I

intelligence

Eirikr70 No need to be sorry, its still interesting.

Why would it matter if its VoIP? You know that even mobile numbers are VoIP when you select VoLTE or VoWifi?

Eirikr70 Obviously I'm referring to ENGLISH. I can't speak with regards to French, since I don't speak the language.

[deleted] disinformation too and often times it looks very benign.

No, "disinformation" is benign information that is contrary to political propaganda.

[deleted] lot of misinformation

You should be careful about using bogus terms like "misinformation" (or "disinformation"). That word does NOT mean "falsehood", "lie", or anything else that it is used to IMPLY. All it actually means is information that is contrary to government propaganda. To take it a step further, what is categorized as "misinformation" is USUALLY the truth. If it wasn't, they would say "falsehood" or "lie" or some other term that clearly labels the information as factually incorrect.

Its not like it was in the old days, where USB debugging (adb) would let anything connect. Now there is an authorization prompt that uses a cryptographic signature to identify the machine making the connection.

But like all things, it should be used with a clear understanding of the implications.

In the fingerprint unlock menu, UNCHECK the "fingerprint unlocking" switch, then you can use PIN for unlocking, but once unlocked, you can use FINGERPRINT internally for things like TOTP applications, etc.

I think it defaults to 5 GHz, but switching on the "Extend compatibility" also enables 2.4 GHz.

Cobalt4581 If the service you are using does NOT support VoLTE, then it needs to be able to fall back to UMTS/HSPA in order to make the call.

Note that roaming can make things a little bit unpredictable. Your service provider and the roaming provider could BOTH support VoLTE, yet not in conjunction with each other.

guser39 If you feel strongly enough to harass BCR for a license change, then that's on YOU. My position is that there is no need to.

[deleted] Used is perfectly safe as far as operating system and so-on is concerned. The risks of used are more in terms of network identification -- if the phone is stolen, it could be blacklisted. If it has been used for crimes, it may possibly be identifiable, which although it won't stick to you, could require that you prove date of purchase to law enforcement.

[deleted] You were talking about an update, but now you're talking about installing a program, that's a different topic.

Yes, they could direct a specific phone to install a specific update. Yes, if their binary spyware is installed as intended (not as it is limited within grapheneos), then they could forcibly install anything they like.

[deleted] You're talking about something like an MBR virus? Those are EASILY cleared by zero'ing out the disk, which is something that a lot of people didn't do when infected (back when this type of malware was common).

The boot sequence on a phone is more robust than on an old 8086 desktop. Each stage of the boot is cryptographically verified prior to execution, so if something in some stage is modified, then the prior stage will refuse to boot it.

It is technically possible (using some exploit) for malware to inject a modification into the kernel layer (boot.img) or higher (system.img, etc.), but doing so would also require injection of custom verified signing keys, so if the worst possible thing happens, clearing the avb_custom_key partition would solve the problem. GrapheneOS wipes this and installs its own key there during installation, so a complete reinstallation would eliminate any potential persistent malware.

Google doesn't use a custom key there, so running "fastboot erase avb_custom_key" and a full reinstall would work for factory image.

WhiteKnight "SIM Manager"

You should not be updating that.
And of course the signatures don't match.

The F-Droid client allows you to add custom repositories and also to disable the default repository (if so desired).

GrapheneOS we don't want to forbid making a device with GrapheneOS without support for unlocking.

Would not forbid it, the component may be left out without affecting the rest of the system since it is absolutely 100% standalone and nothing depends on it.

GrapheneOS It's quite large in the sense we're talking about. Small is a few thousand lines of code like Auditor.

Auditor is 4,769 lines of code.
BCR is 4,036

GrapheneOS So can you explain the changelog entry? It specifically says that it fixes EXTENSIONS on PIXEL.

GrapheneOS Being installed as a privileged app only makes an app run in the priv_app domain instead of untrusted_app. It doesn't provide privileged permissions unless the app both requests them in the manifest and has them whitelisted in the privileged permission whitelists within the OS. Privileged apps can't simply do anything with privileged permissions.

Recording calls is one of those things that being privileged allows.

GrapheneOS Auditing a large existing application would not be easy and the result of a review of the code would likely be that it has issues which prevent us from including it.

SMALL application. BCR is very small.

GrapheneOS GPLv3 components will not be included in GrapheneOS.

That's a major problem and a very poor position for you to try to support since it makes absolutely NO sense.

Contrary to the complaints listed in that link above, I've run my own email servers also for decades, and delivery is actually MORE RELIABLE than going through "big name email provider".

He's probably consistently making some simple configuration error or someone has broken into his servers, and its being used for mass spamming, and thus being blacklisted.

It is critically important to maintain the security of your server when doing this. Use ipsets/iptables to mass block parts of the world that you don't want connecting to you, fail2ban on ALL authenticated services, and make sure that there's no open relay!