GrapheneOS

GrapheneOS, 9 days ago

Jonah Aragon followed up by pushing a fabricated story claiming we joined a private Discord server used by law enforcement to antagonize them.

The reality is we joined the public Digital Forensics and Incident Response server to participate in discussion about GrapheneOS there.

GrapheneOS, 9 days ago

GrapheneOS had been repeatedly mentioned in their channel on mobile devices forensics. We posted a link to https://discuss.grapheneos.org/d/11860-vulnerabilities-exploited-in-the-wild-fixed-based-on-grapheneos-reports which is on-topic for the channel, useful and relates to past discussions. We also provided some corrections for past discussions about GrapheneOS.

GrapheneOS, 9 days ago

A mod banned us from the server with the justification that we were making forensics harder and claimed the server exists to help law enforcement and forensic data extraction. The chat history is still there for anyone who wants to proof Jonah Aragon is once again lying about us.

GrapheneOS, 9 days ago

We've removed our previous thread only because Jonah edited the linked comment to direct harassment towards a specific GrapheneOS project member he has a long history of targeting with fabricated stories as part of bullying. That's why we've posted a new thread as a replacement.

GrapheneOS, 9 days ago

Multiple members of the Privacy Guides project quit due to Jonah's corruption and extensive involvement in attacks on the GrapheneOS project. For some context, Jonah is one of the core Techlore project members and has been heavily involved in their harassment for multiple years.

GrapheneOS, 9 days ago

Jonah Aragon and Henry Fisher are directly responsible for the 3 swatting attacks by one of their supporters aimed at killing a GrapheneOS project member. Despite that, they're both still trying to direct harassment towards them and further escalating their fabrications/bullying.

GrapheneOS, 10 days ago

@incognitoMD That content was all made by people who have left the Privacy Guides project due to Jonah's toxicity. Jonah has been working towards promoting scams instead and removing this content. The people willing to oppose him have all left the project already. Our whole point is that the project has been hijacked by a toxic person that's trying to harm GrapheneOS and is not what it used to be. That content is from 2022.

GrapheneOS, 10 days ago

We've also finally added documentation on our USB-C port control to our features page:

https://grapheneos.org/features#usb-c-port-control

Most users can set this to "Charging-only when locked" without a loss of functionality or even "Charging-only" if you don't use USB accessories, DisplayPort or MTP.

GrapheneOS, 10 days ago

Default is "Charging-only when locked, except before first unlock" to avoid locking users out of devices with a broken touchscreen. The main threat model for this is defending the device until the auto-reboot timer started when the screen is locked gets user data back at rest.

GrapheneOS, 10 days ago

Our 2-factor fingerprint unlock feature for adding a PIN to fingerprint unlock will be ready to ship in the near future. It will allow users to set a strong passphrase as their primary unlock method to avoid relying on secure element throttling. Has been planned since 2015/2016!

GrapheneOS, 10 days ago

Our upcoming 2-factor fingerprint unlock will make using a strong passphrase as primary unlock method practical via fingerprint+PIN secondary unlock instead of fingerprint-only. Great for people who want to avoid relying on secure element throttling but don't want fp-only unlock.

GrapheneOS, 10 days ago

@sleepybisexual Yes, that's what we're referring to above: adding a PIN to fingerprint, to have the combination of both for secondary unlock. This makes sense alongside a strong passphrase for primary unlock. If you're going to use a PIN for primary unlock, you don't really have much use for fingerprint unlock and can simply avoid it.

GrapheneOS, 10 days ago

@sleepybisexual You'll be able to use something like 8 digit PIN primary unlock with fingerprint + 4 digit PIN secondary unlock if you want, but the device can always be unlocked with the primary unlock method. We're not going to add support for using biometric unlock as part of primary unlock. It would risk people getting locked out of devices and isn't how it's meant to be used. The standard integration of biometric unlock is as secondary unlock only which is sensible beyond security reasons.

GrapheneOS, 10 days ago

@sleepybisexual Your fingerprints change over time and also may not work if your finger is wet, dirty, injured, etc. Fingerprint unlock is probabilistic and has a chance of not working anymore. It isn't really suitable for primary unlock even if you ignore security completely.

GrapheneOS, 10 days ago

@sleepybisexual Your fingerprints change over time and also may not work if your finger is wet, dirty, injured, etc. Fingerprint unlock is probabilistic and has a chance of not working anymore. It isn't really suitable for primary unlock even if you ignore security completely. The reason fingerprint unlock continues working long term is because each use of the fingerprint scanner updates the fuzzy hash model for that fingerprint so it adapts to gradual changes in your fingerprint.

GrapheneOS, 10 days ago

@gmilio Jonah does not support GrapheneOS and is heavily involved in harassment targeting our project members. They've openly welcomed people spreading Kiwi Farms propaganda targeting GrapheneOS in they're chat rooms. This is an attempt at reaching incredibly far to try to portray posting about defending against forensic data extraction as somehow being irresponsible or wrong because supposedly only law enforcement uses the tools which is not true and would not mean it's benevolent.

GrapheneOS, 10 days ago

@Proxy @gmilio Jonah does not support GrapheneOS and is heavily involved in harassment targeting our project members. They've openly welcomed people spreading Kiwi Farms propaganda targeting GrapheneOS in they're chat rooms. This is an attempt at reaching incredibly far to try to portray posting about defending against forensic data extraction as somehow being irresponsible or wrong because supposedly only law enforcement uses the tools which is not true and would not mean it's benevolent.

GrapheneOS, 10 days ago

@Proxy @gmilio Jonah is one of the core team members of Techlore, which has been heavily involved in targeting GrapheneOS with both technical misinformation and harassment based on fabricated stories about our team members for several years. Jonah is always looking for a way to attack GrapheneOS and contribute to his narrative that the founder of the project is insane. It's simply Jonah's character and he's committed to doing this. We can share logs showing PG welcoming Kiwi Farms harassment.

GrapheneOS, 10 days ago

@Proxy @gmilio Jonah is one of the core team members of Techlore, which has been heavily involved in targeting GrapheneOS with both technical misinformation and harassment based on fabricated stories about our team members for several years. Jonah is always looking for a way to attack GrapheneOS and contribute to his narrative that the founder of the project is insane. It's simply Jonah's character and he's committed to doing this. We can share logs showing PG welcoming Kiwi Farms harassment.

GrapheneOS, 11 days ago

Unfortunately, some banks are trying to make life harder for blind people and others reliant on accessibility services. A few have started banning using their app if a non-Google accessibility service app is installed, even if it's not activated (TalkBack is off by default).

GrapheneOS, 11 days ago

Our users have determined that this is easy to work around by disabling the app rather than the accessibility service not being activated. It's possible for those apps to see that it's not activated and they can see it's a first party OS component so it makes very little sense.

GrapheneOS, 11 days ago

We've been working on an App Communication Scopes feature for disallowing apps from seeing or communicating with apps in the same profile with toggles to allow specific cases. We have some of the infrastructure in the OS already for specific cases and can start using it for this.

GrapheneOS, 11 days ago

So far, only EU banks appear to be doing this which is convenient since we already have contact with the EU Commission with a focus on the anti-competitive Play Integrity API many banks have adopted. They're not going to be impressed by banks banning open source screen readers...