Warning for #Android gapps traitors: Uninstall the application: Android System SafetyCore, which has been automatically installed on most devices. It is used by Google to scan your data, just like Apple has been doing on iOS, but you have the choice to uninstall it. If you don't have it yet, watch out for it being installed silently over the next few days! https://play.google.com/store/apps/details?id=com.google.android.safetycore Be careful on GrapheneOS too if you have Google services installed. While GrapheneOS will stop it from auto installing, it can nag you about installing it. And it won't tell you what it really is. Nor will most online resources. Sandboxed Google Play compatibility layer: stop Play Store from attempting to auto-install some system component packages, such as "Android System SafetyCore" (com.google.android.safetycore) and "Android System Key Verifier" (com.google.android.contactkeys)

Releases | GrapheneOS

The phone is asking me to install this app, anyone knows information about if its truly need it or not? Im with the Google Play Services sandbox install

GrapheneOS Discussion Forum

android system safety core - GrapheneOS Discussion Forum

GrapheneOS discussion forum

If you don't have GrapheneOS, it's going to automatically install itself again at some point after uninstalling it. Locating the App Go to Settings → Apps (or Apps & Notifications) → Show system apps. Look for “Android System SafetyCore.” Check whether the app has any special permissions (e.g., internet access). Uninstalling or Disabling In many cases, you can uninstall an update or at least disable the app. Check the available options in the app info. This is client side scanning. It's a way to spy on your device before it's encrypted. Other information on the topic:

Android Authority

Google's new app will help warn you about nude images in Messages

Google is rolling out Android System SafetyCore, and it'll power the upcoming Sensitive Content Warnings feature in Messages.

Android Authority

Google's new Android app helps you verify you're chatting with the right person

Google is rolling out a new Android System Key Verifier app that helps you verify you're chatting with the right person and not a scammer.

The functionality provided by Google's new Android System SafetyCore app available through the Play Store is covered here:

Google Online Security Blog

5 new protections on Google Messages to help keep you safe

Posted by Jan Jedrzejowicz, Director of Product, Android and Business Communications; Alberto Pastor Nieto, Sr. Product Manager Google Messa...

Neither this app or the Google Messages app using it are part of GrapheneOS and neither will be, but GrapheneOS users can choose to install and use both. Google Messages still works without the new app. The app doesn't provide client-side scanning used to report things to Google or anyone else. It provides on-device machine learning models usable by applications to classify content as being spam, scams, malware, etc. This allows apps to check content locally without sharing it with a service and mark it with warnings for users. It's unfortunate that it's not open source and released as part of the Android Open Source Project and the models also aren't open let alone open source. It won't be available to GrapheneOS users unless they go out of the way to install it. We'd have no problem with having local neural network features for users, but they'd have to be open source. We wouldn't want anything saving state by default. It'd have to be open source to be included as a feature in GrapheneOS though, and none of it has been so it's not included. Google Messages uses this new app to classify messages as spam, malware, nudity, etc. Nudity detection is an optional feature which blurs media detected as having nudity and makes accessing it require going through a dialog. Apps have been able to ship local AI models to do classification forever. Most apps do it remotely by sharing content with their servers. Many apps have already have client or server side detection of spam, malware, scams, nudity, etc. Classifying things like this is not the same as trying to detect illegal content and reporting it to a service. That would greatly violate people's privacy in multiple ways and false positives would still exist. It's not what this is and it's not usable for it. GrapheneOS has all the standard hardware acceleration support for neural networks but we don't have anything using it. All of the features they've used it for in the Pixel OS are in closed source Google apps. A lot is Pixel exclusive. The features work if people install the apps. https://xcancel.com/GrapheneOS/status/1888280836426084502

TrailOfBits spun out iVerify, a mobile malware detection company, about a year ago. So far, they've found 20+ installations of Pegasus on people's iOS phones, including some used for corporate espionage. If you want to try it out, there's a basic version available on the iOS app store you can download today. Make sure you run a "Threat Hunt" after you install it -- this is the feature that is catching Pegasus. That’s important! •

