• 30 Posts
Joined há 3 anos
Cake day: jun 07, 2020


Well… seriously, go and read those archived r/linux and HN comments. This fellow here is pretty well known in privacy community to be basically someone who shits on Linux and praises Windows and MacOS security. This person and Brad Spengler were the ones to begin this trend of Big Tech “security” apologia in privacy community, which has become a disease with GrapheneOS on the mobile side of things now.

These specimens/entities coincidentally praise the security of Windows, MacOS, Google Pixel, Apple Secure Enclave, while calling Linux and FOSS projects horrible nightmare all the time, consistently. Moreover, they also coincidentally happen to call PRISM Snowden and Assange revelations irrelevant jokes (see https://web.archive.org/web/20220418214232/https://old.reddit.com/r/privacy/comments/iox6rq/should_i_get_an_iphone_if_i_value_privacy/ or https://i.imgur.com/xcryYvM.jpg).

There is a lot to it, and its hard to form a gist of it other than these entities being extremely dangerous to and being the equivalent of termites to privacy community, everywhere one exists.

Tor has completely broken application on Brave, and leaks a lot of information.

Be grateful for the transparency I portray, and for presenting what people otherwise would never have known. Even I see it as a bit cringey, but I was neck deep into privacy community back then, and you have to use certain lingo to mesh with that crowd.

If I told you madaidan used to (probably still moderates) NSFW subreddits years ago, you would be shell shocked.

GrapheneOS is a custom Android fork with largely no security enhancements, besides UX rework and copypasting other security projects. They sell snake oil in the name of prestigious glory that FLOSS label carries.


Its lead developer (who became irrelevant in society) and his acolytes believe in purposely creating insane amounts of toxicity and drama to remain relevant in the privacy community. They baselessly label everyone with political epithets to defame everyone, and then scream “defamation” when a counter argument is presented to their manufactured position.

The long comment by official GrapheneOS account should be here: https://web.archive.org/web/20220502064114/https://old.reddit.com/r/PrivacyGuides/comments/uged1y/is_grapheneos_actually_good_or_just_hype/

Recently someone informed me of them creating drama with Bromite (on which their Vanadium browser is based) and FlorisBoard projects. They labelled those project maintainers with very bad, false epithets.




I had the opportunity to elaborate on the entire feature list of GrapheneOS, as per their website, last year. Look here. https://i.imgur.com/pQHoq84.jpg

There are only 3 things they ever did on their own as extras, and even they have basically no value in the grand scheme of things, them being offering:

  • instead of 16 character, 64 character password limit on lockscreen
  • PIN scrambling
  • Morula method of exec spawning instead of Zygote method used in most AOSP projects

Now, I will elaborate on these 3.

  • Elaborating on first one, it is kind of useless as you can see for obvious reasons.
  • For second one, you already understand why fingerprint avoids the issue of someone peeping at your PIN/password entered across your shoulder. Fingerprint is infinitely superior. Even more so with Android and iOS both offering biometric Lockdown features.
  • This one is somewhat half credible, but the goal is to destroy the memory blocks used by an app after it is exited, so that memory blocks do not retain essential text strings of data to exploit. For this, you can just go to Developer Options and enable “Don’t keep activities” and it will achieve the same effect as Morula method of exec spawning implemented by GrapheneOS.

So out of the 20-30 features GrapheneOS claims they developed, everything is either a modification of app permissions or firewalling or AOSP feature rebranding.

Also, as you may have famously heard about “Sandboxed Play Services”, it is not developed by GrapheneOS, but a project called ProtonAOSP, whose developer is kdrag0n. GrapheneOS copied that off and rebranded it as their own developed thing.

Recently someone informed me of them creating drama with Bromite (on which their Vanadium browser is based) and FlorisBoard projects. They labelled those project maintainers with very bad, false epithets.




Brave is basically just for people too dumb to install uBlock Origin on Firefox, and who desire a worse experience with the fickle greed of BAT garbage.

Let me provide you a little more on the subject.



