Last Notes
Vanadium version 146.0.7680.164.0 released:
https://github.com/GrapheneOS/Vanadium/releases/tag/146.0.7680.164.0
See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.
Forum discussion thread:
https://discuss.grapheneos.org/d/33474-vanadium-version-146076801640-released
#GrapheneOS #privacy #security #browser
@nprofile…5ldk It's likely we'll support the 2027 variant of the razr ultra.
On any given day, I have roughly 5 or so fucks to give.
Before anyone takes that as a confession of total selfishness, I want to be precise about what I mean...
https://www.joanwestenberg.com/tread-carefully-because-you-tread-on-my-fucks/
@nprofile…xsvx Firefox entirely lacks process sandboxing on Android. Firefox rolled out incomplete site isolation providing protection against data being leaked via side channels through not having it in-process. It does not implement sandboxing site isolation required to protect against more than side channels. It doesn't have sandboxing so it can't protect against anything once a remote code execution exploit occurs. It also lacks similar JavaScript VM sandboxing and many other important protections.
@nprofile…xsvx Firefox entirely lacks sandboxing on Android. Firefox has rolled out incomplete site isolation providing protection against data being leaked via side channels through not having it in-process. It does not implement sandboxing site isolation required to protect against more than side channels. It doesn't have sandboxing so it can't protect against anything once a remote code execution exploit occurs. It also lacks similar JavaScript VM sandboxing and many other important protections.
@nprofile…xsvx Firefox entirely lacks sandboxing on Android. Firefox has rolled out incomplete site isolation providing protection against data being leaked via side channels through not having it in-process. It does not implement strict site isolation required to protect against more than side channels. It doesn't have sandboxing on Android so it can't protect against anything once a remote code execution exploit occurs. Complete lack of sandboxing on Android is one aspect of it being far less secure.
I have 75% confidence that I am 90% sure that 40% of the things I believe are 100% wrong
I have immense respect for the revolutionary vanguard, provided the revolution happens after 11 AM and does not require anyone to understand how a supply chain actually works. If the proletariat rises up, please text me; do not call.
'Deep work’ is just ‘doing your job’ for people who’ve been on Slack so long they forgot what that felt like
AI doomers and AI accelerationists have more in common with each other than with normal people who simply do not think about AI that much. The disagreement is coming from inside the church
@nprofile…fmlg No, these apps are going out of the way to ban using operating systems not licensing Google Mobile Services. Most apps are going to do this and users can pressure them to permit GrapheneOS which has happened successfully with a lot of these apps already. You should send them https://grapheneos.org/articles/attestation-compatibility-guide and pressure them to permit GrapheneOS. We show a notification when apps use the Play Integrity API as X does to help with this.
@nprofile…fwu9 People can buy the devices without GrapheneOS and install it themselves in any region where that's an issue. Motorola devices with GrapheneOS preinstalled is something we want but it doesn't have to happen right away and doesn't need to happen everywhere for the partnership to be highly successful. Pixels are sold in 33 countries which doesn't include many countries outside North America and Europe.
@nprofile…fwu9 People can buy the devices without GrapheneOS and install it themselves in any region where that's an issue. Motorola devices with GrapheneOS preinstalled is something we want but it doesn't have to happen right away and doesn't need to happen everywhere for it to be highly successful.
@nprofile…9x99 Revoking Camera, Microphone and Location access automatically is a standard Android feature via granting one-time access instead of persistent access. It revokes it 1 minute after the app isn't in the foreground anymore. The global toggles are problematic to begin with since enabling the functionality globally will allow every app which you've granted the permissions to start using those again, although at least it's only foreground access for Camera, Microphone and by default for Location.
not really. almost no one react to my posts and there are others like me. more than half of people whom I originally followed are gone now. Sometime around 2024, some people I found interesting came here. Within six months, they were gone. There are probably many reasons for this, but one of them is that the people here form a very narrow ideological group. And if you don’t fit in, there’s no one to talk to.
@nprofile…tv8l @nprofile…qtyy @nprofile…fgrk
Heavily using Google apps and services doesn't ruin using GrapheneOS. People still get major privacy and security benefits. Migrating away from Google apps and services along with other privacy invasive services can be done over the long term. If migrating away from it is a high priority goal with willingness to be dealing with it, then it's a good idea to start out with it in a dedicated work profile or Private Space.
https://grapheneos.social/@GrapheneOS/116267529664234349
@nprofile…tv8l @nprofile…qtyy @nprofile…fgrk
Heavily using Google apps and services doesn't ruin using GrapheneOS. People still get major privacy and security benefits. Migrating away from Google apps and services along with other privacy invasive services can be done over the long term. If migrating away from it is a high priority goal with willingness to be dealing with it, then it's a good idea to start out with it in a dedicated work profile or Private Space.
https://grapheneos.social/@GrapheneOS/116267529664234349
@nprofile…qtyy @nprofile…fgrk It sounds like you do want to minimize usage of Google Play, so set up a dedicated profile for it. Work profile or Private Space is most convenient since they're nested but you could also use a secondary user. Private Space is essentially a nested secondary user. Work profiles are similar but have to be managed by an device policy management app. Shelter is an open source one for local management which many people use. Private Space + work profile gives 2 nested profiles.
