[a / b / c / d / e / f / g / gif / h / hr / k / m / o / p / s / t / u / v / vg / vm / vmg / vr / vrpg / vst / w / wg] [i / ic] [r9k / s4s / vip] [cm / hm / lgbt / y] [3 / aco / adv / an / bant / biz / cgl / ck / co / diy / fa / fit / gd / hc / his / int / jp / lit / mlp / mu / n / news / out / po / pol / pw / qst / sci / soc / sp / tg / toy / trv / tv / vp / vt / wsg / wsr / x / xs] [Settings] [Search] [Mobile] [Home]
Board
Settings Mobile Home
/g/ - Technology


Thread archived.
You cannot reply anymore.


[Advertise on 4chan]


Graphene OS is not degoogled. Recent revelation of security researcher mike kuketz reveals the thruth:

https://www.kuketz-blog.de/grapheneos-warum-android-eine-verbindung-zu-gstatic-com-aufbaut/

The "privacy" ROM connects to Google's gstatic.com for Certificate Transparency logs. While no app data is leaked, Google captures the user’s public IP address and exact request timestamps during these background HTTPS connections.

This enables tracking via cross-correlation: If you open sandboxed apps like X or Instagram, they log your IP. Since Big Tech cooperates and shares telemetry data, Google can match the gstatic connection timestamp with your app activity IP, instantly identifying your GrapheneOS device.

YOU HAVE BEEN LIED TO.
>>
>YOU HAVE BEEN LIED TO
Only you. I have used mainline with ofono since 2015.
>>
>>109138848
>YOU HAVE BEEN LIED TO
No shit. Some random obscure entity shills "privacy" ROM, but demands me to use a specific hardware and does advertising to criminals. They also have 6-point star logo. I am supposed to trust them.
LMAO
>>
>>109138848
How autistic and paranoid do you have to be to install GrapheneOS? Does the Trump administration really live that rent free in their head? Or is this due to Android slamming the door on sideloading soon?
>>
Looks like glowies hard at work again to discredit GrapheneOS since they can't break into it.
This has already been debunked.
https://grapheneos.social/@GrapheneOS/116811567684278477
>>
>>109139045
this is an admission, not a debunk.
>>
100% DEGOOGLED MY ASS.
>>
3 letter agency gorilla nigger FUD thread
>>
>>109138956
are you a pinoy? why are you so mentally ill?
>>
>>109139180
Glad you degoogled your vibrator, Anon.
>>
>>109138848
The disgusting cynicism of the Graphene devs. Apparently, in the end, it’s all about "feelings." If it’s just about feelings, why do you suddenly want to implement a proxy solution after all?

https://grapheneos.social/@GrapheneOS/116813168121504197
>>
Why is it "degoogled", when it contains instructions on how to install Google Play services?
>>
>>109139678
>implement a proxy solution after all?
No proxy, just a mirror.
>>
>>109139678
>The reason we replaced other similar static file download services with our own for cases like this is to make people happy.

yep, this is how true techies talk. all about feelings. nothing to see here.
>>
>>109139712
Trying to use android without google is like trying to drive a car with no wheels
>>
>>109139678
Says the GrapheneOS dev who never lets his petty feelings control him.
>>
>>109139742
>Trying to use _the internet_ without google is like trying to drive a car with no wheels
ftfy
>>
>>109139045
It just happens to share an gid/uid with everything related to downloads and media. What you download and listen to is shared via these system apps via gstatic
>don't worry. It's nothing bro
are they fucking joking?
>>
>>109139712
this is false I don't use anything Google related besides Gboard on my GrapheneOS phone
>>
>>109138848
>>109139172
>>109139180
This is A CATEGORY ERROR: of course you connect to GOOGLE to validate GOOGLE CERTS, that's not a "degoogle" or privacy problem.

