You may have been aware of my posts about TTS / SST. Heres more info: View quoted note →

Seeing Proton get heat on social media for their marketing again so lets repost this. Treat these email services for what they are: Alternatives to Gmail or Outlook with a security perspective and automated encryption features. Yes, people on social media can't read, but IMO they should approach their service in a different way ("A reasonably secure email provider" is my suggestion) If they don't want people ratioing them all the time... Most of these people getting the wrong answer is because their site can be pretty ambiguous about the technical details without searching a few pages deep for it. Posteo is an email provider that does openly clarify they can be compelled to intercept incoming emails in a better way than how Proton says it. Still doesn't mean these services are a bad thing though. View quoted note →

Late to post about this but the security preview variant of this release fixes SIX **CRITICIAL** CVEs that will not be fixed elsewhere for a while except in #GrapheneOS because security patches are not included into an Android Security Bulletin until around 3-4 months after their release. - Critical: CVE-2026-0039, CVE-2026-0040, CVE-2026-0041, CVE-2026-0042, CVE-2026-0043, CVE-2026-0044 OEMs do not deliver security patches in a timely manner. In a rare case it is sometimes only done in part, and often will only do so after the ASB is released. That dangerously long period of security vulnerabilities being known and unlatched is unacceptable. View quoted note →

Last two Vanadium updates provided some functionality improvements: The upstream motion sensors toggle for the browser is improved with a per-site toggle for the sensors per site (Vanadium already had the global toggle disabled by default). Our inbuilt content filtering also adds support for additional supplementary language/regional content filters. Users with a set language will get EasyList filters plus the filter of their respective language. This supports Arabic, Bulgarian, Spanish, French, German, Hebrew, Indian, Indonesian, Italian, Korean, Lithuanian, Latvian, Dutch, Nordic, Polish, Portuguese, Romanian, Russian, Vietnamese and Chinese. #GrapheneOS View quoted note →

What this means that notifications will work for users not wishing to use play services sandboxed or otherwise. Most android apps do notifications via FCM, which is Google's, and depends on a Play services implementation. If you ever wonder why app notifications barely work on AOSP distributions without Google services then now you know. By using an app like Sunup (on Accrescent) you can use Mozilla's notification service via UnifiedPush for apps that use UnifiedPush notifications - such as this one. Tell your developers to support notifications without Google. View quoted note →

The regressions with the Terminal app originate from the stock OS, including the VPN issue. The VM data also breaks and data can't be recovered at times. Don't store sensitive data without backups or run anything for production but feel free to try it out. We do improve the Terminal app in a few ways and these fixes is something we need to look into but because it's still an experimental developer option it's priority isn't so high. If the stock OS deals with it first then it's less work on our plate. Desktop Mode needs to be first for all the cool stuff to happen. What users see now will likely be very different to what our plans are should we be able to execute them. We don't want to just have a terminal but rather a VM manager capable of running other operating systems and GUI apps. Debian alone isn't desirable for our use case and we'd want a hardened OS like secureblue instead (ARM builds is beta). Virtualization could be extended to GrapheneOS or individual apps too.

#GrapheneOS version 2026010800 released. • raise declared patch level to 2026-01-05 which has been provided since we moved to Android 16 QPR2 in December due to Pixels shipping CVE-2025-54957 in December • re-enable the system keyboard at boot if it's disabled • switch to the system keyboard when device boots to the Safe Mode • add "Reboot to Safe Mode" power menu button in Before First Unlock state to make Safe Mode much more discoverable for working around app issues such as a broken third party keyboard • add workaround for upstream UsageStatsDatabase OOM system_server crash • add workaround for upstream WindowContext.finalize() system_server crash • disable buggy upstream disable_frozen_process_wakelocks feature causing system_server crashes for some users • Sandboxed Google Play compatibility layer: fix phenotype flags not working in Play services clients • Sandboxed Google Play compatibility layer: add MEDIA_CONTENT_CONTROL as a requested permission for Android Auto as part of our toggles for it to avoid needing to grant the far more invasive notification access permission • Sandboxed Google Play compatibility layer: extend opt-in Android Auto Bluetooth support to allow A2dpService.setConnectionPolicy() to fix Bluetooth functionality (previously worked around with a GmsCompatConfig update avoiding a crash) • switch to new upstream PackageInstallerUI implementation added in Android 16 QPR2 and port our changes to it • update SQLite to 3.50.6 LTS release • add an extra layer of USB port protection on 10th gen Pixels based on upstream functionality to replace our USB gadget control which was causing compatibility issues with the Pixel 10 USB drivers • allow SystemUI to access NFC service on 10th gen Pixels to fix the NFC quick tile • disable the upstream Android USB data protection feature since it conflicts with our more advanced approach and causes issues • issue CHARGING_ONLY_IMMEDIATE port control command in more cases • fix an issue in our infrastructure for spoofing permission self-checks breaking automatically reading SMS one-time codes for certain apps • add workaround for upstream KeySetManagerService system_server crash causing a user to be stuck on an old OS version due to it causing a boot failure when booting a the new OS version after updating • wipe DPM partition on 10th gen Pixels as part of installation as we do on earlier Pixels since it's always meant to be zeroed on production devices • Settings: disable indexing of the unsupported "Parental controls" setting which is not currently available in AOSP • Settings: disable redundant indexing of widgets on lockscreen contents which is already indexed another way • skip all pseudo kernel crash reports caused by device reboot to avoid various false positive crash reports • Vanadium: update to version 143.0.7499.192.0 All of the Android 16 security patches from the current January 2026, February 2026, March 2026, April 2026, May 2026 and June 2026 Android Security Bulletins are included in the 2026010801 security preview release. List of additional fixed CVEs: • High: CVE-2025-32348, CVE-2025-48561, CVE-2025-48615, CVE-2025-48630, CVE-2025-48641, CVE-2025-48642, CVE-2025-48644, CVE-2025-48645, CVE-2025-48646, CVE-2025-48649, CVE-2025-48652, CVE-2025-48653, CVE-2026-0014, CVE-2026-0015, CVE-2026-0016, CVE-2026-0017, CVE-2026-0018, CVE-2026-0020, CVE-2026-0021, CVE-2026-0022, CVE-2026-0023, CVE-2026-0024, CVE-2026-0025