@nprofile…qtyy @nprofile…fgrk You aren't ruining GrapheneOS by using sandboxed Google Play in the Owner user. They're regular sandboxed apps including in the Owner user and you can restore it back to the default of only having the Network permission granted while retaining compatibility with nearly every Play Store app. Network and Unrestricted battery mode are all it needs to provide nearly all functionality apps need. We reroute location requests to Google Play to the OS location service by default.
@nprofile…qtyy @nprofile…fgrk Their app likely depends on Google Play for push notififications which requires giving it Unrestricted battery mode. If you want to minimize your usage of Google Play, remove it in the Owner user and set up a dedicated work profile or Private Space for it. A work profile is a good option if you want to save Private Space for the main purpose of having private apps/data which remain at rest while using the phone. Google Play is still sandboxed in Owner on GrapheneOS though.
@nprofile…qtyy @nprofile…fgrk It doesn't matter at all that you did that if they already had your contacts anyway. You have to migrate to avoiding using them for sync if you want to avoid them having those anyway. Just get rid of it if you don't want it and make a dedicated work profile or Private Space for apps depending on Google Play if you want to keep it separate. You'll probably want apps depending on it but you don't need to give it any permissions beyond Network and it can be in another profile.
@nprofile…qtyy @nprofile…fgrk VCF export/import should work fine. It's possible the app you used for exporting did it in a format incompatible with AOSP Contacts but you can use a different app to export/import on both ends. There are also various apps you can use for end-to-end encryption contacts sync/backup.
You didn't need to give sandboxed Google Play a bunch of permissions to use their contacts sync but it's still far less invasive than regular privileged Google Play services even with those.
@nprofile…g0lg Yes, Pixels are going to remain supported and it will be a while before the Motorola devices launch. We launched experimental support for the recently launched Pixel 10a yesterday.
The initial devices with GrapheneOS support from Motorola will be 2027 flagships. We'll add support for new devices each year along with expanding to cheaper devices once those meet the requirements.
@nprofile…g0lg Yes, Pixels are going to remain supported and it will be a while before the Motorola devices launch. The initial devices with GrapheneOS support from Motorola will be 2027 flagships. We'll add support for new devices each year along with expanding to cheaper devices once those meet the requirements.
@nprofile…7kfx That's what this change does.
its wild that "treat people with basic dignity" became a radical political position. i remember when it was just called "not being a dick." we used to have that
GmsCompatConfig version 168 released:
https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/releases/tag/config-168
See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.
Forum discussion thread:
https://discuss.grapheneos.org/d/33369-gmscompatconfig-version-168-released
#GrapheneOS #privacy #security #gmscompat
GrapheneOS version 2026032000 released:
https://grapheneos.org/releases#2026032000
See the linked release notes for a summary of the improvements over the previous release.
Forum discussion thread:
https://discuss.grapheneos.org/d/33367-grapheneos-version-2026032000-released
#GrapheneOS #privacy #security
@nprofile…rpyy Pixel 6a is fully supported and works well. It's part of the oldest generation of supported devices and has an update guarantee from the OEM until at least July 2027.
Some of the laws we're referencing were already passed. It isn't going to result in any changes to GrapheneOS and it will remain available everywhere. Many other projects are making changes due to it or blocking downloads in regions passing these laws but we've determined there's no need for us to do anything.
@nprofile…kfh0 @nprofile…9tr7 Pixel stock OS no longer has nearly as many changes in the monthly releases beyond the security patch backports. QPR1 and QPR3 will be smaller releases than previously and stock Pixel OS exclusive. These releases are only relevant to GrapheneOS for Pixel support. We don't need to deal with it for another device.
GrapheneOS has security preview patch access already which we didn't receive from Motorola but rather from another OEM not working on devices supporting GrapheneOS.
@nprofile…kfh0 @nprofile…9tr7 That's not how Android updates work. There was previously 1 major yearly release which was changed in 4 major quarterly releases and has been reduced down to 2 major releases per year. Those are made available to OEMs and published to the Android Open Source Project. There are monthly security backports to the major releases from the past around 3 years which are also pushed to the Android Open Source Project. Pixel stock OS is separate from what OEMs use which is the AOSP code.
