A weekly live show covering all things Freedom Tech with Max, Q and Seth.
TO DONATE TO ROMAN'S DEFENSE FUND: https://freeromanstorm.com/donate
IMPORTANT LINKS
VALUE FOR VALUE
Thanks for listening you Ungovernable Misfits, we appreciate your continued support and hope you enjoy the shows.
You can support this episode using your time, talent or treasure.
TIME:
- create fountain clips for the show
- create a meetup
- help boost the signal on social media
TALENT:
- create ungovernable misfit inspired art, animation or music
- design or implement some software that can make the podcast better
- use whatever talents you have to make a contribution to the show!
TREASURE:
- BOOST IT OR STREAM SATS on the Podcasting 2.0 apps @ https://podcastapps.com
- DONATE via Monero @ https://xmrchat.com/ugmf
- BUY SOME STICKERS @ https://www.ungovernablemisfits.com/shop/
FOUNDATION
https://foundation.xyz/ungovernable
Foundation builds Bitcoin-centric tools that empower you to reclaim your digital sovereignty.
As a sovereign computing company, Foundation is the antithesis of today’s tech conglomerates. Returning to cypherpunk principles, they build open source technology that “can’t be evil”.
Thank you Foundation Devices for sponsoring the show!
Use code: Ungovernable for $10 off of your purchase
CAKE WALLET
https://cakewallet.com
Cake Wallet is an open-source, non-custodial wallet available on Android, iOS, macOS, and Linux.
Features:
- Built-in Exchange: Swap easily between Bitcoin and Monero.
- User-Friendly: Simple interface for all users.
Monero Users:
- Batch Transactions: Send multiple payments at once.
- Faster Syncing: Optimized syncing via specified restore heights
- Proxy Support: Enhance privacy with proxy node options.
Bitcoin Users:
- Coin Control: Manage your transactions effectively.
- Silent Payments: Static bitcoin addresses
- Batch Transactions: Streamline your payment process.
Thank you Cake Wallet for sponsoring the show!
[00:00:00]
Unknown:
Hello. Hello.
[00:00:02] Unknown:
Hello. Hello. Hello. And welcome to Freedom Tech Friday. For everybody, well, welcome, everybody. And for those of you that are new here, allow me to quickly explain what this is all about and why the hell we are here. FreedomTech Friday is a weekly live and interactive show hosted on The Ungovernable Misfits x, YouTube, and sometimes, Nostafeed. We go live for one hour every Friday at 9AM eastern US time and 2PM UK time. But you can, of course, catch up later on the Ungovernable Misfits podcast feed. On FreedomTech Friday, we like to cover the latest, news and trends for anything relating to Freedom Technologies.
That could be anything from Bitcoin or Monero, encrypted messengers, privacy tools, and everything in between. Essentially, if there is a news item, tool, or topic that you can, that you use to help take back some control in today's digital Panopticon, we want to talk about it. My name's q and a, and I'm head of customer experience at Foundation, where we build Bitcoin focused sovereignty tools. And as always, I am joined by my good friends, Max, the head honcho over of at the Ungovernable Misfits Empire, and Seth, who is VP at Cakewallet. As I mentioned, this show is live and interactive.
We rely on you guys to steer us towards the topics that you want us to cover or to send us the FreedomTech related questions that you want answering. There's many ways in which you can get involved, all of which really help spread awareness for the show. These include commenting or asking questions in a live chat, submitting topics or questions before the show on X or Nosta, boosting the show on Fountain or other podcasting two point o apps, sending questions and tips via Bitcoin and Monero at xmartchat.com/ugmf, and finally, just simply sharing the show on X or Nosta with your friends and followers.
So without further ado, let's dive into the show. Max and Seth, how is it going, gentlemen?
[00:01:53] Unknown:
Very well, my end. Thank you, mate. Little bit of a sniffle, but excited for today.
[00:01:57] Unknown:
Yeah. I thought I was the one with the sniffles. The sniffles are contagious through the mic Yeah. Technology these days.
[00:02:06] Unknown:
I'm excited for today's topic because it's something that affects me directly, and I actually think I'm gonna learn something. So
[00:02:13] Unknown:
it's gonna be a good one. Yeah. Absolutely. True to form, the Nosta chat, or Nostra stream is not working, so I'm gonna try and troubleshoot that live live on air. I actually think, it might be, now that we've paid the bills, it might actually still be an issue on our end. So I'm gonna try and fix that while while we're live. When you guys start waxing lyrical about all things Graphene OS. So bear with us, nostalgia shells. I'm I'm doing what I can. Good morning to everybody in the live chat. Celestron Book, good to see you. Bon, hello. Vibrant, good to see you. William Hornblower, thanks for stopping by. Yeah. Bon, gonna try and fix it. Bear with me. I'm hoping Max and Seth are gonna fill for a couple of minutes when I kick things off so that I can go and click some buttons and try and kick this thing into life.
So, what are we talking about this week? Well, today, I wanted to continue to build upon last week's discussion around phone privacy. As we know, phones are incredible. Like, we live our entire lives on them. But as we discussed last week, they are also one of the most surveilled piece of technology that we use. They track our location, communication, spending habits, even the apps that we open, often without us even realizing it. Most of us rely on Android or iOS. And while these platforms are super convenient, that convenience, as we discussed last week, comes at the cost of privacy and security. So what if there was a way to get the best of both worlds? A modern usable smartphone experience that doesn't compromise your privacy and security?
Sounds like a bit of a, utopia. Well, that's where GrapheneOS comes in. So over the course of the next twenty or thirty minutes, we're gonna explore what GrapheneOS is, how it protects your data, the trade offs of using it, and why the tools like this matter in the bigger picture of overall freedom tech. And hopefully by the end, you'll have some, you'll have a clear sense of whether GrapheneOS, or installing GrapheneOS on on a phone might be right for you. And hopefully have some actionable kind of takeaways, for improving your privacy even if you decide that, you know what? Switching is is not for me. So, guys, this is gonna run-in a bit of a, q and a style, no pun intended, where, I've gone I'm gonna lead you down the garden path here to to eke out some of the the GrapheneOS kind of one zero one basics.
So first question, what is GrapheneOS, and why does it exist? And to avoid any dead air, I'm gonna poke Seth first.
[00:04:37] Unknown:
I I thought Max was gonna handle this one today. I could just sit back and relax. You can just wax lyrical on all things GrapheneOS.
[00:04:45] Unknown:
I can do if you like. It might not be as, high quality, but I'll give it a go. Put him on the spot. Do it, Max. Yeah. Okay. Craphene is a hardened operating system that you can run only specifically on pixels, but the way I see it is it's a way to use a phone in the most private way and secure way possible without having to make any changes to settings. Like, it's kind of to me, it's like an out of the box. It just keeps you private and secure much, much more than, the Google operating system that you'd have on it out of the box. So everything on there is hardened and secure. I think they make some changes to the sandboxing and, how apps interact with each other, the amount of data that's leaked, all that kind of stuff. And it's usable. Like, it's it's very, very usable. It's usable enough that I use mine quite a lot. Not all the time, but quite a lot. Yeah. I think that's the most surprising thing about it is a lot of these types of projects are just not
[00:05:52] Unknown:
not actually able to be daily driven for normal people, at least. I know some people. We we talked about cubes OS jokingly last week, but, like, some people do daily drive cubes OS and more power to them. But most people can't do that. Whereas, Graphene OS, I think, has over the years found a good in between of having quite hardcore out of the box defaults. Like you said, it's, like, it's countering a lot of the telemetry and analytics and surveillance that is a core part of Android as an operating system, but making the most out of Android as an operating system being open source software so that they can actually build around it. Like, it would be it would be really cool to see a graphene like version of iOS, but, Apple would never allow that. So, unfortunately, we only have an Android based one, but Android really enables this in a unique way. And GrapheneOS takes that security that Android actually is quite good at, but adds in privacy as well and enhances the security. So I think you you really nailed it on the head there, Max.
[00:06:55] Unknown:
I think that's important as well. Like, The U like, how usable this tech is because a lot of the, advice that I've had over the years as a nontechnical person has been well intentioned, but absolutely fucking useless for me and, like, actually just stressed me out more, probably actually made me less secure when I'm trying to do things that I just do not understand at all. Whereas with graphene, especially now, like, when I first ran graphene, whatever it was five years ago or something, I had to, like, download a a a Chinese walkthrough, and then that was then translated. And I was trying to work out how to do it. It took me, like, two or so days, like, a whole weekend to, flash it, and I didn't know what I was doing, trying to do it on a Linux machine, which I'd I'd never used before and all this. And now, like, my latest one that I've just flashed took me like, I did it in the web app thing, and it took me I don't know. Like, may I watched a video. It maybe took me half an hour. I sat with a coffee and did it. Like, it could be done quicker. And then once it's fired up, it's really, really easy. I've not had any problems.
No issues. Nothing going down. I can make phone calls. I can send messages. I can do the things I wanna do, with the exception of, like, having, Google, you know, like, a like, a wallet on there or things like that. With the exception of that, it's no different, really. I don't think it's that different to using a normal phone. It's really fucking easy.
[00:08:30] Unknown:
If if you're willing to install sandbox and Google Play services, just to be clear. Like, it is very different from using stock Android if you're not willing to do that because you are gonna have a lot more apps that don't work. You're not gonna have notifications. You'll you'll have more difficulty getting many apps because unless they're available in alternate app stores, you wouldn't be able to get them or you could use Aurora. But there are some trade offs to that. But if you are willing to to use Google Play or sandbox, Google Play services, it's shockingly close to using default Android. You will you will miss a lot of the conveniences that are specific to, like, the pixel version of Android.
But unfortunately, most of those conveniences are basically have baked in spyware as a part of them. So they they come at a great cost, but it's not gonna be exactly the same as your pixel out of the box versus using GrapheneOS. But it's it's close enough that it's surprising.
[00:09:22] Unknown:
Indeed. So so before we get to, a, a suit ahead of ourselves talking about, sandbox in and and, Google Play services, etcetera, which we will get onto, by the way, I wanna kind of really hone in on kind of what makes GrapheneOS more secure and more private than just, you know, going to the Google Store and buying a a a Pixel 10 and just leaving the the stock software on there? Like, what what's the difference here? Like, it's all well and good to say, oh, yeah. It's more private and it's more secure, but, like, what actually what is there as part of that operating system that actually achieves that, if you know.
[00:10:02] Unknown:
I'm gonna be honest there, mate. I was just responding to Vibrant, and I can't do two things at once, so I missed that. That's why I shouldn't be allowed in the chat. I was looking at Seth for this one.
[00:10:16] Unknown:
The question was I so I also I'm gonna fully admit I was multitasking. No. I'm kidding. Yeah. This question was about the security of GraphiteOS.
[00:10:26] Unknown:
Yeah. So I I I before we move on to, like, the the kind of user facing stuff like, you know, sandboxing and apps and things like that, what what is it that's, like, baked in as part of GrapheneOS that makes it more secure and more private than stock Android? Like, what's the diff what's the tangible difference? Like, what what enables that?
[00:10:46] Unknown:
Yeah. I mean, the the core of the security that GrapheneOS provides is the same as stock Android. So a lot of, like, a a lot of people don't realize that mobile operating systems, specifically Android on a Pixel or iOS on an iPhone, are actually very, very secure and much, much more secure than practically any desktop operating system you can run. And there are many reasons for that, but a lot of that comes down to you need to be able to run a lot of very distinct things, have a lot of sensitive info on the same device. You wanna make sure that they cannot access each other's information. And so there's there's been things like app sandboxing and isolation. There's been things like, drastically improved permissions control in both Android and iOS, but we'll we'll focus on Android here. So there's there's been lots of improvements that actually make stock Android quite good from a security perspective.
The main problem has been from a privacy perspective, but GrapheneOS does take the security of Android up a notch. The main ways that it does that are improving on the sandboxing and permissions in stock Android. So, again, the core of these things is already in stock Android, but they they are much more aggressive in how they do per app sandboxing. So that this idea is basically that each app has its own isolated space that it can use, and it can't go out of that space to to mess with anything else or to grab data from anything else. So as long as the sandboxing holds, for instance, if you're running the Facebook app and you also have, Envoy on your phone with all of your Bitcoin stored there in mobile wallet plus paired with Passport, Facebook cannot just go and say how much Bitcoin does this guy have. Like, the that's not something that is possible under the the strict sandboxing that exists in Android. And our Graphi OS takes that to a whole another level, by both enhancing that sandboxing itself, making it even more secure and more aggressive, I would say. There's some downsides to that. Maybe we can get to get into a little bit better, but they're much more harsh in how much they they prevent apps from being able to access outside of their own sandbox.
