Why does it make so many schizos seethe?

The dev blindly trusts huge corporations and shuns anything not owned by one. I think he watches too much TV.

>>106004429 (OP)
They're paid government employees, not schizos

>>106004429 (OP)
don't know. why are you seething?

>>106004429 (OP)
>Why does it make so many schizos seethe?
only schizo seething is daniel micay. he visits boards like this to try and defend his slop. it turns out that very few people give a fuck about yet another version of android with questionable security claims, and any criticism of the project is seen by daniel as "harassment" or "defamatory".

>>106005766
Nigga he stepped down as lead dev 2 years ago

>>106006516
he's still part of the project, just not developing for it.

>>106005766
>with questionable security claims
whats questionable about scopes, internet access before install, 0 google apps on install with an easy ability to add playstore and its dependencies back?

>>106008146
The fact that it only runs on one specific phone model, that has the phone equivalent of IntelME (but worse), and those retards telling you that this is a good thing.

My Nr.1 problem with GrapheneOS is that the people behind it are lying.

When you first setup GnuPG, they give you textwalls about what t does and what it doesn't do and what risks it has.
Meanwhile GrapheneOS tells you that you can us a four digit pin as encryption password and be invulnerable to BruteForcing.

>>106008163
>Meanwhile GrapheneOS tells you that you can us a four digit pin as encryption password and be invulnerable to BruteForcing.
You will be, although they recommend 6 digits just to be safe. If you disagree you are welcome to make a 100 character password you use every time you need to unlock your phone.

>>106008163
>Meanwhile GrapheneOS tells you that you can us a four digit pin as encryption password and be invulnerable to BruteForcing.
Actually they recommend a long diceware password if you don't want to rely on the security of the secure element. They have never said the secure element, or anything is unhackable.

>>106008163
So what exactly is GrapheneOS lying about?
Can you also explain what you mean about "phone equivalent of IntelME (but worse)"?

>>106008184
>You will be, although they recommend 6 digits just to be safe
nigger, if you have a 6 digit pin, you could throttle your guesses to one every five seconds and will still be done in less than two months.
This is exactly what i mean. Advertising retarded shit and claiming that it is secure, even thought that everybody who successfully went through highschool knows that this is false.

>>106008338
well good thing it throttles it down to more than 5 seconds

>>106008295
IntelME is not accessible with a simple cable while the device is off to my knowledge.
Therefor Googles "Secure Element" is exponentially worse than IntelME.

>>106008347
Can you give me a number. How much does it throttle?

>>106008364
from the grapheneos faq. who knows maybe they are lying and it actually doesn't throttle at all and google played us for fools

>>106008358
What kind of access does this "worse IntelME" provide on Pixel?

>>106008421
just flash a firmware update on it and it resets

>>106008451
a UART console

>>106008455
> just flash a firmware update on it and it resets

OK so you just need to unlock the device first to flash a signed firmware, oh wait

>>106008464
> a UART console

OK so you just need to unlock the device first to access the UART console, oh wait

>>106008489
>you just need to unlock the device first to access the UART console
no you don't, its accessibly via fastboot
>so you just need to unlock the device first
no, you just need the UART console, for which you don't have to unlock the device

I am sure you already learned this in previous grapheneOS shill threads where you got BTFO, so why repeat that lie now again?

>>106008506
i see you put a lot of effort into your schizo delusions (other than trying it yourself apparently) but there is still the fact that there is no reported court case of a properly set up grapheneos phone being bruteforced from a before-first-unlock state. some security firm that specializes in doing exactly that had a info sheet leaked a few years ago where they admitted that grapheneos is safe in BFU

so why don't you first prove how unsafe it is. release a video on youtube. become famous and rich. maybe get bribed by some deep state government officials who knows. the world is your oyster.

>>106008541
>there is no reported court case of a properly set up grapheneos phone being bruteforced from a before-first-unlock state
Neither is there of iOS and feds were SEETHING that they can't crack Apples military grade encryption.

After lies don't work, you pivot to the alltime-classic of "But why didn't they admit to it in court?", which is an argument that Apple, NordVPN, Porotn, Signal,... all made.

