Final

Digital forensics and security specialist part of the GrapheneOS project.

Posts my own and not endorsed by my employer. AI slop and Nostr DMs ignored.

Matrix: f1nal:grapheneos.org

Public Key

npub1hxx76n82ags8jrduk0p3gqrfyqyaxnrlnynu9p5rt2vmwjq6ts3q4sg75y

NIP-05 Address

[email protected]

Profile Code

nprofile1qqstnr0dfn4w5grepk7t8sc5qp5jqzwnf3lejf7zs6p44xdhfqd9cgsppamhxue69uhkummnw3ezumt0d5q3gamnwvaz7tmwdaehgu3wdau8gu3wv3jhvtgash8

Publishing to

nostr.mom

nostr.oxtr.dev

nos.lol

nostr.bitcoiner.social

relay.primal.net

Author Public Key

npub1hxx76n82ags8jrduk0p3gqrfyqyaxnrlnynu9p5rt2vmwjq6ts3q4sg75y

Show more details

Last Notes

2026-02-01 15:57:41 UTC

- reply

Not my npub anymore! But see the Project Account mastodon bridge reply.

2026-02-01 14:43:43 UTC

[email protected]
#nevent1q…gw72

2026-02-01 14:06:19 UTC

- reply

If you were curious, I have been using Minibits ecash for recieving and then offramping to Phoenix Wallet. Phoenix provides an incredibly quick and easy set up. Just works. Hoping to combine both with using ZEUS.

2026-02-01 13:23:30 UTC

Finally working to go all in on using ZEUS.

2026-02-01 02:22:31 UTC

Proud to say my 'Never Went to Black Hat' award is looking very shiny right now.

2026-01-31 22:20:35 UTC

- reply

We have tested running desktop Linux GUI apps before including LibreOffice. It can certainly be a thing in the future.
#nevent1q…gq9j

2026-01-31 18:27:38 UTC

- reply

It's a hardened Signal fork with passphrase encryption for the message database, better notifications on devices without Google Play and support for pairing your messages to multiple devices. If you use Signal I strongly recommend it.
It's available in Accrescent so there is a root of trust between GrapheneOS -> Accrescent -> Molly.

2026-01-31 18:23:21 UTC

- reply

As our original announcement mentioned it is English first. We do plan to support other languages and also internationalisation of GrapheneOS in the future.

2026-01-31 10:44:44 UTC

- reply

also worth mentioning FBE is a big plus compared to Full Disk Encryption (FDE) which was the legacy Android encryption and the encryption desktop OSes like Windows and Linux use. If you have the keys to decrypt the disk then it would be possible to decrypt the unallocated space in FDE since it's all one key, so you'd be relying on TRIM if you are using an SSD to prevent recovery of deleted data.

2026-01-31 10:10:21 UTC

- reply

The video is very old and most Android devices didn't use disk encryption by default, so a physical extraction (image of the entire flash storage) could allow recovering deleted files from carving unallocated space. Nowadays Android uses a "file-based encryption" (FBE) where all data is encrypted with separate derived keys for each file, directory and symbolic link. Deleting the file loses the keys and recovery is impossible.
If you can recover data that is deleted from an app, it means the app is caching it when it shouldn't be and it's a flaw they would need to fix. I don't recall this being an issue with Signal but if you can extract the app data before the message database is rebuilt for deleted messages then you'd be in luck. You could kill an app and prevent it cleaning up it's DB. This is something you can apply to every messenger though.
Getting this data requires as much as a full filesystem extraction (FFS) to extract the application /data directory where the message databases are. Cellebrite has no extraction support for GrapheneOS according to themselves. No specification on what the most they can extract from an unlocked device is, but assume that all forensic tools get this data anyway.
Molly lets you encrypt the message database with a passphrase, so it wouldn't be accessible regardless of if there was a FFS extraction and a flaw in Signal keeping the messages.

2026-01-31 03:54:40 UTC

- reply

It is a well known brand you absolutely will have heard of. The device we will support GrapheneOS will be distributed in many countries.

2026-01-31 03:50:09 UTC

As our fully local text to speech engine is deployed in GrapheneOS soon, this will be the first of hopefully many major usability advancements in GrapheneOS for the year and next. With the OEM partnership developing and later generation flagship hardware providing more of what GrapheneOS needs for features, improving usability and accessibility will help for the influx of new users we will hope to welcome.
It is a good time to remind you that GrapheneOS is hiring remote developers. We have been for a while:
https://grapheneos.org/hiring

