diff --git a/about.html b/about.html
index b61b3e1..fc90f4c 100644
--- a/about.html
+++ b/about.html
@@ -5,7 +5,7 @@
-
+
@@ -30,518 +30,528 @@
About
-
-
-
-
-
- I am Jake Winters, also known by my pseudonym "Inference", a cybersecurity researcher
- based in United Kingdom.
- I am the founder, lead developer, and administrator, of Inferencium.
- All opinions are my own, and are not necessarily shared with projects or people I am
- affiliated with.
- I write about my research and experience in cybersecurity and also physical security.
- Most of my postings are security-related, but I occasionally post about other aspects of
- my life.
- I am an open source advocate for the preservation and modifiability of source code. I
- believe source code should be considered human knowledge as much as past knowledge and
- teachings were; it is how modern humanity survives and runs.
- Source code being modifiable allows it to be adapted for use by anyone, whether to add
- features, harden it for increased security and/or privacy, or provide accessibility for
- disabled users.
- I am also a modular design advocate for the ability to securely and robustly make
- changes to hardware and software without the entire system being affected.
- If you want to contact me for any reason, you can use my
- contact methods.
- I run the public Systems Hardening XMPP channel dedicated to systems security and
- privacy hardening at sys-hardening@muc.xmpp.inferencium.net, and its
- respective off-topic channel at
- sys-hardening-ot@muc.xmpp.inferencium.net.
-
- Inferencium cares about upstreaming and sharing code, strongly preferring licenses which
- have high license compatibility in order to permit sharing code with as many other projects
- as possible; for this reason, permissive licenses are our preferred choice, while avoiding
- copyleft licenses and other licenses which place restrictions on how our code may be used,
- and prevent us from including important proprietary code, such as firmware, which can patch
- security vulnerabilities, privacy issues, and stability issues. All Inferencium code is and
- will be permissively licensed unless specific circumstances make it impractical or
- infeasible to do so. Our goal is to share code which has the least amount of restrictions as
- possible, to allow wider propagation of our code and allow more use cases and possibilities,
- as well as ensuring proprietary code, whenever required, is permitted to be included.
- ISO 5962:2021
- is used for licensing, in the format
- SPDX-License-Identifier: <license>; see the
- SPDX license list
- for the full list of available licenses under this standard.
-
-
-
- SPDX-License-Identifier: BSD-3-Clause-Clear
- Type: Permissive
-
- BSD 3-Clause Clear License
- is a highly permissive
- license which allows content licensed under it to be
- used in any way, whether in source or binary form, and
- allows sublicensing under a different license, with the
- only restrictions being the original copyright notice
- must be kept in order to attribute the original creator
- of the licensed content, and the name of the project
- and/or its contributors may not be used to endorse or
- promote products derived from the original project.
- BSD 3-Clause Clear License is a derivative of
- BSD 3-Clause "New" or "Revised" License,
- which adds
- an explicit statement clarifying that patent rights are
- not granted by the license alone, and must be granted
- separately by the copyright and/or patent holder(s). We
- prefer this license over the BSD 3-Clause "New" or
- "Revised" License due to this explicit statement which
- removes any possibility of debate and misunderstanding
- in regards to patents applied to code using the BSD
- 3-Clause "New" or "Revised" License.
-
-
- SPDX-License-Identifier: MIT
- Type: Permissive
-
- MIT License
- is a highly permissive license which
- allows content licensed under it to be used in any way,
- whether in source or binary form, and allows
- sublicensing under a different license, with the only
- restriction being the original copyright notice must be
- kept in order to attribute the original creator of the
- licensed content.
- Due to this license allowing the original project's name
- and/or contributors to be used to endorse or promote
- products derived from the original project, unless an
- explicit statement is made alongside this license,
- increasing complexity and deviating from the standard
- license text, we prefer
- BSD 3-Clause Clear License;
- however, MIT License is
- a great choice when derivatives using the name of the
- original project and/or its contributors is a non-issue.
