She/Her
Spreading positivity and kindness
- 329 Posts
- 109 Comments
13·7 days agoThanks
2·8 days agoI wish I had Pixel 6 Pro back ehen it came out. I only had the 6.
1·8 days agoWhat version of vanadium are you using?
When you use it. What is the expected behavior? Are you expecting it to autofill the password and username when you visit a login page?
What is not working? This is very vague
May you please explain what the issue was?
1·12 days agoClearly a woman. “My lady” would’ve been more appropriate. Please don’t be rude
1·16 days agoGood one! :)
Also, could you have a duress pin+fingerprint in addition to a duress password?
They are planning to have a second unlock method for After First Unlock in the future.
That is correct. During setup, you’re prompted for both password and pin which allows use with pin or password prompts
Last time I checked, that app uses accessibility services, which are not recommended by the GOS project. As accessibility services greatly increases attack surface if any app using these services are compromised.
This would be:
In the long term, GrapheneOS aims to move beyond a hardened fork of the Android Open Source Project. Achieving the goals requires moving away from relying on the Linux kernel as the core of the OS and foundation of the security model. It needs to move towards a microkernel-based model with a Linux compatibility layer, with many stepping stones leading towards that goal including adopting virtualization-based isolation.
The initial phase for the long-term roadmap of moving away from the current foundation will be to deploy and integrate a hypervisor like Xen to leverage it for reinforcing existing security boundaries. Linux would be running inside the virtual machines at this point, inside and outside of the sandboxes being reinforced. In the longer term, Linux inside the sandboxes can be replaced with a compatibility layer like gVisor, which would need to be ported to arm64 and given a new backend alongside the existing KVM backend. Over the longer term, i.e. many years from now, Linux can fade away completely and so can the usage of virtualization. The anticipation is that many other projects are going to be interested in this kind of migration, so it’s not going to be solely a GrapheneOS project, as demonstrated by the current existence of the gVisor project and various other projects working on virtualization deployments for mobile. Having a hypervisor with verified boot still intact will also provide a way to achieve some of the goals based on extensions to Trusted Execution Environment (TEE) functionality even without having GrapheneOS hardware.
Hardware and firmware security are core parts of the project, but it’s currently limited to research and submitting suggestions and bug reports upstream. In the long term, the project will need to move into the hardware space.
Vanadium is still more secure than fennec
Why? Well, vanadium has these security improvements:
- Type-based Control Flow Integrity (CFI)
- Hardware memory tagging (MTE) enabled for the main allocator
- Strict site isolation and sandboxed iframes
- JavaScript JIT disabled by default with per-site toggle via drop-down permission menu
Here is the protonVPN issue on this on their github: https://github.com/ProtonVPN/android-app/issues/136
Thank you. Me too
The physical USB data lines are disabled by the OS’s current USB management, this is done as USB device ID’s can be spoofed, which opens up a security whole.
According to the officially supported devices list for the OS, there is a pixel fold device that can run the OS.
-Pixel 8 Pro (husky) -Pixel 8 (shiba) -Pixel Fold (felix) -Pixel Tablet (tangorpro) -Pixel 7a (lynx) -Pixel 7 Pro (cheetah) -Pixel 7 (panther) -Pixel 6a (bluejay) -Pixel 6 Pro (raven) -Pixel 6 (oriole) -Pixel 5a (barbet)
May you please remove the old moderator? I don’t seem to have an option to do so. Thanks