FU6QydnIELkx

  • Joined Jun 17, 2022
  • lberrymage
    Thanks a ton, this is exactly what I was looking for. Big fan of your work with Accrescent by the way.

    I'm glad to hear that a factory reset should be enough. I was worried about forensic retrieval of poorly wiped data, but I should have considered the fact that it's all encrypted anyway, and as long as the keys are gone the data effectively is too.

    1. Assuming you wipe (and if necessary, reflash) the device beforehand, they cannot without an exploit.
    2. (...) Celebrite is also mostly used to extract data from unlocked devices anyway.

    As I understand it, forensic extraction tools/platforms such as UFED, Xry, Oxygen, Graykey, and their ilk usually have methods for extraction from some locked devices, although apparently these often only work after first unlock. Presumably they're leveraging exploits to achieve this, so I suppose they might possibly have some exploit for persistence too. Unless I want to buy a new phone, I guess I'll have to take that risk. Anyway, I feel a lot better now that I know that a factory reset will be a secure enough wipe to prevent data retrieval.

    On further consideration I'm definitely going to wipe and re-install GrapheneOS after passing through too, because even though Auditor should detect any tampering with the OS itself, as far as I'm aware it won't be able to tell me whether they've sneakily installed any certificates or anything like that.

    • Nuttso
      I'm not sure that's such a great idea. What happens when:

      • They turn on my device to unlock it and see the big "end session" button pop up on the lock screen

      Or:

      • They plug the device into a UFED
      • It doesn't work
      • They go to settings to enable USB peripherals and enable USB data transfer
      • Those options are unavailable
      • They realise it's an alternate profile

      Or:

      • I don't disable USB
      • They plug the device into a UFED
      • It tells them that it's on an alternate profile

      Then they come back and ask me for the password to the owner profile. I also potentially get in trouble for trying to deceive them.

      • Hi all. I'm using a Pixel 4 with GrapheneOS. This year I will be traveling internationally to both New Zealand and Australia. The Australian Border Force has "do what ever the fuck they want" power, with mandatory key disclosure. They can force you to write down your passwords, and then take your unlocked device into another room, plugging it into god-knows-what and doing god-knows-what. They don't do this to everyone, but based on my background I will likely be subjected to this. Entering New Zealand is a little better, they charge you a fine for refusing key disclosure but I don't believe they force the disclosure.

        I am not worried about data exfiltration, because I don't intend to have any meaningful data on my device at the time. My main concern is persistence, given that they will have full access. My questions are as follows:

        1. How should I securely backup my device?
        2. How should I securely wipe my device?
        3. Will they be able to install/update firmware on my device?
        4. Will they be able to gain any form of persistence on my device?
        5. Assuming that they don't decide to just keep the device, would "accidentally" damaging the USB-C port to the point where it's unusable impose any restrictions on what they can and cannot do? E.g. prevent/dissuade connection to a Cellebrite UFED or similar.

        Thanks in advance for all replies.

        • pixelkitten I was just wondering if there is (or if it is feasible to create) some kind of portable bootable version of the GrapheneOS that could be plugged into the USB port of the phone

          It sounds like you're talking about basically Tails but for mobile devices. Sounds pretty cool but I have no idea if that's viable or even makes sense. Would love to know if someone's trying it.

        • MetropleX If you've been happy to stay on an extended support release already

          I'm using a Pixel 4, that's not on extended support yet is it?

          • krvopije I myself am fine with 6 apps besides the default apps:
            Signal, NewPipe, Mail-Client, Rsync, Wireguard and AntennaPod

            I'm surprised not to see Aegis or even Scrambled Exif in there. Is there some other solution you're using for 2fa? I also like to keep Briar installed because I can see it being unexpectedly useful.

            • I'm currently using a Pixel 4, with my plan being to skip the Pixel 5 and 6 and go straight to the Pixel 7.
              However, I understand that the Pixel 4 will be not be fully supported for much longer.

              Is it likely that the Pixel 4 will be fully supported until the release of the Pixel 7, or should I bite the bullet and upgrade to a Pixel 6 now?

              • I would love to hear community and contributor thoughts about a bounty system for GrapheneOS.

                This would be a system that mirrors the GrapheneOS Issue Tracker, but allows users and community members to contribute to bounties for specific issues. Upon closure of an issue, the bounty for that issue would be paid out to the developer(s) that contributed to it.

                This idea is inspired by Monero Bounties. You can check that out here to see how it works, and read more about it here.

                There have been past examples of users expressing a willingness to pay for GrapheneOS to implement specific features.

                This system has many potential benefits, such as:

                • Encouraging new developers to contribute to GrapheneOS
                • Encouraging funding from a likely non-trivial amount of users that otherwise would not donate to the general GOS fund
                • Allowing users that desperately want specific features to incentivize development of those features
                • It may be possible to re-use a large portion of the code from Monero Bounties, if Monero were to be the only accepted payment method.

                However, it also has several potential drawbacks:

                • Users who currently contribute to the general GOS fund might cease those donations in favor of increasing bounties, leading to potentially inefficient usage of funding
                • The system would likely need to be moderated by a few core contributors, taking up some of their time
                • Keeping track of funds may be complex, depending on the funding method(s) used
                • Uncertainty as to how bounties are split when multiple contributors work together to solve an issue

                Those are just my thoughts about it. It doesn't necessarily have to work in the same way as Monero Bounties, but given that that project inspired this post, I thought it'd make a great example.

                Very interested to see what you guys think of the concept!

                • [deleted] Sadly, I believe the same is true for Startpage. I wonder if it's possible to allow end users to manually add search engines that don't implement OpenSearch?

                  • I understand that disabling the Sensors permission zeroes out all sensor data (for sensors not covered by existing Android permissions) provided to an app.

                    Given the privacy and security vulnerabilities that come with allowing apps access to the accelerometer, I wish to disable this permission for every app and only enable it on an app-by-app basis.

                    I understand that I do not need a device-wide toggle, as newly-installed apps cannot launch before I have a chance to deny them that permission.

                    However, I'm concerned that applying the scorched earth approach and denying this permission to every app, including system apps (which for some reason appear to be visible by default for this permission), will break some critical OS functionality somewhere or even worse subtly weaken a security feature that utilizes those sensors.

                    Are there any system apps which I should not disable this permission for?