So you're going to say that about my OS not being de-googled because I used firefox to browse youtube and firefox connected to google to validate the certs?
>>
>>109139956
but if that’s the case how am I supposed to autistically screech about inane shit on anonymous image boards?
>>
>>109139678
did this faggot just say it's all placebo?
>>
>>109139045
this is more about making mass surveillance easier. if glowies want to get into *your* devices specifically, then they certainly can.

but yes, the demoralization shill is hard at work over multiple threads (i really hope he actually gets paid for it)
>>
>>109138848
> If you open sandboxed apps like X or Instagram, they log your IP. Since Big Tech cooperates and shares telemetry data
There's not a lot the Graphene OS devs can do about the apps you run colluding to spy on you. The sandbox is really the best they can do. If you're trusting Facebook and X and Google slop enough to run them, well that's on you.

>>109139956
And the problem with a workaround to certs is that the security dweebs will have a million different excuses for why they can't be cached, or distributed, or mirrored, or anything done with them other than to refer back to a centralized, glowie overseen server complex. Because guess who butters most of their bread.

>>109139045
this.
>>
Why is there such a disconnect between users and devs of these things

99% of the population
>Grapheneos is a custom ROM for degoogling and avoiding google entirely, it also keeps your data private
grapheneos devs
>it's is NOT a degoogling ROM, we love google and have instructions to install Google on our site, it's not even a privacy ROM, it's a super hardened security ROM privacy is a afterthought that we love to eschew for more security
>>
>>109140426
presumably because there's a disconnect between the technical details of a functioning product and some catchy buzzword that the typical clueless retard loves to throw around
>>
>>109138848
Don't care, still using graphene you glownigger.
>>
>>109138888
when you put it that way
checked
>>
Only retards use Graphene
>>
>>109140870
>the typical clueless retard loves to throw around

Take a look at GrapheneOS’s posts on X and Mastodon. They themselves have repeatedly spread the idea that GrapheneOS is the most SECURE and PRIVATE OS in the world, over and over again. They’ve always insisted that everything else is garbage. Other custom ROMs? Garbage. Linux? Garbage. According to the Graphene devs, the second-best alternative is iOS. Yes, I admit I’m an obsessive freak who reads Graphene’s posts on X and Mastodon. And what I’ve basically realized is that they’ve talked a bigger game than they can deliver. They shit on everyone else, yet they can’t even live up to their own high standards. They’re hypocrites who constantly fall flat on their faces because they’re so full of themselves. It’s that hubris that really triggers me about GrapheneOS. They don’t have a shred of humility. And that’s why it triggers me even more when that hubris gets exposed.
>>
>>109140207
>The sandbox is really the best they can do.

But in the context of the newly discovered connection to gstatic, sandboxing proves to be a placebo.
>>
File: 1829-overlay.jpg.png (1.29 MB, 884x2150)
1.29 MB PNG
what else are graphene devs hiding?
>>
File: grapheneOS-to-google.jpg (328 KB, 1028x982)
328 KB JPG
>>109138888
checked. Who makes the hardware btw?
>>
>>109138848
I’ll trust the Finnbros with sailfish
>>109138888
Checked and kekd
>>
>>109141810
>Linux secure Boot shim is signed by Microsoft!!!!
>>
>>109138888
/thread
>>
>>109141280
the funny thing is, you could just be using your OS and literally none of this would be a problem to you. you wouldn't even know anything happened. someone points some minor issue out to the devs, the issue gets fixed, just another entry in the changelog. but you choose to seek out the drama and trigger yourself with it. same with GNOME or whatever the fuck i constantly see people freak out over. insane tranny horsefucker paedo furry dev said things online that i disagree with, oh no, time to uninstall. guy who makes my phone OS has a huge ego and doesn't know how to talk to people - well fuck, why did i even bother using his software???
>>
>>109138848
I use a stock Xiaomi android phone, they already know everything anyway. And not allowing that connection breaks many websites on the internet.
>>
>>109138956
For me it was the latter
>>
>>109139233
I don’t use this OS but I know people (unemployed leftist subhumans) who do. “Dude, trust me” doesn’t seem like a good reason to install “de-googled” GrapheneOS on a GOOGLE PIXEL.
>>
File: IMG_9476.jpg (79 KB, 768x1024)
79 KB JPG
>>109139233
lol no Filipino has the brains or desire to do anything with their smartphones except doomscrolling Facebook and playing some shitty Chinese gambling game.
>>
What if I don't use goyshit like X and Instagram? I mainly use F-Droid
Should I just install LineageOS? I swear I'm not trying to be super private, after all its a mobile tracking device.
>>
>>109142179
>you could just be using your OS and literally none of this would be a problem to you