But then there's also really cool granular permissions control. I think for me, storage scopes is really the most, like, interesting addition on top of Android, which basically means that you can lie to an app and make it think it has full access to, like, your photos, for instance, or your files while only giving it access to specific things. So there are there are many apps that want full access. Like, for instance, social media apps, I think x is an example of this, wants full access to your photos for you to post any photo, which is insane. It's nonsensical. It doesn't need to happen. And so with storage scopes, you can essentially tell the app, oh, yeah. You have access to everything, but you get to select only the things that you wanna share with it. So that if you wanna share that screenshot on Twitter, you don't also have to give the Twitter app permission to see all your family photos or something like that. So that's one of the strongest things that I I really like and something that I I find myself using quite often.
Beyond that, it it keeps the verified boot and tamper resistance of stock Android, which is a really big differentiator versus many other, forks of Android or other alternate ROMs for Android, many of which require you to disable verified boot or secure boot is another name for it, which basically means that in those instances, you would have worse physical security. If someone got your phone, you're much more vulnerable to attacks. Whereas with verified boot, secure boot, tamper resistance, those things protect you in the case someone actually gets your phone and tries to run a different version of the operating system or tries to replace your operating system and give you the phone back and make you think that it's okay while it's actually been pwned.
[00:14:27] Unknown:
Is that That's really good. Why you're doing sorry, Seth. Is that There you go. You know, when you're setting it up, you do unlock the bootloader, and then once it's once it's sorted, you're relocking the bootloader. Is that, like, you that's the lock on it so that if someone gets physical access, they can't just plug in the USB and then start fucking around?
[00:14:45] Unknown:
Exactly. Yeah. And they can't they can't replace that operating system without being able to unlock the bootloader, which would mean they would have to have full OS control as well. Yeah. Yeah. It's that it's that relocking part that's an integral step. And if the OS you're running is something like lineage, which I know is another popular one, it's not really focused on security and privacy, but is one people sometimes use to do Google. You won't be relocking your bootloader as part of that because it doesn't work with verified boot. So you will be more vulnerable to physical attacks. So there's a that's a really vital one, and that's the core reason why they do only pixels because pixels can provide essentially what they need to be able to install an alternate OS and GrapheneOS, but still relock the bootloader.
That's the main reason why they stick with those. I know a lot of times people kinda get caught up on that. If I wanna de Google, why am I buying a Google phone? But the beauty of Android or the beauty of Pixel so far, at least, is that you can just replace it with a GrapheneOS, never log in to the stock OS or anything like that, and still have top tier physical security. One last thing I'll throw out there. I know I've hogged the mic, is just that Graphite OS are very much on the cutting edge of, security updates, often actually shipping security updates from upstream before Google ships them to stock pixels, which is wild. And they do a really good job of that. So it's another reason kind of why they're an extremely useful tool even to people who have advanced threat models because they they can have updates that are necessary, sometimes even before they would on an official Pixel device, which is is a is an important thing and very, very, very, very important for mobile device security.
[00:16:24] Unknown:
Awesome. Thank you for that one. Max, I'm gonna hand this one over to you, in a second. So, when you first install GrapheneOS, if if it's your first time looking into kind of, like, an alternative operating system other than iOS and and stock Android, you might have a bit of a of a shock at how kind of bare bones things are. Like, there's there's, like, a handful of preselected apps that come, preinstalled. So I wanna talk about some of the trade offs now of, you know, if you just download and install GrapheneOS on on a Pixel and you to get started, you're not gonna have what we talk about, the the the Google Play services, and you're not gonna have the Play Store or anything like that. So I wanna talk about some of the trade offs, and how we can get around those to kind of ease our, I guess, life Mhmm. Living with GrapheneOS.
So kind of, you know, from let's start with the basics. Like, when you first install it, like, are app stores a thing? How do you download apps? What's the trade offs? Where can you go? Like, what spell that out for me first before we go into the the port services side of things.
[00:17:34] Unknown:
Yeah. Well, full disclosure, I basically just use mine not as my daily driver. I use mine for some work stuff, Bitcoin stuff, Monero stuff, anything that's, like, sensitive. So it's not the phone that I carry around with me. It's not the phone that I use day to day. But when I have had to download apps, I've used Aurora. I've used F Droid. And it's been a while since I've done it. So I think what I did is I went online. I downloaded the APK, I think, for F Droid and for Aurora. And then you don't have to give any personal details. I ran a VPN while doing it. I think I even downloaded them off talks as being, like, extra, like, you know, specialist about things.
And then I downloaded the the basic apps that I needed, which was not I can't even remember what I needed from there because most of the things I downloaded had APKs anyway, but that's my specific use case, which is very different to someone who's using this every day. If you were using this every day, I would assume that a lot of people need things like banking apps or social media or whatever else. So that is a very different situation.
[00:19:00] Unknown:
Yeah. I think one thing that is often forgotten is you can do a lot of stuff in your browser. Like, it's not as convenient, but a lot of these things, like, especially banking, if you don't need some specific feature that's only in their app, you can do a lot of that in your browser just logging into their mobile website and rolling with it. It it certainly will be more painful for many things, but combining that ability to do things in a browser, even social media, I know a lot of people use x only in a, only in their browser, and then they, quote, unquote, install it to their home screen, which is just a progressive web app. You can get by doing that. Now it it definitely depends on your usage. Like, if you need to use x for your job and you need to handle multiple accounts and stuff,
[00:19:44] Unknown:
it's not gonna quite fit the bill probably. But, that's where profiles come in, which I know we can we can talk about a little bit. Yeah. Vibrant's just asked. Yeah. Vibrant's just asked about the profiles. I'll just throw in, like, I don't know a huge amount about profiles, but one thing that I've been using it for and I don't know if this is a good idea or not, but I use it for, like, travel. So I'll lock down a phone, and then I'll have a separate profile with a separate pin, which isn't the one that it boots up up with, which would have my more sensitive stuff on there. And maybe that's, like, not not useful, or actually not helpful, and you tell me, well, TSA or whoever, would still get access somehow or or an attacker would still get access somehow. But I just see it as, like, one extra layer because when I boot up the phone, it's got very boring normal stuff on there. And then anything that's more useful is one of the multiple different profiles that I have, which has a different pin, which I can't access.
So, that's how I use it, but I know there's other ways to use it as well.
[00:20:54] Unknown:
Alright. Cool. So so we've established that, you know, not having direct access to, you know, a logged in Play Store app on your phone is not the be all and end all. There's loads of great options like, Obtainium, direct APK access, Aurora Store, fDroid, etcetera, where you can get the vast majority of what you need, in a like, without having to to do that and log in. So I wanna dive into Google Play services. First off, I think let's let's define what they are, what they enable, because by default, GrapheneOS doesn't have them enabled. So what is that gonna limit?
And then I guess after we've kind of defined that and the trade offs with it, we can talk about the the flip side of that and being like, okay. For those that have to turn it on, why might you need to turn it on and and kind of, like, again, the trade offs on the flip side of that coin. I'll hand that to Seth first.
[00:21:49] Unknown:
Yeah. Definitely. This is this is one of the things that I think GrapheneOS has just absolutely nailed. For a very long time, they actually didn't have any way to do Google Play services, which I understand from a more hardcore perspective that that's the the safest approach. But for getting the average person to actually use this stuff, like, you you do need a way to be able to access Google Play services in all honesty. And the the quick summary of what they are is really straightforward. It's Google Play services. It's the Google Play Store. It's the things that are core to being able to to access and use most apps on Android in the way that the developer intended. Now that's not necessarily the way you actually want to run them. We can we can get into that. But in the way the developer intended, they expect your device to have Google Play services to be able to install things from the Google Play Store to get updates that way, all that good stuff. The main problem with that is the way that Google Play services are integrated into stock Android is essentially they're like a super root system app that you cannot touch, you cannot remove, and has complete access to basically everything on your device.
And the the thing that Graphina West did that I think is so novel is that they didn't just try to figure out some way to, like, sideload Google Play services, but still have many of the down the downsides. But instead, they actually took Google Play services, and they built them in such a way that they can they can sandbox those Google Play services just like any other app. So you can install Google Play services that other apps can use to get notifications, to verify your your device is legitimate, those sorts of things, without giving Google complete access to your device, which is good for both the privacy perspective, of course, but also really good from a security perspective because you maybe don't want Google Play services to have complete root access on your device. So it gives you a lot more choice there. And while doing so, it actually doesn't limit the effectiveness of Google Play Store or Google Play services. The only real differences you'll see are I think you briefly mentioned this before.
You can't use, Google Pay, like, the the digital cards in your digital wallet on your phone to tap to pay. That requires your device to to go through an onerous, like, Google Play services verification thing that they're just not gonna do for anything that's not an official OS. So that won't work even with Google Play services installed in GrapheneOS, but pretty much everything else will. The only other thing that potentially you can have problems with is some banking apps, also rely on the same device verification that Google Pay does. So there are some banking apps that I know have some problems on GrapheneOS, but some have actually been pressured into fixing that requirement and making it work into GrapheneOS on GrapheneOS. So they're really cool. I think for the vast majority of people, probably installing them is your best bet so that you can have a a quite Android like experience while still having much better security and privacy than default Android.
But it is definitely up to each user. And one of the beautiful things is you can pair Sandbox Google Play services with multiple profiles or with a work profile so that you don't have to have Google Play services touching everything or even in the same profile as everything on your device. But you could limit it to, for instance, just your more, centralized sketchy apps, your social media apps, your bank apps, things that require that to be able to function properly or to get notifications that you need. And then you can keep everything else in a separate profile that it will have no access to and, will have no visibility into. So there's a lot of kinda different ways you can pair this, but I know what's common for many people is, like, having all of their more hardcore apps in their default profile than having an extra profile that has their sketchier apps that they just need to be able to get by to to live, and they'll install Google Play services there and get the kind of the best of both worlds doing that.
[00:25:42] Unknown:
No. Okay. Appreciate that. Keen to know from, the GrapheneOS users in the chat, actually. Two things. Number one, do you use Google Play services? If you're rolling without it, I'm keen to hear your experience as to whether you've got many kind of, kneecapped apps. And also just a quick reminder that if you do have any tangential questions relating to to GraphiNoise or phone privacy, feel free to drop them in the chat and we we'd love to, to get on to those. Okay. So I wanna go quickly back to, the talk about profiles, because I've seen a comment on, Twitter from, Bon. No. It wasn't Bon. It was who is it from?
No. It was on Nosta. I've lost it now. Of course. Look at this. Live.
[00:26:27] Unknown:
It was from
[00:26:29] Unknown:
someone. It was from a Mithrandir, and he said, Telmax. Telmax, the main profile is like the root user, and I am pretty sure that if one is unlocked, then an attacker with a tool like Cellebrite could get data from all profiles. I Okay. Have no idea if we're able to substantiate that, but I'll go on, sir. Yeah. The the
[00:26:54] Unknown:
it's it still falls back to that before first unlock state that we talked about last week. So if you unlock your device, you are unlocking the encrypted disk and decrypting it to be able to use. So if you do that, your other profiles could be vulnerable, not because one profile is root or anything like that, but rather because you've unlocked the device and decrypted the disk to be able to do so. My understanding is that multiple profiles do not change that. So, like, logging into one profile but not logging into another doesn't keep the other profile in that before first unlock state because it's a it's a it's a disk wide thing. It's not a profile specific thing.
Now that's this is very in the weeds, so I definitely could be wrong there, but that's my understanding is it's a it's a device level thing. If you've unlocked the device at all, no matter what profile, the disk will be more vulnerable to something like Cellebrite. But I don't think that that has anything to do specifically with the profile system.
[00:27:51] Unknown:
Okay. The the one thing even if it was vulnerable to someone with, celebrate, like, the average attacker, it makes me think a friend of mine, like, a year ago, got held up by a load of hookers and some nasty people and threatened to move some money from whatever banking app it was, like Revolut or something, sending their Bitcoin off. And, obviously, they have access to his phone. And that can happen with hookers in a hotel room, but it could also happen on the street, and someone could pull a knife or whatever and say unlock your phone.
And if you do unlock your phone and under duress, you're forced to try and move money or Bitcoin, whatever it is. At least if it's behind another profile, unless it's a sophisticated attacker, they're probably not gonna be familiar with Graphene, and they're probably not gonna be familiar with the profiles within Graphene. And so if you unlocked your phone and you don't have any Bitcoin apps or Monero apps or any, anything that you can they can take money from you with, then your situation is much better than it would be if you weren't using profiles.