>>106008541
>why don't you first prove how unsafe it is
Considering that Titan M has a discovered 0 day vulnerability that was only fixed after three to four years, i think this got proven beyond any doubt.

But we all know what your cope would be:
>yes, we got scammed by the Titan M, b-b-but the new version, Titan M2 is totally safe now!

>>106008557
>>106008574
holy cope

>well there are other services that never got cracked
ok?
>but what about a fixed 0 day from a different chip that apparently never got used
not relevant

>>106008609
so you are saying that i can just buy an iPhone and be more secure than on GrapheneOS while also getting pussy?

glowniggers in this thread be careful anons

>>106008622
i'm replying to what you wrote. i never said an iPhone is secure. you said it has never been cracked by feds. which is a very weird argument to make because it has absolutely no relevance to the topic at hand. hence why i replied "ok?". it was supposed to convey indifference and confusion.

man i want to believe you. just give me ONE reason to do so. just one case where a properly set up grapheneos phone with a 6 digit pin was bruteforced from BFU. just one case. instead i get
>well technically one could maybe do something perchance very easily
i admit: i'm no expert when it comes to mobile phones. so i can't verify what you say either way. so give me only ONE reason to trust you. until then you're just another dunning kruger tourist schizo

>>106008682
there is still the fact that there is no reported court case of a properly set up iOS phone being bruteforced from a before-first-unlock state. some security firm that specializes in doing exactly that had a info sheet leaked a few years ago where they admitted that iOS is safe in BFU

>>106008664
>he posts from his residential ip
i seriously hope you guys don't do this. buy a pass with crypto if you want to play-pretend being part of the "revolution"

pro tip: the feds don't care unless someone reports it

>>106008693
ok and? are you saying you could bruteforce a phone that a state actor is unable to do so? or are you maybe implying that courts withhold evidence in some kind of worldwide conspiracy?

you know in tech there is a thing called: actually doing it. it's nice and all that you wrote down the code on a piece of paper but the quickest way of verifying if it works is to simply run it.

please crack a grapheneos phone and report about it. i swear to god you'll get a decently sized following that'll you'll be able to monetize to make it worth you while.

>>106008682
I love this dishonest reversal where you say that you just HAVE to trust the Google blackbox, unless there is a court case where feds admit that they can access it.

So first you lied.
Then you did the "but if glowfags can access it, why don't glowfags tell us that they can?".
Now you do this.

>>106008541
>years old info sheet released by Israeli company said its safe
lmao

>>106008714
man i want to believe you. just give me ONE reason to do so. just one case where a properly set up iOS phone with a 6 digit pin was bruteforced from BFU. just one case. instead i get
>well technically one could maybe do something perchance very easily
i admit: i'm no expert when it comes to mobile phones. so i can't verify what you say either way. so give me only ONE reason to trust you. until then you're just another dunning kruger tourist schizo

>>106008718
ok so you do believe in a worldwide conspiracy of all courts to withhold evidence. i rest my case, your honor.

>>106008714
>in tech there is a thing called: actually doing it
Yet we do patch security vulnerabilities even when we don't have documented cases of them being abused.

>>106008722
cope
>>106008723
actual sharty meltdown holy shit. i thought you were some adult super autist but apparently you're underage too. i regret taking you serious for even a second

>>106008730
>you are a conspiracy theorist!
>there are no court case documents where the NSA admits this!
k

>>106008734
usually it doesn't take long until someone abuses a vulnerability. but for some reason nothing ever happened. curious

>>106008748
Why would they even need a vulnerability if they can literally flash the Titan M(2) while the phone is shut down?
If someone with root access accesses your data, that isn't a vulnerability, it works as intended.

The real question is:

Why is it possible to access and flash the Titan chip while the phone is off via fastboot anyway?
Why does this functionality exists?

And you will never answer this.

>>106008730
>My government and the three letter agencies are honest! If they would do bad things, they would tell us about it.

>>106008746
when i say "worldwide conspiracy" i'm subtly trying to imply that there are more countries on earth than the United States of America. sorry i had to spell it out for you. i was trying to protect you from embarassing yourself like that

>>106008756
ok then post a case of it actually happening?

holy shit you schizos are exhausting. i'm going to stop replying now. you won. congratulations. you are right and should keep haunting this board for the next decades or so.

