I just browse Reddit with the browser I already have.

A lot of security talk around these parts but not a recommendation of online security lab and training platforms like HackTheBox. Please try them out if you haven't.

Free Cybersecurity Courses | Guided & Interactive | Beginner-Pro

Browse over 57 in-depth interactive courses that you can start for free today. All lovingly crafted by HTB

After learning you can try out skills on their lab or CTF platforms. Training on these platforms let you understand how to make more secure applications. A very long time ago I had my kickstart in my work from doing CTFs. You used to need to hack the login form to get on this web site... I sucked at it and I still do, but you learn a lot extremely quickly and understand how things work far better than just reading on social media. Many people's questions or suspicions about things could be answered if they just did the security research on whatever they were suspicious about themselves... so do your proof of work.

It's much too early to ask us when we'll have support for the new Pixel 10 phones. They're only available for preorder. We need to have access to the devices and factory images before we can start working on this. If the new Pixels still provide proper alternate OS support, we can support them. It will be significantly more work than usual to support the new Pixel 10 phones since Android 16 removed the Pixel device trees from the Android Open Source Project. However, that was already only part of what we need for device support and we worked around it by expanding our automated tooling. We'll be able to use our automated tooling to support the new Pixel 10 devices as long as they still provide proper support for installing another OS like #GrapheneOS with all of the security features supported. We have no reason to believe that's not supported anymore at this time. It's just going to be significantly more work. Pixel 10 also has much more significant hardware changes than the Pixel 6a through Pixel 9a we added easily. We don't know how long it's going to take yet. We can't estimate that until a while after we've started working on it. We can't start working on it until we have the devices and images.

#GrapheneOS information on Cellebrite referenced in Amnesty International report "A Digital Prison" about Serbian protest suppression.

Amnesty International

Serbia: "A Digital Prison": Surveillance and the suppression of civil society in Serbia - Amnesty International

This report documents how Serbian authorities have deployed surveillance technology and digital repression tactics as instruments of wider state co...

Ok so we're on 1000 followers again on this npub, thanks!

I see this a lot so I will clarify. The major UI theme change, quick tile layout settings and desktop mode are Android 16 QPR1 features. That is in beta and isn't an open release yet. GrapheneOS is based on Android 16 and will move to QPR1 once it is released out of beta.

#GrapheneOS version 2025081300 released. • limit MediaMetadata object size to avoid Binder failures to resolve the rest of an upstream Android denial of service issue triggered in real world use by LibreTube (this extends our previous fix in our 2025072700 release) • reduce time update threshold to 50ms from Android's default 2000ms instead of allowing the clock to get up to 2s out-of-date (this change was lost during one of the major release ports when Android significantly changed the code and moved where this is configured) • Pixel 8a: fix inclusion of PSDS overlay since our port to Android 16 which was breaking using our PSDS proxy until we worked around it server-side with a redirect from broadcom.psds.grapheneos.org to samsung.psds.grapheneos.org for the Samsung PSDS download path • Samsung GNSS devices (Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a): switch to TLSv1.3-only for SUPL instead of TLSv1.2-only now that it's supported by gnssd • change User-Agent for geocoder to "GrapheneOS geocoder $USER_AGENT_VERSION" where the version is currently 1 and can be incremented if there are significant changes to how we make requests (this was previously using the default Android User-Agent sending more information than necessary) • kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.101 • Seedvault: update to latest revision for Android 16 (will be replaced with a better backup implementation in the future) • Camera: update to version 84 • Camera: update to version 85 • Info: update to version 6 • Vanadium: update to version 139.0.7258.123.0

Releases | GrapheneOS

Today was the coordinated disclosure date for multiple Matrix chat protocol vulnerabilities:

Security Release

Matrix, the open protocol for secure decentralised communications

Our #GrapheneOS synapse server has been upgraded to 1.135.2 and now we'll need to upgrade our Matrix chat rooms. Many servers haven't yet upgraded and won't be able to join. Our plan is to create an entirely new set of Matrix rooms with room version 12 and begin migrating people over to those. Our existing rooms will be kept around for a while because we know many instances are going to take their time updating to the new server software releases. Our Matrix chat rooms have been repeatedly broken by these protocol bugs. Our General and Offtopic rooms have been replaced 4-5 times. The most recent occurrence was our GrapheneOS Space with over 25000 users breaking. This will all hopefully be in the past after today's fixes. See