@nprofile…slwy Fairphone has made it very clear they don't care about providing serious privacy or security. We aren't going to be supporting their devices or working with them. They already chose a different path incompatible with working with us.
https://discuss.grapheneos.org/d/24134-devices-lacking-standard-privacysecurity-patches-and-protections-arent-private
@nprofile…lthu @nprofile…9tr7 https://grapheneos.social/@GrapheneOS/116262395412236234
@nprofile…9tr7 @nprofile…qq64 There's a huge audience interested in having private and secure devices. Providing the bare minimum of standard privacy/security patches and important standard hardware-based defenses rules out nearly all Android devices. iPhones have much better security than the vast majority of Android devices. Out of the Android devices supporting installing another OS, the only ones with similar security protections are Pixels. People who want privacy/security mostly buy iPhones.
@nprofile…9tr7 @nprofile…qq64 GrapheneOS is a privacy and security project. It isn't elitist to have a reasonable set of hardware requirements including proper driver/firmware updates and important hardware-based security features we need to protect against widespread real world exploits. Similarly to iPhones, GrapheneOS devices are far more secure than using a traditional desktop OS. The security standards for mobile are much higher than what passes for acceptable for laptops and desktops.
@nprofile…qq64 @nprofile…9tr7 GrapheneOS is a highly usable production quality OS with broad app compatibility. It isn't a niche choice only for people who are highly committed to privacy. It's very usable as a daily driver. The vast majority of Android apps are fully functional on GrapheneOS. In practice, the only apps unavailable on GrapheneOS are a tiny subset banning using any alternate OS with the Play Integrity API or similar methods. 90% of banking apps work and 99.999% of other apps
@nprofile…qq64 @nprofile…9tr7 GrapheneOS is privacy project and privacy depends on security. We have very reasonable hardware security requirements which are listed at https://grapheneos.org/faq#future-devices. We only expect industry standard updates and security features. The only non-Pixel Android devices meeting these requirements don't allow using another OS. We're officially partnered with Motorola and they're making devices meeting these requirements with official GrapheneOS support.
https://grapheneos.social/@GrapheneOS/116159602850585685
@nprofile…ju3h Pixels are the only currently available devices meeting the security requirements for GrapheneOS.
GrapheneOS has an official long term partnership with Motorola and will support many of their future devices:
https://grapheneos.social/@GrapheneOS/116159602850585685
We aren't lowering our standards but rather their devices are being improved to meet our requirements. Existing devices from every non-Pixel Android OEM lack important security features and don't provide the level of driver/firmware updates we need.
@nprofile…9tr7 GrapheneOS has an official long term partnership with Motorola and will support many of their future devices, not one. It will support multiple new Motorola devices every year. We aren't lowering our security requirements but rather their devices are being improved to meet our requirements. The reason GrapheneOS won't support their currently available devices is because those don't meet our security requirements. Currently, only Pixels meet our requirements.
https://grapheneos.social/@GrapheneOS/116159602850585685
GrapheneOS will remain usable by anyone around the world without requiring personal information, identification or an account. GrapheneOS and our services will remain available internationally. If GrapheneOS devices can't be sold in a region due to their regulations, so be it.
@nprofile…85r0 It will be included in our next regular OS release.
my political position is that i would like things to be noticeably less insane than they currently are. this is considered "not having principles" by people who think everything should be on fire
The future is already evenly distributed. It’s just not here yet.
everyone wants to be the last sane man in the asylum but buddy we’re all patients here. i’m simply the patient with the best tweets about it
Four hundred years ago, the people Andreessen imagines were blissfully unselfconscious were reading Augustine and Montaigne and arguing about Stoic philosophy. They were writing diaries and letters that examined their own motives with considerable care. They were not, in fact, just moving forward without asking where they were going.
https://www.joanwestenberg.com/marc-andreessen-is-wrong-about-introspection/
Vanadium version 146.0.7680.153.0 released:
https://github.com/GrapheneOS/Vanadium/releases/tag/146.0.7680.153.0
See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.
Forum discussion thread:
https://discuss.grapheneos.org/d/33290-vanadium-version-146076801530-released
#GrapheneOS #privacy #security #browser
people keep trying to convince me that the entire economic system needs to be burned down and rebuilt from scratch according to a book written in 1867. what's your plan for Thursday though. specifically Thursday. the day after the revolution. what happens on Thursday
exactly my thoughts. agree
well, I‘m European, therefore I would use renewable resources instead of gasoline.
https://image.nostr.build/fa2c4a11962261c05f7ac9d17e74e11b5002449f0a1db253cc45de43b4dfcc13.jpg