>>106008737
where can I read the report from your audit on Titan M2?

>>106008756
>Why is it possible to access and flash the Titan chip while the phone is off via fastboot anyway?
What would flashing the chip do? Erase it? So you can delete the security keys on the security chip making the phone completely unusable.
>Why does this functionality exists?
How can you prevent it?

>>106008756
> Why is it possible to access and flash the Titan chip while the phone is off via fastboot anyway?

But it isn't possible. You can not flash the Titan M HSM and somehow access the encrypted data.

>>106008764
Why is it possible to access and flash the Titan chip while the phone is off via fastboot?
Why implement this functionality?

>>106008771
You absolutely can.
Proprietary Firmware blobs can be deployed on it in OTA updates as well, when they feel like it.
The only thing that stops (You) from flashing your own software on it, is that t has to be signed.

The only thing standing between you and extracting data from the Titan chip, is that you don't have the key to sign it.

>>106008770
>What would flashing the chip do?
disabling the throttle or getting the keys out

>>106008737
cope would be claiming that severely outdated info is proof that something is still currently safe

>>106004429 (OP)

>>106008784
So what is insider attack resistance that is implemented on Titan M only accepting updates after the Owner user has authenticated?

>>106008846
The phone doesn't even have to be turned on, anon.

>>106008852
So how does that relate to what I said? Even if you could flash the firmware, which you can't, what then? What would you do after that?

>>106008797
>getting the keys out
How? How would flashing the chip, erasing it give you the keys on the chip?

>>106008622
NTA but for me the main point of using GrapheneOS is to get away from big tech. Apple is still big tech.

>muh titan m2 bickering
just use an actual password and none of this matters

>>106008936
This. The wholesome family business called Google is much more comfy than those big corpos.

>>106008936
Graphene is the biggest fan of BigTech. They only support GOOGLE devices. And guess what is the second device Micay recommends? IPHONE!

Micay said it. He said, get a Google Pixel or an Apple Iphone if you value "privacy and security". Everything else is FAR WORSE in his opinion. Lineage, /e/os, Calyx. They are all worse from his opinion.

>>106009294
>They only support GOOGLE devices

And there is a good reason. Why is this argument still brought up?

>Google Pixel or an Apple Iphone if you value "privacy and security"

And this is true based on technical facts because all other options are worse

>>106009391
>And there is a good reason
which one?
>this is true based on technical facts
like what facts?

>>106009294
literally who

>>106008874
Why would flashing completely erase the storage?
Does every single Pixel get bricked whenever they do their regular firmware blob updates?

>>106009120
I got my Pixel used and with cash. 0 € went to Google when purchasing my phone.

>>106009294
>They only support GOOGLE devices.
They only supports devices that have high security and a robust secure element hardware.
Right now it's only Pixel devices but in the future they are planning to parner with a hardware manufacturer to build a Graphene phone.

>And guess what is the second device Micay recommends? IPHONE!
Techlore (Henry) is not Daniel Micay. They actually hate each other.

>>106009404
Daniel Micay is the main GrapheneOS developer.

>>106009412
Do you want me to dumb down what I am saying?
The password to unlock the device is stored on the titan chip. If you erase the titan chip you lose your password.

>>106009404
Graphene:
>Buy Pixel or Iphone

https://discuss.grapheneos.org/d/24134-devices-lacking-standard-privacysecurity-patches-and-protections-arent-private

>>106009440
What is "have high security"?
The "robust secure element" got already debunked and exposed as MASSIVE security flaw and as highly vulnerable to zero day exploits.
You are LESS secure when you have that.

>>106009458
>If you erase the titan chip you lose your password
so every single time Google pushes a firmware update, you lose all your data on your phone?

>>106009401
>which one?

No other device has support for MTE, has HSM and supports locking the bootloader with custom keys. These were just some of the reasons.

>like what facts?

Same as above. Privacy does not exists without security and other devices are both less secure and by default share data with more parties

>>106009481
Are you trying to be retarded? You don't even need to use the Titan chip. It is just so you can use a shorter password and still be secure.