Contact | GrapheneOS

for more info. Our rooms are bridged across Matrix, Discord, Telegram and IRC. We started on IRC and intended to fully migrate to Matrix. We added Telegram due to the major issues with Matrix and then Discord for ordinary users which is now the most active platform. Federating with open registration Matrix servers leads to endless raids including people spamming CSAM and gore. Not federating makes it quite useless. A large portion of our Matrix community moved to Discord due to the CSAM spam across Matrix and we don't bridge media from it. Discord has very good configurable server-side filtering and dramatically better mod tools. Matrix heavily enables abuse through federation and doesn't even support restricting inline media. Matrix also lacks channels within rooms so communities like ours rely on moderation bots. Discord provides a fantastic user experience and moderation tools but is a closed source platform without end-to-end encryption for direct messages. We would be happiest with an open source, non-federated chat platform we could host ourselves similar to Discord but that time is too late.

Welp... #GrapheneOS

#CalyxOS posted an announcement about the departure of both the founder of the organization (Nicolas Merrill) and lead developer of CalyxOS (Chirayu Desai):

A letter to the CalyxOS community

A letter to the CalyxOS community

According to their post, it will likely be around 4 to 6 months before they resume updates with new signing keys. CalyxOS is stuck on the 2025-06-01 patch level. The missing patches include 2 remotely exploitable Exynos cellular radio vulnerabilities fixed for Pixels in June along with many High severity issues for other components. There are a huge number of AOSP patches scheduled for disclosure in September. Android has quarterly major releases. Android 16 QPR1 is coming in September and changes more overall than Android 16. Providing full AOSP patches requires the latest release since only High/Critical severity AOSP patches are backported. It's also needed for the Pixel driver and firmware updates. Verified boot signing keys can't be rotated. Their plan to change all of the signing keys will require reinstalling the OS to continue receiving updates. Nicolas Merrill was the sole person with access to CalyxOS signing keys. Either he isn't handing over the signing keys or they don't trust him. #GrapheneOS was founded as an open source project in 2014. In 2018, there was a takeover attempt on the project by Copperhead which was a for-profit company founded in late 2015. Copperhead was meant to be sponsoring the project and making it sustainable. Both Nick and Chirayu were involved in this. Chirayu Desai was a full time employee of Copperhead. The CEO intended for him to be lead developer of a new closed source OS forked from our project. Nicolas Merrill was in active contact with Copperhead and wanted an OS made for Calyx. When the takeover failed, he hired Chiyaru to make CalyxOS. CalyxOS never incorporated privacy or security features comparable to GrapheneOS. It was always a non-hardened OS far more similar to LineageOS and /e/. Despite being in a different space, Nick and Chirayu worked hard to undermine the continuation of our open source project alongside Copperhead. Calyx should publish information on why Nicolas Merrill was previously demoted and what's happening with the signing keys and other infrastructure he controls. CalyxOS users deserve to know whether he's refusing to hand over keys, domains, IPs, ASN, etc. and if Calyx considers the keys compromised.

SEC FORM D

is the SEC filing for shares issued in February 2024 by a for-profit telecommunications company founded in 2019. The owners of the company are Nicolas Merrill, Louis Rossmann and Steve Gerber. This raises a lot of questions, as does other publicly available information. For CalyxOS users considering moving to GrapheneOS, you should know it's not only much more private and secure but also has broader app compatibility and is very easy to install.

Comparison of Android-based Operating Systems

Comparison of Android-based Operating Systems

is a high quality third party comparison. You'll likely be more than happy with it. Many CalyxOS users have been exposed to a lot of inaccurate information about GrapheneOS and fabricated stories about our team. Our team is heavily targeted with harassment. We're open to forgiving and unbanning people who participated in this in the past if they're going to stop and do better.

#GrapheneOS version 2025080600 released. - full 2025-08-05 security patch level - apply the only change not related to the Pixel 6a battery workaround from the August 2025 Pixel kernel drivers obtained via GPL source request - update to August 2025 Pixel vendor/firmware code - Messaging: update to version 12

Releases | GrapheneOS