App Store

iVerify Basic App - App Store

Download iVerify Basic by iVerify on the App Store. See screenshots, ratings and reviews, user tips, and more apps like iVerify Basic.

iVerify found those Pegasus installations by inspecting sysdiagnose logs. These are debugging logs produced by iOS itself that provide a window into the lower level operation of the phone. Pegasus is a total operating system compromise. iVerify has other methods available for security monitoring, including a local VPN that inspects traffic completely inside the mobile app, a custom DNS solution that checks resolutions of domain names, and an "Elite" tier of service. If you want to try out this feature to inspect your own phone today, the sysdiagnose feature is available for free in the iVerify Basic app on the App Store.

X (formerly Twitter)

Vladimir S. | Officer's Notes (@officer_secret) on X

I see news about SpyWare all the time in the last couple years... people are really worried about Pegasus and other similar apps. Below in the th...

#security #opsec

Piyush holding #BTC outperforming DBS

X (formerly Twitter)

matthew sigel, recovering CFA (@matthew_sigel) on X

The CEO of the Largest Bank in Singapore (DBS) is Bullish on Bitcoin

📱 UK WON'T have access to your iPhone, but this is very worrying It has recently become popular to talk about worrying news without taking into account reality, so let's get to it: The UK government has issued a secret order to Apple under the Investigatory Powers Act 2016, known as a "Technical Capability Notice", ordering the company to create a backdoor that would allow access to encrypted data stored in iCloud. This is intended to do away with the "Advanced Data Protection" encryption that Apple introduced in iCloud that ensures only users have access to their data, not Apple. It is possible that Apple will abandon "Advanced Data Protection" in the UK, thus allowing it to continue to protect other users, and while this may seem sufficient, it would not really be enough to meet the UK's request. Some might think that this isn't a problem if you don't live in the UK, but it is, as it affects all users who use iCloud, not just iPhones in the UK, at least according to the UK petition. It's important to note here that iCloud is different from iPhone. This is a big threat because it means doing something that not even Apple can currently do: access iCloud data and although it is something that is widely used by its users on different devices, it might not be possible to use the iCloud cloud, which is where the main problem lies. But... will other countries really accept this? Adding a backdoor for UK authorities to access will make other countries want it too but... What about the countries that are seen as a threat? They could also gain access, they would "just" have to find the back door, which would already be known to exist. This is something that goes beyond simply accessing user information; information about a population can be very valuable, especially for other countries that can use it to their advantage in geopolitical terms, which can have serious consequences.

The new feature is coming in Brave Browser version 1.75 for the desktop and is very similar to the popular TamperMonkey and GreaseMonkey browser extensions, which allow users to create "user scripts" that modify the functionality of specific websites.

BleepingComputer

Brave now lets you inject custom JavaScript to tweak websites

Brave Browser is getting a new feature called 'custom scriptlets' that lets advanced users inject their own JavaScript into websites, all...

Excellent post on Human <> Agent relationship. Some thoughts below: Right now, AI is limited by the kind of information it learns from. Most systems rely on internet data, which is often outdated, shallow, or too general. This is where Fringe Untapped Data or FUD comes in. Instead of just tracking what people do, FUD looks at why they do it—things like tone of voice, hesitation before a click, or patterns in behavior that traditional AI ignores. AI that relies only on basic data will hit a wall, while AI that understands real-world context will keep improving. The biggest breakthroughs will come from businesses that combine these two ideas: AI that can run organizations and AI that can actually think in a deeper way. To work, these systems will need ways to coordinate decisions and reward human contributions, but also high-quality, real-world data to keep learning. The companies that figure out how to do both will lead the next wave of innovation. Inverting the Human-Agent Relationship | Source:

Inverting The Human-Agent Relationship

In 1997, IBM’s Deep Blue defeated then-World Champion Garry Kasparov in a chess match, and it became clear that computer chess engines would soon...