[00:29:12] Unknown:
Yeah. It's true. It's kinda like the duress pin idea on Bitcoin wallets that some do. I it it is one of those things that is very much only going to protect you against, like, a low level non targeted attack because it I I think kind of war gaming it out, to me, it can also cause problems if everyone knows that people use duress pins or that they know that you specifically are or this guy who has a ton of crypto, they may not believe you. If you don't use a duress pin, and then things can be a little they can get pretty sketchy, but it it is, I think, especially that sort of thing where it's just like you're held up on the street. Like, it's very unlikely they're gonna have deep technical knowledge on what security measures are put in place for graphene OS or Bitcoin wallets or something like that.
That ability to have some money there is good. Yeah. Well, to be fair, it seems to happen more often over on In London? Yeah. I was gonna say, I like it. London? I don't ever hear of it happening to anyone I've ever known in The US, but I know that it does happen in The US. It just seems like a more common thing over in One of my friends in London has been held up and robbed in London, like, three or four times in the last couple of years and, like, had their phone and their watch and all their stuff taken.
[00:30:27] Unknown:
So, like, maybe he just looks like an easy target or something, but, you know, maybe he should have crap
[00:30:35] Unknown:
in. Kidding.
[00:30:39] Unknown:
I think we, this is a a bit of a side channel here, but I think we may or may not be live on NoStar. Who knows? If you're if you're in NoStar and it's and it's actually working have a look. Yeah. If it's working, please drop us a comment or or even a zap if you're feeling fruity on a Friday. A couple of, topics that have come in from the chat that I wanna dive into, guys. William Hornblower asked, is it clear that Revolut will still work on GrapheneOS? I remember a topic on this. Revolut wanted to use a feature which was or will not be supported on GrapheneOS. Last time I checked, yes, it does still work, but I remember the, the the comment or the tweet that they sent out that, was mentioning that that kind of compatibility was under threat.
I'm unsure on the the kind of latest situation there. So it might be worth, tagging them on Twitter or Nosta to to get the latest or just trying to install,
[00:31:32] Unknown:
install Revolut by the banking app? Correct. Yes. Are you really a Bitcoin user if you haven't been banned from Revolut? Like, you obviously haven't done enough on Bisk to, to still have that account going.
[00:31:50] Unknown:
And another question that we had come through, which I'm just frantically trying to locate now. I can't remember who it came from, but the the general gist of it was around private spaces, which was an Android thing that was released maybe earlier this year, if not, later on last year. Where so so can we do a quick comparison really between profiles and private space? It was also from William Hornbloh. Thank you for for that chat for that comment. Like, are are these equivalent features? What's the difference? Should we use one versus the other? Do they have different applications? What what are we thinking here, guys?
[00:32:32] Unknown:
Yeah. I can I can jump in? So I I will preface this, but I haven't actually tried the private spaces yet, because I've long, long been a user of the split between the personal profile and work profile. I I I agree with Bon that the Graphene team says that it's not quite as good as having distinct user profiles, but I found that I needed the convenience of being able to access those work apps all the time rather than having to log out of a profile into a profile, out of a profile into a profile. It just it that flow did not work for me. So I was willing to sacrifice a little bit of that and use Shelter to use the the work profile where I can have my personal and work apps. Work being a in quotes thing because it's really just the apps I don't want, accessing other apps.
That profile was much more convenient. So that's what I do because I'm so entrenched in that. I I haven't bothered with the private spaces, but I know that, essentially, the Graphene team has said that private spaces is the much better approach than the work profile now that it's around and that it has similar or better security assurances than the the, like, personal and work profile split specifically. I believe it's still the same sort of, security assumptions as the separate user profiles, but much more convenient. So I would think that most users would probably want to use the private spaces, but it's it's just not something I actually have used, so I can't comment too much on it. I'm just I'm just kinda going off of what I've seen in Graphene and other people that I trust talk about there.
[00:34:06] Unknown:
Appreciate it. Yeah. William Humble, chimed in and said work profiles rely on other third party admin apps. Does that mean that you have to have this, an app installed on the admin, profile for it to work in in a separate profile, or am I missing service in that? Yeah. You have to use I think the two apps are called Island and Shelter,
[00:34:28] Unknown:
with Island being, I think, pretty unmaintained and Shelter being kind of sort of maintained, that's basically what allows you to have this personal work split and duplicate apps and have some more controls about, like, when you want to move files between the two, you can it gives you a little bit more functionality, which is a a a huge downside to doing the doing it the way that I do it. And that's why I think private spaces would probably be much better for the vast majority of people because it supposedly gives you similar isolation. I think the one question I would have, though, around that, and maybe y'all can answer this, is one thing that I really like about the personal or work profile split or the distinct user profiles is that you can have a per profile VPN or lack of VPN, and that allows you to do really cool things like having separate VPN accounts if you don't want even your account tied back to the same things or having a profile that doesn't use a VPN for those apps that are sketchy and freak out when you have a VPN.
There's a lot of, I think, really interesting use cases for that. And I don't think that that would be true of private spaces from my understanding of it, but I'm not sure if if y'all can answer that or maybe somebody in the chat.
[00:35:36] Unknown:
That's profiles. The the so profiles, you're saying you can have the you could have separate VPNs or the same VPN you can choose, but it's it's like using a separate phone almost.
[00:35:48] Unknown:
Yeah. But you can actually you can do that in the the personal and work profile split using an app in the shelter that I do. That's one of the reasons why I've liked it is because I still get that functionality, but I get much more convenient access to those apps because I'm using them all constantly. So yeah. Okay.
[00:36:07] Unknown:
Quick reminder, guys. If you have any, any questions on this, please do, drop them in the chat. This is a a topic that I do really enjoy talking about. In the meantime, I'm gonna bring up, one of the questions that we have presubmitted from, Rob g. He said, I would love if you guys can address using a VOIP, voice over IP service on GrapheneOS easily to prevent your real number, for legacy calls and SMS. He's tagged my pseudo app, and he says it it does not work well natively, and he's put in brackets that it needs a secondary device and play services. I'm not sure what he means by the secondary device, but he said that that's what he uses on an iPhone. So, any any experience with using VoIP services where presumably the the the kind of, idea here is that you don't wanna use a traditional SIM card or eSIM so that you don't have to, you know, have a number tied to you, your personal name, and your phone.
[00:37:04] Unknown:
So this is this is specifically for you for doing legacy phone calls to a number. So it looks like you're calling from a number rather than VoIP in the sense of, like, using, you know, signal or whatever for a call. It's so that it looks like you have a number.
[00:37:23] Unknown:
That's the way I interpret it. Yeah.
[00:37:25] Unknown:
Yeah. Then no. I have have no no, experience with that, I'm afraid.
[00:37:30] Unknown:
You led me down the garden path there. Thanks for that.
[00:37:36] Unknown:
Got all our hopes up. I I was excited because I I also can't say that I have any experience with this. I I have tried a lot of, like, real phone number services that don't require specifics. I think Cloaked has been the best one of those, if not perfect, for having, like, an actual phone number that's not VoIP, but not having to give over personal details, being able to pay with Monero or Bitcoin. But I I haven't tried the VoIP side of things specifically.
[00:38:05] Unknown:
Oh, here we are. Free samurai. For VoIP services, yeah, go with Keyogram and load it with Whirlpool PTC or XMR.
[00:38:16] Unknown:
Well, you haven't heard of that one. From the chat. No. Me neither. Graham. Thank you for, for chiming in. Another question that we've had presubmitted. This one comes from Quidion on Nosta. And he said, Revolut just forced me to verify my location again. Any tips on using Revolut as privately as possible, or is there a more private way of fiat transfer? I turned on my location as city center, and I did selfies with masks, but that did not work last time. And, Guidian, yes, I did cut down your question slightly because we hit the character limit, but hopefully, I got the gist of it there. I I can tackle this one, now that I'm not troubleshooting livestream stuff. Unfortunately, Revolut is it's it's just a bank.
There's no way to use a bank privately, unfortunately, if you are a general citizen. If they want your location or your identity or your mother's snake's cat sister's name, then you're gonna have to give it to them if, if you wanna use their service. They're they're governed and and bound by all of the usual laws, regulations from any given jurisdiction, and they can cut you off. And Revolut is one of the favorites for this. They will cut you off if they do anything sorry. If you do anything that they deem untoward. And by that Yeah. That is a very, very big umbrella. That could just be sending some money to somebody else on Revolut, unfortunately. They are very vigilant.
So to answer your question, is there anything you can do about it? No. You can just choose not to share that information, and that will result in you not being able to use their service, unfortunately. But that's just the the the way in the world when you you, I guess, interact with the banking system, unfortunately. I don't know if you guys got anything to answer that.
[00:39:58] Unknown:
I I do. This sort of goes against a lot of what a lot of Bitcoiners and, privacy people would say. I actually think when it comes to banking, like, most people need bank accounts if you have a life with, like, kids and, like, mortgages and bills and, like, you don't just live in your mom's basement or you're not, like, an international drugs dealer or, you know, you're just a normal person. You need banks. So my advice is not get rid of banks. It's actually potentially have as many accounts open as you can for optionality because and then any money that you do have to have within the banking system, spread it as as, evenly and thinly as you can so that if you get whacked by a Revolut or one of these, neobanks and they start crawling up your ass for a load of info or they freeze your money or they close your account, you're not suddenly fucked and you can't live your life.
So, I know it goes against, like, fuck the banks and just use Bitcoin, but, I would say actually the other way. Open bank accounts have options and maybe in different jurisdictions as well.
[00:41:12] Unknown:
Yeah. I I think also just, like, this idea of I need to be totally anonymous when I'm using my bank doesn't make any sense. Like, I've had multiple people tell me, like, yeah. My bank account won't let me access their site via tour. I'm like, okay. They know who you are. They know where you live. Yeah. They know how you spend your money. Accessing it over Tor doesn't help you at all. It just makes you stand out and raises red flags. And I think that's one thing that people kinda need to realize is if a service already knows who you are and where you live, yes, you should limit additional info, obviously, but you you shouldn't seek anonymity from them when using their service because it's only gonna cause you pain and make you look like someone they should be watching. It's it doesn't help you in any way. And I think that's something that's often misunderstood is people go too hardcore with those services. It's the ones that don't know who you are that you should be using something like Tor or something like a VPN. And sometimes you can use a VPN with banks, but oftentimes, that also raises red flags. They can be some of the stricter ones to to block VPN usage as well.
But it's one of those things where you have to you have to think about, like, what does the service already know about me? If they know who I am, it doesn't matter if they know that I'm accessing their site from my house because they know where I live, but they probably even provide the mortgage for my house. Like, it's it's it's one of those things where you got to just just be conscious, think through if this entity already knows all this about me, what does it actually make sense to try and protect and what does it not make sense to try to protect? You kinda wanna blend in with the crowd. You don't wanna stand out as, hey. We have one of three people who uses this bank, who uses Tor all the time. It's not probably something you want on your, your dossier.
[00:42:52] Unknown:
No. And BTC wrestler says, wouldn't you want to reduce the attack surface, of all the KYC by using only one or two? Maybe if you're, like, using in my opinion, anyway, maybe if you're using, like, a Bitcoin exchange or something like that, yeah, maybe, if you're gonna use them at all. But my personal view with, like, the banks and all this stuff is they all all your information's out there. And, if you're if you've got businesses or you're renting properties or you've got a job or whatever else, like, the tax man has a load of your info. All of this stuff is shared. The banks have your info. I'm sure most of your information has been leaked anyway. And if you're doing normal shit with it, like Seth is saying, like paying your mortgage and paying your bills and stuff, then, you know, what are they gonna do? As long as you're not linking that to the other side, like your Bitcoin side or your Monero side, which is where you wanna be private, I don't see the problem in having that information out there. It just makes you look normal, and it gives you options because I've been in the situation before where I've had one bank or two banks, and I've had many, many accounts closed.
And if you have all your money in one place and they seize it, you are fucked, and they can hold it for a very long time. They can drag you through serious amount of problems, and suddenly you can't pay your bills. So, my that's my personal view from experiences. I would take that trade off of having more banks with my KYC information than just one and relying on one because it can really, really be a problem.
[00:44:38] Unknown:
Yeah. Well said. Well said. Next question comes from eight Mithrandir over on Nosta, so I can't actually bring it up. It's not in the live chat. This is a great great question, actually, and we should have covered it off in the the earlier on, but, thank you for for eight for kind of bringing it up. Backup and recovery on GrapheneOS. Anyone done this well? Can you recover all of the apps with the correct settings, such as banking apps, etcetera? So I guess to set the scene, like, you know, if you're, an iOS user, I'm I'm sure most of us here have at least tried it, and you've gone through that kind of device switch here where you have that kind of magical switch over where you kind of just log in or you scan that magical old thing, and then within ten minutes, your new phone looks identical to the old one.