It is a problem because the people who use GrapheneOS do so for very specific reasons, above all, because they want to de-Google. If this supposedly de-Googled GrapheneOS isn't actually de-Googled at all, and the developers are deliberately misleading users, then that is a valid reason to be mad.
>>
This thread is full of morons who have no basic understanding of privacy and security and think they're geniuses for finding this "gotcha"
>>
>>109142243
Stop defending people who steal your privacy.
>>
>>109142261
Nigger, Google spent the money developing android to enrich themselves. If you want a truly de-googled smartphone OS then get to work developing the hardware and OS.
>>
When GrapheneOS insisted on the Google Titan garbage and even advertised it and demanded all your keys and passwords to be on a chip with proprietary google firmware... i realized that they are malicious to the idea of privacy and security.

Their definition of "security" is a jail cell under constant surveillance of a prison guard.
>>
File: quelle_surprise.png (408 KB, 600x462)
408 KB PNG
>>109138848
It has been a HONEYPOT all the time!
>>
File: 1761164552992740.jpg (282 KB, 1080x1175)
282 KB JPG
>>109142234
Most ROMs will still make more connections to Google, especially compared to graphene. And the next release will have the files rehosted anyways. This isn't much.

Graphene will soon cease its connections to Google again, not that these connections did much.
>>
>>109142488
Nice
>>
>>109139891
>Gboard on my GrapheneOS
kek
>>
>>109142742
It's locked down and denied permissions. Essentially handicapped.
>>
>>109138848
>my cellphone...CONNECTS TO THE NETWORK?
AAAAAH IM GOING INSANE!
>>
>>109139891
True, you can avoid using it ypurself, but it's nevertheless included in GrapheneOS as an option.
Optional degoogling, like optional freedom, is not enough.
>>
>>109144051
If you are using Google Play Services then GBoard might still leak data to Google via inter-process communication.

>>109144381
Complete de-googling isn't the purpose of GrapheneOS. Privacy is. But how far you go is up to you. If you prefer app compalibility, GrapheneOS still provides a much more private and secure way with sandboxing Google Play Services. Whïch you may install in a separate profile, or in private space.
>>
>>109144512
>>109139891
>>
>>109144512
Privacy isn't the purpose of grapheneos, security is.
>>
>>109144530
https://grapheneos.org/
>The private and secure mobile operating system with Android app compatibility.

Private is the first descriptor. And of course you can't have privacy without security. So naturally security is also a main focus.
>>
>>109142488
>And the next release will have the files rehosted anyways.

yeah, but only after pressure. if that one security researcher didn't made a post on mastodon, nothing had changed. despite the fact, this problem is known since months.
>>
>>109139730
>Le certificate log
>Le prevents le hackeur
>Because le have to hack le CA and then also hack le log
Jesus fucking Christ this industry is just a thinly veiled government monitoring program. Fuck all the retards that blindly follow this shit and don't question anything.
>>
GrapheneOS's much-hyped app sandboxing turns out to be an illusion. Technically, the system allows core Android components (running under shared UIDs like the Download Manager) to initiate unrestricted outbound connections to Google's gstatic.com servers. This bypasses the very isolation mechanisms that are supposed to prevent individual apps and processes from phoning home without explicit permission.

If the OS itself can freely reach Google infrastructure behind the scenes, the entire sandboxing model collapses, users are left with a false sense of strict containment.