Releases | GrapheneOS

Would be cool to use with #GrapheneOS. You are free to use their portable wireless charger with keyboard or even their Pixel 9 phone case. I recommend the former because you can still use it with USB disabled.

Clicks Power Keyboard: One keyboard. All your smart screens.

Clicks Power Keyboard is a premium bluetooth keyboard and power bank that fits in your pocket bringing tactile typing to your phone, tablet, smart ...

Happy new year everyone! In 2025 GrapheneOS implemented: - A network location provider for highly reliable location position without using Google's service and a geocoding service. - Support for Android 16, QPR1 and QPR2 after Google's removal of device support and releases for all current Pixel devices. - Heavily improved our automated porting tooling and server infrastructure. - Our first security preview releases allowing users to recieve embargoed security patches for Critical/High CVEs a few months before stock Android. - Closed out some VPN leaks from Android. - Enabling experimental support for the developer option Terminal virtual machine manager app and other features like GUI support. - Several improvements to Private Spaces, including use in secondary users, ending session for them, and installing available apps. - Established a ASN for GrapheneOS and a highly reliable and widespread global network for GrapheneOS services. This year should have some significant improvements with GrapheneOS, especially on the usage and accessibility front. There is also a lot of future Android features that will be key in delivering this, such as a fully working Desktop Mode. May this year wish us well.

Needs to be greater support for tablets by Android devs. UIs designed for the big screen also help with Desktop Mode.

This is either a very hot or a very reasoned take and I am quoting my previous note for being potentially related but I'm not a fan of software choices being grouped together or categorised for certain types of people. If you are using something only because a forum or a thread on social media told you to, then you are more of a sheep than the people using the platforms you are moving away from are. The latter are at least doing it out of a personal preference, not out of being alternative or contrarian. You don't need to be hardcore and use something that sticks to a specific social group. Don't ask what the best of something is, ask WHY it is. Learn about the subject and see critically and you'll always find what the best project is for you. Don't walk in other people's shoes. Research skills is everything. Read more. I think I read too little. I once read a post off platform a while ago about how someone felt wrong leaving GrapheneOS to use something else because of (very justifiable) personal reasons to support their needs. The fact someone would feel really ashamed and negative that they aren't meeting some imposed values from some social group (over a software choice) is not okay. You can use and build what you want. This isn't purity testing. It comes across as a deeply toxic relationship between users. View quoted note →

We're developing our own implementations of text-to-speech and speech-to-text to use in #GrapheneOS which are entirely open source and avoid using so-called 'open' models without the training data available. Instead, we're making a truly open source implementation of both where all of the data used for it is open source. If you don't want to use our app for local text-to-speech and speech-to-text then you don't need to use it. Many people need this and want a better option. We are working on TTS first then SST. The TTS training data is LJ Speech

The LJ Speech Dataset

A public domain speech dataset consisting of 13,100 short audio clips of a single speaker reading passages from 7 non-fiction books. A transcriptio...

and the model used is our own fork of Matcha-TTS. If people want they can fork it and add/remove/change the training data in any way they see fit. It's nothing like the so-called "open" models from OpenAI, Facebook, etc. where the only thing that's open are the neural network weights after training with no way to know what they used to train it and no way to reproduce that. Many blind users asked us to include one of the existing open source TTS apps so they could use it to obtain a better app. None of the available open source apps meets our requirements for reasonable licensing, privacy, security or functionality. Therefore, we've developed our own text-to-speech which will be shipping soon, likely in January. We'll also be providing our own speech-to-text. We're using neural networks for both which we're making ourselves.

Merry Christmas

(at the satanist conference) Alright guys we made the mobile operating system now all we need to do is set up THE CLUES