-
-
- SPDX-License-Identifier: GPL-2.0-only
- Type: Copyleft
-
- GNU General Public License v2.0
- is a strong
- copyleft license which restricts use of content licensed
- under it by requiring all source code of the content to
- be publicly available, making binary-only form and
- inclusion of proprietary code impossible, requiring all
- derivatives to be licensed under the same license
- (allowing sublicensing under only newer GPL licenses if
- GPL-2.0-or-later is specified in the SPDX-
- License-Identifier), and requiring the original
- copyright notice to be kept in order to attribute the
- original creator of the licensed content.
- Due to the restrictive and invasive nature of this
- license, it is avoided unless such restrictions would be
- beneficial to Inferencium code; whenever this is the
- case, the GNU General Public License v2.0 will be used,
- rather than the more restrictive
- GNU General Public License v3.0,
- and relicensing
- derivatives under the GNU General Public License v3.0
- will be disallowed.
-
-
-
- SPDX-License-Identifier: CC-BY-4.0
- Type: Permissive
-
- Creative Commons Attribution 4.0 International
- is a
- highly permissive license which allows content licensed
- under it to be used in any way, in any medium, with the
- only restriction being the original copyright notice
- must be kept in order to attribute the original creator
- of the licensed content.
-
-
-
-
- SPDX-License-Identifier: GPL-3.0-only
- Type: Copyleft
-
- GNU General Public License v3.0
- is a strong
- copyleft license which restricts usage of content
- licensed under it by requiring all source code of the
- content to be publicly available, making binary-only
- form and inclusion of proprietary code impossible,
- requiring all derivatives to be licensed under the same
- license (allowing sublicensing under only newer GPL
- licenses if GPL-3.0-or-later is specified
- in the SPDX-License-Identifier), requiring the content
- to be made available only on systems which allow
- modifying the content, such as systems with
- unlocked/unlockable bootloaders and/or which are
- unsigned by the OEM, and requiring the original
- copyright notice to be kept in order to attribute the
- original creator of the licensed content.
- Due to the restrictive and invasive nature of this
- license, and the fact it requires code to be included
- only on specific systems, further restricting usage of
- Inferencium code, it is avoided completely.
-
-
-
- SPDX-License-Identifier: CC-BY-NC-4.0
- Type: Permissive non-commercial
-
- Creative Commons Attribution Non Commercial 4.0 International
- is a permissive license which allows
- content licensed under it to be used in any way, in any
- medium, with the restrictions being commercial usage is
- prohibited, and the original copyright notice must be
- kept in order to attribute the original creator of the
- licensed content.
- Due to the non-commercial restriction of this license
- preventing Inferencium code from being used for any
- purpose, specifically preventing commercial usage we do
- not want to prevent, it is avoided completely.
-
-
-
-
-
-
-
- | Type |
- Hardware |
- Description |
- Source model
-
- (License - SPDX) |
-
-
- | Smartphone |
- 
-
- Google Pixel |
- Google Pixel devices are the best Android devices
- available on the market for
- security and privacy.
-
- They allow locking the bootloader with a
- custom Android Verified Boot (AVB) key
- in order to
- preserve security and privacy features when installing a
- custom operating system, such as
- verified boot
- which verifies that the OS has not
- been corrupted or tampered with, and
- rollback protection
- which prevents an adversary
- from rolling back the OS or firmware version to a
- previous version with known security vulnerabilities.
-
- They also include a
- hardware security module
- (Titan M2, improving on
- the previous generation
- Titan M)
- which is extremely resistant to both
- remote and physical attacks due to being completely
- isolated from the rest of the system, including the
- operating system. Titan M2 ensures that the device
- cannot be remotely compromised by requiring the side
- buttons of the device to be physically pressed for some
- sensitive operations. Titan M2 also takes the role of
- Android StrongBox Keymaster,
- a
- hardware-backed Keystore
- containing sensitive user
- keys which are unavailable to the OS or apps running on
- it without authorisation from Titan M2 itself.
- Insider attack resistance
- ensures that Titan M2
- firmware can be flashed only if the user PIN/password is
- already known, making it impossible to backdoor the
- device without already knowing these secrets.
-
- Google Pixel device kernels are compiled with
- forward-edge control-flow integrity
- and
- backward-edge control-flow integrity
- to prevent
- code reuse attacks against the kernel. MAC address
- randomisation is
- implemented well, along with minimal probe requests and randomised initial sequence numbers.