Tweet linked in above hysteric post https://web.archive.org/web/20200812145114/https://nitter.net/MichalPurzynski/status/1293220570885062657

The job of madaidan/Spengler/GrapheneOS church is to hate and destroy FLOSS projects that condemn their actions or do not fall in line with them, and even attempt witch hunts on people that criticise them. I was a victim of it last year, as they hijacked the Matrix room of this very community (which I was unable to save since admins did not listen to me) and attempted to create fabricate projection lies against me because I moderate this place. https://archive.ph/acy2h

No, he is just another victim of madaidan/Spengler/GrapheneOS church propaganda.

One of the best… you mean toilet papers of the internet, repeatedly trashed by r/linux and HN users?




madaidan is an admin of GrapheneOS, NoGoolag, SpiteChat communities/chatrooms across various platforms. The “insecurities” blog chap, notorious for a lot of misinformation in FOSS and Linux communities but opposite in a big chunk of mainstream privacy community. A staple of the “redditor hackerman” starterpack, for people who know nothing better.

He knows literally nothing and has proven his credentials https://i.imgur.com/UHhQRIU.jpg and https://i.imgur.com/FiYhbkk.jpg, among many other places.

BAT is Brave Attention Token, a form of crypto exclusive and locked into Brave. Its like a little crypto mining scam.

Brave Browser is funded by DoD: https://np.reddit.com/r/privatelife/comments/fe34ls/exclusive_brave_browser_funded_by_dod_contractor/

Brave traffic detected with Cryptocompare despite BAT rewards disabled: https://unddit.com/r/privacytoolsIO/comments/gr8nue/ (removeddit no longer works, use unddit)

Brave also has a known history of whitelisting Facebook and Twitter trackers, and has a crippled adblocker that does not work on Brave’s “acceptable” advertisements.

Brave Browser hardcoded their crypto partner Binance referral links (https://twitter.com/cryptonator1337/status/1269201480105578496) alongwith Ledger and soon-to-be-compromised Coinbase (https://decrypt.co/31461/coinbase-wants-to-identify-bitcoin-users-for-dea-irs)

Also some new stuff you might want to check.



Well, Braxman is not really about the useless services he offers. His commentary on privacy is fine, and there are a lot more scams like GrapheneOS that people need to worry about.

Because I wanted to democratise privacy for masses by giving them 97-100% benefit of “elitist” setups.

Also I must destroy the elitists, pretend experts and privacy circus that goes on in the community. They exist to harm FLOSS movement, use the prestigious label to masquerade as sheeps and harass and datamine privacy users by gaining trust.

It was always a lie to fool everyone thinking GrapheneOS is in the same race as XDA, Braxman and individual reflashed Pixel sellers, trying to capitalise on privacy market by selling a phone.

It was always a lie to fool everyone thinking GrapheneOS is in the same race as XDA, Braxman and individual reflashed Pixel sellers, trying to capitalise on privacy market by selling a phone.

The Z in czf stands for ze

ze ze ze ze ze… (very sorry, I need a ban for this)

I wholly support this and would have done the same in their place, before AI art gets out of control.

That moment when even Taiwan sees USA as a threat to its future…

**Too many people need to watch this in 2022.**

Relevant reading: https://github.com/zlw9991/node-ipc-dependencies-list https://web.archive.org/web/20220318095406/https://github.com/RIAEvangelist/peacenotwar/issues/45 https://security.snyk.io/vuln/SNYK-JS-NODEIPC-2426370

The amount of Russophobia and anti Russian censorship ongoing currently on Reddit is astounding.
I am observing a very similar sentiment to Sinophobia, now regarding Russia. Reddit's audience is primarily 80% USA + West EU, and the rest 20% also includes a lot of East Europe and other countries, leaving for 5-10% anti-hatred people. On the other hand, Western world makes up for a mere 12% of the world's population. This speaks volumes about how majoritarianism is flipped on the internet by Western world to suit their narratives and loudmouth whatever they want dominating in virtual space. And since moderators are also from said Western countries, the biases are completely intentional and systematic. For all the "human rights" and "no censorship" nonsense these Western countries spout with the assumption of having high horse on moral grounds, they lie a lot systematically. Just an observation.