>>106009482
So you are saying you can flash whatever malware you want on the pixel and then lock the bootloader and sell it on ebay to someone who busy his pixel >>106009440
>used and with cash

You are aware that the "this phone has custom firmware" warning has a purpose, right?

>>106009440
i thought the main dev went to go die in Ukrainewarts

Privacy does not exist, when you keep on using the webbrowser. Doesn't matter what phone you are using.

>>106009498
Just because you don't use the Titan chip, doesn't mean you aren't affected by vulnerabilities inside its firmware blob.

It is well established and known and accepted by everyone, that those blob chips are bad for security, be it IntelME or Googles Titan.

>>106005766
why are jews against him though

>>106009468
How retarded can you be? So not using a firewall makes your device more secure because firewall can contain vulnerabilities? Using a password on your device makes it more vulnerable because the password might be bypassed?

>>106009549
It is called: attack surface

>>106009481
Umbelievably stupid. You do realize the key material is stored on Titan M?

>>106009519
How? Give straightforward answers to why the Google Titan chip with no network capabilities, no access to the devices RAM and that is optional to use the security features that is offers like using it to prevent brute force attacks is a security issue? It can't do anything except confirm or deny password requests from the main chip.

>>106009549
My firewall isn't in a separate binary blob on a chip only Google has access to.

>>106009566
Can you answer the question?
If you can't flash the chip without erasing your keys and therefor your data.... it means that whenever a firmware update happens, you lose all your data, right?

This is now the third time this question gets asked.

>>106009507
I don't understand whay you are trying to say? If I buy something used online, it would be stupid to not flash it again with known good firmware.

>>106008756
>And you will never answer this.
Two hours later, of constant glowfag shilling, yet this question still didn't get answered.

>>106009294
>"Google Pixel or an Apple Iphone"
>"Lineage, /e/os, Calyx. They are all worse from his opinion."
Fucking glowniggers still can't grasp the difference between a phone and an OS. How can you be so retarded that you can't tell the difference between hardware and software???

>>106009597
But the Pixel allows any random dude to lock the bootloader

>>106009518
And yet you are still here

>>106009602
What other OS is there for iPhones?

>>106009562
And that is one of the reasons the Titan M exists. To reduce attack surface on elements storing sensitive material such as encryption keys

>>106009616
>exists to reduce attack surface
>has itself 0 day vulnerabilities
>gives google free access

>>106009602
>How can you be so retarded that you can't tell the difference between hardware and software???

If you wouldn't be so tech illiterate, you would know that making this distinction is redundant. (please don't tell me that firmware is not real software)

you cant even unlock the bootloader on newer phone models other than the pixel.

>>106009585
If you would have a functioning brain, you would realize the firmware can be flashed only if the owner has provided the PIN/passphrase. Otherwise the key material is lost. Do you understand now?

Every privacy conscious person on PC:
>IntelME is bad
>secureboot is worthless, because of the backed in MS keys
LARPing privacy conscious phonefags:
>If you don't have IntelME, you aren't secure!
>Locking bootloaders with free access for Google, and same with IntelME, is good!

>>106009585
>This is now the third time this question gets asked.
I was being nice because I assumed you were asking in bad faith and not just retarded. An update to the chip would not erase the keys because it would not erase everything. Flashing as you described would erase the whole chip.

I am sure on some level you understand how a firmware update for an SSD would not erase the SSD but writing over the data would erase the SSD. You are as stupid as someone not knowing the difference between these two things.

>>106009646
1. this is a lie
2. even if this would be true (which it isn't), how does it answer the question?

>>106009468
>>106009630
>this shit again
Firmware can be updated and it got updates. Any device with a computer inside has exploits to abuse, you just have to look for one. Once found and properly reported to a bug bounty program it gets patched.
The Titan M chip is an entire separate computer sitting near the main CPU of every Pixel.
It has its own memory, a RISC-V CPU and separate storage capacity. It's sole function is to store cryptographic keys, verify them upon request by the main CPU, and rate limit failed attempts.

>>106009507
I bought a stock OS Pixel, installed GrapheneOS by my self and did the hardware attestation with a second device using the auditor app.

>>106009512
That was another developer, not the main one.

