csrc links to notrace.how, miscellaneous edits

This commit is contained in:
anarsec 2023-11-12 17:57:58 +00:00
parent 9d659896fa
commit d83276dadb
No known key found for this signature in database
17 changed files with 42 additions and 153 deletions

View file

@ -19,7 +19,7 @@ letter="grapheneos-letter.pdf"
# What is GrapheneOS?
GrapheneOS is a private and secure version of the Android [operating system](/glossary#operating-system-os). Standard Android smartphones have Google baked into them (for example, [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) have irrevocable access to your files, call logs, location, etc.), and it is trivial to [bypass standard Android authentication](https://www.csrc.link/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html) with [physical access](/glossary/#physical-attacks) to the device. GrapheneOS uses hardware-based security to [greatly increase the difficulty](https://grapheneos.org/faq#encryption) of bypassing authentication, is significantly [hardened](/glossary#hardening) against hacking, and has all Google apps and services removed by default. There are other alternative Android operating systems, [but they are inferior](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/). See the [GrapheneOS documentation](https://grapheneos.org/features) for an extensive list of privacy and security improvements over standard Android. GrapheneOS is [regularly audited](https://grapheneos.org/faq#audit).
GrapheneOS is a private and secure version of the Android [operating system](/glossary#operating-system-os). Standard Android smartphones have Google baked into them (for example, [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) have irrevocable access to your files, call logs, location, etc.), and it is trivial to [bypass standard Android authentication](https://www.notrace.how/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html) with [physical access](/glossary/#physical-attacks) to the device. GrapheneOS uses hardware-based security to [greatly increase the difficulty](https://grapheneos.org/faq#encryption) of bypassing authentication, is significantly [hardened](/glossary#hardening) against hacking, and has all Google apps and services removed by default. There are other alternative Android operating systems, [but they are inferior](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/). See the [GrapheneOS documentation](https://grapheneos.org/features) for an extensive list of privacy and security improvements over standard Android. GrapheneOS is [regularly audited](https://grapheneos.org/faq#audit).
Due to the nature of [how the technology works](https://privsec.dev/posts/android/android-tips/#carrier-tracking), cell phones leave a geolocation history when they connect to cell towers. For this reason, we recommend that you use a smartphone that stays at home like a landline and connects to the Internet via Wi-Fi in airplane mode, rather than using a SIM card to connect through cell towers. Even if you use an anonymously purchased SIM card, if it is linked to your identity in the future, the service provider can be retroactively queried for all geolocation data. Furthermore, it's not enough to only leave your phone at home when you're going to a demo or action, as this will [stand out](/posts/nophones/#metadata-patterns) as an outlier and serve as an indication of conspiratorial activity in that time window.
@ -136,8 +136,6 @@ Some apps are not on the Play Store, either because they're still in development
As an example of how to use Obtainium, Molly-FOSS is a hardened version of Signal without [Google software](https://github.com/mollyim/mollyim-android#free-and-open-source) and is available from [Github Releases](https://github.com/mollyim/mollyim-android/releases). In Obtanium, press **Add App**, then copy the Github Releases URL. Obtanium will be able to install the app, and if there is a new version, you will get a system notification and an update icon next to it, and you will need to update it manually.
Cwtch is not yet available on the Google Play Store and can be added to Obtainium by entering the [download page URL](https://cwtch.im/download/).
## Software That Requires Google Play Services
If there is an app you want to use that requires Google Play services, create a specific user profile for it from the Owner user profile; you can name it Google. This is also a good way to isolate any app you need to use that isn't [open-source](/glossary/#open-source) or reputable. If you create a Google user profile, you will need to install and configure Sandboxed Google Play in it.