Post AxbAynruqQrAzIf0S0 by dazo@infosec.exchange
 (DIR) More posts by dazo@infosec.exchange
 (DIR) Post #AxbAyml8y7qTY0U5Fw by Darkasvim@fosstodon.org
       2025-08-27T12:50:49Z
       
       0 likes, 0 repeats
       
       So I've got #LineageOS flashed on my internet phone. I'm trying to degoogle myself and figured this would be a good testbed. I'll post updates on this thread. I can already tell the OS is much snappier without all the google play services running in the background. #android #linux #foss
       
 (DIR) Post #AxbAynruqQrAzIf0S0 by dazo@infosec.exchange
       2025-08-27T12:55:34Z
       
       0 likes, 0 repeats
       
       @Darkasvim Unfortunately, there are still leakage to Google with #LineageOS ... hence there are other more privacy aware alternatives.  Such as @e_mydata https://e.foundation/about-e/Other alternatives are #CalyxOS and #GrapheneOS.  They take some other approaches.  There are pros and cons of all these various alternatives, though.
       
 (DIR) Post #AxbAyouQyYSuDOqX0y by Stomata@social.linux.pizza
       2025-08-27T15:03:51Z
       
       0 likes, 0 repeats
       
       @dazo @Darkasvim there is some issue (big issue) with #calyxOS right now.https://calyxos.org/news/2025/08/01/a-letter-to-our-community/
       
 (DIR) Post #AxbAysBYnKwmNNskcq by Darkasvim@fosstodon.org
       2025-08-27T14:57:45Z
       
       0 likes, 0 repeats
       
       On my trip into work I tried OrganicMaps as a navigation aid. I intentionally did not use the route it suggested and it auto corrected the route flawlessly each time. So there is a viable open source alternative to google maps available. That is a big check mark for me given my poor sense of direction.
       
 (DIR) Post #AxbB3r48NxbqLpmgS0 by Stomata@social.linux.pizza
       2025-08-27T15:04:58Z
       
       0 likes, 0 repeats
       
       @MuX is it possible to change ntp without root?
       
 (DIR) Post #AxbDQdUhD5uupQCOFU by Stomata@social.linux.pizza
       2025-08-27T15:31:29Z
       
       0 likes, 0 repeats
       
       @MuX found it. Looks like I have to do it every time I reboot the device
       
 (DIR) Post #AxbEaa2F1cnux0C9js by dazo@infosec.exchange
       2025-08-27T15:44:28Z
       
       0 likes, 0 repeats
       
       @Stomata Yeah, that's unfortunate - and they have been working to resolve this.  But this is not an issue in CalyxOS itself.This issue is an organizational challenge where they lacked control mechanisms to revoke access properly and in due time - which affected the build infrastructure CalyxOS is built on.From the URL you point at:First, we want to assure you that we have no reason to believe the security of CalyxOS and its signing keys have been compromised.As you know, we announced a recent leadership transition. When senior personnel have access to signing keys and leave a team, it is security best practice to update signing keys and conduct audits. So in accordance with that, we are using this transition period to update our security protocols, including updating the signing keys and taking other steps to further protect our users.
       
 (DIR) Post #AxbIyoC4R3HLd4bKJU by Stomata@social.linux.pizza
       2025-08-27T16:33:40Z
       
       0 likes, 0 repeats
       
       @MuX I have multiple devices. Some with stock rom some with custom rom. One with graphenOS.
       
 (DIR) Post #AxbJFVWP6vWSdr4gCW by Stomata@social.linux.pizza
       2025-08-27T16:36:42Z
       
       0 likes, 0 repeats
       
       @dazo for now you won't get latest security patches. Which could be a issue.
       
 (DIR) Post #AxbKFWaxDgnHvPm6c4 by GrapheneOS@grapheneos.social
       2025-08-27T16:47:52Z
       
       0 likes, 0 repeats
       
       @Stomata @dazo CalyxOS hasn't received the 2025-06-05 patch level or above, and they estimated 4 to 6 months of delay before any further updates even without the latest security patches in August./e/ has even longer delays than that for full privacy/security patches, often a year or more if they ever ship them at all. They're a year or more behind on kernel and driver/firmware patches for many devices. They lag behind the basic AOSP and Chromium browser patches for many weeks or even months.
       
 (DIR) Post #AxbKv2mIT9IDbysVea by GrapheneOS@grapheneos.social
       2025-08-27T16:52:00Z
       
       0 likes, 0 repeats
       
       @dazo @Stomata The lead developer and founder of CalyxOS left and their most active developer working on porting to new releases left a while earlier. The leader of the organization (Nicolas Merrill) did not directly work on CalyxOS development in any way but he was the sole person with the signing keys and does not appear to have been willing to transfer them to someone else. Therefore, they cannot make updates and if/when they revive the OS it will have to be reinstalled instead of updated.
       
 (DIR) Post #AxbKv46XXN4zj3MBqS by Stomata@social.linux.pizza
       2025-08-27T16:55:22Z
       
       0 likes, 0 repeats
       
       @GrapheneOS @dazo for graphenOS who has access to signing keys?
       
 (DIR) Post #AxbL7dVzhvJD1aG1Am by GrapheneOS@grapheneos.social
       2025-08-27T16:57:40Z
       
       0 likes, 0 repeats
       
       @Stomata @dazo One of the developers has access to the keys with a transition plan for another one of the developers to take that over if it was needed. The keys are kept encrypted on the 4 local machines used for building, with 3 of those in 1 location and 1 in another location. Succession is planned is by having another developer hold an encrypted copy of the keys where multiple people are required to decrypt those in order to hand over control of the keys.Note AOSP doesn't have HSM signing.