Its easy to see why “stepping down” means nothing, when you see that GrapheneOS is a one man army show, his GitHub says the same, and GrapheneOS commits tell the same story since April 2023 (when he told how there was a CP/gore spammer in his offtopic Matrix chat and he claimed to be swatted, no evidence or in local Canadian news in 5 months). Check his GitHub repo member list (flat hierarchy makes no sense), correlate with Matrix chatroom and Discourse admins/mods lists.

His whole game is playing with optics in the FOSS community, portraying his hobbyist stuff as professional even when his behaviour screams the opposite, and using labels like “lead dev”, as if many people make commits to GrapheneOS. Optics is the key word, which also plays into marketing fluff about features, mostly which are rebrandings like what OEMs do with tacky skins.

While things in life are not black and white, they are certainly not 45% and 55% gray either, but more like 20% gray and 80% gray. (I am a Pareto’s principle shill.) Most (not many) situations in life are just that, distinctly clear with no fog clouds. Nuance changing a situation’s dynamics is the exception, not the norm.

Fairphone is one of the top recommendations in my guide, and they now have 8-10 years of security updates as well (7y with FP3+ iirc).

All this is not to appease or stroke my ego (I have refused donations for my guides), but to refuse rewarding this IT brodude bullshit behaviour, and to put an end to it in the IT and FOSS/anonymous communities. The privacy community has been filled with illogical, conspiratorial nutjobs and assholes and I have been one to help clean it up myself for about 4 years now. I still fondly remember how r/privacy mod censored my r/privatelife subreddit with 26 members, and swore to clean this mess. Simply put, I am a meta-contrarian voice of reason that has and will go against anyone to say what needs to be told.

MPV’s deinterlacing is excellent.

There are certain “security zealots” in FOSS community that shill Big Tech, dump on FOSS projects and promote typical IT dudebro asshole behaviours. I am documenting it since 5 years, so I am coming from a far different place, having seen it all. Being in their chatrooms, engaging with racists, IRL Nazis and absolute clowns has allowed me to see pretty much every trick they can pull.

The reason I called out the political affiliation is because as a leftist, cherrypicking and supporting/opposing issues is incorrect. IT dudebro behaviour is what GrapheneOS community staunchly supports and normalises, and is the root of many problems in tech sector.

Micay using the “autism” placard to dodge accountability is disgusting, and it hurts all autist and neurodivergent people. Micay is the embodiment of most of the worst kind of behaviours, and rewarding him by using his AOSP fork is one of the worst things you could do.

That is the ELI5 version, which is how I talk to people about technical matters. If you were to quote this 20 years later, it would require no further context and citation, and would still be a relevant comment. A lot of my comments are guest-blogging style mini posts. Generally one should have no further questions about picking a private and “secure” Android device for years after reading this.

Whichever system you can navigate through easily and freely, none of which is a smartphone. Smartphones are only temporary vessels on-the-go for calling, texting and photos/videos. Keep your computing as much as possible to a real, dedicated computer or laptop. Any mainstream Android phone in the past 3-4 years, if you do not root or unlock it, has been “secure” at this point, as long as you are not installing calculator apps that need your credit card info and camera access, and as far as your adversary is not the TSA airport agent with Israeli Cellebrite kit or you are not a state actor target for malware like Pegasus.

Funnily enough, Pixels have been horrifically insecure for a while now, besides their garbage QC issues. Google took months to fix these security issues for 6A, 7 series that were more easy to exploit than the security issues any other Android maker has had for the past few years.

• https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/

• https://twitter.com/ItsSimonTime/status/1636857478263750656

• https://www.notebookcheck.net/Google-Pixel-6a-reviewers-claim-to-encounter-a-potentially-serious-device-security-issue.637266.0.html

Any decent Android phone post Android 9 version, provided you:

• do not root or unlock it
• you debloat it thoroughly
• install apps carefully
• put a firewall with nice DNS provider
• restrict app permissions as much as possible
• keep OTA security patches updated

is a secure phone to use. There is full disk encryption for years now, and iPhones are cheaper and easier to exploit than Androids since 5-6 years.

I have had a non-root smartphone guide for years now (https://lemmy.ml/post/128667), letting anyone have a private and secure Android device without any Safetynet tampering or bootloader unlocking complexity, which also allows to use Android Auto, bank apps and any of those Safetynet apps comfortably. This, to the best of my knowledge, is the Pareto frontier of usability, privacy and security on smartphones, provided you have an actual computer as well.