Obviously, that comes with many, many trade offs that comes with, like, the iOS ecosystem. But such a thing, to my knowledge, does not exist for the the GrapheneOS ecosystem. In terms of backups, what I do know is that they have, like, I think they call it seed vault, where you can kind of basically encrypt the entire contents of your phone. And when I say entire contents, I think it is the whole file system. Again, I'll let the guys chime in and tell me I'm wrong in a second. And then you have basically, like, a 12 word, almost like a seed phrase, like a password to be able to decrypt that. So so basically what you get left with is a secret, the 12 words, and then a file which you obviously need to manually update and store somewhere, be it on a USB drive or maybe something like Proton drive, and you can potentially automate that once a week or once a month or somehow so that you've got, you know, a semi recent backup such that if something does go really wrong with your your Pixel running Graphene, that you've got a fairly recent backup that you can call upon. I know for a fact it covers, like, the basic stuff like contacts, apps that you've got downloaded, photos, etcetera.
I'm almost certain it also covers app settings, etcetera as well. So but, fortunately, I've never been in the situation where I've had to actually rely on one of those backups. So I haven't actually put the proof into the put and see exactly what information does get pulled down when you need to leverage that sort of thing. But, yes, to to summarize, it it it oh, okay. Well, so let me summarize my thing is, yes. It's possible, and Max is gonna tell us how successful it is now.
[00:46:58] Unknown:
Well, I did it fairly recently, and then what I did is actually tested the backup. And the reason I did it was because, I was using Envoy for most of my recent transactions and labeling everything because my laptop that I was using with Sparrow is just fucked. So I didn't wanna lose that, and I thought, oh, if that phone goes down, I'm gonna have problems. So it's only really for that, but I did a backup, and then I had a spare pixel that also had graphene running on it. And then I tested the backup by restoring onto that phone, and I basically had two mirrored phones. And I had all my transactions, and I had everything that I needed. So I don't know past that. But, yeah, I think it was like, was it 12 words, or was it I definitely had to write something down, and then I had to use that to recover it.
And I just shuffled the encrypted data across with a little USB stick across to the other phone, then did restore, and set it up. So I just basically had a mirror of the other phone as, like, a backup in case the other one got fucked.
[00:48:07] Unknown:
Yeah. It's in my experience, it's quite hit or miss. It does work in general, but even the, like, even the graphene team calls out that it's incomplete, and they've theoretically been building a replacement for it for a long, long time. I I haven't seen any updates on that, but I I don't keep heavily, heavily up with their developments, like, in chat rooms or anything like that. So there there may be more progress there than I know. But, yeah, the current backup system for me, it's like, it's okay. You won't cry, but there will be some pain. Like, it's not gonna be a seamless process in in in my experience, but that also is gonna heavily depend on what you do with your phone. If you're very much a minimalist and you are mostly using apps that, are just simple and straightforward, it's pretty good. I think what what I've done, honestly, is I just don't even try using the backup service anymore, and I just focus on the, like, signal backups, two factor backups.
Like, Aegis has its own encrypted backups. I'll just put all of those onto a flash drive or onto my Proton drive or next next cloud or something. And I'll just restore the ones where, like, I want to make sure I don't lose any data. Envoy's another example of that. Cake's another example of that, where I can take a separate backup that I know will restore much better than the, the GrapheneOS backup system. Mhmm. I'll just do those, and then I'll manually install the apps that I want. And, to me, I found that that just ends up in a better state than when I try to do the the wholesale restore.
[00:49:39] Unknown:
Good advice. Good advice. Yeah. Although it does make it painful when you do get a new phone, but, it's yeah. You you can get through it. I spoke too soon on the the nostalgia side of things, that it shows us as live. The chat is working. Thank you to, Free Samurais, up in 2,100 sats. Bond's up in 1,337 sats, and eight Mithrandir is up in 777 sats. Appreciate you being here. There's it shows us live, but there's no video. So, thank you for participating in the in the chat even though the, the stream itself is not working. We'll we'll we'll go again next week and see if we can finally get it, get it going. William Hornblower for has posted a great question that's already been answered by the live chat. I love this. He said, what camera app do you recommend for nearly Google stock Android camera app quality?
I can hit this one. The app I use is the Google Android stock one. Well, as, Bon mentions in the, in the Twitter comments, basically, just download the app from Aurora or, or the Play Store, and then just kill all the permissions. So you you get the benefit of all the the the kind of technology that makes the the camera app the best available, but it you revoke its access to kind of send your photos anywhere other than your phone. And Seth, has also just commented as well. This is for the benefit of the the podcast audience, I guess, that you can also do exactly the same thing for the Google keyboard, where the Google keyboard, again, arguably, in my opinion, the the best available keyboard for for Android, with all of its additional kind of features and layouts, etcetera, etcetera.
You don't need to deprive yourself of that. You can install that, and you can, again, kill all of the network access so that you can just you don't have to type like your four year old school child, and making typos, etcetera, because all of the other party, keyboards are woeful. Literally woeful. So do yourself a favor. Grab hold of the the g board, and just kill all of the network access, because it's it's literally night and day in terms of how much better it is to use, at least in my experience. And I'm I'm hearing some some giggles from, from the other, hostess. I'm guessing you guys agree.
[00:51:57] Unknown:
No. I'm just seeing everyone writing about Futo. I just wondered if anyone has, used that. I've got FreeSamurai saying try Futo, vibrant Futo, has great speech and text and swipe typing. Bon's saying he's admitted he's never tried it. I haven't ever I still just use the, standard one, but it is horrible.
[00:52:16] Unknown:
It's so bad. How do you do that, man? It's horrible. Survive? No. You need to use the Google keyboard. It's like a 10 times efficiency improvement using the Google keyboard with network access revoked. Like, that's one of the coolest features of Graphene OS, honestly, is you can do any app. And if it's something that you just need to be able to use locally, just don't toggle the allow network access when you hit install. It's magical, and it works really well for those. The one call out I will make with the Google camera well, one call out for each. So with the Google keyboard, you won't be able to post GIFs, which is What? I know. You can't
[00:52:51] Unknown:
Fuck's sake. That's how I communicate.
[00:52:54] Unknown:
Oh, we just lost Seth.
[00:52:57] Unknown:
Uh-oh.
[00:52:58] Unknown:
At least we're still here. Oh, no. Wait. He's back in the green room. Let me add him back in.
[00:53:02] Unknown:
You you're back in the room, Seth. That was weird. Must have been Google doxing me. Yeah. D DDoS ing me. Sorry. DDoS ing me. No. I I was just saying you can't, you can't post GIFs from the Google keyboard, which is a little painful. And then you in the Google camera app, the gallery won't ever work. So you'll have to go to your gallery app to see your pictures. If you tap the gallery button, it freaks out. So that's the only other kinda main call out there. But other than that, both work really well and are are the best options I've tried. I have tried a bunch of other keyboards that all were terrible, but I have not tried Fudo. So that sounds like a a good recommendation with so many people in the chat recommending it. I know that was hard for you to hear, Max. Because GIFs are like your your first language, aren't they?
[00:53:45] Unknown:
Honestly, it's, one of the main reasons that I absolutely cannot get along with, Nosta because it just doesn't have the integrated. It's like, yeah, you can go to another thing and then copy and paste and but, yeah, it's how I communicate being such a dyslexic fuck, you know, visual stuff. And without that, it's, I don't know. I I don't like it.
[00:54:08] Unknown:
Hello to Swift and John in the Nosta chat. They're both at 21 sets each. Welcome, gentlemen. Nice to have you with us. I wanted to cap off the call because we're nearly at the top of the hour with, talking about another one of the the kind of alternatives or something that you might miss when you go to the when you leave iOS or the Google ecosystem. One of the great things about them is that they sort of they have, like, the the the kind of cloud infrastructure if you if you use it in a kind of naive or default way where, you know, you've got note sync and you've got, you know, clouds automatic cloud storage and app sync, etcetera.
Clearly, you have none of that, when you go to to GrapheneOS or at least when you start using GrapheneOS. So are there any, ecosystems or tools that you use to kind of fill that void, either fully or just to a a certain degree that make your lives easier when you guys are using GrapheneOS?
[00:55:07] Unknown:
It's I mean, I've gone through a bunch of iterations. There's no one stop shop that I found, so I kinda pick and pick the pieces that make the most sense. Like, I'll just quickly run through key services for me. I have tried all of Proton's stuff. I think they're kind of in this camp where, like, everything is, like, 80% of what I need, but nothing's quite there. So while I have, like, a visionary plan and could be using them for everything, I don't. But the way that I replace a lot of the default sync stuff and everything is I use inte, inte, I I always forget how to say it, for photos, sync, and backup. They're freaking awesome. Like, it it has all of the memory stuff that I missed from Google Photos, like, all done on device machine learning. It's really cool.
So I use them for photo sync, and I've tried everything else out there. Like, I promise, literally everything else out there because that's been one of the biggest missing pieces since I do Googled. Notes notes note, like we have talked about before on the show, has been my go to. And then file sync. Honestly, I don't find myself needing to sync files very often. So, like, the little that I do, I just use Proton Drive, but I don't I don't need a lot on that side of things. But, honestly, those are probably the two biggest ones that I had missed was I was a heavy user of Google Keep before I did Googled, so I needed a solution to that. And, Notes Nook has been by far the best solution, and I think I have tried everything else out there as well.
And then replacing Google Photos has been a long, hard journey and Ente or Ente or, yeah, whatever. If someone knows how to actually pronounce that, please tell me. But I'll go with Ente, has been by far the best solution. I have just started using them, but they they are fantastic so far and seem like probably the only solution like this that'll actually be able to get my wife to which is a necessary thing for this.
[00:56:57] Unknown:
That's interesting. I've not heard about Entei. Maybe you can drop the link in the, into the chat so everybody else can check them out. Because like you say, I'm not sure how to say it either. I definitely need to check them out. Yeah. For me, I'm a I'm a big fan of the Proton ecosystem. It doesn't do everything, but it does, the majority of what I need in terms of file sync, automatic photo backups, etcetera, and, you know, obviously, everything's end to end encrypted. It's a service that I'm paying for anyway in terms of, like, email and all that sort of stuff. So it's nice to have, like, that kind of one ecosystem that does most of what I need, and then I can backfill with specific apps like you mentioned, Seth, with, like, Notesnock, etcetera.
Max, and any of the stuff, that you use that we haven't mentioned on this bit?
[00:57:42] Unknown:
Not really, to be honest, because I I only use it for a few work things and Bitcoin stuff, so it's not my daily driver. Like, I don't use it for those type of things. So no. But if I if I do need to share files or move things, I also tend to use Proton.
[00:58:02] Unknown:
Awesome. Alright. Well, that brings us to the top of the hour. Oh, just quickly, with with William Hornblower, this is a key point that I didn't know. Entei also allows self hosting as well. I presume you're talking about the the sync server there, are you, William? Maybe Seth. I don't know if you know the answer to that.
[00:58:20] Unknown:
I know that you can. Photos backup self hosted is something that I just I cannot recommend, unless you really know what you're doing and you're a sys admin and you understand redundant backups and you have a proper NAS with a good RAID setup. Like, I just I don't want all of my family photos reliant on me. Yeah. And I just push something up, and we lose every memory. Like, I I just I I don't see the point for most people. If you can do the same thing into an encrypted, just use the centralized server and pay for it and support a good company. That sounds good. If if you really know what you're doing, sure. Self host it. But I do not recommend that for the vast majority of people for something as sensitive as this. It's the same reason I don't use, like, key pass for a password manager, but I recommend Proton password Bitwarden because there's just not many advantages to self hosting it, and there are a lot of disadvantages.
[00:59:07] Unknown:
Yeah. Alright. Thanks for that. Quick very quickly, last one. Bon, you had some criticisms of ProtonDrive, the photos aspect. I'm keen to know, what those are. We've run out of time now, but please drop me a a note on loss or something like that so we can discuss. I'm keen to to know what you don't like about it because, my my, experience has been overwhelmingly positive so far. So keen to hear that. But with that said, that brings us, slightly over time. This is a really fun one. Clearly, a a popular topic and one that a lot of the, misfits are kind of well versed in. There's some great answers coming out, into the chat and also some wonderful questions as well. So thank you as always to everybody that got involved in the, in the live chat, both on Nostra, Twitter, and on YouTube as well. Thank you for the zaps.
We, appreciate everybody, taking part in today's, Freedom Tech Friday. And as always, we will see you at exactly the same time next week. Cheers, guys.
[01:00:07] Unknown:
Thank you for listening to Freedom Tech Friday. To everyone who boosted, asked questions, and participated in the show, we appreciate you all. Make sure to join us next week on Friday at 9AM EST and 2PM London. Thanks to Seth, Max, and Q for keeping it ungovernable. And thank you to Cake Wallet, Foundation, and my NIM box for keeping the ungovernable misfits going. Make sure to check out ungovernablemisfits.com to see mister Crown's incredible skills and artwork. Listen to the other shows in the feed to hear Kareem's world class editing skills.
