GrapheneOS refuses to comply with new age verification laws for operating systems — group says it will never require personal information

What else can those who value privacy and have computer skills do but try to be a good example and offer to help to those around them without the know-how?

Hi, yes, it’s me, I’m one of those bunch of folks who would willingly switch off Google’s Tensor crap modem to ideally a Motorola phone with a Qualcomm modem that can run Graphene.

No, they’re the same in this context.

The self-important creator of Systemd has personally blocked that PR, if I’m hearing correctly, which would suggest he or his employer Microsoft is all in on it.

That has already been closed

You are absolutely right, we are not in fact getting screwed, they are just applying the lube for later. (Shamelessly stolen from elsewhere)

Why the ever loving fuck does an init system even need a user database?

Honest to God, if FIFA were giving out a World “Understanding UNIX” Prize, Poettering would be the inaugural, and only, winner. Never in the field of operating systems has one man driven so much enshittification through sheer force of cluelessness coupled with supreme arrogance. And in a world that Steve Ballmer still occupies, that’s one hell of an accolade.

That’s just systemd adding a birthdate field to their userdb. Doesn’t require that it be filled out or accurate

Whoosh.

Plesse don’t give them any ideas. Here’s a list of what’s currently included

https://systemd.io/USER_RECORD/

Even if we say I agree with this, why even ask for a specific year? Separate into child and adult, and let the super user make that change when asked.

In theory I’m not opposed to it existing as an option, but I do not like it being mandatory at all. Websites and applications should never be allowed to know any PII without explicit consent.

Yeah, to be completely honest, the one place where you actually could trust this kind of information is on your own local (and ideally libre-oriented) OS, never leaving your device and instead obfuscated through an API that’s exposed to whatever services need to do an age check, with the potential for additional security impositions or other concessions from data requesters due to the leverage of still having your data controlled by you. This is the bonus FOSS part where we get a say on how we want our data to be exposed on our libre systems. Other users aren’t so lucky and don’t get to have any voice on how this implementation happens, so we should probably participate in the discourse for those PRs rather than condemn them point blank.

Any age check is just a good way for predators to know WHO are the actual children, and with the epstein files revealing the whole billionaire and politician interest in trafficking and raping minors, this is essentially the perfect playground for them.

^^^ If you needed proof that lemmy is overrun with bots just like everywhere else.

“More secure” is a minefield of marketing and intentionally misleading the populace.

Here is the popular phone cracking company Cellebrite’s leaked slides showing them telling the people they’re selling their tools to that they can’t as easily (if at all, depending on device state) crack GrapheneOS as they can stock Android:

https://grapheneos.social/@GrapheneOS/112462758257739953 (This is just a well-summarized and explained post from GrapheneOS themselves, but the original leak was independent of them, and the slides and final interpretation are no different from what GrapheneOS is showing, thus I wouldn’t consider this just “marketing”)

Objectively, if you have a GrapheneOS phone, and you plug it into a Cellebrite machine, it will not have its data extracted if it’s before first unlock, or after first unlock but on the lock screen. (as long as you’ve updated your security patches since like 2022, which most GrapheneOS phones will be) A stock Android phone, or even many iPhones were not as resistant to brute forces or even full file system extractions as a Pixel with GrapheneOS.

GrapheneOS also has additional features that can make the cracking process even more difficult, such as disabling USB even after first unlock when on the lock screen, automatically rebooting after set period to return the phone to BFU state, or setting a duress PIN that wipes the phone, which could be triggered via a brute force before the real PIN is guessed.