>>106009562
Remove the windows and doors off of your house. They can't break into your place if there is nothing to break. ;)

>>106009670
"flashing a firmware", "updating a firmware"
Those terms mean the exact same thing here, anon.
There is no difference.

>>106009604
Yes and why is this a problem? You don't understand how this works so why are you arguing about trivial things thinking you are smarter the actual security researchers?

>>106009675
>It has its own memory, a RISC-V CPU and separate storage capacity
This just makes it worse.

>ANOTHER GrapheneOS thread
still using graphene, stay mad.

>>106009643
But then why have a problem with gos if all phones are running on top of proprietary firmware anyway? Its the same as saying a Toyota is a shit car because the roads beneath it are shit.

>>106009671
> this is a lie

Ah OK then if you say so. Please do not provide any explanation, proof or research on this matter.

>>106009694
We have a dude in this thread who thinks that updating a firmware doesn't flash it.

And you are not understanding the basic concept that other manufacturers don't allow bootloader locking exactly because they don't want their devices to be spread with malware.
>I FLASH EVERY SINGLE PHONE I FIRST TOUCH
That's nice.
But thanks to GrapheneOS shilling and their lies, it is extremely easy to sell a used pixel with locked down bootloader and malware GrapheneOS fork and advertise that as super safe and awesome, linking to all the shilling of GrapheneOS.

>>106009692
No it doesn't you stupid cunt. You have no argument and are trying to argue semantics.

>>106009704
The problem is, that Micay claims their magical OS can somehow outsmart proprietary hardware.

>>106009724
you are simply dumb, and confident in your retardation

The process of flashing the Titan M(2) binary blob from Google does not involve losing data.

>>106009714
>it is extremely easy to sell a used pixel with locked down bootloader and malware GrapheneOS fork

Yes just as easy as flashing GOS yourself when you get the phone and validating the installation.

This is why it is always recommended to instead of buying GOS phones, you by stock phone and flash it yourself.

>>106009701
Why? It has no internet access and it can only do cryptographic stuff.
It's completely different from the Intel ME, AMD PSP or ARM TrustZone as those are embedded into the main CPU.
The Titan M chip sits outside of the main CPU.

>>106009704
Just because my wifi card needs a proprietary firmware blob, doesn't mean that i am ok with IntelME.
The wifi card firmware also can't be flashed by simply plugging in a cable.

The argument, that you can't criticize a flaw just because other similar flaws exist, is dishonest.

>>106008163
this anon knows

>>106008541
> absolutely ass blasted
this is why this toy os created by fucking idiots can't be taken seriously by real men that take security seriously. this is shit for retarded toddler script kiddies that still think defcon is totally cool, not glowing and pirate software streamer is just under appreciated. that's your level of understanding of computer security. fucking embarrassing.

>>106009759
Exactly because it obviously isn't just storing a key and throttling requests.
If the functionality would be this simple, it wouldn't need all this. It would barely be more complex than a Yubikey.

>>106009771
What phone&OS combination real man that take security seriously use?

>>106009781
It also would be OpenSource btw.
The claimed functionality of this chip is so simple, that firmware updates shouldn't even be a consideration.
Similar to the microcontroller controlling the airbags in your car, it should just work.

Yet we have some complex huge black box, that nobody can look into, that Google can change on will, that Google gave itself the ability to update it even when the phone is off.
With nobody ever explaining why this fastboot access even exists.

>>106009760
>The argument, that you can't criticize a flaw just because other similar flaws exist, is dishonest.
So is the argument that the flaw is somehow unique when it is present in literally every other alternative

>>106009781
>It would barely be more complex than a Yubikey.
Boy do I have a security key to sell you: https://en.wikipedia.org/wiki/Titan_Security_Key

>>106009804
not this fucking shit. and i sure as fuck wouldn't be using a device produced by google to run it on.

>>106009781
https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=35561
if the US government approved it then it must be safe. the nsa would never meddle in such things ever! and google is such a trustworthy corporation!

>>106009730
Where does he claim it? It would be unrealistic to not put trust in SOME component, unless you build everything yourself

>>106009817
>not this fucking shit.
ok not this shit, fair, but what then?