Thanks to Expatriotic for keeping us up to date with Boost's XMR chats and sending in topics. John, great name and great guy, never change and never stop keeping us up to date with mining news or continuing to grow the mesh to Dell. Finally, a big thanks to the unsung hero, our Canadian overlord, Jordan, for trying to keep the ungovernable in check and for the endless work he puts in behind the scenes. We love you all. Stay ungovernable.
Hello. Hello.
[00:00:02] Unknown:
Hello. Hello. Hello. And welcome to Freedom Tech Friday. For everybody, well, welcome, everybody. And for those of you that are new here, allow me to quickly explain what this is all about and why the hell we are here. FreedomTech Friday is a weekly live and interactive show hosted on The Ungovernable Misfits x, YouTube, and sometimes, Nostafeed. We go live for one hour every Friday at 9AM eastern US time and 2PM UK time. But you can, of course, catch up later on the Ungovernable Misfits podcast feed. On FreedomTech Friday, we like to cover the latest, news and trends for anything relating to Freedom Technologies.
That could be anything from Bitcoin or Monero, encrypted messengers, privacy tools, and everything in between. Essentially, if there is a news item, tool, or topic that you can, that you use to help take back some control in today's digital Panopticon, we want to talk about it. My name's q and a, and I'm head of customer experience at Foundation, where we build Bitcoin focused sovereignty tools. And as always, I am joined by my good friends, Max, the head honcho over of at the Ungovernable Misfits Empire, and Seth, who is VP at Cakewallet. As I mentioned, this show is live and interactive.
We rely on you guys to steer us towards the topics that you want us to cover or to send us the FreedomTech related questions that you want answering. There's many ways in which you can get involved, all of which really help spread awareness for the show. These include commenting or asking questions in a live chat, submitting topics or questions before the show on X or Nosta, boosting the show on Fountain or other podcasting two point o apps, sending questions and tips via Bitcoin and Monero at xmartchat.com/ugmf, and finally, just simply sharing the show on X or Nosta with your friends and followers.
So without further ado, let's dive into the show. Max and Seth, how is it going, gentlemen?
[00:01:53] Unknown:
Very well, my end. Thank you, mate. Little bit of a sniffle, but excited for today.
[00:01:57] Unknown:
Yeah. I thought I was the one with the sniffles. The sniffles are contagious through the mic Yeah. Technology these days.
[00:02:06] Unknown:
I'm excited for today's topic because it's something that affects me directly, and I actually think I'm gonna learn something. So
[00:02:13] Unknown:
it's gonna be a good one. Yeah. Absolutely. True to form, the Nosta chat, or Nostra stream is not working, so I'm gonna try and troubleshoot that live live on air. I actually think, it might be, now that we've paid the bills, it might actually still be an issue on our end. So I'm gonna try and fix that while while we're live. When you guys start waxing lyrical about all things Graphene OS. So bear with us, nostalgia shells. I'm I'm doing what I can. Good morning to everybody in the live chat. Celestron Book, good to see you. Bon, hello. Vibrant, good to see you. William Hornblower, thanks for stopping by. Yeah. Bon, gonna try and fix it. Bear with me. I'm hoping Max and Seth are gonna fill for a couple of minutes when I kick things off so that I can go and click some buttons and try and kick this thing into life.
So, what are we talking about this week? Well, today, I wanted to continue to build upon last week's discussion around phone privacy. As we know, phones are incredible. Like, we live our entire lives on them. But as we discussed last week, they are also one of the most surveilled piece of technology that we use. They track our location, communication, spending habits, even the apps that we open, often without us even realizing it. Most of us rely on Android or iOS. And while these platforms are super convenient, that convenience, as we discussed last week, comes at the cost of privacy and security. So what if there was a way to get the best of both worlds? A modern usable smartphone experience that doesn't compromise your privacy and security?
Sounds like a bit of a, utopia. Well, that's where GrapheneOS comes in. So over the course of the next twenty or thirty minutes, we're gonna explore what GrapheneOS is, how it protects your data, the trade offs of using it, and why the tools like this matter in the bigger picture of overall freedom tech. And hopefully by the end, you'll have some, you'll have a clear sense of whether GrapheneOS, or installing GrapheneOS on on a phone might be right for you. And hopefully have some actionable kind of takeaways, for improving your privacy even if you decide that, you know what? Switching is is not for me. So, guys, this is gonna run-in a bit of a, q and a style, no pun intended, where, I've gone I'm gonna lead you down the garden path here to to eke out some of the the GrapheneOS kind of one zero one basics.
So first question, what is GrapheneOS, and why does it exist? And to avoid any dead air, I'm gonna poke Seth first.
[00:04:37] Unknown:
I I thought Max was gonna handle this one today. I could just sit back and relax. You can just wax lyrical on all things GrapheneOS.
[00:04:45] Unknown:
I can do if you like. It might not be as, high quality, but I'll give it a go. Put him on the spot. Do it, Max. Yeah. Okay. Craphene is a hardened operating system that you can run only specifically on pixels, but the way I see it is it's a way to use a phone in the most private way and secure way possible without having to make any changes to settings. Like, it's kind of to me, it's like an out of the box. It just keeps you private and secure much, much more than, the Google operating system that you'd have on it out of the box. So everything on there is hardened and secure. I think they make some changes to the sandboxing and, how apps interact with each other, the amount of data that's leaked, all that kind of stuff. And it's usable. Like, it's it's very, very usable. It's usable enough that I use mine quite a lot. Not all the time, but quite a lot. Yeah. I think that's the most surprising thing about it is a lot of these types of projects are just not
[00:05:52] Unknown:
not actually able to be daily driven for normal people, at least. I know some people. We we talked about cubes OS jokingly last week, but, like, some people do daily drive cubes OS and more power to them. But most people can't do that. Whereas, Graphene OS, I think, has over the years found a good in between of having quite hardcore out of the box defaults. Like you said, it's, like, it's countering a lot of the telemetry and analytics and surveillance that is a core part of Android as an operating system, but making the most out of Android as an operating system being open source software so that they can actually build around it. Like, it would be it would be really cool to see a graphene like version of iOS, but, Apple would never allow that. So, unfortunately, we only have an Android based one, but Android really enables this in a unique way. And GrapheneOS takes that security that Android actually is quite good at, but adds in privacy as well and enhances the security. So I think you you really nailed it on the head there, Max.
[00:06:55] Unknown:
I think that's important as well. Like, The U like, how usable this tech is because a lot of the, advice that I've had over the years as a nontechnical person has been well intentioned, but absolutely fucking useless for me and, like, actually just stressed me out more, probably actually made me less secure when I'm trying to do things that I just do not understand at all. Whereas with graphene, especially now, like, when I first ran graphene, whatever it was five years ago or something, I had to, like, download a a a Chinese walkthrough, and then that was then translated. And I was trying to work out how to do it. It took me, like, two or so days, like, a whole weekend to, flash it, and I didn't know what I was doing, trying to do it on a Linux machine, which I'd I'd never used before and all this. And now, like, my latest one that I've just flashed took me like, I did it in the web app thing, and it took me I don't know. Like, may I watched a video. It maybe took me half an hour. I sat with a coffee and did it. Like, it could be done quicker. And then once it's fired up, it's really, really easy. I've not had any problems.
No issues. Nothing going down. I can make phone calls. I can send messages. I can do the things I wanna do, with the exception of, like, having, Google, you know, like, a like, a wallet on there or things like that. With the exception of that, it's no different, really. I don't think it's that different to using a normal phone. It's really fucking easy.
[00:08:30] Unknown:
If if you're willing to install sandbox and Google Play services, just to be clear. Like, it is very different from using stock Android if you're not willing to do that because you are gonna have a lot more apps that don't work. You're not gonna have notifications. You'll you'll have more difficulty getting many apps because unless they're available in alternate app stores, you wouldn't be able to get them or you could use Aurora. But there are some trade offs to that. But if you are willing to to use Google Play or sandbox, Google Play services, it's shockingly close to using default Android. You will you will miss a lot of the conveniences that are specific to, like, the pixel version of Android.
But unfortunately, most of those conveniences are basically have baked in spyware as a part of them. So they they come at a great cost, but it's not gonna be exactly the same as your pixel out of the box versus using GrapheneOS. But it's it's close enough that it's surprising.
[00:09:22] Unknown:
Indeed. So so before we get to, a, a suit ahead of ourselves talking about, sandbox in and and, Google Play services, etcetera, which we will get onto, by the way, I wanna kind of really hone in on kind of what makes GrapheneOS more secure and more private than just, you know, going to the Google Store and buying a a a Pixel 10 and just leaving the the stock software on there? Like, what what's the difference here? Like, it's all well and good to say, oh, yeah. It's more private and it's more secure, but, like, what actually what is there as part of that operating system that actually achieves that, if you know.
[00:10:02] Unknown:
I'm gonna be honest there, mate. I was just responding to Vibrant, and I can't do two things at once, so I missed that. That's why I shouldn't be allowed in the chat. I was looking at Seth for this one.
[00:10:16] Unknown:
The question was I so I also I'm gonna fully admit I was multitasking. No. I'm kidding. Yeah. This question was about the security of GraphiteOS.
[00:10:26] Unknown:
Yeah. So I I I before we move on to, like, the the kind of user facing stuff like, you know, sandboxing and apps and things like that, what what is it that's, like, baked in as part of GrapheneOS that makes it more secure and more private than stock Android? Like, what's the diff what's the tangible difference? Like, what what enables that?
[00:10:46] Unknown:
Yeah. I mean, the the core of the security that GrapheneOS provides is the same as stock Android. So a lot of, like, a a lot of people don't realize that mobile operating systems, specifically Android on a Pixel or iOS on an iPhone, are actually very, very secure and much, much more secure than practically any desktop operating system you can run. And there are many reasons for that, but a lot of that comes down to you need to be able to run a lot of very distinct things, have a lot of sensitive info on the same device. You wanna make sure that they cannot access each other's information. And so there's there's been things like app sandboxing and isolation. There's been things like, drastically improved permissions control in both Android and iOS, but we'll we'll focus on Android here. So there's there's been lots of improvements that actually make stock Android quite good from a security perspective.
The main problem has been from a privacy perspective, but GrapheneOS does take the security of Android up a notch. The main ways that it does that are improving on the sandboxing and permissions in stock Android. So, again, the core of these things is already in stock Android, but they they are much more aggressive in how they do per app sandboxing. So that this idea is basically that each app has its own isolated space that it can use, and it can't go out of that space to to mess with anything else or to grab data from anything else. So as long as the sandboxing holds, for instance, if you're running the Facebook app and you also have, Envoy on your phone with all of your Bitcoin stored there in mobile wallet plus paired with Passport, Facebook cannot just go and say how much Bitcoin does this guy have. Like, the that's not something that is possible under the the strict sandboxing that exists in Android. And our Graphi OS takes that to a whole another level, by both enhancing that sandboxing itself, making it even more secure and more aggressive, I would say. There's some downsides to that. Maybe we can get to get into a little bit better, but they're much more harsh in how much they they prevent apps from being able to access outside of their own sandbox.
But then there's also really cool granular permissions control. I think for me, storage scopes is really the most, like, interesting addition on top of Android, which basically means that you can lie to an app and make it think it has full access to, like, your photos, for instance, or your files while only giving it access to specific things. So there are there are many apps that want full access. Like, for instance, social media apps, I think x is an example of this, wants full access to your photos for you to post any photo, which is insane. It's nonsensical. It doesn't need to happen. And so with storage scopes, you can essentially tell the app, oh, yeah. You have access to everything, but you get to select only the things that you wanna share with it. So that if you wanna share that screenshot on Twitter, you don't also have to give the Twitter app permission to see all your family photos or something like that. So that's one of the strongest things that I I really like and something that I I find myself using quite often.
Beyond that, it it keeps the verified boot and tamper resistance of stock Android, which is a really big differentiator versus many other, forks of Android or other alternate ROMs for Android, many of which require you to disable verified boot or secure boot is another name for it, which basically means that in those instances, you would have worse physical security. If someone got your phone, you're much more vulnerable to attacks. Whereas with verified boot, secure boot, tamper resistance, those things protect you in the case someone actually gets your phone and tries to run a different version of the operating system or tries to replace your operating system and give you the phone back and make you think that it's okay while it's actually been pwned.
[00:14:27] Unknown:
Is that That's really good. Why you're doing sorry, Seth. Is that There you go. You know, when you're setting it up, you do unlock the bootloader, and then once it's once it's sorted, you're relocking the bootloader. Is that, like, you that's the lock on it so that if someone gets physical access, they can't just plug in the USB and then start fucking around?
