We're now hosting our own Mastodon instance at https://grapheneos.social/ and we'll be moving to @GrapheneOS@grapheneos.social from this account.

Our server has closed registration and will only be used for official GrapheneOS accounts along with accounts for our project members. It's the same approach we take for our Matrix and email servers.

The remaining setup work will be porting over our age-encrypted cloud backup scripts, improving the sample Mastodon nginx configuration we merged with our standard baseline configuration, tuning PostgreSQL for the instance and setting up localhost access control via nftables which is currently missing.

Donations are appreciated to help cover the cost of this new infrastructure along with the time spent setting it up and maintaining it going forward:

https://grapheneos.org/donate

@oliver_m @kuketzblog We haven't spread any misinformation. You've made repeated attacks on GrapheneOS including trying to misrepresent tweets from our lead developer. We looked into it and found more attacks from you elsewhere.

@oliver_m

You're welcome to retract your underhanded attacks on our project across platforms and apologize to the people you've attacked if you want to be unbanned. Doubling down on it will make it permanent.

@oliver_m Calyx presents it as their own project now and falsely claims to have created it. Not kicking out Steve as technically still have commit access doesn't change that they've taken it over and dramatically altered the direction/plans for the project rendering it unusable for where it was originally intended to be integrated.

@oliver_m @kuketzblog The point is that you are yet another toxic member of the CalyxOS community spreading misinformation about GrapheneOS, fabricated stories about our project members and engaging in bullying. You're following our accounts and lurking in our rooms just to find opportunities to harm our project with dishonest attacks.

@oros @librelenny It's very strange to reply to a question to us saying you use a different operating system. Any time someone mentions GrapheneOS, there's always someone to promote that non-hardened OS. We're not being rude by making it clear how dramatically different they are from each other.

@librelenny @oros

They're much different kinds of projects. GrapheneOS is a hardened OS with substantial privacy/security improvements and CalyxOS really ends up rolling those back with many misguided changes.

Both are based on AOSP, which doesn't include Google Play, but CalyxOS does use 5 Google services in the base OS by default and also has microG integrated with privileged capabilities unavailable to other apps.

GrapheneOS has https://grapheneos.org/install/web which is an even easier installation process and it has far broader app compatibility via the sandboxed Google Play compatibility layer if you choose to use apps depending on Google Play.

It's understandable that you think otherwise because unfortunately there are many people spreading misinformation about GrapheneOS. We're just trying to explain the differences clearly.

@oliver_m @kuketzblog Please note this person is involved in spreading misrepresentations and false claims about the GrapheneOS project and engaging in bullying targeting our project members. If they want to use a non-hardened OS which goes months without shipping half the standard security updates, that's their prerogative, but their dishonest attacks on our project are wrong.

@oliver_m Steve Soltys wrote the app as one of our users / community members for us to include in our project. It was based on the concept we laid out for it. What do you think is different about what's written there? Calyx started contributing to his project and then completely took it over. They ended up helping Copperhead in their attacks on us and engaging in far worse attacks than anything Copperhead did. You're linking to content from before we knew what they were doing. It's in no way inconsistent...

@librelenny @oros

What's the relevance to this thread?

GrapheneOS is a hardened OS substantially improving privacy and security along with providing very broad app compatibility via the sandboxed Google Play compatibility layer.

CalyxOS is none of those things and doesn't provide their users with standard security patches for months at a time. It rolls back rather than improving security beyond that too.

GrapheneOS and CalyxOS are dramatically different kinds of projects. CalyxOS has much more in common with LineageOS.

GrapheneOS version 2022112500 released: https://grapheneos.org/releases#2022112500.

See the linked release notes for a summary of the improvements over the previous release.

Forum discussion thread:

https://discuss.grapheneos.org/d/2008-grapheneos-version-2022112500-released

@asparagi We sent a detailed email explaining the situation and what we'd like to see happen which would ideally simply be the account's creator being contacted and them turning it over to us so we can redirect it.

@mikereiser08

Setup Wizard integration is planned but we need to make a whole new GrapheneOS Setup Wizard before that can even be considered.

We would need a company / organization to provide us with substantial resources, ideally by directly paying developers to work on GrapheneOS and our subprojects. It's unrealistic to achieve all this without it because we currently can't assign any resources to it.

@mikereiser08 We aren't familiar with other options but the 3 given above work well, exactly as they do on the stock Pixel OS. The vast majority of Android apps work on GrapheneOS due to the option to use the sandboxed Google Play compatibility layer and exploit protection compatibility mode although these 3 apps don't need those.

@asparagi

Our only official account on the fediverse is this @grapheneos account.

The @GrapheneOS@aspiechattr.m account shouldn't be using our official branding. It looks like an official account but has no connection to us and is mirroring our Twitter content against our wishes. we have a full fediverse.

We want the account to be turned over to us rather than deleted. Help is welcome. We tried sending a DM to the account with no response. We aren't sure on the best way to contact the instance admins, who could send an email to the account creator. If that doesn't work, we want the instance admins to help us with this themselves. It's likely the person who created the account is simply active so they're unaware we have a fediverse presence and that we want the account they made to mirror our content.