Graphene sisters, I don't feel well....
>>
>>109138848
Even if no content or account data is transmitted, Google sees the user's IP address and the exact timestamp with every request. For example, if the smartphone always fetches these lists when the charging cable is plugged in (as described in the article), Google could theoretically learn via the IP address when the user is at home and charging their device.
>>
>>109145591
You can make specific endpoints for whatever function is being performed at a specific time and siphon off a shit ton of information. Anyone who defends gstatic access is a drooling retard.
>>
>>109145411
I can understand wanting changes sooner, but I'm still not sure what else I'd be using. iToys don't have the huge open source app ecosystem, nor auditable code. As long as apple insists on being extremely shady with the "trust me bro" security/privacy model, I'm not sure I could use it. And other ROMs? Most ROMs do not target any specific device (which usually means a varied experience depending on the phone you choose), nor do they support re-locking the bootloader. The various extra shit like storage scopes and the fine permission controls are impossible to live without. Lineage isn't even degoogled and eos/calyx still don't provide those features.

Not using a phone isn't an option anymore, employers require it and I don't own my own property to get a lan line. People ask for my phone number to text me something daily and lots of services expect texting ability to send 2fa codes.

At the end of the day I still think grapheneOS is the best of the options, even if it's ran by schizos who barely listen to feedback.
>>
>>109145591
>>109145628
Amazing, anons. Now, let's say tomorrow grapheneOS devs say they WONT rehost the files and that they will keep in the gstatic requests. What phone are you using and why?

I didn't like hearing this news and it sounds like you didn't either. I'm happy they're fixing it but this has somewhat tarnished the OS in my eyes, doing all these requests for apps I probably don't have, after promising to make no connections OOTB to Google. Is grapheneOS completely useless? What will you be using?
>>
>>109145666
>i'm still not sure what else I'd be using
Nothing, get some low-budget goy device and learn to live without it as much as possible. Maybe additionally buy a chink device with Harmony OS, for the non-kosher stuff.

If you have the choice between your own government spying on you, or a foreign government that is hated by your own government....go for the foreign one... they can't touch you.
A Chinese phone that sends your location live into the office of the CPC in Beijing is still more secure for a Western goy than a Goyphene phone that sends all sorts of stuff to Google.
>>
>>109145689
>learn to live without it as much as possible.
I already do this
>Maybe additionally buy a chink device with Harmony OS
telling me to avoid phones, but then buy two phones, both 100% proprietary, both with spyware? But what about muh freedumbs?

Not uploading my hentai to Xi Jinping's personal stash. Chink phones have Google play services anyways, so I'm not sure how chink phones would avoid sending my data to google. and this is the first concern with grapheneOS in quite some time, which they are already moving to fix.

>Just submit to Chinese spyware and abandon all hope! Let glorious China have your data, anon! Nothing can go wrong! Long live the Chinese Communist Party!
>>
>>109145781
>telling me to avoid phones, but then buy two phones
If you are bound to a device with google spyware for whatever reason (banking apps), whats your alternative? The best option is to banish them on their own airgapped hardware. It can't get any more secure than that.
Goyphene idiots gloat about their leaky software sandbox for gapps... but don't consider the best sandbox of them all: A separate device.
>Chink phones have Google play services anyways
no, Harmony OS doesn't even support Android apps.
>Long live the Chinese Communist Party
Indeed
>>
>>109145666
>auditable code

nobody audited graphene's code completely. most of graphene's code is de facto a black box.
>>
>>109145686
>I'm happy they're fixing it

they are "fixing" it, only because they got under pressure. at first they wanted to sweep it under the rug. that failed and now they have to "fix" it.

