Watch interview with GrapheneOS on David Bombal's latest video

de0u

indigomadelin Is the DRM ID (with per-app and not per-app-per-profile strategy) considered a hardware ID?

Strictly speaking, it's not, because for WideVine to work there is a provisioning step where the device is issued a certificate. Personally I am unaware of information about how to forget that certificate, or otherwise force reprovisioning. Perhaps somebody more knowledgeable will chime in.

MetropleX

indigomadelin 25:24 No user apps whatsoever have access to any hardware identifiers from the phone. Is the DRM ID (with per-app and not per-app-per-profile strategy) considered a hardware ID?

I personally didn't, in the context of the reponse, consider it a hardware ID referencing our documentation/FAQ. While I do appreciate what your getting at, the DRM ID issue has more variables, I wanted to give as high level broad interpretation of things as possible to help the flow of the interview leaving options open for further questions then or for further content and more in-depth issue focused/specific appearances. If the interest is there, as David mentioned he is looking to engage with either myself or the team writ large with a view to drilling down further if the demand is there.

indigomadelin In the How to download apps on GrapheneOS phones section, you could have mentioned that F-Droid as a repository is not recommended because they build and sign apps themselves. Perhaps F-Droid as a client with the IzzyOnDroid repo would be acceptable.

I was specifically asked about F-Droid but my attention was and remains to draw interest to GrapheneOS and by omission of not recommending it believed it to be the best approach. Doing otherwise would have detracted from the positive message I wanted to convey, possibly resulting in unnecessary attention from parties negatively inclined toward us. Obtainium covers F-Droid also be it their main repo or third party ones anyway.

indigomadelin 44:40 You stated that Google FCM doesn't receive push notification data and only sends a wake-up call to the app. However, see https://arxiv.org/abs/2407.10589 and https://www.axios.com/2023/12/06/apple-google-requests-push-notification-data

While Apple and Google don't generally sit between an app and the servers it connects with, the notifications that an app sends to users typically do flow through those companies' servers.

It is obviously down to how the apps are made and how they format their push messages and what protocols they use to ensure they can't be read in transit. As mentioned above the approach was to talk as high level as possible and not get bogged down in the weeds too much. This was also totally unscripted and off the cuff.

de0u

indigomadelin You stated that Google FCM doesn't receive push notification data and only sends a wake-up call to the app. However, see https://arxiv.org/abs/2407.10589 and https://www.axios.com/2023/12/06/apple-google-requests-push-notification-data

Thanks for the link!

How much information an app server chooses to include in a push notification is up to the app designers. I encourage consulting the tables in the paper to see which apps are tagged as leaking which information. Apps one might hope would be sending "empty" push messages may well be reported that way, and apps one might expect to be leaking data might be reported to leak.

Johnnyloans

DeletedUser495

Partnerships or exclusivity deals are the bread and butter of business.

In the video, he says the OEM is making a normal phone they will sell to anybody--not grapheneos branded.

I think I heard before that you can buy it with grapheneos already on it if you want.

Your scenario, it is extremely common to have, say, a water bottle manufacturer make Taylor swift bottles and give her a cut. Or have access to a new market and give a cut. Put our product infront of your graphene group and we'll give you a cut.

de0u

Johnnyloans I think I heard before that you can buy it with grapheneos already on it if you want.

Here's what I'm aware of:

"Ideally the devices could be sold with GrapheneOS but it would be enough for them to meet our requirements so people can install it on the devices themselves. We do want to have the devices available in an official capacity with GrapheneOS preinstalled rather than third party companies doing it. We're talking to an OEM about this and are hopeful about it." (June 18 source)
"We're working with a major Android OEM on improving the security and updates for their devices in order to provide official GrapheneOS support. We're making good progress towards it. There will be an announcement with them at some point and then later an initial phone launched with official GrapheneOS support." (November 12 source)

I don't think I've read a claim that GrapheneOS preinstallation is expected to happen.

user2025

Great video,thanks to both lads there...lots of new and old things presented.

With the risk of offending or make polemics: may i ask the reason why our respected member / guest speaker used the avatar and not been physically present or face to face virtually in the interview !?

Thanks and keep up the great work ! ;)

Xtreix

user2025 may i ask the reason why our respected member / guest speaker used the avatar and not been physically present or face to face virtually in the interview !?