@grapheneos is not missing any content. We post the same content to both Twitter and Mastodon. We format it appropriately for Mastodon instead of having Twitter quote tweets, Twitter handles, etc. We omit Twitter-specific content telling people about our Twitter community or Mastodon account. The same is true in reverse. Nothing is being missed by following our official account.

@adam @GrapheneOS@aspiechattr.me

You're responding to an unofficial account mirroring our content from Twitter against the wishes of GrapheneOS. We want this account to be turned over to us, but unfortunately whoever created it hasn't responded to our attempts to contact them. We'll have to contact the instance administrators next.

Simple Mobile Tools apps do not meet our requirements. They're too barebones, missing compatibility with the standard Android intents and have anti-features include security theatre we don't want in GrapheneOS. We aren't going to bundle a Calendar app that's not a replacement for AOSP Calendar as a frontend for the OS Calendar system. The direction and approach taken by those apps isn't a fit for GrapheneOS. They're heavily focused on legacy Android versions / devices too, which means they don't provide a great experience on modern Android. GPLv3 licensing is also not acceptable for GrapheneOS.

Google publishes the source code for their TalkBack screen reader. GrapheneOS maintains a fork of it and includes it in GrapheneOS with the help of a blind GrapheneOS user who works on their own more elaborate fork. Eventually, we'd like to include more or all of their changes.

TalkBack depends on a text-to-speech (TTS) implementation installed/configured/activated. It needs to have Direct Boot support to function before the first unlock of a profile. Google's TTS implementation supports this and can be used on GrapheneOS, but it's not open source.

We requested Direct Boot support from both prominent open source implementations:

RHVoice: https://github.com/RHVoice/RHVoice/issues/271
eSpeak NG: https://github.com/espeak-ng/espeak-ng/issues/917

eSpeak NG recently added it but it's not yet included in a stable release and their licensing (GPLv3) is too restrictive for us.

RHVoice itself has acceptable licensing for inclusion in GrapheneOS (LGPL v2.1), but has dependencies with restrictive licensing. Both these software projects also have non-free licensing issues for the voices. Neither provides close to a working out-of-the-box experience either.

Google's Speech Services app providing text-to-speech and speech-to-text works perfectly. Their proprietary accessibility services app with extended TalkBack and other services also works fine. However, many of our users don't want to use them and we need something we can bundle.

There aren't currently any usable open source speech-to-text apps. There are experimental open source speech-to-text implementations but they lack Android integration.

We also really need to make a brand new setup wizard with both accessibility and enterprise deployment support.

GrapheneOS still has too little funding and too few developers to take on these projects. These would be standalone projects able to be developed largely independently. There are similar standalone projects which we need to have developed in order to replace some existing apps.

AOSP provides a set of barebones sample apps with outdated user interfaces / features. These are intended to be replaced by OEMs, but we lack the resources of a typical OEM. We replaced AOSP Camera with our own app, but we still need to do the same with Gallery and other apps.

Google has started the process of updating the open source TalkBack, which only happens rarely. We've identified a major issue: a major component has no source code published.

https://github.com/google/talkback/pull/28

Google has been very hostile towards feedback / contributions for TalkBack...

This is one example of something seemingly on the right track significantly regressing. Another example is the takeover of the Seedvault project initially developed for GrapheneOS. It has deviated substantially from the original plans and lacks usability, robustness and security.

In the case of Seedvault, GrapheneOS designed the concept for it and one of our community members created it. It was taken over by a group highly hostile towards us and run into the ground. It doesn't have the intended design/features and lacks usability, security and robustness.

All of these are important standalone app projects for making GrapheneOS highly usable and accessible. What we need is not being developed by others and therefore we need to the resources including funding and developers to make our own implementations meeting our requirements.

#grapheneos #privacy #security #android #mobile #accessibility #texttospeech #speechtotext #talkback #blind #backup

@ichSachMalSo @nikita Pixels are by far the most secure Android devices and are the ONLY mobile devices with production quality alternate OS support.

Other devices do not provide proper security updates, hardware security features, etc.

Most other devices don't allow an alternate OS to make use of all the hardware security features.

Samsung flagships are the closest to meeting the security requirements but cripple security of the device when you unlock it. They don't allow an aftermarket OS to use most of the hardware security features and even keep many disabled if users lock the device with the stock OS installed since they permanently cripple the device blowing a fuse.

Pixels are also the only devices providing anything close to usable production quality AOSP support instead of needing to hack together hobbyist level support for a device which ends up holding back major version upgrades and the project as a whole.

@oros

Face unlock isn't a hardware feature on the Pixel 7 / Pixel 7 Pro but rather a software feature they arbitrarily deployed only for those devices.

It's not comparable to the secure implementation they shipped on the Pixel 4 / Pixel 4 XL with dual infrared cameras, dot projection and flood illuminator for 3D IR face scanning with higher security than fingerprint scanning.

Insecure face unlock is going to be intentionally omitted from GrapheneOS.

You aren't specifying if you're talking about software features or exclusive Google features. It's almost the same situation as the Pixel 6 other than not having this new insecure face unlock.

GrapheneOS Camera app version 57 released: https://github.com/GrapheneOS/Camera/releases/tag/57.

See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.

Forum discussion thread:

https://discuss.grapheneos.org/d/1970-grapheneos-camera-app-version-57-released

#grapheneos #privacy #security #camera