i wonder what else they swept under the rug?
>>
I don't even think the Graphene devs are glowies; they’re just incompetent. They took on a mission they can't handle. That gstatic drama actually reveals something: the Graphene devs lost the big picture a long time ago. They’re flooded with potential security vulnerabilities but lack the capacity to check everything. When they do check something, they overlook something else. The project is simply too big for such a small team. In the long run, it boils down to damage control rather than actually plugging the holes, they simply don't have the capacity for that. It’s damage control in the sense that they just hide potential issues and try to ride them out, hoping no one notices. That won't work for long. That’s why, in the medium term, the Graphene devs will likely pocket as much money as possible and then suddenly disappear.
>>
>>109145892
meh, the GrapheneOS guy (singular) was always honest about his definition of "security", it's >>109142409
I honestly believe that he doesn't consider requests to Google an issue, as long as those requests are used to enforce the secure prison cell (which certification related requests certainly are).
>>
>>109145487
>>109140019
>>
>>109145818
>Goyphene idiots gloat about their leaky software sandbox for gapps...
The gstatic requests are unrelated to sandboxed Google play services, the requests were made with or without such installed, and didn't come from it. You didn't read the issue at all, just the thread title. Fuck you, Chinese bot.
>If you are bound to a device with google spyware for whatever reason (banking apps), whats your alternative?
Seperate profile that is only started to use the specific apps and is closed when you don't need them. The profile has no access to owner contacts/storage and doesn't include/disables most apps.
>>109145853
What part of "auditABLE code" do you not understand? Basic fucking English.
>>109145867
>they wanted to sweep it under the rug.
Yeah, that's exactly what addressing the issue and responding to the thread trying to help looks like.
>that failed and now they have to "fix" it.
They are hosting the resources themselves. The requests are not going to be made to google, which is what people wanted. If you don't believe this next release to fix this issue, please explain why.
>i wonder what else they swept under the rug?
Post to here when you find anything, thanks!
>>
>>109145853
use Claude to audit it all kinds of foul shit will be found
>>
File: 7634554213451.jpg (27 KB, 640x480)
27 KB JPG
>>109138848
best way to get a degoogled life is no phone and computer and use free pc from public space
>>
>>109145941
>blabla, unrelated to sandbox... hurr durr... sandbox still good, doe
>blabla, seperate profile blaaaa
If you have to run spyware for goys, there is nothing better than airgapped (aka different device). The goyphene sandbox is a placebo.
Anything you suggest is LESS secure. And you can't deny that.
>ok, its worse than airgapped, but not thaat bad
i don't give a fuck, it is worse and requires blind trust into a guy who tells you that a proprietary google firmware should be in charge of all your secrets
>>
>>109145941
>What part of "auditABLE code" do you not understand? Basic fucking English


just audit the code bro! just become a billionaire!
>>
>>109145970
>blabla, unrelated to sandbox... hurr durr... sandbox still good, doe
Current thread is unrelated to the sandbox, illiterate chink. If you have issues with the sandbox, please describe why you believe it to be so ineffective instead of blabbering nonsense. The gstatic requests are not from sandboxed GPS.
>i don't give a fuck
No kidding, that's why you're okay with Chinese spyware. Now go lie down flat.
>>109145988
Not going to use a phone that goes out of its way to hide what it is doing and make itself harder to study. The only devs currently making proprietary software are trying to hide what they are doing, usually because of some sketchy shit or just afraid of competition.
>>
>>109146054
if you don't know what graphene's code is actually doing, you are no better than using stock android or iphone.

come back after you have audited graphene's code.
>>
>>109146054
I don't give a fuck.
The whole advertised concept of goyphene os is fundamentally flawed.
You can't run goy spyware in a private or secure way. That's impossible. But the claim that it would be possible is goyphenes whole selling point.
The only thing you can do is to not run the spyware in the first place.
Having a low-budget phone somewhere thrown into the basement for the rare occasions that you need it, is the most security you can possible get.
>but but gstatic requests are unrelated
It is part of the very same flawed concept of trying to run spyware in a "secure" way. Those requests are only needed because some spyware, that enforces CT, would stop working without it.
If you would never bother to run spyware in the first place, you wouldn't need those requests and it could simply be removed rather than "ok, we will host them ourselves and send the requests to Amazon AWS instead of Google instead :)".
It is better than goyphene, and you can't deny that.

The premise of goyphene is wrong.
>>
>>109146103
>don't run the spyware
>buy a chink device for the spyware
Pick one.
>>
>>109146136
What about the concept of air gapping confuses you?
>>
>>109146103
Thats a massive redpill.
>>
File: namek nuke.gif (2.04 MB, 480x360)
2.04 MB GIF
>>109138888
spicy ass nvke
>>
File: 1761429843176561.jpg (52 KB, 501x478)
52 KB JPG
All anti-Graphene posters ITT are idiots!

iBinkie is more their speed, and they are secretly embarassed by that fact.

