Graphene like iOS

Dumdum

GrapheneOS Mullvad's app is the only one meeting our standards...

It used to just be Wireguard that was recommended, which I guess as of this commit that is no longer the case. What changed? And is Wireguard still preferred over Mullvad, or is Mullvad "good enough" now?

other8026

Dumdum Here's a couple quotes from the project's X account that I think mostly answer your question:

ProtonVPN is unfortunately not the only app with memory corruption bugs uncovered by MTE. Mullvad is the only WireGuard-based VPN we're aware of that has done significant work to fix the issues. The official Android WireGuard app has memory corruption caught by MTE.

X Link | xcancel link

Mullvad is a good option tested on GrapheneOS by the developers including testing compatibility with our usage of hardware memory tagging on 8th/9th generation Pixels. Official WireGuard app is mostly fine but has unresolved invalid memory accesses caught by memory tagging.

X link | xcancel link

And here's where Mullvad fixed the MTE issue: https://github.com/mullvad/mullvadvpn-app/pull/6727/files

Ammako

other8026 for what it's worth, the issue in ProtonVPN is likely fixed soon

https://github.com/ProtonVPN/android-app/issues/151

The one commenter says it appears to have been resolved for them in the newest beta, I don't use that app though and don't have a 8th/9th gen device in the first place anyway so I can't confirm this.

DeletedUser370

other8026 Maybe @fid02 shared the update somewhere here on the forum as well?

I did, and another user confirmed: https://discuss.grapheneos.org/d/13917-memory-tagging-error-in-protonvpn/48

Looking at the Play Store entry, the latest stable version was released a few days before Proton's announcement about a future fix, so I doubt it includes it. I only tested the beta because the stable version doesn't have guest mode. They seem to be slow at updating their stable version so it might take some time until the fix is released to all users.

Would be nice if others could run the beta with memory tagging and see if it throws an error or not. Although I'm quite confident that it's fixed, as getting memory tagging to crash the app in the past was very easy.

other8026 And here's where Mullvad fixed the MTE issue: https://github.com/mullvad/mullvadvpn-app/pull/6727/files

This worked around a major bug which included a buffer overflow (according to MTE) upon every connect to the VPN tunnel. That latter crash only occurred with Scudo's memory tagging usage, though. Not sure why hardened_malloc's MTE usage didn't crash the app in those instances, but it caught other issues that Scudo's MTE usage didn't. Some issues remained after that commit but they were fixed in version 2024.9 (although Mullvad developers are unsure what specifically caused the bug). Mullvad appears to run completely fine with memory tagging now, although only two users have confirmed this so far.

Been a good month: several apps have very recently fixed memory safety issues that GrapheneOS users reported: Mullvad, Onlyoffice, Proton VPN and Proton Wallet.

missing-root

I wonder if this app could be tested

But this is drifting off a bit haha

https://github.com/zaneschepke/wgtunnel

NetRunner88

GrapheneOS is straight to efficiency, pure, without compromise.
The fact it is not bloated like other OSes is a big plus.

Clark

missing-root I personally use Obtainium, which is kinda bad and background updates simply dont work

Why is it bad? And background updates work for me...

missing-root

Clark

I dont know, I have many apps like Mull that should update in the background but dont.

I know a person with a GOS phone that doesnt do updates and they are mostly not done then.

And it has no initial verification at all. XZ vulnerability could easily happen. Like @GrapheneOS said above.

Blastoidea

I think OP has missed the whole point of GrapheneOS OS.

graphy00

Now would be a great time though. Since everyone I know, and all the podcasters/vloggers I watch, all complain about iPhone and basically hate their iPhone. Competitors could pick some of these people up if they offered what iPhone-buyers want to buy (a simple feature-set, a camera and camera app). Maybe in 3 or 5 years Apple fixes their garbage phones/OSs and people like them, at which point this great window for picking up their dissatisfied customers will be closed. The besties talk for 10 minutes on how iPhone sucks now on this weeks' ep https://www.youtube.com/watch?v=9p-vCUB5AA8&pp=ygUGYWxsLWlu

raccoondad

Just want to mention, GOS either already has or can download:

Photo editing app (markdown)
Music app (VLC, I been using RiMusic)
Note taking app (Easy Notes)
Maps app (Organic maps/Google Maps)
Messenger app (Messages)
Video clip editor app (I wouldn't use a phone for this)
Calendar app (Etar)

If someone doesn't have the intention of learning how to use an Android device, GOS can't help them.