>>106009812
When the alternative of "simply don't have it" exists, it is an avoidable flaw.
I can't avoid flaws in my wifi firmware.

Just choose a password instead of a 4-letter-pin and don't have this chip... then you are more secure than a Pixel with GrapheneOS.
That is a simple fact that everybody can agree on. Even you. Even the GrapheneOS devs themselves.

>>106009813
>The Bluetooth "T1" and "T2" models initially had a security bug that allowed anyone within 30 feet to make a clone of the key.[6] The security firm NinjaLab has been able to extract the key using a side channel attack
Holy shit.
Thanks for this gem.

>>106009806
>Google gave itself the ability to update it even when the phone is off. With nobody ever explaining why this fastboot access even exists.

This is like arguing with pigeons. You criticize, I give explanation, you don't understand simple explanation, you keep using the same debunked criticizim.

>>106009837
> get any android with attainable root access that isn't produce by google
> backup the entire rom
> obtain root
> setup the superuser
> modify the fucking shit out of it to the same degree that daniel micfuckhead does with his meme os
> setup firewalls
> remove every last bit of google's and OEMs shit while forbidding internet access to anything that decides to open its mouth an send a packet somewhere
> phone is now 99% glownigger free
> the 1% is the unknown in the hardware out my control
it's this 1% that bothers me but this also applies to daniel's meme os too.

>>106009876
>obtain root
Why?
>modify the fucking shit out of it to the same degree that daniel micfuckhead does with his meme os
So what part of Graphene do you take issue with if you want the same setup?

>>106009839
This is simply not true, Titan M is much harder target to attack than purely software based solutions. Also HSM has actual throttling which means you can have shorter PIN/passphare but still be more secure than with longer passphare that you need to type every time you are unlocking your device. But nothing stops you using long passphare with HSM giving you even better protection.

>>106009851
Trusting Google with your privacy and security, is like giving a gypsy the keys of your car.

>>106009804
depends on your usecase

>>106009902
yeah, if we just ignore the countless of times Google fucked up horribly in a binary firmware blob and completely ignore that you can't bruteforce a decent password (reminder that we are only talking about the one you enter on boot, not whatever unlock method you have), openly shill for bad practices ("You can totally choose a completely unsafe pin and be secure! Just trust Google!") AAAANNDD we ignore that Google itself is the adversary who we need to protect against...

>>106009876
or you can stop wasting your time doing all of that (also not all modern phones offer bootloader unlock without selling your soul to the devil) and just install graphene

>>106009939
Just get an iPhone.
It is even less effort.
GrapheneOS devs told me this is safe and they would never lie to me.

>>106009806
>that Google gave itself the ability to update it
You can update the firmware whenever you want. You are not forced to.

>even when the phone is off.
False, if the bootloader is locked (which it is by default on stock OS and after a proper GrapheneOS installation) you cannot update it without first unlocking the phone.

>>106009851
That was the old Titan M1, and the process involved desoldering the chip and resoldering it.
The new Titan M2 is still unbreached 4 years later.
If you are able to breach its security, Google offers you up to 500000 dollars.

>>106009931
>You can totally choose a completely unsafe pin and be secure! Just trust Google!
Do you use a password on your phone? What percentage of people do on a device they use as a daily driver because of the practicality of typing on a phone? Can you name a better way of using a 6 digit password on a phone than using graphene?

>>106009954
lie, fastboot oem citadel is accessible even with a locked bootloader

>>106009970
source?

>>106009959
>Do you use a password on your phone?
Yes.
The phone even forced me to use a password.
I think you GrapheneOS sheeple forgot that this is about encryption of the phone storage, not about your little screenlock.
>What percentage of people do...
I do not care about this at all.
What sheeple do, is none of my business.
The fact is what i do.
And i am more secure without Titan M(2) glowy chip than with one.
You are just changing the subject here. You are arguing from a perspective that doesn't exist. "BUT IF YOU ARE A DUMB NORMIE", then you don't install GrapheneOS. If your target group are dumb normies, then stop advertising as security conscious.

Openly say: "We are an OS for dumb idiots and attempt to make bad practices less bad".
That would be honest.

>>106009986
try it and see