I
in_search_of_privacy

  • Joined 15 days ago
  • in search of privacy

  • lwolfe78

    "incompetence in development field"

    It is your incompetence to recognize what bugs the Graphene team is accountable for and what bugs come from Google and others and the team has to work with that. And the bugs reported to the Graphene team are quickly eliminated. You are looking in the wrong places blaming the wrong persons.

    Considering how big Google is and how small the GOS team, and what the programmers earn... And the people come along and point their fingers in the wrong direction.

  • gratei

    i have the fingerprint issue on my pixel 7

    Every other GrapheneOS user reporting it here appears to have the non-Pro variant of the Pixel 9. You might be the only person using GrapheneOS who has reported it on another device model. It might not even be the same issue that you're experiencing. It could simply be a random hardware glitch where it failed to start.

    You are repackaging Android and naming it GrapheneOS.

    No, that's hardly what we're doing in GrapheneOS. We have a large set of privacy, security and compatibility improvements we need to port to new releases, maintain and improve. For users on the Stable channel, we've done that nearly perfectly with almost no regressions for adding a major new feature that's quite disruptive to the previous status quo (network location), overhauling the sandboxed Google Play compatibility layer to support it and then porting to one of the 4 major releases per year (Android 15 QPR2).

    The fingerprint regression in Android 15 QPR2 is there in the stock Pixel OS. It's not specific to GrapheneOS. We didn't cause it and it isn't something that only happens with the Android Open Source Project either. We fixed a bunch of issues impacting AOSP but not the stock Pixel OS for Android 15 QPR2. Expecting us to fix every Android and Pixel bug impacting the stock OS is just not reasonable. They have massive resources and were still unable to fix this prior to Android 15 QPR2 being released as a stable release despite months of reports for it in the Android 15 QPR2 Betas. It's unreasonable to expect us to provide far more stability than either Apple and Google do with a small team of developers and not even having early access to the major releases. We have to port to new major releases in a day or two and get it out rapidly to ship the full security patches to people. GrapheneOS is remarkably stable and robust especially considering the size of the development team, lack of early access and how fast we're able to ship the updates despite that.

    You let this easy to repro issue past QA

    No, we posted this thread before the release reached Stable so people would have information on how to work around the issue. We also repeatedly shared it on social media and elsewhere. This issue did not slip through our testing process. It is also not easy to reproduce at all. It at least almost entirely happens only on the non-Pro variant of the Pixel 9. It only happens to certain users randomly at reboot, then goes away again at reboot. Everyone else here on GrapheneOS is reporting it on the non-Pro variant of the Pixel 9. It has something to do with the firmware and something about the Pixel 9 hardware/firmware makes it more common there.

    This fingerprint

    The fingerprint issue impacts the stock Pixel OS too. It isn't simply an Android Open Source Project issue impacting GrapheneOS but not the stock OS. There are a bunch of news articles written about it. They were unable to get it fixed despite months of Beta testing for Android 15 QPR2. We do not have early access to the source code for new major releases and have far fewer resources. How do you expect us to fix it? As far as we can tell, the likelihood is high that it's not even an OS issue but rather a firmware issue. If a fingerprint or other firmware update is needed to fix it, that's not something we can do ourselves. We currently make an OS, not the hardware and firmware.

    not being able to take screenshots immediately until some kind of process wakes up (just says unable to save) are unacceptable.

    We haven't even seen a report about this so that indicates it's not a common issue and likely related to a rare configuration. It's probably also something that occurs with the stock OS in a similar rare configuration.

    Look how many releases there have been the past 1.5 months. Almost as many as in 6 months. Get your stuff together. We rely on you for a rock solid daily driver.

    Releases which reached Stable in February and why we released them instead of waiting:

    2025020200: final release prior to monthly security update with major improvements to app compatibility and kernel updates since we always try to avoid major changes in the monthly security update release to avoid delays
    2025020300: monthly security backports before the stock OS / AOSP monthly update
    2025020500: monthly update
    2025021100: major security improvement against forensic data extraction, fix for DisplayPort alternate mode on 9th generation Pixels broken in 2025020200 without being spotted by anyone until over a week later and fix for upstream Wi-Fi kernel driver bug caught by MTE on 9th gen Pixels since a user having it happen in a chain due to a bad nearby Wi-Fi network

    Releases which reached Stable in March and why we released them instead of waiting:

    2025030200: initial launch of network location after 4 releases with it not reaching Stable (3 in February, 1 in March) along with all the other major changes from the 2nd half of February since we always try to avoid major changes in the monthly security update release to avoid delays
    2025030300: backport of Android Security Bulletin patches for March 2025 especially due to it being a quarterly release month
    2025030800: Android 15 QPR2 (after 2 releases not reaching Stable, which could have been avoided if we had early access)
    2025030900: Terminal app adding user-facing virtualization support, which will be a major pillar of GrapheneOS and many people were excited about it so we did a release to get it shipped
    2025031400: substantial compatibility improvements for apps using the Google Play location service with the expectation that network location is provided in a particular way along with massive improvements to the Terminal app addressing many issues and making it far more compelling