[00:14:45] Unknown:
Exactly. Yeah. And they can't they can't replace that operating system without being able to unlock the bootloader, which would mean they would have to have full OS control as well. Yeah. Yeah. It's that it's that relocking part that's an integral step. And if the OS you're running is something like lineage, which I know is another popular one, it's not really focused on security and privacy, but is one people sometimes use to do Google. You won't be relocking your bootloader as part of that because it doesn't work with verified boot. So you will be more vulnerable to physical attacks. So there's a that's a really vital one, and that's the core reason why they do only pixels because pixels can provide essentially what they need to be able to install an alternate OS and GrapheneOS, but still relock the bootloader.
That's the main reason why they stick with those. I know a lot of times people kinda get caught up on that. If I wanna de Google, why am I buying a Google phone? But the beauty of Android or the beauty of Pixel so far, at least, is that you can just replace it with a GrapheneOS, never log in to the stock OS or anything like that, and still have top tier physical security. One last thing I'll throw out there. I know I've hogged the mic, is just that Graphite OS are very much on the cutting edge of, security updates, often actually shipping security updates from upstream before Google ships them to stock pixels, which is wild. And they do a really good job of that. So it's another reason kind of why they're an extremely useful tool even to people who have advanced threat models because they they can have updates that are necessary, sometimes even before they would on an official Pixel device, which is is a is an important thing and very, very, very, very important for mobile device security.
[00:16:24] Unknown:
Awesome. Thank you for that one. Max, I'm gonna hand this one over to you, in a second. So, when you first install GrapheneOS, if if it's your first time looking into kind of, like, an alternative operating system other than iOS and and stock Android, you might have a bit of a of a shock at how kind of bare bones things are. Like, there's there's, like, a handful of preselected apps that come, preinstalled. So I wanna talk about some of the trade offs now of, you know, if you just download and install GrapheneOS on on a Pixel and you to get started, you're not gonna have what we talk about, the the the Google Play services, and you're not gonna have the Play Store or anything like that. So I wanna talk about some of the trade offs, and how we can get around those to kind of ease our, I guess, life Mhmm. Living with GrapheneOS.
So kind of, you know, from let's start with the basics. Like, when you first install it, like, are app stores a thing? How do you download apps? What's the trade offs? Where can you go? Like, what spell that out for me first before we go into the the port services side of things.
[00:17:34] Unknown:
Yeah. Well, full disclosure, I basically just use mine not as my daily driver. I use mine for some work stuff, Bitcoin stuff, Monero stuff, anything that's, like, sensitive. So it's not the phone that I carry around with me. It's not the phone that I use day to day. But when I have had to download apps, I've used Aurora. I've used F Droid. And it's been a while since I've done it. So I think what I did is I went online. I downloaded the APK, I think, for F Droid and for Aurora. And then you don't have to give any personal details. I ran a VPN while doing it. I think I even downloaded them off talks as being, like, extra, like, you know, specialist about things.
And then I downloaded the the basic apps that I needed, which was not I can't even remember what I needed from there because most of the things I downloaded had APKs anyway, but that's my specific use case, which is very different to someone who's using this every day. If you were using this every day, I would assume that a lot of people need things like banking apps or social media or whatever else. So that is a very different situation.
[00:19:00] Unknown:
Yeah. I think one thing that is often forgotten is you can do a lot of stuff in your browser. Like, it's not as convenient, but a lot of these things, like, especially banking, if you don't need some specific feature that's only in their app, you can do a lot of that in your browser just logging into their mobile website and rolling with it. It it certainly will be more painful for many things, but combining that ability to do things in a browser, even social media, I know a lot of people use x only in a, only in their browser, and then they, quote, unquote, install it to their home screen, which is just a progressive web app. You can get by doing that. Now it it definitely depends on your usage. Like, if you need to use x for your job and you need to handle multiple accounts and stuff,
[00:19:44] Unknown:
it's not gonna quite fit the bill probably. But, that's where profiles come in, which I know we can we can talk about a little bit. Yeah. Vibrant's just asked. Yeah. Vibrant's just asked about the profiles. I'll just throw in, like, I don't know a huge amount about profiles, but one thing that I've been using it for and I don't know if this is a good idea or not, but I use it for, like, travel. So I'll lock down a phone, and then I'll have a separate profile with a separate pin, which isn't the one that it boots up up with, which would have my more sensitive stuff on there. And maybe that's, like, not not useful, or actually not helpful, and you tell me, well, TSA or whoever, would still get access somehow or or an attacker would still get access somehow. But I just see it as, like, one extra layer because when I boot up the phone, it's got very boring normal stuff on there. And then anything that's more useful is one of the multiple different profiles that I have, which has a different pin, which I can't access.
So, that's how I use it, but I know there's other ways to use it as well.
[00:20:54] Unknown:
Alright. Cool. So so we've established that, you know, not having direct access to, you know, a logged in Play Store app on your phone is not the be all and end all. There's loads of great options like, Obtainium, direct APK access, Aurora Store, fDroid, etcetera, where you can get the vast majority of what you need, in a like, without having to to do that and log in. So I wanna dive into Google Play services. First off, I think let's let's define what they are, what they enable, because by default, GrapheneOS doesn't have them enabled. So what is that gonna limit?
And then I guess after we've kind of defined that and the trade offs with it, we can talk about the the flip side of that and being like, okay. For those that have to turn it on, why might you need to turn it on and and kind of, like, again, the trade offs on the flip side of that coin. I'll hand that to Seth first.
[00:21:49] Unknown:
Yeah. Definitely. This is this is one of the things that I think GrapheneOS has just absolutely nailed. For a very long time, they actually didn't have any way to do Google Play services, which I understand from a more hardcore perspective that that's the the safest approach. But for getting the average person to actually use this stuff, like, you you do need a way to be able to access Google Play services in all honesty. And the the quick summary of what they are is really straightforward. It's Google Play services. It's the Google Play Store. It's the things that are core to being able to to access and use most apps on Android in the way that the developer intended. Now that's not necessarily the way you actually want to run them. We can we can get into that. But in the way the developer intended, they expect your device to have Google Play services to be able to install things from the Google Play Store to get updates that way, all that good stuff. The main problem with that is the way that Google Play services are integrated into stock Android is essentially they're like a super root system app that you cannot touch, you cannot remove, and has complete access to basically everything on your device.
And the the thing that Graphina West did that I think is so novel is that they didn't just try to figure out some way to, like, sideload Google Play services, but still have many of the down the downsides. But instead, they actually took Google Play services, and they built them in such a way that they can they can sandbox those Google Play services just like any other app. So you can install Google Play services that other apps can use to get notifications, to verify your your device is legitimate, those sorts of things, without giving Google complete access to your device, which is good for both the privacy perspective, of course, but also really good from a security perspective because you maybe don't want Google Play services to have complete root access on your device. So it gives you a lot more choice there. And while doing so, it actually doesn't limit the effectiveness of Google Play Store or Google Play services. The only real differences you'll see are I think you briefly mentioned this before.
You can't use, Google Pay, like, the the digital cards in your digital wallet on your phone to tap to pay. That requires your device to to go through an onerous, like, Google Play services verification thing that they're just not gonna do for anything that's not an official OS. So that won't work even with Google Play services installed in GrapheneOS, but pretty much everything else will. The only other thing that potentially you can have problems with is some banking apps, also rely on the same device verification that Google Pay does. So there are some banking apps that I know have some problems on GrapheneOS, but some have actually been pressured into fixing that requirement and making it work into GrapheneOS on GrapheneOS. So they're really cool. I think for the vast majority of people, probably installing them is your best bet so that you can have a a quite Android like experience while still having much better security and privacy than default Android.
But it is definitely up to each user. And one of the beautiful things is you can pair Sandbox Google Play services with multiple profiles or with a work profile so that you don't have to have Google Play services touching everything or even in the same profile as everything on your device. But you could limit it to, for instance, just your more, centralized sketchy apps, your social media apps, your bank apps, things that require that to be able to function properly or to get notifications that you need. And then you can keep everything else in a separate profile that it will have no access to and, will have no visibility into. So there's a lot of kinda different ways you can pair this, but I know what's common for many people is, like, having all of their more hardcore apps in their default profile than having an extra profile that has their sketchier apps that they just need to be able to get by to to live, and they'll install Google Play services there and get the kind of the best of both worlds doing that.
[00:25:42] Unknown:
No. Okay. Appreciate that. Keen to know from, the GrapheneOS users in the chat, actually. Two things. Number one, do you use Google Play services? If you're rolling without it, I'm keen to hear your experience as to whether you've got many kind of, kneecapped apps. And also just a quick reminder that if you do have any tangential questions relating to to GraphiNoise or phone privacy, feel free to drop them in the chat and we we'd love to, to get on to those. Okay. So I wanna go quickly back to, the talk about profiles, because I've seen a comment on, Twitter from, Bon. No. It wasn't Bon. It was who is it from?
No. It was on Nosta. I've lost it now. Of course. Look at this. Live.
[00:26:27] Unknown:
It was from
[00:26:29] Unknown:
someone. It was from a Mithrandir, and he said, Telmax. Telmax, the main profile is like the root user, and I am pretty sure that if one is unlocked, then an attacker with a tool like Cellebrite could get data from all profiles. I Okay. Have no idea if we're able to substantiate that, but I'll go on, sir. Yeah. The the
[00:26:54] Unknown:
it's it still falls back to that before first unlock state that we talked about last week. So if you unlock your device, you are unlocking the encrypted disk and decrypting it to be able to use. So if you do that, your other profiles could be vulnerable, not because one profile is root or anything like that, but rather because you've unlocked the device and decrypted the disk to be able to do so. My understanding is that multiple profiles do not change that. So, like, logging into one profile but not logging into another doesn't keep the other profile in that before first unlock state because it's a it's a it's a disk wide thing. It's not a profile specific thing.
Now that's this is very in the weeds, so I definitely could be wrong there, but that's my understanding is it's a it's a device level thing. If you've unlocked the device at all, no matter what profile, the disk will be more vulnerable to something like Cellebrite. But I don't think that that has anything to do specifically with the profile system.
[00:27:51] Unknown:
Okay. The the one thing even if it was vulnerable to someone with, celebrate, like, the average attacker, it makes me think a friend of mine, like, a year ago, got held up by a load of hookers and some nasty people and threatened to move some money from whatever banking app it was, like Revolut or something, sending their Bitcoin off. And, obviously, they have access to his phone. And that can happen with hookers in a hotel room, but it could also happen on the street, and someone could pull a knife or whatever and say unlock your phone.
And if you do unlock your phone and under duress, you're forced to try and move money or Bitcoin, whatever it is. At least if it's behind another profile, unless it's a sophisticated attacker, they're probably not gonna be familiar with Graphene, and they're probably not gonna be familiar with the profiles within Graphene. And so if you unlocked your phone and you don't have any Bitcoin apps or Monero apps or any, anything that you can they can take money from you with, then your situation is much better than it would be if you weren't using profiles.
[00:29:12] Unknown:
Yeah. It's true. It's kinda like the duress pin idea on Bitcoin wallets that some do. I it it is one of those things that is very much only going to protect you against, like, a low level non targeted attack because it I I think kind of war gaming it out, to me, it can also cause problems if everyone knows that people use duress pins or that they know that you specifically are or this guy who has a ton of crypto, they may not believe you. If you don't use a duress pin, and then things can be a little they can get pretty sketchy, but it it is, I think, especially that sort of thing where it's just like you're held up on the street. Like, it's very unlikely they're gonna have deep technical knowledge on what security measures are put in place for graphene OS or Bitcoin wallets or something like that.
That ability to have some money there is good. Yeah. Well, to be fair, it seems to happen more often over on In London? Yeah. I was gonna say, I like it. London? I don't ever hear of it happening to anyone I've ever known in The US, but I know that it does happen in The US. It just seems like a more common thing over in One of my friends in London has been held up and robbed in London, like, three or four times in the last couple of years and, like, had their phone and their watch and all their stuff taken.
[00:30:27] Unknown:
So, like, maybe he just looks like an easy target or something, but, you know, maybe he should have crap
[00:30:35] Unknown:
in. Kidding.
[00:30:39] Unknown:
I think we, this is a a bit of a side channel here, but I think we may or may not be live on NoStar. Who knows? If you're if you're in NoStar and it's and it's actually working have a look. Yeah. If it's working, please drop us a comment or or even a zap if you're feeling fruity on a Friday. A couple of, topics that have come in from the chat that I wanna dive into, guys. William Hornblower asked, is it clear that Revolut will still work on GrapheneOS? I remember a topic on this. Revolut wanted to use a feature which was or will not be supported on GrapheneOS. Last time I checked, yes, it does still work, but I remember the, the the comment or the tweet that they sent out that, was mentioning that that kind of compatibility was under threat.