DeletedUser41

graphy00 I think people should have enough crumbs of brain to be able to use Play Store to download apps.

locked

Apple has budgeted at least $350 million dollars yearly to develop and maintain iOS. Most users just want to press the easy button to achieve a task. A lot of users don't care much about privacy and security like we do. The iPhone is not a private phone. It can be reasonably secure in lockdown mode.

DeletedUser95

locked

Slightly off topic from me but I agree. I mean I finally caved in and hit the easy button known as Windows cause while I really want to like Linux every single distro I have tried. Which was like over 10 different distros they all had significant issues for me that was always either with security or stability or compatibility or ease of use. Or in some cases all of the above! I'm okay with a little complexity but the constant back and fourths of trial and error has been demotivating after a couple of years. Especially considering after all that effort I really feel no where closer to being able to daily drive a single one of them.

And I really don't like apple products even despite the massive security gains so that really only leaves Windows as far as I'm aware.

nosferatu

I'm just a random nobody from teh interwebz, but for what it's worth, I'd also be in strong favor of keeping GOS bloatware free. I like that it's clean and simple and everyone can choose what they want to put on it. Each time I get a stock Iphone or an Android phone in my hands, I eww as I imagine what it will take to debloat the darn thing. A lot of times it's not even possible. I hope GOS devs will not fall prey to pressure from absurd requests like what OP proposes.

Blastoidea

nosferatu Hear hear!

other8026

Ammako oh right. I remember reading that somewhere recently. Maybe @DeletedUser370 shared the update somewhere here on the forum as well? I still haven't gotten the update so I can't check myself, but it's great Proton finally fixed it.

graphy00

Today on Joe Rogan, talking to Mark Zuckerberg (who is also quiet re-oriented from what we knew him as a couple years ago), Joe was talking about how he 'finally made the switch from iPhone to Android' (when he said that I heard myself say 'Graphene! That coulda been you!) and how hard it is, easier to go from Android to iPhone, but hard to go from iPhone to Android, because you're in that ecosystem and it's just so much easier to keep using it.

I think this is the point for most people. They want a small, easy to use, everything all at once, can use it with other people right away. With Graphene, the purpose is privacy/security, so it would mean that people (all, not just techies) could use all their normal people apps (there's only like a dozen things they care to do though), right away, and the security is just built into those 12 apps on the GrapheneOS version.

https://www.youtube.com/watch?v=7k1ehaE0bdU 2:20

DeletedUser87

graphy00 and that goes hand in hand with OpSec. Privacy and security can't be achieved by technical means alone; you need to develop a certain mindset for the whole thing to work. The sad truth is - most people just turn off their brain completely once a screen shines into their eyes. I still struggle with that mindset myself. When I see the neat integration of the Apple TV with HomePods as speakers and your iPhone as a remote, HomeKit scenes to create a cinema atmosphere... and all that started by Siri, it really is tempting to just give in. I have to remind myself why I should not and will not do that. And I rely on my sunken cost fallacy. Not so much in terms of money, but rather in terms of time spent learning domain management, servers, docker, networking, firewalls and all the other stuff to harden every aspect of my digital life. That is the price you pay for peace of mind. You can either turn off your brain and enjoy the walled garden or start thinking about a sustainable way forward, which is what I and many others here did.

rellhom

graphy00

thanks for the link, nice to see Zuckerberg admit to the error of his ways in the past and joining the fight for freedom, none of this would have happened had Twitter not been sold

nice to see the new focus on freedom and against censorship, now if only we could get them advocating for privacy as well

treenutz68

DeletedUser87

I know this is a ridiculous request, but I would definitely pay for an easy to follow tutorial/course on the elements you mentioned (domain mgmt, servers, docker, networking, etc...)

For someone who is concerned about privacy, tech literate but not a superuser, that would be a godsend. I think Bazzell kind of tries to give a handbook, but I've struggled to implement a lot of what he proposes.

Since I have to run a business where I rely on a lot of phone/cloud related services (cashapp, apple cash, online banks, brokerage accounts) where I need bulletproof usability and backups, I ended up using an iPhone for business. I'd love to have a bulletproof setup with Graphene (and other privacy friendly tools) that doesn't require fiddling, but either it isn't quite there yet or I personally am not skilled enough to set it up that way.

« Previous Page