It was the same when The Hated One interviewed @flawedworld . Aside from the fact that some people don't like being filmed or simply want to keep their identities private, the harassment the team has endured for years is a motivation for this, as is the use of pseudonyms.

nandohyphen1

Great job @MetropleX ! This is a great interview! Love how you explain everything about this OS! Keep up the good work! 🎉

MetropleX

nandohyphen1 really appreciate your kind words and feedback. Thankyou.

Graphene1

MetropleX you smashed it pal.

sfb

I'm pretty sure that David Bombal is South African and MetropoleX is from the north west of England. But I might be wrong.

phone-company

sfb is it important where he come from? I bet he has a reason not to tell everyone everything :)

MetropleX

sfb MetropoleX is from the north west of England. But I might be wrong.

Yes, yes you are, I am from Cybertron. 🙄 😆

sfb

phone-company No it is entirely irrelevant where either of them are from. Are you an Arch user by any chance?

Eirikr70

Layman's question : what is the audience of David Bombal ?

c86

Eirikr70

He targets a lot is sysadmins and runs courses for coding. He also touches on privacy topics a bit. Some folks find he explains things well, some think he jumps on tangents and becomes difficult to follow. You can see a bit of that in his interview style.

There was also a video he put out a couple years ago on how to install GOS. Weird thing about that was he made his own install guide PDF that made the process more clunky than just following what was posted on the GOS website.

MetropleX covered a lot of detail and was pretty thorough. It was very similar to flawdworld's interview.

Hat

harp
Everything that you and @de0u said is true.
However, donations are typically driven by a small number of donors who contribute at a later stage.

Including the development costs in the device's initial price would benefit both the team and the users, as it would allow more features to be added later on. There are also other methods, such as companies paying to make their search engine the default browser option on Vanadium...

If GrapheneOS had a larger income, the foundation could grow faster and achieve more of its privacy goals.

MetropleX

c86 There was also a video he put out a couple years ago on how to install GOS. Weird thing about that was he made his own install guide PDF that made the process more clunky than just following what was posted on the GOS website.

Funnily enough one of the primary reasons for him reaching out to do this with me is how he appreciated getting something wrong (especially usb debugging) with that initial content and he appreciated how graceful we were in our approach in letting him know. This way he avoided any pitfalls as the responsibility for information provision was all on us.

c86 MetropleX covered a lot of detail and was pretty thorough. It was very similar to flawdworld's interview.

This to me is a real compliment, @flawedworld set a high standard and has a lot of respect from me for that THO interview. Thanks.

c86

MetropleX

Oh now that's a wonderful insight that I appreciate hearing. I remember seeing his install video and despite it being "newer" I was still recommending sideofburritos install video to watch before following the GOS guide. I remember seeing him flip between unlocking the dev options then back to something else and thought this is just a bit of a mess. But it was YouTube at the end of the day lol. Glad to hear he was wanting to improve it.

And @flawedworld was the interview I watched right at the time I decided to give GOS a try. Right amount of info to make it sound cool, but also functional. Your interview gave a heavy emphasis on the usability side, that I think was desperately needed for the layman to understand data sovereignty doesn't have to be difficult. But can be quite reasonable and adoptable with minimal friction.

DeletedUser495

The only thing I do not appreciate is the defense of the use of sandboxed Google Play. I understand it is for the general user but some of us want to go just that bit further (and that bit, trust me is a fair bit).

Eirikr70

DeletedUser495 Without Google Play, unfortunately, GrapheneOS is "incomplete" in the sense that several common apps don't run and many notifications are not delivered. So if we want GrapheneOS to democratise itself, advertising Google Play is the lesser evil.

grayway2

DeletedUser495 We may like it or not but the Google Play store is fundamental as it's used by almost everyone.

Fortunately, it has no privileged permissions as does stockOS.

It's not very pleasant to download and manually update apk files. I personally never found some banking apps elsewhere.

Play services are also necessary and some apps will just refuse to work without.

The average GrapheneOS user don't want a headache.

Xtreix

DeletedUser495 I think Sandboxed Google Play is advised and defended by the project mainly to avoid any friction for new users, and they have plenty of time to configure things in a more personalized way once they are more comfortable, for example, if you look at Josh's configuration of Side of Burritos, he advises against it for new users, recommending instead that they install Sandboxed Google Play in the same profile and that's it. Now, in a recent video, Josh said that he would probably replace secondary profiles with private spaces, because he himself admits that system-wide profiles are not practical. Personally, I can't wait for us to be able to configure multiple private spaces, it's going to be great.

« Previous Page Next Page »