2026-01-31 03:24:55 UTC

This is a tablet PC with Cellebrite UFED, a mobile forensics acquisition software. Users plug a target device into it where it then will attempt to extract as much data on the device as possible. The software on the laptop is Physical Analyser which is for forensic analysis.
This video is dated, and Cellebrite UFED's UI, logo and capabilities have changed a lot since the video was released. This tool is also not exclusive to UK law enforcement and there are also competitor solutions, which many countries around the world use plus the competitors.
Cellebrite sell a variant of this product named Cellebrite Premium. The difference to standard UFED and Premium is that Premium comes with wider device extraction support through zero-day exploits. As described it also allows extraction of vulnerable devices that are locked.
https://blossom.primal.net/70c8041bacfdf399f99091a738b2e84f6a8be2f0b9cff4b497fd23ff2a153db9.jpg
https://blossom.primal.net/9b70e3d06fb8614a14b3d0a60d336987797cd6ca1d1815debb31a3ab29daa9bb.jpg
This business model is not exclusive. XRY Pro (MSAB) and GrayKey (Magnet Forensics) are other exclusive forensic tools. Cellebrite are the second-oldest of the three companies (on joining the forensics market) but are one of the most capable thanks to their funding and location.
How and if these tools are able to extract your device's data depends on:
- The device you are using
- The installed OS and version
- The lock state of the device
- Configured security settings of the device
- Strength of your phone's unlock credential
For a locked device exploiting security vulnerabilities is required to extract data almost all of the time. There are two different device lock states on Android and iOS: After first unlock (AFU, Hot) and before first unlock (BFU, Cold). This is due to how encryption works.
Modern Android and iOS encrypt all users' data by default with keys derived from the user's credentials. When a device is unlocked once, data is no longer encrypted at rest and is accessible during that boot session. When a device is BFU, all sensitive data is at rest.
Data not being at rest provides more OS attack surface to exploit bypassing lock screens or other measures and access to the data without needing the original PIN/password to decrypt it. For BFU devices brute forcing is required to decrypt data first and the only data not encrypted is a minimal footprint of the OS used for unlocking the device and global OS configuration and metadata.
To make extraction impossible make sure your device is powered off and you use a secure, high-entropy passphrase before seizure. GrapheneOS provides a configurable, automatic inactivity reboot feature.
We also provide several other countermeasures to these tools as well. GrapheneOS locked devices as a whole is unsupported by Cellebrite.
If you are an opposition activist in a high-risk country you should be concerned about potential attacks from such tools. They have been abused to target activists in numerous countries like Serbia and Jordan.
https://citizenlab.ca/research/from-protest-to-peril-cellebrite-used-against-jordanian-civil-society/
https://www.amnesty.org/en/latest/news/2024/12/serbia-authorities-using-spyware-and-cellebrite-forensic-extraction-tools-to-hack-journalists-and-activists/
Despite if a business claims this use of their product like this is unauthorised, it doesn't change the fact that they will be used like this again, that they don't know about it until after it has violated someone's rights and that the security vulnerabilities remain unpatched.
GrapheneOS provides an auto-reboot to put data at rest, a USB-C port control to disable data transfer or the port entirely when booted into the OS, clearing sensitive data of memory and exploit protection features.
#nevent1q…u038

2026-01-31 03:14:54 UTC

- reply

The post says: We've built our own text-to-speech system with an initial English language model we trained ourselves with fully open source data. It will be added to our App Store soon and then included in GrapheneOS as a default enabled TTS backend once some more improvements are made to it.
We're going to build our own speech-to-text implementation to go along with this too. We're starting with an English model for both but we can add other languages which have high quality training data available. English and Mandarin have by far the most training data available.
Existing implementations of text-to-speech and speech-to-text didn't meet our functionality or usability requirements. We want at least very high quality, low latency and robust implementations of both for English included in the OS. It will help make GrapheneOS more accessible.
Our full time developer working on this already built their own Transcribro app for on-device speech-to-text available in the Accrescent app store. For GrapheneOS itself, we want actual open source implementations of these features rather than OpenAI's phony open source though.
Whisper is actually closed source. Open weights is another way of saying permissively licensed closed source. Our implementation of both text-to-speech and speech-to-text will be actual open source which means people can actually fork it and add/change/remove training data, etc.

2026-01-30 21:39:54 UTC

You may have been aware of my posts about TTS / SST. Heres more info:
#nevent1q…30n0

2026-01-29 17:49:22 UTC

- reply

This tool requires physical access. The officially described purpose of it is for digital forensics of seized evidence so how the device is handled is a big deal to them. You plug the device into the tablet or workstation and it will extract the device's data if unlocked or brute force / exploit the device to access data and extract if locked.