Someone made an Android app that allowed me to solve the issue of physical phone theft as well, effectively disallowing anyone (unless million dollar Cellebrite-like kits can exploit the stolen locked phone) to extract data out of your phone, in case someone took your phone on the street and ran away. This requires locked bootloader, which is the default state of any Android phone you purchase commercially, unless later unlocked or rooted.

This is not about “passion”. I have been monitoring and documenting the “security zealots” in FOSS community for the past 5 years. If you think that’s nuts, I recommend you take out an hour or two and go through this stuff. It will be worth it.

https://old.reddit.com/r/privatelife/comments/ug9qnc/writeup_criticism_of_rprivacyguides_grapheneos/

https://old.reddit.com/r/privatelife/comments/13teoo9/grapheneos_corporate_foss_loving_witch_hunting/

There is no conspiracy btw, regarding voting manipulation and sockpuppet trolling (they admittedly do it). GrapheneOS is by far the most vicious entity in FOSS/privacy community for a while now, to the point Techlore community openly calls them “rabid dogs”. Lemmy is just seeing this stuff afresh, what has been going on Reddit for over 3 years. They would have imported that culture onto Lemmy long ago, if I was not here for the past 3 years, and not a moderator acting as a defense line.

As for “security” and features of this AOSP fork, look no further. https://i.imgur.com/pQHoq84.jpg

There are only 3 things they ever did on their own as extras, and even they have basically no value in the grand scheme of things, them being offering:

• instead of 16 character, 64 character password limit on lockscreen
• PIN scrambling
• Morula method of exec spawning instead of Zygote method used in most AOSP projects

Now, I will elaborate on these 3.

• Elaborating on first one, it is kind of useless as you can see for obvious reasons.
• For second one, you already understand why fingerprint avoids the issue of someone peeping at your PIN/password entered across your shoulder. Fingerprint is infinitely superior. Even more so with Android and iOS both offering biometric Lockdown features.
• This one is somewhat half credible, but the goal is to destroy the memory blocks used by an app after it is exited, so that memory blocks do not retain essential text strings of data to exploit. For this, you can just go to Developer Options and enable “Don’t keep activities” and it will achieve the same effect as Morula method of exec spawning implemented by GrapheneOS.

So out of the 20-30 features GrapheneOS claims they developed, everything is either a modification of app permissions or firewalling or AOSP feature rebranding.

Also, as you may have famously heard about “Sandboxed Play Services”, it is not developed by GrapheneOS, but a project called ProtonAOSP, whose developer is kdrag0n. GrapheneOS copied that off and rebranded it as their own developed thing.

As you can see, GrapheneOS is basically a lot of marketing and in reality, there is negligible or nothing beyond the surface. This is called snake oil, or selling bridges/dreams.

A civil discussion is not possible with people that always lie about things for years (https://old.reddit.com/user/lo________________ol/comments/1314x2x/why_did_i_do_this/), then manufacture lies about how they were swatted to manufacture drama and gain fame, never to give evidence, label everyone neonazi or complicit in this hoax murder attempt, censor any attempts of being questioned and go underground, and use “autism” label to dodge accountability, and to be a witch hunting liar and an asshole to everyone.

Where is GrapheneOS securing millions of dollars from to buy Cellebrite kits that Israel government only sells to governments and contractors? Or are they lying? Because they lie everywhere on the internet to manufacture myths so they can later quote themselves as the source of “truth”. https://i.imgur.com/woNxPhx.jpg

Are you seeing the problem with targeted downvotes towards my comments? I got precisely 5-6 downvotes suddenly in the past hour (for every single post and comment I have made for the past week or so) suddenly for a reason - vote manipulation via sockpuppets - this is the kind of crap they precisely do. What does a leftist do? Stop supporting and using that product, and switch to something that works just as fine. Continuing using something made by such horrible entities while saying otherwise is a kind of faux virtue signalling US govt does via news media.

Calyx if you want one of these pre-configured custom ROMs for Pixels only, and Lineage or /e/ if you want more device support.