What are easy to present criticisms of mainstream outlets like BBC and CNN?
While it is easy to use phrases like "use critical thinking", this is not easy for elders or cousins in families to be told, as this is not lucid to understand in a snap. It is essential for criticism to be easily communicable to ordinary people that watch Google Feed or MSN News daily, and I feel that such criticism is not even easy to access or read, considering ordinary people have been cornered from MSM, YouTube, Twitter, Facebook and rest of Big Tech and Western media apparatus. If you love your BBC and CNN feeds, avoid this post, this is not for you.

r/PrivacyGuides restored citation-less slander post as facts, and GrapheneOS community sockpuppet theory is proven correct by one of its members
cross-posted from: https://lemmy.ml/post/143981 > Mod statement: https://np.reddit.com/r/PrivacyGuides/comments/rxf02a/theanonymousjoker_false_privacy_prophet/hs1dxux?context=3 > > https://i.imgur.com/LahmNkO.jpg > > dng99/dngray has branded a citation-less slander post as facts. These are the "community standards" of r/PrivacyGuides. Always remember this. > > u/trai_dep, the record stands corrected once again > > Moreover, my theory about GrapheneOS community using sockpuppets is true, as confirmed by... > > https://np.reddit.com/r/fdroid/comments/rxtc14/came_across_this_thoughts/hs1o6no?context=3 > > https://i.imgur.com/JX6uTpx.jpg > > Tommy_Tran = B0risGrishenko (OP of slander post). Thanks for confirming my GrapheneOS community sockpuppet theory.

r/PrivacyGuides is allowing a personally targeting post with my name in post title currently, slandering me and my smartphone guide
https://teddit.net/r/PrivacyGuides/comments/rxf02a/theanonymousjoker_false_privacy_prophet/ This is one of key GrapheneOS community members doing it, and r/PrivacyGuides has the same moderation team as r/privacytoolsio before, and the main moderator of r/privacy is also same. Has anyone seen this kind of behaviour in overall privacy community? Edit: https://ghostarchive.org/archive/ttkkU reddit post archived

100% FOSS Smartphone Hardening non-root Guide 4.0
https://lemmy.ml/post/128667 Crosspost but the guide body is so long, I had to break it into 5 parts.

Firefox Suggest (search bar suggestions) is offline by default (proof inside)
https://bugzilla.mozilla.org/show_bug.cgi?id=1727907 'Offline' is currently the default which is explained in the [source code](https://searchfox.org/mozilla-central/rev/d488f68d845a87cc107612b667951152c34fb116/browser/components/urlbar/UrlbarPrefs.jsm#543): "This is the scenario for the "offline" rollout. Firefox Suggest suggestions are enabled by default. Search strings and matching keywords are not included in related telemetry. The onboarding dialog is not shown." Switching to 'online' would trigger a dialog that comes up when you start the browser. Only clicking 'Allow suggestions' on the dialog would opt you into the search query collection.

[TINY GUIDE] How to stay safe from Pegasus and most social engineering malware these days
cross-posted from: https://lemmy.ml/post/74540 > Hello! I think it is a nice time to re-mention some 101 tips of IT security for folks here, that I also practice. Pegasus malware investigation will be big news for a good while, so the more awareness it helps spread, the better. > > # RULE 1 > > DO NOT CLICK ON RANDOM SMS AND EMAIL LINKS. Please, do not do this, ever. Just do not do it. Do not do it. Do not do it. Do not do it. > > Yes, that is how many times I repeated that line. That is how important this rule is. > > Also, do not download random email attachments. > > Phishing is such a common tactic that one would think this problem has been solved by now, but it has not. > > # RULE 2 > > Keep OFF auto download of photos, videos, documents and so on on WhatsApp, Signal and such apps. > > Drive by downloads being self executable surprise bombs is not a new thing. Basically, this rule is similar to keeping off AutoPlay for external USB sticks on Windows computers. > > # RULE 3 > > Avoid using popular software too much. > > I get it, this is a hard rule to workaround considering how much we need to use WhatsApp, Signal, Telegram and so on, so it is a lot better to compartmentalise your activities among multiple messengers. > > Pegasus and a lot of specialised malware uses zero-days to be able to design zero click deployment tricks, which is what these government surveillance tools are good at reserving. They use their millions of dollars of funding and R&D properly, so you have to be careful. > > As an example, try to keep WhatsApp internet turned off most of the times via NetGuard, and turn it on only when needed, a good method I have earlier suggested as well in my smartphone hardening guide. > > # CONCLUSION > > Those were some thoughts on the top of my head, before I go to sleep. Stay safe against surveillance! And feel free to ask whatever you want to!