2026-01-25 14:23:50 UTC

Seeing Proton get heat on social media for their marketing again so lets repost this. Treat these email services for what they are: Alternatives to Gmail or Outlook with a security perspective and automated encryption features.
Yes, people on social media can't read, but IMO they should approach their service in a different way ("A reasonably secure email provider" is my suggestion) If they don't want people ratioing them all the time... Most of these people getting the wrong answer is because their site can be pretty ambiguous about the technical details without searching a few pages deep for it. Posteo is an email provider that does openly clarify they can be compelled to intercept incoming emails in a better way than how Proton says it.
Still doesn't mean these services are a bad thing though.
#nevent1q…ltja

2026-01-24 20:18:27 UTC

- reply

2027

2026-01-23 19:05:33 UTC

- reply

TLDR: Use a secure passphrase if you want the device protected against any resourceful actor
When most distros provide encryption with LUKS they at least ask you to set up a credential. Almost all distros just ask for a password. They don't seamlessly allow setting up in other ways in a UI like BitLocker does or in the installer. You often need to read up on docs and such which can be tiresome.
LUKS full disk encryption in how most users would know it would only be safe if they used a long, secure passphrase that would be impossible to brute force. A short 6 digit numeric PIN works for some phones because a secure element throttles unlock attempts but would be brute forced very quickly on LUKS, VeraCrypt and so on because they aren't using a TPM for throttling.
Secureblue (hardened Linux distro we like) supports LUKS with TPM and also FIDO2.

2026-01-23 13:22:38 UTC

- reply

There is also a way bigger flaw beyond this, and that is this Device Encryption feature (and by extension BitLocker) has **no PIN or password**. The device will just decrypt itself by powering on as it only uses the PC's TPM. The only threat this kind of protects against is the hard disk being removed from the PC. It doesn't prevent someone exploiting the OS to extract data like you commonly see in mobile device forensic tools...
This request for the recovery key is just to allow law enforcement to access the data while the hard disk is removed from the seized PC, because they insert hard disks into write blocked imaging kits to create a forensic clone of it's data to analyse with.
Back before TPMs were widely embedded into CPU firmware it wasn't common to see them get sniffed to get the keys. Anyone could do it too:
https://pulsesecurity.co.nz/articles/TPM-sniffing
BitLocker has a TPM+PIN, TPM+Key and TPM+PIN+Key pre-boot authentication setting but you need to tinker on Group Policy to do that. You'd also need to enable other policies to make the PIN an alphanumeric password...

2026-01-22 22:18:11 UTC

Late to post about this but the security preview variant of this release fixes SIX **CRITICIAL** CVEs that will not be fixed elsewhere for a while except in #GrapheneOS because security patches are not included into an Android Security Bulletin until around 3-4 months after their release.
- Critical: CVE-2026-0039, CVE-2026-0040, CVE-2026-0041, CVE-2026-0042, CVE-2026-0043, CVE-2026-0044
OEMs do not deliver security patches in a timely manner. In a rare case it is sometimes only done in part, and often will only do so after the ASB is released. That dangerously long period of security vulnerabilities being known and unlatched is unacceptable.
#nevent1q…xnza

2026-01-21 13:24:52 UTC

Last two Vanadium updates provided some functionality improvements:
The upstream motion sensors toggle for the browser is improved with a per-site toggle for the sensors per site (Vanadium already had the global toggle disabled by default).
Our inbuilt content filtering also adds support for additional supplementary language/regional content filters. Users with a set language will get EasyList filters plus the filter of their respective language. This supports Arabic, Bulgarian, Spanish, French, German, Hebrew, Indian, Indonesian, Italian, Korean, Lithuanian, Latvian, Dutch, Nordic, Polish, Portuguese, Romanian, Russian, Vietnamese and Chinese. #GrapheneOS
#nevent1q…l35a

2025-11-24 15:56:29 UTC

Info thread:
#GrapheneOS is being heavily targeted by the French state because we provide highly secure devices and won't include backdoors for law enforcement access to our software. They're conflating us with companies selling closed source products using portions of our code. Considering it is easy to search GrapheneOS online and read our documentation, you can only assume this is intentional.
Both French state media and corporate media are publishing many stories attacking the GrapheneOS project based on false and unsubstantiated claims from French law enforcement. This has even escalated to broadcast media. They've made a clear threat to seize our servers and arrest our developers if we do not cooperate by adding backdoors. Due to this, we're leaving French service providers and will leave / never operate in France.
In these attack pieces, they describe GrapheneOS with features not present in our software and showing sites and guides not in our control nor authored by us.
We need substantial help from the community to push back against this across platforms. People malicious towards us are also using it as an opportunity to spread libel/harassment content targeting our team, raid our chat rooms and much more. /e/ and iodéOS are both based in France, and are both actively attacking GrapheneOS. /e/ receives substantial government funding. Both are extremely non-private and insecure which is why France is targeting us while those get government funding.
We need a lot more help than usual and we're sending out a notification for situational awareness. If people help us, it will enable us to focus more on development again including releasing experimental Pixel 10 releases very soon. Spread the word about this current situation.
Initial thread: https://grapheneos.social/@GrapheneOS/115575997104456188
Follow-up:
https://grapheneos.social/@GrapheneOS/115583866253016416
Thread about the FBI and European law enforcement selling devices to criminals using GrapheneOS code: https://grapheneos.social/@GrapheneOS/115589833471347871
Thread about how ANSSI (French national cybersecurity agency) contributed to GrapheneOS: https://grapheneos.social/@GrapheneOS/115594002434998739