If you think the part about locked bootloaders is so important, just know that they lie to the extent of going around in tech YouTuber comment sections and claim they have $1M Cellebrite Israeli toolkits to verify grapheneOS is safe against bootloader attacks like Evil Maid. https://i.imgur.com/woNxPhx.jpg

Please read the paper by Ken Thompson, co-creator of Unix and C, on why we should be able to trust the developer and NOT the code. https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf

The most recent incident that exists is lead dev accusing the following entities of being complicit in a swatting attempt, for which no evidence has been provided in the last 5 months: r/privacy users and moderators, r/PrivacyGuides moderators, CalyxOS members, Techlore members, individual reddit users and Louis Rossmann. The dev even had the audacity to hide behind an “autism” placard to justify his abusive behaviour and accusations.

This is not personal drama, but proven and documented large scale incidents, and you should oppose toxicity, fake accusations and witch hunting, being a trans leftist. These are societal problems for all of us, and should be fought the same way we fight for social movements. The tech sector is so bad because it is filled with toxic dudebros like this, and many GrapheneOS supporters justify this behaviour as “security/IT people are like this”.

DIVESTOS DEVELOPER BANNING ME ON MICAY’S ORDERS OTHERWISE HE WILL INITIATE A SOCIAL MEDIA HARASSMENT CAMPAIGN AGAINST DIVESTOS

Yes, this happened, and this is my favourite part as far as everything GrapheneOS head/mods have done to date. As dramatic as it sounds, Micay in realtime, in DivestOS’ XMPP chatroom, was accusing me of the typical “harassment ringleader campaign” BS, and ordered DivestOS/Mull developer (these are his aliases) SubZer0Carnage/Tad/SkewedZeppelin that if I was not banned immediately, DivestOS and him would face social media targeted campaign and DivestOS will have to forcibly pull off any borrowed GrapheneOS code. DivestOS developer dusted his hands off me, since he does not like me apparently for liking some closed source software and he benefits off of the crybully. Also, unlike the crybully, I have never harassed or harmed anyone because I have a moral conscience to not be an abusive asshole on internet, so he will face no issues on my end.

Screenshot 1: https://i.imgur.com/Al65uTZ.jpg

Screenshot 2 continuation: https://i.imgur.com/mT8W9pa.jpg

The shutter sound is present regardless of global version, it was not added by asking community despite the risks, and there is a lot more to the project than that one part.

Reminder that GrapheneOS dev and mods officially conduct witch hunting and harassment of any critics and their mods officially declare targeted harassment and trolling as “brand reputation and competitor analysis”. (https://i.imgur.com/q2OefBw.jpg)

They also add threatening features like camera shutter sounds impossible to disable without consent of community users, putting people at risk. And the dev, mods and community are largely toxic, dishonest crybullies. Never a good idea to trust insane people that accuse everyone and their children of fake attempted swatting.

I also see a lot of GrapheneOS shilling/brigading in recent times, including this thread, similar to https://i.imgur.com/G6P1c9n.jpg and https://i.imgur.com/woNxPhx.jpg . Action will be taken against it. This is not 4chan or Reddit.

Ok Gentoo Police now go back to ricing

Probably, if you have lent out your WiFi graciously to any Apple/Google device. But you could deny mapping now, better late than never.

Yeah… WTF indeed. Its not talked about a whole lot, and only the most active privacy folks (like me, shameless) took steps like that early.

I mean, you do not even need these fancy codecs, as long as you can push 192 VBR OPUS audio to your phone. It is fully transparent. What you need is ample power and clean throughput to the audio gear you have, and the sound signature you like, tuned accurately enough (yes stop listening to audio nutjobs claiming this or that graph is good). Comfort trumps everything though, which is why I love flathead earbuds so much, and for planars, Tin T3+ is just the most comfortable IEM I think.

Buy good wired planar IEMs for $20-70 with Spinfit eartips ($15) (bi-flange eartips if want more sealing). $20 range has options like Truthear Hola, Tangzu Wan’er, 7Hz Zero, Moondrop Chu 2. ~$70 you have the king Tin T3+, and other options like Truthear Hexa.

Pair it with maybe a Fiio Bluetooth DAC (BTR3, BTR3K, BTR5 under $100) if you want portability, and it can power even any expensive wired headphone.

Undiscoverable SSID should not be scannable by Google. Format is how I put in monospace, it being appended to your SSID as suffix.

No, not even a contest. Nothing compares to VDF.

You will bite? Not eat?