Also, in case you want to look at the diagrams in the post more since they don’t really explain all the acronyms, here’s a key:

• BFU (Before first unlock - essentially when you’ve restarted the phone but not put in the PIN/password yet. When fingerprint unlock will not work)
• AFU (After first unlock - after you’ve put in your PIN/Password, fingerprint gets enabled at this point. Using the “Lockdown” button from the power menu on GrapheneOS disables fingerprint and appears to be BFU, but isn’t fully in BFU state and should still be considered AFU just in case)
• FFS (Full Filesystem extraction, essentially dumping literally every single possible file, app data, etc)
• BF (Brute Force, basically just spamming the PIN/Password to try and crack it. GrapheneOS is essentially never vulnerable to this due to the Pixel’s secure element, and it’s the same for newer Pixels with stock Android too, though those tend to still be vulnerable to FFS)
• “Up to late 2022 SPL” (“Secondary Program Loader” version, which most GrapheneOS phones will have updated by now as long as they’re running a GrapheneOS version released after 2022. As you can probably tell, 2022 is referencing the (late part of the) year that version was from. It’s essentially what helps to load programs on the device)

I forget which country it was, but Graphene was specifically listed as being used by criminals/drug dealers.

You might be referring to Catalonia, Spain?

In their case, it was more about Pixel phones in general being used by criminals, and GrapheneOS being their OS of choice which made cracking them harder, rather than GrapheneOS itself being considered criminal or suspicious, but I get where you’re coming from.

You could also be referring to the UK, but that was regarding a journalist with GrapheneOS, but the charge was refusing to unlock his phones. And yes, I said phones, because he was also carrying an iPhone, and they wanted that password too. So in this case the charge wasn’t GrapheneOS-specific.

There’s also France, who was going after GrapheneOS because they wanted an encryption backdoor, but GrapheneOS just said no, so they told police to consider any Pixel with GrapheneOS “suspicious”, but not to consider it a crime in itself. (nor did they have the legal authority to do so) GrapheneOS actually migrated all their server infrastructure out of France as a result of this.

The point is that now, using Graphene, counts against you for the purposes of pressing charges or taking you to a black site.

Generally speaking, even in those areas, this (fortunately) just isn’t true. You are more likely to be considered suspicious in Catalonia if you have… a Pixel, GrapheneOS or not. You’re likely to be criminally charged in the UK… if you don’t give up your password, GrapheneOS or not. And you’re likely to be considered “suspicious” in France… but can’t be charged with anything for it, and the only way they’ll know if you have GrapheneOS installed is if you were already arrested for something else and had your phone seized.

Practically speaking, it’s better to support an OS that protects your data, but could increase the risk of you getting in trouble for protecting your data, than an OS that doesn’t protect your data, and gives it all to the authorities, making whether or not you’re considered criminal pointless. After all, you could voluntarily unlock your GrapheneOS phone in any of these jurisdictions and stop facing any of these possible consequences, and it would carry the same implication as a non-GrapheneOS phone that does it whether you provide your PIN/password or not.

So this:

That is an extra charge.

Just isn’t (at least currently) the case, since no regions currently doing anything against GrapheneOS have made the act of having GrapheneOS installed in itself a crime.

Not to say this couldn’t change, and you’re totally valid in assuming that governments will try to push this, but at least currently, using GrapheneOS will not in itself increase the chance of you going to a black site.

Yeah, hopefully worst case, Motorola just doesn’t ship them with Graphene (which could be a security risk anyway). Then they’d be off the hook.

You mean Chinese? With an ever bigger presence in India I’m sure

Irrelevant. They need to comply with the laws of the market they are selling at.

Check what pornhub decided to do in Texas

No, $400 is about $300 more than any phone could ever be worth.

$400 is more than I have ever paid for a phone (and no, I never bought a carrier locked subsidized phone). From 2014-2022 I had 3 phones that cost a total of $450. This ain’t it.

That’s what it is then.I just don’t want to deal with the arbitrary nonsense like age-verification and software install limitations. Then again, I only have a phone at all because of my wife. If it were just me, I’d just keep a featurephone in a drawer and maybe check that it’s charged once a month. As it stands, I may end up having to give up the small amount of morality I have and just give up on Android and pay a ridiculous amount of money just for phone service.