I'm unsure on the the kind of latest situation there. So it might be worth, tagging them on Twitter or Nosta to to get the latest or just trying to install,
[00:31:32] Unknown:
install Revolut by the banking app? Correct. Yes. Are you really a Bitcoin user if you haven't been banned from Revolut? Like, you obviously haven't done enough on Bisk to, to still have that account going.
[00:31:50] Unknown:
And another question that we had come through, which I'm just frantically trying to locate now. I can't remember who it came from, but the the general gist of it was around private spaces, which was an Android thing that was released maybe earlier this year, if not, later on last year. Where so so can we do a quick comparison really between profiles and private space? It was also from William Hornbloh. Thank you for for that chat for that comment. Like, are are these equivalent features? What's the difference? Should we use one versus the other? Do they have different applications? What what are we thinking here, guys?
[00:32:32] Unknown:
Yeah. I can I can jump in? So I I will preface this, but I haven't actually tried the private spaces yet, because I've long, long been a user of the split between the personal profile and work profile. I I I agree with Bon that the Graphene team says that it's not quite as good as having distinct user profiles, but I found that I needed the convenience of being able to access those work apps all the time rather than having to log out of a profile into a profile, out of a profile into a profile. It just it that flow did not work for me. So I was willing to sacrifice a little bit of that and use Shelter to use the the work profile where I can have my personal and work apps. Work being a in quotes thing because it's really just the apps I don't want, accessing other apps.
That profile was much more convenient. So that's what I do because I'm so entrenched in that. I I haven't bothered with the private spaces, but I know that, essentially, the Graphene team has said that private spaces is the much better approach than the work profile now that it's around and that it has similar or better security assurances than the the, like, personal and work profile split specifically. I believe it's still the same sort of, security assumptions as the separate user profiles, but much more convenient. So I would think that most users would probably want to use the private spaces, but it's it's just not something I actually have used, so I can't comment too much on it. I'm just I'm just kinda going off of what I've seen in Graphene and other people that I trust talk about there.
[00:34:06] Unknown:
Appreciate it. Yeah. William Humble, chimed in and said work profiles rely on other third party admin apps. Does that mean that you have to have this, an app installed on the admin, profile for it to work in in a separate profile, or am I missing service in that? Yeah. You have to use I think the two apps are called Island and Shelter,
[00:34:28] Unknown:
with Island being, I think, pretty unmaintained and Shelter being kind of sort of maintained, that's basically what allows you to have this personal work split and duplicate apps and have some more controls about, like, when you want to move files between the two, you can it gives you a little bit more functionality, which is a a a huge downside to doing the doing it the way that I do it. And that's why I think private spaces would probably be much better for the vast majority of people because it supposedly gives you similar isolation. I think the one question I would have, though, around that, and maybe y'all can answer this, is one thing that I really like about the personal or work profile split or the distinct user profiles is that you can have a per profile VPN or lack of VPN, and that allows you to do really cool things like having separate VPN accounts if you don't want even your account tied back to the same things or having a profile that doesn't use a VPN for those apps that are sketchy and freak out when you have a VPN.
There's a lot of, I think, really interesting use cases for that. And I don't think that that would be true of private spaces from my understanding of it, but I'm not sure if if y'all can answer that or maybe somebody in the chat.
[00:35:36] Unknown:
That's profiles. The the so profiles, you're saying you can have the you could have separate VPNs or the same VPN you can choose, but it's it's like using a separate phone almost.
[00:35:48] Unknown:
Yeah. But you can actually you can do that in the the personal and work profile split using an app in the shelter that I do. That's one of the reasons why I've liked it is because I still get that functionality, but I get much more convenient access to those apps because I'm using them all constantly. So yeah. Okay.
[00:36:07] Unknown:
Quick reminder, guys. If you have any, any questions on this, please do, drop them in the chat. This is a a topic that I do really enjoy talking about. In the meantime, I'm gonna bring up, one of the questions that we have presubmitted from, Rob g. He said, I would love if you guys can address using a VOIP, voice over IP service on GrapheneOS easily to prevent your real number, for legacy calls and SMS. He's tagged my pseudo app, and he says it it does not work well natively, and he's put in brackets that it needs a secondary device and play services. I'm not sure what he means by the secondary device, but he said that that's what he uses on an iPhone. So, any any experience with using VoIP services where presumably the the the kind of, idea here is that you don't wanna use a traditional SIM card or eSIM so that you don't have to, you know, have a number tied to you, your personal name, and your phone.
[00:37:04] Unknown:
So this is this is specifically for you for doing legacy phone calls to a number. So it looks like you're calling from a number rather than VoIP in the sense of, like, using, you know, signal or whatever for a call. It's so that it looks like you have a number.
[00:37:23] Unknown:
That's the way I interpret it. Yeah.
[00:37:25] Unknown:
Yeah. Then no. I have have no no, experience with that, I'm afraid.
[00:37:30] Unknown:
You led me down the garden path there. Thanks for that.
[00:37:36] Unknown:
Got all our hopes up. I I was excited because I I also can't say that I have any experience with this. I I have tried a lot of, like, real phone number services that don't require specifics. I think Cloaked has been the best one of those, if not perfect, for having, like, an actual phone number that's not VoIP, but not having to give over personal details, being able to pay with Monero or Bitcoin. But I I haven't tried the VoIP side of things specifically.
[00:38:05] Unknown:
Oh, here we are. Free samurai. For VoIP services, yeah, go with Keyogram and load it with Whirlpool PTC or XMR.
[00:38:16] Unknown:
Well, you haven't heard of that one. From the chat. No. Me neither. Graham. Thank you for, for chiming in. Another question that we've had presubmitted. This one comes from Quidion on Nosta. And he said, Revolut just forced me to verify my location again. Any tips on using Revolut as privately as possible, or is there a more private way of fiat transfer? I turned on my location as city center, and I did selfies with masks, but that did not work last time. And, Guidian, yes, I did cut down your question slightly because we hit the character limit, but hopefully, I got the gist of it there. I I can tackle this one, now that I'm not troubleshooting livestream stuff. Unfortunately, Revolut is it's it's just a bank.
There's no way to use a bank privately, unfortunately, if you are a general citizen. If they want your location or your identity or your mother's snake's cat sister's name, then you're gonna have to give it to them if, if you wanna use their service. They're they're governed and and bound by all of the usual laws, regulations from any given jurisdiction, and they can cut you off. And Revolut is one of the favorites for this. They will cut you off if they do anything sorry. If you do anything that they deem untoward. And by that Yeah. That is a very, very big umbrella. That could just be sending some money to somebody else on Revolut, unfortunately. They are very vigilant.
So to answer your question, is there anything you can do about it? No. You can just choose not to share that information, and that will result in you not being able to use their service, unfortunately. But that's just the the the way in the world when you you, I guess, interact with the banking system, unfortunately. I don't know if you guys got anything to answer that.
[00:39:58] Unknown:
I I do. This sort of goes against a lot of what a lot of Bitcoiners and, privacy people would say. I actually think when it comes to banking, like, most people need bank accounts if you have a life with, like, kids and, like, mortgages and bills and, like, you don't just live in your mom's basement or you're not, like, an international drugs dealer or, you know, you're just a normal person. You need banks. So my advice is not get rid of banks. It's actually potentially have as many accounts open as you can for optionality because and then any money that you do have to have within the banking system, spread it as as, evenly and thinly as you can so that if you get whacked by a Revolut or one of these, neobanks and they start crawling up your ass for a load of info or they freeze your money or they close your account, you're not suddenly fucked and you can't live your life.
So, I know it goes against, like, fuck the banks and just use Bitcoin, but, I would say actually the other way. Open bank accounts have options and maybe in different jurisdictions as well.
[00:41:12] Unknown:
Yeah. I I think also just, like, this idea of I need to be totally anonymous when I'm using my bank doesn't make any sense. Like, I've had multiple people tell me, like, yeah. My bank account won't let me access their site via tour. I'm like, okay. They know who you are. They know where you live. Yeah. They know how you spend your money. Accessing it over Tor doesn't help you at all. It just makes you stand out and raises red flags. And I think that's one thing that people kinda need to realize is if a service already knows who you are and where you live, yes, you should limit additional info, obviously, but you you shouldn't seek anonymity from them when using their service because it's only gonna cause you pain and make you look like someone they should be watching. It's it doesn't help you in any way. And I think that's something that's often misunderstood is people go too hardcore with those services. It's the ones that don't know who you are that you should be using something like Tor or something like a VPN. And sometimes you can use a VPN with banks, but oftentimes, that also raises red flags. They can be some of the stricter ones to to block VPN usage as well.
But it's one of those things where you have to you have to think about, like, what does the service already know about me? If they know who I am, it doesn't matter if they know that I'm accessing their site from my house because they know where I live, but they probably even provide the mortgage for my house. Like, it's it's it's one of those things where you got to just just be conscious, think through if this entity already knows all this about me, what does it actually make sense to try and protect and what does it not make sense to try to protect? You kinda wanna blend in with the crowd. You don't wanna stand out as, hey. We have one of three people who uses this bank, who uses Tor all the time. It's not probably something you want on your, your dossier.
[00:42:52] Unknown:
No. And BTC wrestler says, wouldn't you want to reduce the attack surface, of all the KYC by using only one or two? Maybe if you're, like, using in my opinion, anyway, maybe if you're using, like, a Bitcoin exchange or something like that, yeah, maybe, if you're gonna use them at all. But my personal view with, like, the banks and all this stuff is they all all your information's out there. And, if you're if you've got businesses or you're renting properties or you've got a job or whatever else, like, the tax man has a load of your info. All of this stuff is shared. The banks have your info. I'm sure most of your information has been leaked anyway. And if you're doing normal shit with it, like Seth is saying, like paying your mortgage and paying your bills and stuff, then, you know, what are they gonna do? As long as you're not linking that to the other side, like your Bitcoin side or your Monero side, which is where you wanna be private, I don't see the problem in having that information out there. It just makes you look normal, and it gives you options because I've been in the situation before where I've had one bank or two banks, and I've had many, many accounts closed.
And if you have all your money in one place and they seize it, you are fucked, and they can hold it for a very long time. They can drag you through serious amount of problems, and suddenly you can't pay your bills. So, my that's my personal view from experiences. I would take that trade off of having more banks with my KYC information than just one and relying on one because it can really, really be a problem.
[00:44:38] Unknown:
Yeah. Well said. Well said. Next question comes from eight Mithrandir over on Nosta, so I can't actually bring it up. It's not in the live chat. This is a great great question, actually, and we should have covered it off in the the earlier on, but, thank you for for eight for kind of bringing it up. Backup and recovery on GrapheneOS. Anyone done this well? Can you recover all of the apps with the correct settings, such as banking apps, etcetera? So I guess to set the scene, like, you know, if you're, an iOS user, I'm I'm sure most of us here have at least tried it, and you've gone through that kind of device switch here where you have that kind of magical switch over where you kind of just log in or you scan that magical old thing, and then within ten minutes, your new phone looks identical to the old one.
Obviously, that comes with many, many trade offs that comes with, like, the iOS ecosystem. But such a thing, to my knowledge, does not exist for the the GrapheneOS ecosystem. In terms of backups, what I do know is that they have, like, I think they call it seed vault, where you can kind of basically encrypt the entire contents of your phone. And when I say entire contents, I think it is the whole file system. Again, I'll let the guys chime in and tell me I'm wrong in a second. And then you have basically, like, a 12 word, almost like a seed phrase, like a password to be able to decrypt that. So so basically what you get left with is a secret, the 12 words, and then a file which you obviously need to manually update and store somewhere, be it on a USB drive or maybe something like Proton drive, and you can potentially automate that once a week or once a month or somehow so that you've got, you know, a semi recent backup such that if something does go really wrong with your your Pixel running Graphene, that you've got a fairly recent backup that you can call upon. I know for a fact it covers, like, the basic stuff like contacts, apps that you've got downloaded, photos, etcetera.
I'm almost certain it also covers app settings, etcetera as well. So but, fortunately, I've never been in the situation where I've had to actually rely on one of those backups. So I haven't actually put the proof into the put and see exactly what information does get pulled down when you need to leverage that sort of thing. But, yes, to to summarize, it it it oh, okay. Well, so let me summarize my thing is, yes. It's possible, and Max is gonna tell us how successful it is now.
