I love the divest guy, but he is a one man show.
https://divestos.org/pages/about
Divest is lineageos plus patches.
My personal recommendation for secure devices is: grapheneos, then calyxos, then divestos, then lineageos
There are big differences between graphene and divest: sandboxed Google play for instance. For a detailed comparison see privacy guides https://www.privacyguides.org/en/android/#divestos
https://grapheneos.org/faq#recommended-devices
Non-exhaustive list of requirements for future devices, which are standards met or exceeded by current Pixel devices:
Support for using alternate operating systems including full hardware security functionality
Complete monthly Android Security Bulletin patches without any regular delays longer than a week
At least 5 years of updates from launch for phones (Pixels now have 7) and 7 years for tablets
Vendor code updated to new monthly, quarterly and yearly releases of AOSP within several months to provide new security improvements (Pixels receive these in the month they’re released)
Linux 5.15 or Linux 6.1 Generic Kernel Image (GKI) support
Hardware accelerated virtualization usable by GrapheneOS (ideally pKVM to match Pixels but another usable implementation may be acceptable)
Hardware memory tagging (ARM MTE or equivalent)
BTI/PAC, CET or equivalent
PXN, SMEP or equivalent
PAN, SMAP or equivalent
Isolated radios (cellular, Wi-Fi, Bluetooth, NFC, etc.), GPU, SSD, media encode / decode, image processor and other components
Support for A/B updates of both the firmware and OS images with automatic rollback if the initial boot fails one or more times
Verified boot with rollback protection for firmware
Verified boot with rollback protection for the OS (Android Verified Boot)
Verified boot key fingerprint for yellow boot state displayed with a secure hash (non-truncated SHA-256 or better)
StrongBox keystore provided by secure element
Hardware key attestation support for the StrongBox keystore
Attest key support for hardware key attestation to provide pinning support
Weaver disk encryption key derivation throttling provided by secure element
Insider attack resistance for updates to the secure element (Owner user authentication required before updates are accepted)
Inline disk encryption acceleration with wrapped key support
64-bit-only device support code
Wi-Fi anonymity support including MAC address randomization, probe sequence number randomization and no other leaked identifiers
For now… Giving this capability to a app seems foolish.
If you value premium enough, I’m sure lots of people will agree to it.
Crazy. Become a telegram sms relay… Doesn’t seem like a great idea for the user.
100%
AND their file sending is centralized
It’s great, it does exactly what it says it does. Including using slot of battery power.
I’d love to see data to the contrary, but I believe even with username IDs, they will still want phone number verification. I.e. like telegram does
That’s a very cogent message, thank you for writing it. I now understand your concern. I had missed the iphone requirement
You can use a voip/sms service to register with the traditional messaging apps: signal, telegram, etc
I.e. google voice, or https://kycnot.me/search?q=sms&type=
Though I think :
Matrix, simplex, and briar are good options that don’t need sms at all
Briar fits the requirements.
No need for sms. Works over the internet, wifi only, or Bluetooth. As long as everyone has android it’s a great option.
That being said simplex is probably the right answer here, but no reason to antagonize the person who suggested a valid option.
They are interesting. But they are a huge red flag and scream examine me if it’s in your luggage and your crossing a boarder.
I’m somewhat dubious about a hardware system not having long term undiscovered flaws. Be sure to use software based data protection on top of the hardware solution.
wffm
That’s amazing. Jaw dropping.
I thought I was cool for making a clock one time.
Okay. Good luck with that. Feels like a big headache.
Worst case scenario, you become very successful, and force the VPN to limit devices to the same IP range.
From my perspective, if you really want to do this, become a legitimate VPN reseller. Then you don’t have to do the user management
At $0.50 a month I see people buying a single month prepaid to do evil things, and getting the account shutdown. Or just posting the credentials to 4chan.
If it’s a year prepaid, then it’s starting to compete with the multiyear VPN providers who offer services at like $1 month but prepay 3 years.
I think your idea is fine to share amongst friends who know each other. But with strangers… It will be a huge headache.
Also, what if someone just like you is one of your customers? Taking the account info you give and reselling it? How would you handle it?
What’s the value proposition for the customer over just going to the VPN service provider directly?
https://kycnot.me/search?q=sms&type=
There are providers that sell sms activation access, full cloud phone numbers, etc.
Doesn’t need to be a business. Give the air space back for public use. Pbs or real local public broadcasting, etc.
What phone hardware to you suggest as a replacement from a security perspective?