use the others to be honest
This is a common way people set-up user profiles, no issue with using it this way if you're fine with sacrificing a little user experience.
* most people don't enable encryption in public Matrix rooms anyway since it scales like shit, super unstable platform and rooms can just brick if they are large enough. Happened several times with us.