[00:46:58] Unknown:
Well, I did it fairly recently, and then what I did is actually tested the backup. And the reason I did it was because, I was using Envoy for most of my recent transactions and labeling everything because my laptop that I was using with Sparrow is just fucked. So I didn't wanna lose that, and I thought, oh, if that phone goes down, I'm gonna have problems. So it's only really for that, but I did a backup, and then I had a spare pixel that also had graphene running on it. And then I tested the backup by restoring onto that phone, and I basically had two mirrored phones. And I had all my transactions, and I had everything that I needed. So I don't know past that. But, yeah, I think it was like, was it 12 words, or was it I definitely had to write something down, and then I had to use that to recover it.
And I just shuffled the encrypted data across with a little USB stick across to the other phone, then did restore, and set it up. So I just basically had a mirror of the other phone as, like, a backup in case the other one got fucked.
[00:48:07] Unknown:
Yeah. It's in my experience, it's quite hit or miss. It does work in general, but even the, like, even the graphene team calls out that it's incomplete, and they've theoretically been building a replacement for it for a long, long time. I I haven't seen any updates on that, but I I don't keep heavily, heavily up with their developments, like, in chat rooms or anything like that. So there there may be more progress there than I know. But, yeah, the current backup system for me, it's like, it's okay. You won't cry, but there will be some pain. Like, it's not gonna be a seamless process in in in my experience, but that also is gonna heavily depend on what you do with your phone. If you're very much a minimalist and you are mostly using apps that, are just simple and straightforward, it's pretty good. I think what what I've done, honestly, is I just don't even try using the backup service anymore, and I just focus on the, like, signal backups, two factor backups.
Like, Aegis has its own encrypted backups. I'll just put all of those onto a flash drive or onto my Proton drive or next next cloud or something. And I'll just restore the ones where, like, I want to make sure I don't lose any data. Envoy's another example of that. Cake's another example of that, where I can take a separate backup that I know will restore much better than the, the GrapheneOS backup system. Mhmm. I'll just do those, and then I'll manually install the apps that I want. And, to me, I found that that just ends up in a better state than when I try to do the the wholesale restore.
[00:49:39] Unknown:
Good advice. Good advice. Yeah. Although it does make it painful when you do get a new phone, but, it's yeah. You you can get through it. I spoke too soon on the the nostalgia side of things, that it shows us as live. The chat is working. Thank you to, Free Samurais, up in 2,100 sats. Bond's up in 1,337 sats, and eight Mithrandir is up in 777 sats. Appreciate you being here. There's it shows us live, but there's no video. So, thank you for participating in the in the chat even though the, the stream itself is not working. We'll we'll we'll go again next week and see if we can finally get it, get it going. William Hornblower for has posted a great question that's already been answered by the live chat. I love this. He said, what camera app do you recommend for nearly Google stock Android camera app quality?
I can hit this one. The app I use is the Google Android stock one. Well, as, Bon mentions in the, in the Twitter comments, basically, just download the app from Aurora or, or the Play Store, and then just kill all the permissions. So you you get the benefit of all the the the kind of technology that makes the the camera app the best available, but it you revoke its access to kind of send your photos anywhere other than your phone. And Seth, has also just commented as well. This is for the benefit of the the podcast audience, I guess, that you can also do exactly the same thing for the Google keyboard, where the Google keyboard, again, arguably, in my opinion, the the best available keyboard for for Android, with all of its additional kind of features and layouts, etcetera, etcetera.
You don't need to deprive yourself of that. You can install that, and you can, again, kill all of the network access so that you can just you don't have to type like your four year old school child, and making typos, etcetera, because all of the other party, keyboards are woeful. Literally woeful. So do yourself a favor. Grab hold of the the g board, and just kill all of the network access, because it's it's literally night and day in terms of how much better it is to use, at least in my experience. And I'm I'm hearing some some giggles from, from the other, hostess. I'm guessing you guys agree.
[00:51:57] Unknown:
No. I'm just seeing everyone writing about Futo. I just wondered if anyone has, used that. I've got FreeSamurai saying try Futo, vibrant Futo, has great speech and text and swipe typing. Bon's saying he's admitted he's never tried it. I haven't ever I still just use the, standard one, but it is horrible.
[00:52:16] Unknown:
It's so bad. How do you do that, man? It's horrible. Survive? No. You need to use the Google keyboard. It's like a 10 times efficiency improvement using the Google keyboard with network access revoked. Like, that's one of the coolest features of Graphene OS, honestly, is you can do any app. And if it's something that you just need to be able to use locally, just don't toggle the allow network access when you hit install. It's magical, and it works really well for those. The one call out I will make with the Google camera well, one call out for each. So with the Google keyboard, you won't be able to post GIFs, which is What? I know. You can't
[00:52:51] Unknown:
Fuck's sake. That's how I communicate.
[00:52:54] Unknown:
Oh, we just lost Seth.
[00:52:57] Unknown:
Uh-oh.
[00:52:58] Unknown:
At least we're still here. Oh, no. Wait. He's back in the green room. Let me add him back in.
[00:53:02] Unknown:
You you're back in the room, Seth. That was weird. Must have been Google doxing me. Yeah. D DDoS ing me. Sorry. DDoS ing me. No. I I was just saying you can't, you can't post GIFs from the Google keyboard, which is a little painful. And then you in the Google camera app, the gallery won't ever work. So you'll have to go to your gallery app to see your pictures. If you tap the gallery button, it freaks out. So that's the only other kinda main call out there. But other than that, both work really well and are are the best options I've tried. I have tried a bunch of other keyboards that all were terrible, but I have not tried Fudo. So that sounds like a a good recommendation with so many people in the chat recommending it. I know that was hard for you to hear, Max. Because GIFs are like your your first language, aren't they?
[00:53:45] Unknown:
Honestly, it's, one of the main reasons that I absolutely cannot get along with, Nosta because it just doesn't have the integrated. It's like, yeah, you can go to another thing and then copy and paste and but, yeah, it's how I communicate being such a dyslexic fuck, you know, visual stuff. And without that, it's, I don't know. I I don't like it.
[00:54:08] Unknown:
Hello to Swift and John in the Nosta chat. They're both at 21 sets each. Welcome, gentlemen. Nice to have you with us. I wanted to cap off the call because we're nearly at the top of the hour with, talking about another one of the the kind of alternatives or something that you might miss when you go to the when you leave iOS or the Google ecosystem. One of the great things about them is that they sort of they have, like, the the the kind of cloud infrastructure if you if you use it in a kind of naive or default way where, you know, you've got note sync and you've got, you know, clouds automatic cloud storage and app sync, etcetera.
Clearly, you have none of that, when you go to to GrapheneOS or at least when you start using GrapheneOS. So are there any, ecosystems or tools that you use to kind of fill that void, either fully or just to a a certain degree that make your lives easier when you guys are using GrapheneOS?
[00:55:07] Unknown:
It's I mean, I've gone through a bunch of iterations. There's no one stop shop that I found, so I kinda pick and pick the pieces that make the most sense. Like, I'll just quickly run through key services for me. I have tried all of Proton's stuff. I think they're kind of in this camp where, like, everything is, like, 80% of what I need, but nothing's quite there. So while I have, like, a visionary plan and could be using them for everything, I don't. But the way that I replace a lot of the default sync stuff and everything is I use inte, inte, I I always forget how to say it, for photos, sync, and backup. They're freaking awesome. Like, it it has all of the memory stuff that I missed from Google Photos, like, all done on device machine learning. It's really cool.
So I use them for photo sync, and I've tried everything else out there. Like, I promise, literally everything else out there because that's been one of the biggest missing pieces since I do Googled. Notes notes note, like we have talked about before on the show, has been my go to. And then file sync. Honestly, I don't find myself needing to sync files very often. So, like, the little that I do, I just use Proton Drive, but I don't I don't need a lot on that side of things. But, honestly, those are probably the two biggest ones that I had missed was I was a heavy user of Google Keep before I did Googled, so I needed a solution to that. And, Notes Nook has been by far the best solution, and I think I have tried everything else out there as well.
And then replacing Google Photos has been a long, hard journey and Ente or Ente or, yeah, whatever. If someone knows how to actually pronounce that, please tell me. But I'll go with Ente, has been by far the best solution. I have just started using them, but they they are fantastic so far and seem like probably the only solution like this that'll actually be able to get my wife to which is a necessary thing for this.
[00:56:57] Unknown:
That's interesting. I've not heard about Entei. Maybe you can drop the link in the, into the chat so everybody else can check them out. Because like you say, I'm not sure how to say it either. I definitely need to check them out. Yeah. For me, I'm a I'm a big fan of the Proton ecosystem. It doesn't do everything, but it does, the majority of what I need in terms of file sync, automatic photo backups, etcetera, and, you know, obviously, everything's end to end encrypted. It's a service that I'm paying for anyway in terms of, like, email and all that sort of stuff. So it's nice to have, like, that kind of one ecosystem that does most of what I need, and then I can backfill with specific apps like you mentioned, Seth, with, like, Notesnock, etcetera.
Max, and any of the stuff, that you use that we haven't mentioned on this bit?
[00:57:42] Unknown:
Not really, to be honest, because I I only use it for a few work things and Bitcoin stuff, so it's not my daily driver. Like, I don't use it for those type of things. So no. But if I if I do need to share files or move things, I also tend to use Proton.
[00:58:02] Unknown:
Awesome. Alright. Well, that brings us to the top of the hour. Oh, just quickly, with with William Hornblower, this is a key point that I didn't know. Entei also allows self hosting as well. I presume you're talking about the the sync server there, are you, William? Maybe Seth. I don't know if you know the answer to that.
[00:58:20] Unknown:
I know that you can. Photos backup self hosted is something that I just I cannot recommend, unless you really know what you're doing and you're a sys admin and you understand redundant backups and you have a proper NAS with a good RAID setup. Like, I just I don't want all of my family photos reliant on me. Yeah. And I just push something up, and we lose every memory. Like, I I just I I don't see the point for most people. If you can do the same thing into an encrypted, just use the centralized server and pay for it and support a good company. That sounds good. If if you really know what you're doing, sure. Self host it. But I do not recommend that for the vast majority of people for something as sensitive as this. It's the same reason I don't use, like, key pass for a password manager, but I recommend Proton password Bitwarden because there's just not many advantages to self hosting it, and there are a lot of disadvantages.
[00:59:07] Unknown:
Yeah. Alright. Thanks for that. Quick very quickly, last one. Bon, you had some criticisms of ProtonDrive, the photos aspect. I'm keen to know, what those are. We've run out of time now, but please drop me a a note on loss or something like that so we can discuss. I'm keen to to know what you don't like about it because, my my, experience has been overwhelmingly positive so far. So keen to hear that. But with that said, that brings us, slightly over time. This is a really fun one. Clearly, a a popular topic and one that a lot of the, misfits are kind of well versed in. There's some great answers coming out, into the chat and also some wonderful questions as well. So thank you as always to everybody that got involved in the, in the live chat, both on Nostra, Twitter, and on YouTube as well. Thank you for the zaps.
We, appreciate everybody, taking part in today's, Freedom Tech Friday. And as always, we will see you at exactly the same time next week. Cheers, guys.
[01:00:07] Unknown:
Thank you for listening to Freedom Tech Friday. To everyone who boosted, asked questions, and participated in the show, we appreciate you all. Make sure to join us next week on Friday at 9AM EST and 2PM London. Thanks to Seth, Max, and Q for keeping it ungovernable. And thank you to Cake Wallet, Foundation, and my NIM box for keeping the ungovernable misfits going. Make sure to check out ungovernablemisfits.com to see mister Crown's incredible skills and artwork. Listen to the other shows in the feed to hear Kareem's world class editing skills.
Thanks to Expatriotic for keeping us up to date with Boost's XMR chats and sending in topics. John, great name and great guy, never change and never stop keeping us up to date with mining news or continuing to grow the mesh to Dell. Finally, a big thanks to the unsung hero, our Canadian overlord, Jordan, for trying to keep the ungovernable in check and for the endless work he puts in behind the scenes. We love you all. Stay ungovernable.
Welcome to Freedom Tech Friday and show format
Setting the stage: why phone privacy matters
What is GrapheneOS? Max’s plain‑English overview
Daily driving GrapheneOS: usability vs hardcore security
Under the hood: security, sandboxing and verified boot
Why Pixels? Relocking bootloader and fast security updates
First install trade‑offs: app stores, APKs and alternatives
Living without Play Store: browsers, profiles and workflows
Sandboxed Google Play services: what works and what doesn’t
Profiles, private spaces and real‑world threat scenarios
Banking apps on GrapheneOS, Revolut quirks and device checks
Reality of banking privacy: blending in vs standing out
Backups and recovery: Seedvault, app‑level backups and limits
Best camera and keyboard on GrapheneOS: stock apps, zero network
Replacing iCloud/Google: notes, photo sync and self‑hosting cautions
Wrap‑up and sign‑off
