>What are you currently identifying as Graphene's weak spots?

From a security standpoint, the Linux kernel is a liability. Most patches are upstream Linux kernel security bugs. It's a large attack surface. Android distributions also don't patch the kernel completely unlike us where we push the latest GKI per update. Our Linux hardening work can be made redundant if it was replaced with a something more designed for security like a microkernel.

From a user experience, the default apps aren't great with exception to our own apps like Vanadium, Camera etc. These are AOSP apps. New apps made in Kotlin with the modern Material 3 Expressive UIs are needed. Would also need the same licensing as AOSP does.

>What about the underlying reliance on proprietary hardware?

Always will be a thing for any device you are using. You can't guarantee designs match the product nor are you TSMC making your own processors with billion dollar manufacturing plants. Even the "free" "open" devices the FSF like to promote aren't truly open, they just have entirely proprietary hardware with embedded firmware so they do not allow the user to update in the OS. Linux-Libre blocked alerts for CPU vulns like Meltdown and Spectre (can be exploited remotely) and the distros don't usually deliver microcode to patch that either.

>How do you perceive the future and how can we contribute to funding it?

We are still continuing the partnership with our OEM. We hope to have devices by the next year as their 2026 Qualcomm devices missed deploying ARMv9 security features (iirc, would need to check with another team member). The OEM should make a formal announcement in the not so late future.

A lot of usability and accessibility improvements are on the way, and it would be nice to have better default apps in time for more supported devices in 2027. We are trying to hire devs and want to expand.

Funding wise we still rely on donations, but fortunately we get regular donations and are well resourced. People and talent is important.

>Have you looked into the blocking of app trackers?

We choose to leave people into using a VPN that blocks these or a DNS app like RethinkDNS which actually allows adding a VPN to it.

DNS filtering makes users stand out from other users with the same VPN (or no VPN) unless it's provided as a standard VPN feature which most users have activated. It's why we recommend using VPN provider DNS filtering.

Most data collection is also connected through the same domains as the actual service, so you can't actually block them. If a service did not, they could easily choose to. We believe it would be bad to give users a false sense of privacy in that way when features like Storage Scopes actually do that. If you go to Exodus' page for Facebook Lite they would say it had 0 trackers, but you still wouldn't use Facebook.

BTW Vanadium now uses a JIT interpreter so WASM works without JIT now. Briefly checking your app it appears to work with JIT disabled for me.

Not my npub anymore! But see the Project Account mastodon bridge reply.

If you were curious, I have been using Minibits ecash for recieving and then offramping to Phoenix Wallet. Phoenix provides an incredibly quick and easy set up. Just works. Hoping to combine both with using ZEUS.

We have tested running desktop Linux GUI apps before including LibreOffice. It can certainly be a thing in the future.

It's a hardened Signal fork with passphrase encryption for the message database, better notifications on devices without Google Play and support for pairing your messages to multiple devices. If you use Signal I strongly recommend it.

It's available in Accrescent so there is a root of trust between GrapheneOS -> Accrescent -> Molly.