    There were many other changes brought by these releases. Having 1 release with our changes prior to the monthly update, an early security update and then the monthly update is the normal bare minimum set of releases. Launching network location support and needing to go from it being nothing to a high quality feature was the reason for many of the recent releases. Why do you care how many releases reach Alpha and Beta if you're using Stable? This is how the testing process is supposed to work. It avoided any major regressions not in the stock OS reaching Stable unless you could some very niche app compatibility regressions which were possible to work around by enabling the "Improve Location Accuracy" toggle. The end result is greatly improved compatibility for location rerouting whether or not people use network location along with our built-in network location. There's not much reason to use the Google Play location service anymore and that will become near zero once we ship a better local trilateration algorithm.

    I won't be donating more until I see improvements.

    You can go back to the stock OS which is impacted by the same fingerprint regression in Android 15 QPR2.

    • There's no indication the GOS developers are motivated by money and would exploit people.

      Many of the GOS developers are probably in fact genius level developers who could make extremely good money doing something for a large corporation.

      Example: constant updates.

      So if the GOS developers were in this for money, there wouldn't be constant updates. Constant updates means more work. Why create more work if you have a secret agenda motivated by money? People who hack for money like hacking but are lazy, that's why they steal. GOS developers create extra work for themselves so people are more secure. It's just not likely.

      The constant updates suggest an extreme awareness of security issues to an abnormal degree. If they were pretending to be secure, the updates would be quarterly. Instead it's all the time, each one tested, reviewed, hours and hours of effort, for only some security increase (instead of waiting to do it quarterly).

      Hackers could easily fool people by doing what GOS developers are doing but doing quarterly updates instead. Also, GOS is open source which means the code can be read, and many paranoid and/vigilant people with technical expertise use GOS. There wouldn't be a way to easily pull a fast one on the GOS userbase for financial exploitation.

      Also, for real hackers, they either go for easy targets (people who have cognitive impairments, gullible people, people with really outdated or bad software) or go for very high value targets. It's just unlikely what a hacker would try to go after. Why break into Fort Knox (Graphene OS) when they are millions of idiots with their doors unlocked and valuables inside (those running Windows 10 with unpatched vulnerabilities)?

      It's a good question, but Grapheme OS is designed to protect from the real threats (top tier hacking gangs including Nation State hacking gangs).

      The GOS team is somewhat small and very... (don't ban me please) particular? They would never just let some random person do dev work on GOS. It's not like Linux desktop distros where there are so many developers that someone could try to sneak in to do something sneaky, which happened before for desktop Linux.

      You could just keep an iOS device and GOS Device if you want to keep iCloud.

    • Large Language Model is clearly not an Artificial Intelligence. I don't understand how one could argue that current chatbots are an AI just because it sounds similar to humans. In fact, it's basically a politically biased generalization of human language. It does not have consciousness.

      This conversation was generated with Duck.ai (https://duck.ai) using OpenAI's o3-mini null Model. AI chats may display inaccurate or offensive information (see https://duckduckgo.com/duckai/privacy-terms for more info).
      
      ====================
      
      User prompt:
      Do you have consciousness?
      
      o3-mini null:
      I don't have consciousness. I operate based on patterns and computations, but I don’t experience feelings, self-awareness, or subjective thoughts in any human sense.

      What current LLMs are good at is generalization by mass data. That is not an artificially created intelligence capable of learning knowledge or thinking logically. I am pretty sure this AI boom will end soon like the ones that happned in the past. LLMs are reaching its limit on generalizing language.

      • gratei it's not an issue unique to GrapheneOS. It really is an upstream issue. https://www.androidpolice.com/google-march-update-fingerprint-problems-pixel-users/

        gratei You let this easy to repro issue past QA.

        Google did. Considering they're the ones who make the devices, then promise support for them for years, including updates, the fact that they own and develop AOSP, and the fact that they're one of the richest companies on Earth, you'd think that they would have caught and fixed the issue during beta testing (probably have a lot more testers than we do, even) before they released this, but they didn't.

        gratei If Ford rebadges a mazda caf and has an issue it is still on ford.

        This metaphor doesn't really make sense here.

        gratei Look how many releases there have been the past 1.5 months. Almost as many as in 6 months.

        Not all of the releases went to the stable channel. Alpha and beta testers help catch big issues before releases make it to stable. People who stick to the stable channel rarely experience big issues since most are caught. Also, look at the release notes and you'll see the updates were warranted. Do you really want GrapheneOS to have 0 updates? Very weird.

        So, with an upstream bug that should have been caught by Google, one that affects even the stock OS on their own devices, what should GrapheneOS do? Hold a huge release with important updates because of a bug that only affects a small number of people? It doesn't make much sense. Google will almost certainly fix this issue in time very quickly.

