No

Crazy, its completely new code? I thought it was a fork.

That makes it pretty impressive

On KDE Plasma theming and Cursors work with Flatpaks normally

And then there is OnlyOffice which also just uses Libreoffice and develops a minimalist web UI and sync features.

Why not join efforts?

Its better than crypto or corpo-crypto (“wireless transfer”)

Yes, “because one of their council is leftist pro censorship”

Like this crap

Just smell on it and the cocaine goes into your blood

Cash

https://grapheneos.org/features#grapheneos

Not sure but GrapheneOS has an “LTE only” mode, stock Android only has preferred Network afaik.

visiting only known websites is not a scaleable option, a browser needs to be secure. Kiwix is the browser that basically runs desktop Chromium on Android, so it has Addon support. But that is also soon manifest v3 restricted, and likely pretty insecure.

of course the user data partition is not checked, but every other important one. I have not tested what would happen when it is modified though.

I dont know what magisk did, but I think that is only about Google Play adding their “safety” scanning to the OS. Nothing regarding boot. But yes, likely there could, can or should be OS components scanning things too.

Googles stuff is pretty insecure, for example the latest SafetyNetFix simply disabled hardware cryptography, as they still support insecure phones.

For sure this is very complex and there are always vulnerabilities found in Android and GrapheneOS.

Yes that is one definition.

But what if you get it back? Or if you just keep it?

There is a chance that you have Pegasus on there, and I wouldnt want a phone without the detection of this.

GrapheneOS can likely detect pegasus with their Attestation and if you have it, use an external device to reflash it.

Not sure if VPN eliminates all risks with 2G and 3G, maybe it does.

Sandboxing, javascript

Vanadium has sandboxing but its javascript blocking is useless (no granular control)

Mull has no process isolation at all, but support for UBO and Noscript. Bad situation

it’s a walk in the park for it to modify any of the partitions

These cannot be written without TPM verification or stuff, ask GrapheneOS devs about that, I dont know. The firmware signing is required, the verification will not be done inside the OS, that would be totally flawed.

If they have the firmware signing keys, they can fuck you. If they dont, they can only write to the system partition, and Attestation can see that.

Reading data has nothing to do with that. They likely can, but that doesnt matter.

My 6 years old phone still receives LOS updates

This will not include firmware and likely even the kernel.

Thanks! TLDR spamhaus (a big spamlist provider) has them on their spamlist, or maybe not, and they are using some fancy CDN.

It is VERY likely just a technical error.

Yes I know, and I want to try DivestOS one time. But they do incomplete patches.

They cannot update the kernel themselves or even worse the firmware. The kernel needs to be built and patched for the specific hardware, GrapheneOS relies completely on Google here. And the firmware needs to be signed by the vendors, so no chance either.

And especially baseband, cellular stuff has extremely many vulnerabilities in the code.

Dont use “stable” software people.

Gimp 3 is already very nice! Use it exclusively.

I think 3a is already too old. I think 4a is a better minimum, but this is still insecure of course.

Image toolbox is awesome, damn!

What, source?

How would you block an OS?

And btw there are some reasons why GrapheneOS may be criticised

Mailbox.org missing, pass

VPNs are not meant for privacy. The concept is clunky, as is the concept of our internet.

Tor or I2P are made for privacy, but the interactions with the clearnet have the same problems, you need a legal entity hosting the server, IPs are known and can be blocked etc.

Hosting your own VPN does not anonymize you anymore but is very unlikely to get blocked.