🌪 The freedom of those who fight for privacy advances Alexey Pertsev has recently been released from a prison in the Netherlands. Who is it? The developer of Tornado Cash , a protocol that allows for privacy across different blockchains. He was charged with money laundering, not because he laundered money, but because Pertsev was responsible for failing to implement measures to prevent illicit use of the protocol. He is currently under house arrest and electronic monitoring while he prepares his appeal. While it's not the best of songs, it's a lot better than it was just a day ago. He was arrested in August 2022 and found guilty in May 2024, but there seems to be hope. Back in November 2024, an appeals court declared that the sanctions imposed by OFAC (Office of Foreign Assets Control) on Tornado Cash were an overreach of its powers. I would like to add 2 things: 1. Is the central bank guilty of those who launder money with its currency? Or is the person who makes a knife guilty of those who do evil with it? 2. In the end, good prevails and we hope that in some way, this will only remain as the memory of a bitter event. We keep moving forward💪

Transfer Funds to New p2pkh Addresses: #Bitcoin in unused p2pkh addresses remain quantum-safe because their public keys are not exposed. Transferring funds to such addresses can prevent immediate risks. An address that starts with "bc1q" not "p" Avoid address with “04” or “bc1p” Use new addresses for each transaction. - Don’t store large amounts in hot wallets. Stay informed—quantum threats aren’t hype. They’re real.

X (formerly Twitter)

Paolo Ardoino 🤖 (@paoloardoino) on X

Prediction. Quantum computing is still very far from any meaningful risk of breaking Bitcoin cryptography. Quantum resistant addresses will eventu...

StegCloak is a JavaScript steganography module that allows you to hide secrets in text using compression and encryption with invisible Unicode characters. It is designed for use in confidential communications, supports password and HMAC data protection, and provides cryptographic security with AES-256-CTR. Users can hide and reveal messages using commands available through npm, and work with the API, CLI, and web interface with support for Web Workers.

GitHub

GitHub - KuroLabs/stegcloak: Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐ - KuroLabs/stegcloak

XMPP IM criticisms: You can follow any advise on the client XMPP setup but the main issue with the protocol is not your endpoint. The issue is the is the XMPP protocol and related infrastructure. There are two things you wana do 1. content of the message (privacy setup), 2. identity (anonymity setup) Don't mistake those two things!! 1. Privacy is ensured on XMPP with the OTR or OMEMO encryption. The issue is that the key exchange in between the communication parties is not foolproof. You both *MUST* check the fingerprints through a separate secure channel. This is in large scale not practiced. If you don't check it right, the underlying infrastructure of the XMPP allows the adversary to MITM you and read your messages. 2 Anonymity is ensured with Tor here. Tor tries to conceal you IP only and nothing more. But Tor, as a low latency network, cannot protect you from revealing your behavioral patterns, your social graph, your login and log out time, the number of messages sent and received at any time, the sender and receiver of the messages, their precise volume and so on *from the XMPP server* and any adversary that can monitor that server. My advice is - don't use XMPP! if possible at all and use something more resistant like SimpleX, Briar, CWTCH... and similar solutions that mitigate those leaks and diminish or even make impossible those related attacks from the active as well as passive adversaries.

📱 Always update A vulnerability has recently been found in Android (CVE-2024-53104) that affects the Linux kernel and could have been exploited by forensic data extraction tools, according to GrapheneOS. The flaw, which was being exploited in a limited and targeted manner, required physical access to the device, so is likely exploited through the phone's USB port. GrapheneOS message on this matter:

X (formerly Twitter)

GrapheneOS (@GrapheneOS) on X

February 2025 Android Security Bulletin includes a heap buffer overflow in a Linux kernel USB peripheral driver (CVE-2024-53104) marked exploited i...

Source PCMag:

PCMAG

Google Fixes Android Bug Potentially Exploited by Law Enforcement

Privacy-focused GrapheneOS says it&#039;s likely that one of the bugs was &#039;exploited by forensic data extraction tools&#039; frequently used b...

