We've published an initial experimental release for the Pixel 9 Pro Fold on our staging site:

https://staging.grapheneos.org/releases#comet-stable
https://staging.grapheneos.org/install/web

Our preordered Pixel 9 Pro Fold for our device testing farm hasn't arrived yet so we'll be relying on others to test the early builds.

Everything from #GrapheneOS been ported for it already and there's nothing else to do for it without testing feedback from users. There's a high chance everything is already fine for it since we have production quality support for the other 9th gen Pixels and the original 7th gen Pixel Fold.

New Auditor update with Pixel 9 Pro Fold support.

https://github.com/GrapheneOS/Auditor/releases/tag/84

Next release for 9th generation Pixels will have further hardening with RANDSTRUCT enabled for the kernel with a deterministic seed (the commit timestamp).

RANDSTRUCT randomizes the order of data structures and function pointer tables at compilation based on a seed, so exploits need to be catered to specific seeds. We've made it deterministic to preserve #GrapheneOS reproducible builds by using the hash of the commit date as a seed so it changes the layouts with each base kernel change and we can make it per-device-model later too.

When other devices get Kernel 6.1 (the upstream is in testing) it can be possible for them to get it too.

Great article from well known cryptographer Matthew D. Green about Telegram per recent events

https://blog.cryptographyengineering.com/2024/08/25/telegram-is-not-really-an-encrypted-messaging-app/

SimpleX is the gold standard here. Signal is mentioned here since they were the subject of Telegram's campaigns. I would absolutely suggest SimpleX above anything else.

Can't really be sure if it is gone, it's gone. Users should just hope for the best.

Deleting account on it's own would not delete their messages, they need to do that themselves, either by clearing DMs for both individuals or erasing their messages. If they want to delete their account, they should do that first. It's a user's choice to do that.

Using GrapheneOS without one AND aeroplane mode enabled (which turns off the cellular radio) is more secure since you are reducing remote attack surface from the cellular radio, SMS and others. SIM card is just used as authentication to that network and you are still taking part in it so you need both. Even if you have a SIM, using Aeroplane Mode but still using WiFi except when you need data is good practice (you're still connecting to your mobile network provider for WiFi calling and more). This also helps against cellular network tracking.

This has a huge usability cost for some users. High risk individuals are expected to disable radios (Bluetooth, UWB, WiFi, Cellular) when they aren't using them. It's an added measure from people with added caution.

Obviously messengers like Signal are out of the question with no phone number, so SimpleX is the first choice for this.

Matrix has issues with metadata, cryptography and numerous issues with stability. E2EE is default for DMs which is good, for big rooms with tens of thousands of people it is irrelevant anyways. We don't use E2EE on the public GrapheneOS rooms as it scales poorly.

We have some of the largest communities on all of Matrix and we have had to make new rooms numerous times due to stability issues and state resolution bugs. It can also be very slow on the network and so are the apps.

The multi-session adds a lot of complexity and cryptographers have told us Matrix have issues because of it.

See: https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/

There were several earlier rounds of Matrix cryptography vulnerabilities before. See https://nebuchadnezzar-megolm.github.io for one. This has happened repeatedly and we weren't impressed with their response which downplayed it.

We still heavily use Matrix ourselves and have our own server but we're less interested in keeping up with this. It's hard to move away from a platform with multi-session and both good desktop/mobile clients when most of the options don't have that and none combine it with great encryption. We'd like to be able to recommend Element/Matrix but it has these above issues and it gives a lot of metadata to each server. In E2EE Matrix rooms, message content and attachments are encrypted, but the server knows the time, sender, etc.

Still a better choice than Telegram though. As a decentralised service you need to trust your homeserver but that is completely down to you. I am assuming they act in good faith with this post but it is possible not every homeserver will.

Unfortunately the security / privacy campaigning directly conflict against the developers and people working in the field. Many people who lead the campaign also don't advocate the right information. When people do care it's often they've done it incorrectly or been fed baseless accusations and scaremongering meant to slowly wear readers down into buying dubious products and software.

Even if people won't care about privacy yet, we'll be here with the work when they start to. There are people who dismissed our work or used something else before coming here, and some of those people are influential and provide noticeable public support now.

I don't have hard feelings towards people who either don't care or don't like certain projects or even GrapheneOS for whatever reason. If people get in trouble because their narrow-minded attitude thought they were untouchable then it's on them. They will be lessons for others to not follow their footsteps.

We win by being better than others.

@nevent1qqs...

This is not a jab against Telegram hitting them when they are at their lows despite what a disappointing amount of users on Twitter have reacted to this with. All of us are GrapheneOS have used it in some way. However, it's founder being arrested is a very important time to remind people that because messages are not end-to-end encrypted except in a very specific circumstance, many users and average people are at risk. Telegram has almost a billion users and many do not understand this concept. If you hold something sensitive on Telegram and it's not encrypted, you MUST take appropriate action. This is a PSA to our users who use Telegram because we care about the safety of our users and community. The climate surrounding Telegram is moving towards being hostile, so talking about this is more important than ever.

There are many messengers not just Signal that are safer than Telegram simply because end to end encryption is mandatory. Signal is mentioned here because they are an unfortunate subject of Telegram's marketing campaigns. Influencers taking jabs at Signal when they are proven to only be able to provide only a timestamp of when an account was registered and last used in court is simply throwing stones from a glass house. Both require phone numbers yet Telegram gives away far more information about you.

Encryption and preventing access to metadata doesn't just protect users, it protects developers. You cannot be compelled to give away what you cannot access and you cannot be accountable to protect against what you aren't able to moderate. Develop unstoppable software that can survive without you.

https://signal.org/bigbrother/santa-clara-county/

We recommend only SimpleX for messaging outside of Signal/Molly at this time. For high risk GrapheneOS users who use it as a WiFi-Only device with no SIM, it is the best choice. Molly also allows multiple devices to use one Signal account, register on another device and link and you still won't need the number if you need Signal. If Session had PFS it would also be considered further, there is a tradeoff.

We aren't in a place and time to assess every communication method available to us, the market for messaging apps is becoming way too large.

@nevent1qqs...

Our 4th release for the Pixel 9, Pixel 9 Pro and Pixel 9 Pro XL is now available. It adds two Bluetooth bug fixes missing from the temporary Android Open Source Project branch for 9th generation Pixels. One of those is a Bluetooth issue we reported.

See more about how #GrapheneOS exploit mitigations help identify vulnerabilities upstream which we report and improve Android security for everyone:

@nevent1qqs...

Difficult to count how many people put themselves in trouble by not using the app in the way it should have been used... Recent events cannot make Telegram avoid scrutiny, the criticisms are more important than ever now if things do get worse.