>>109142488
This poster is not an idiot. He is smart, and rare.
>>
>>109139045
>GayphagOS
No thanks, I'm straight
>>
>>109138888
>also have 6-point star logo
it's so wholesome how they always give us those not-so-subtle hints. Life is so much easier if you just avoid anything that has jew symbols.
>>
>>109139045
It's funny that the OP stopped including the graphOS forum post about it in his spam post the moment that the graphene team clarified the issue and explained the upcoming fix
>>
i wouldnt even trust anything i do on my phone even if i had graphene os or any os on it
>>
>>109146103
>Having a low-budget phone somewhere thrown into the basement for the rare occasions that you need it, is the most security you can possible get.
Depends on the threat model. If I don't want google to know where I live, then this does nothing, as the play services on this low-budget device will have access to my location. On GrapheneOS I could just not give the play services the location permission.
>>
>>109140207
>There's not a lot the Graphene OS devs can do
Lol fucking tech weenies. It's called containers and iptables. These snakeoil salesman give you tailored access slop on purpose.
>>
>>109146523
did you actually read the article?
>>
File: 1782563951043.png (241 KB, 1053x1187)
241 KB PNG
I love how they heavily criticize competing projects making inaccurate claims in their marketing about being degoogled and private, while their own FAQ flat out lies about the connections the OS makes by default.

https://grapheneos.org/faq#default-connections
>>
>>109146617
graphene devs are such disgusting hypocrites and liars
>>
>>109139891
Use FUTO keyboard, it is unironically objectively better than gboard
>>
>>109144598
GrapheneOS sounds like DealDash.com, the fair and honest bidding site.

>>109145666
iToys is better than Android in any situation if you're concerned about privacy. That also isn't saying much.

>>109145853
It's a black box? If so that's hilarious. Slacktivists always want someone else to do it. Didn't this OS take off because of some YouTuber? I was wondering this very thing and am not at all surprised if it's true.

>>109146171
/g/ is not gonna know that term.
>>
>wahhhh waahhh the grapheneOS devs are too mean and autistic and paranoid!!1!
Do you morons not realize that this is actually a MASSIVE green flag? This is exactly the kind of person I want to be developing my security oriented os.
>>
>>109138848
Wait I'm being tracked when I log into big tech social media? Wtf fix it Mickay
>>
why isn't this thing trending on reddit or X? why is this the only place people talk about this? its not a conspiracy theory, it is documented in a article written by a well known security reseaecher and graphene devs even admitted it. why is nobody talking abou this?
>>
>>109146067
you have not done so either so what's your point
>>
>>109146847
there is no difference between closed source and open source. in both cases you have to blindly trust the devs.
>>
>>109146103
this! totally agree. marketing to users as "the most private and secure operating system being able to use spyware", like google, defeats the whole purpose. why not just market yourself as "the operating system that's private and secure devoid of google" instead. but wait, that is EXACTLY what they market GrapheneOS as. now there's this gstatic spyware shit. something doesn't add up.
>>
>>109146602
this is true and the reason I root my GrapheneOS anyway
>>
>>109146617
on rooted GrapheneOS use custota
>>
>>109141853
>who makes the hardware
... Google
>>
>>109146772
>unironically
made up fag speak
>objectively better
value is subjective moron
now kys
>>
>>109139891
FUTO keyboard mogs gayboard + it isnt a keylogger
>>
>>109146922
contains 4 trackers and knows when updates are released even though it is denied network permissions
>>
>>109146927
>contains 4 trackers
Source?
>>
File: 1756117203492280.png (238 KB, 1344x2541)
238 KB PNG
>>109146933
>spoonfeed me
I've discussed this since it came out. Check the archives. the devs also admit this



[Advertise on 4chan]

Delete Post: [File Only] Style:
[Disable Mobile View / Use Desktop Site]

[Enable Mobile View / Use Mobile Site]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.