      • Daniel89

        and fingerprint is broken again

        GrapheneOS has not done anything which either broke or fixed anything about the fingerprint reader. You're very likely on a Pixel 9. You can do a Google search "pixel 9" "march update" fingerprint and find news coverage of the regression impacting some Pixel 9 users. GrapheneOS did not cause this and the fact that it comes and goes with reboots has nothing to do with updates. You're wrongly blaming us and wrongly blaming our updates. Example:

        https://www.androidpolice.com/google-march-update-fingerprint-problems-pixel-users/

        whats wrong with latest grapheneos updates?

        Nothing is wrong with the recent updates. Android 15 QPR2 fixed many issues and introduced a few new ones, but overall things are much better with it.

        so much bugs...

        Hardly, and nearly all of them are upstream bugs. Aside from that, why are you updating to releases in the Alpha channel if you can't tolerate regressions? The last release didn't move beyond Alpha because of a regression fixed in this one. That's how our update system works. We avoided any serious recent regressions reaching Stable.

      • in_search_of_privacy I've replaced my laptop with a portable monitor and a wireless keyboard + mouse. It was a bit odd carrying around a "disassembled laptop" for a while, but I've found it quite a comfortable setup for Android's desktop mode. I've also never much liked laptop keyboards or trackpads. I would definitely reccomend this setup, as it was the only way I could move away from insecure desktop OSes. Cables really are a hassle and only needing one makes this much easier to handle (compared to three cables and a dongle).

      • Cdc why did you go with ovpn in the first place? Is any of the providers you use not supporting wireguard?

        Yes this is not a direct answer to your question but there's a reason everyone moved or is moving to wireguard.

        • gk7ncklxlts99w1 GrapheneOS is definitely not the most secure OS if you don't limit it to user-facing general purpose smartphone, laptop or desktop OS. GrapheneOS is easily the most private and secure general purpose smartphone OS. The competition is iOS, none of these products. It's certainly more secure than everything you've listed here. iOS and AOSP are far more secure than any traditional desktop operating systems. We would simply say GrapheneOS is more secure than iOS in lockdown mode when looking at the whole picture despite iOS having a more secure base for the kernel for now. iOS has a lot of merits, but these things don't.

          Solarin by Sirin Labs

          We don't have all of the details but we're confident it's less hardened than GrapheneOS and focused more on performative things such as the IDS you mention.

          Murena One, which uses /e/OS, a fork of LineageOS.

          Highly insecure hardware and software. Massively worse than the Android Open Source Project. Neither good for privacy or security. It lags so far behind on patches and rolls back security so much along with having a bunch of poorly implemented, privacy invasive services as part of it.

          Purism Librem 5

          These are highly insecure devices without basic security patches and security features implemented. The OS doesn't have a basic application security model or other protections. Audio recording kill switch isn't implemented correctly and that's the one which could be more than a near useless frill.

          K-iPhone

          Looks like an iPhone with device management and other apps set up. Very sketchy. Just compare to a regular iPhone instead, it's the same hardware and OS, and avoids all the sketchy stuff.

          Blackberry

          They don't make smartphones anymore. They licensed out their brand to others to make highly insecure ones without proper support. Their hardening was less impactful than the security features missing from not having the major OS upgrades. Their Android smartphones were much less secure, not more secure. Whether or not their prior OS was secure is an open question since it didn't get much research. Using a microkernel is very good in theory, but it can be less secure in practice.

          • OpenAI has stolen our work without respecting the licenses along with the work of many others. They expect copyright to apply to their own output but don't respect it for others. Their tools are plausible nonsense generators optimized for convincing people that it's accurate rather than it being at all accurate. The tools have no actual understanding of the material or reasoning ability. It's certainly good at influencing people and optimizing the spreading of misinformation, which will have a huge impact on everyone, but we're not going to welcome it here.

          • Posting AI generated content in our community is only permitted for people who are using an automated translation tool to work around not being fluent in English. Use of a translation tool must be marked in either your user bio or the first post in a thread where you're using it. Use a dedicated translation tool, not a generic text generator like ChatGPT.

            AI generated text is still usually very easy for us to spot. Both spammers and malicious trolls are making more and more use of these tools to attack the project. We cannot distinguish people who do not believe they're causing any harm by using these tools from people using them maliciously. Posting walls of verbose text written in the tone of an expert by an AI with no actual understanding involved is harmful to our community. It wastes the time of moderators, developers and community members along with misleading people. People shouldn't have to waste their time responding to machine generated nonsense which comes across as a very serious but very misguided post.

            Suspensions for violating this rule will be permanent if the content wasn't marked as AI generated. These AI text generation tools are essentially optimized for generating plausible sounding misinformation and their use will be treated as malicious deception. Multiple accounts have been suspended for clearly using these tools without saying so. Please stop doing this. People invest a lot of time helping others in this community and do not want to waste their time responding to machine generated nonsense.