With this I want to remember one thing: It is ESSENTIAL that your devices and applications are always updated Without security your privacy is an illusion

If anyone hasn't checked out the new app release, there's a blog post released about the DrakFi app release:

DarkFi – Insights

Insights from DarkFi.

- ditches the browser completely. - a single, unified super-app. - SAME app across ALL platforms. - The design is highly extensible with user-customizable UI and themes. - Uses pluggable app-on's, apps can be distributed in a fully p2p manner without hosting centralized website frontends. - Devs do not host anything. They just write code but the add-on is hosted fully p2p and anonymously. - Devs do not have to sign up to Google or Apple app stores either for browser or phone builds. - Nobody is required to host an RPC just so users can access their app. - no privacy violations (no add-on store, no browser plugin, no RPC or dev hosting the frontend). Software runs locally on your device. - One single consistent experience. Write once, deploy everywhere. - Full support for third party ecosystem of devs through APIs and CLI. - App is fully customizable with themes and plugins to suit your desired look and feel. Users have full power over the software they run.

America feels threatened by #Bitcoin. For 15 years it tried everything to eliminate it. Now it figured out that something that cannot be destroyed is the most powerful thing in the world. Now it wants to use Bitcoin to dominate the world. The world is sleeping 😴.

FIU stands for **Financial Intelligence Unit**, which is a government agency responsible for receiving, analyzing, and disseminating financial information to combat money laundering, terrorism financing, and other financial crimes. When an entity is "FIU registered," it means that the entity has officially registered with the Financial Intelligence Unit in its jurisdiction, typically to comply with anti-money laundering (AML) and counter-terrorism financing (CTF) regulations. Here’s a breakdown of what FIU registration typically involves: 1. **Legal Requirement**: In many countries, businesses in certain sectors (e.g., banks, financial institutions, casinos, real estate, and even some non-financial businesses) are legally required to register with the FIU. 2. **Reporting Obligations**: Once registered, the entity is often required to report suspicious transactions, large cash transactions, or other activities that might indicate money laundering or financial crime. These reports are typically submitted through systems like **Suspicious Activity Reports (SARs)** or **Currency Transaction Reports (CTRs)**. 3. **Compliance Monitoring**: FIU registration often means the entity must implement and maintain robust AML/CTF compliance programs, including employee training, internal controls, and regular audits. 4. **Data Sharing**: The FIU uses the information provided by registered entities to analyze patterns of financial crime and share intelligence with law enforcement or other regulatory bodies. 5. **Penalties for Non-Compliance**: Failure to register with the FIU or comply with its requirements can result in significant penalties, including fines, sanctions, or even criminal charges. In summary, being "FIU registered" signifies that an entity is part of a regulated framework designed to monitor and prevent financial crimes, ensuring transparency and accountability in financial transactions.

OpenNHP: Cryptography-driven zero trust protocol OpenNHP is the open-source implementation of NHP (Network-resource Hiding Protocol), a cryptography-based zero trust protocol for safeguarding servers and data.

GitHub

GitHub - OpenNHP/opennhp: A lightweight, cryptography-powered, open-source toolkit built to enforce Zero Trust security for infrastructure, applications, and data in the AI-driven world.

A lightweight, cryptography-powered, open-source toolkit built to enforce Zero Trust security for infrastructure, applications, and data in the AI-...

Net Switch: Isolate Apps from Internet Access Net Switch is a Magisk module to isolate apps from accessing the internet on your Android device. This tool gives you complete control over which apps can send or receive data, improving security, privacy, and saving bandwidth. Fully standalone, Operates fully on iptables.

GitHub

GitHub - Rem01Gaming/net-switch: Magisk Module to isolate any app from Internet access

Magisk Module to isolate any app from Internet access - Rem01Gaming/net-switch

He can launch his Memcoin His family can launch Memecoin His son can pump & dump altcoins. He can name the government department as DOGE. However, Donald Trump cannot sign an executive order on Bitcoin Strategic Reserve. Never Trust Politicians on #Bitcoin.

Jan 2025 #ProofOfWalk