In December 2023, a U.S. Senate investigation revealed that governments worldwide have been demanding push notification records from Apple and Google to surveil smartphone users, including tying anonymous messaging accounts to real identities. For years, privacy engineers dismissed this attack vector as unsolvable, since mobile operating systems require routing through platform servers.

MIP-05, a new specification for the Marmot Protocol, proves them wrong: by encrypting device tokens with probabilistic encryption and delivering notifications through gift-wrapped Nostr events, it makes push notifications functionally anonymous. If you care about private communication, this is the specification you need to understand.

The specification is currently in draft and open for review: https://github.com/marmot-protocol/marmot/pull/18 @naddr1qqgx...

Volla Phones ship de-Googled on MediaTek hardware with a firewall, tracker blocklists, and per-app network controls, all fine for escaping the surveillance apparatus of Mountain View. But let's not confuse privacy theater with actual security. MediaTek chipsets lack proper verified boot with rollback protection, the closed firmware blob situation is a mess, and Volla's "at least two years" of patches is a gentleman's promise on an unreliable short timeline. The Holochain "distributed cloud" they trumpet is more whitepaper than reality.

GrapheneOS, by contrast, actually hardens the system: hardened kernel, hardened_malloc, memory tagging, exploit mitigations throughout. It ships on Pixel hardware with a real secure element chip and seven years of same-day updates. Volla occupies the same tier as LineageOS and /e/OS, adequate for those who simply wish to stop feeding Google's data, but offering no serious resistance to a determined adversary.

Mission accomplished

Nice work!
Can you check DMs please?

Es soll ja kein Monolog sein, ich mag so casual podcasts eher als Q&A

Notice that Uber & Cabify have a progressive web app without google play service requirements. (bolt does not)

m.uber.com
cabify.com/app

Security is not a binary state. It is a relationship between what you protect, who you protect it from, and what resources they command.

The Marmot Protocol's threat model does what every security document should: it names specific adversaries, details how the protocol defeats each one, and admits where cryptography alone cannot save you. This matters because matching a protocol's actual defenses to your actual situation is the difference between security and security theater. @naddr1qqgr...

A fellow wool maximalist gets an instant follow.

Yes: https://shop.lnbits.com/product/nsec-remote-nostr-signer

But this does not have a secure element, arguably graphene is thus more secure. On the other side that has a much larger codebase and thus attack surface.

tldr: No.

I'd say make selective backups of your important files, not everything since that might include the malware, and then go again through https://grapheneos.org/install/web and start over.

8s are fine, especially if you have it already or want the cheapest option.

Both 9 and 10 are marginal improvements in build quality, performance, battery, and they will receive updates for one or two years longer (standard is 7 years official support from google, Graphene usually supports even longer)