Next #GrapheneOS update now includes some hardening against reset attacks to prevent potential ways of bypassing our memory zeroing features. This is a response to the exploit we previously reported to Google of forensics companies exploiting a RAM dump from fastboot firmware to brute force OS credentials in Pixels running the stock OS. While not suggested to affect GrapheneOS nor should a user be concerned, this will be an additional security enhancement for our users anyways. Thermal reboots are unsafe reboots that don't erase memory safely. They have now been changed to perform safe shutdowns instead. It stops a threat with physical access and RAM dump capabilities from overheating the phone to force an unsafe reboot into fastboot. A reset attack protection mechanism has been enabled for supported UEFI systems. While we don't support devices using UEFI or the UEFI reset attack protection mechanism, it could come useful in later devices. These protections will be one of multiple to kill the capability for good. Read about the original exploit on my post on stacker news:

Stacker News

GrapheneOS discloses vulnerabilities actively exploited by forensic companies \ stacker news

Link: https://x.com/GrapheneOS/status/1745506661467299946 Nitter: https://nitter.net/GrapheneOS/status/1745506661467299946?s=20 Overview The team a...

#GrapheneOS has developed changes with eSIM management to help eSIM users: - eSIM management will no longer require Sandboxed Google Play. - eSIM management binaries are isolated from Google Play services. - Nor will they make direct connections to Google via Google Play Services to activate eSIMs. See the current upcoming change at:

GitHub

rework integration of Google's eUICC LPA package (EuiccGoogle) · GrapheneOS/platform_frameworks_base@1e679d6

- isolate EuiccGoogle from all non-system package via AppsFilter, which stops it from sending data to Google through GmsCore. EuiccGoogle doesn&#39...

Your bank blocking #Bitcoin, #Monero transactions is good. You are forced away from using KYC, stop complaining.

GM! #GrapheneOS Vanadium version 121.0.6167.101.0 is available in Alpha, and will be pushed to later release channels soon. Changes: - update to Chromium 121.0.6167.101 - replace high entropy client hints with placeholders from the frozen user agent (form factor as Mobile, device model as K, platform version as Android 10 and a reduced version number with zero for the minor parts) to improve compatibility with problematic bot detection checks while not providing any additional information - raise minimum API level to 33 (Android 13) from the default API level 29 (Android 10) to reduce the work required for our upcoming features See all upcoming changes here:

GitHub

grapheneos.org/static/releases.html at b6c6a100c15e378de827d4046f496bb46fcba4ac · GrapheneOS/grapheneos.org

Servers for our website, HTTP/HTTPS connectivity checks, HTTPS network time, NTP (for Qualcomm XTRA), Broadcom PSDS cache, Samsung PSDS cache, Qual...

There is no perfect email provider. You cannot provide perfect service to a deeply flawed communication method. Companies like Skiff, Proton Mail and Tuta are good email providers, but not providers that make emails good. Each one has limitations. These companies should intend to provide you a good service that won't sell you out and make an effort to see the least information they can while following their laws, and they use the encryption and security measures to ensure that. That is what makes the 'Encrypted' in encrypted email important. The end to end encryption for emails is a good bonus but if you're using it for your accounts... it's sadly not worth anything since none of these company sites will bother with encrypting their mail. PGP is also a usability and implementation nightmare. Encryption should be the default and always.