-
- Google releases
- guaranteed monthly security updates,
- ensuring
- Google Pixel devices are up-to-date and quickly
- protected against security vulnerabilities.
-
- Pixel 6-series and 7-series devices are a large
- improvement over the already very secure and private
- previous generation Pixel devices. They replace
- ARM-based Titan M with RISC-V-based Titan M2, reducing
- trust by removing ARM from the equation. Titan M2 is
- more resiliant to attacks than Titan M, and is
- AVA_VAN.5 certified,
- the highest level of
- vulnerability assessment. Google's in-house Tensor SoC
- includes Tensor Security Core, further improving device
- security.
-
- Pixel 6-series and 7-series devices are supported for a
- minimum of 5 years from launch,
- an increase from
- previous generations'
- support lifecycles of 3 years. |
-
-
-
-
-
- | Type |
- Software |
- Description |
- Source model
-
- (License - SPDX) |
-
-
- | Operating system |
- 
-
- Gentoo Linux |
- Gentoo Linux
- is a highly modular, source-based,
- Linux-based operating system which allows vast
- customisation to tailor the operating system to suit
- your specific needs. There are many advantages to such
- an operating system, with the most notable being the
- ability to optimise the software for security, privacy,
- performance, or power usage; however, there are
- effectively unlimited other use cases, or a combination
- of multiple use cases.
-
- I have focused on security hardening and privacy
- hardening, placing performance below those aspects,
- although my system is still very performant. Some of the
- hardening I apply includes
- stack protection,
- signed integer overflow wrapping,
- and GrapheneOS'
- hardened_malloc
- memory allocator.
-
- You can find Inferencium's Gentoo Linux configurations
- in Inferencium's
- configuration respository. |
- Open source
-
- (GPL-2.0-only) |
-
-
- | Web browser |
- 
-
- Chromium |
- Chromium
- is a highly secure web browser which is
- often ahead of other web browsers in security aspects.
- It has a dedicated security team and a very impressive
- security brag sheet.
- Chromium's security features include a strong
- multi-layer sandbox,
- strong
- site isolation,
- Binding Integrity
- memory hardening, and
- control-flow integrity (CFI). |
- Open source
-
- (BSD-3-Clause) |
-
-
-
-
-
- | Type |
- Software |
- Description |
- Source model
-
- (License - SPDX) |
-
-
- | Operating system |
- 
-
- GrapheneOS |
- GrapheneOS
- is a security-hardened,
- privacy-hardened, secure-by-default, Android-based
- operating system which implements extensive, systemic
- security and privacy hardening to the Android Open
- Source Project used as its base codebase. Its hardening
- includes closing gaps for apps to access sensitive
- system information, a secure app spawning feature which
- avoids sharing address space layout and other secrets
- AOSP's default Zygote app spawning model would share,
- hardened kernel,
- hardened memory allocator
- (hardened_malloc)
- to protect against common memory
- corruption vulnerabilties,
- hardened Bionic standard C library,
- stricter SELinux policies,
- and local and remote
- hardware-backed attestation
- (Auditor)
- to ensure the OS has not been corrupted or
- tampered with.
-
- GrapheneOS only supports
- high security and well-supported devices
- which
- receive full support from their manufacturers, including
- firmware updates, long support lifecycles, secure
- hardware, and overall high security practices.
-
- For an extensive list of features GrapheneOS provides,
- visit its
- official features list
- which provides extensive
- documentation. |
- Open source
-
- (MIT) |
-
-
- | Web browser |
- 
-
- Vanadium |
- Vanadium is a security-hardened, privacy-hardened
- Chromium-based web browser which utilises GrapheneOS'
- operating system hardening to implement stronger
- defenses to the already very secure Chromium web
- browser. Its hardening alongside Chromium's base
- security features includes
- disabling JavaScript just-in-time (JIT) compilation by default,
- stubbing out the battery status API to prevent abuse of it,
- and
- always-on Incognito mode as an option.
-
- Vanadium's source code, including its Chromium patchset,
- can be found in its
- official repository. |
- Open source
-
- (GPL-2.0-only) |
-
-
- | Messenger |
- 
-
- Molly |
- Molly
- is a security-hardened, privacy-hardened
- Signal
- client which hardens Signal by using a
- variety of
- unique features,
- allowing
- locking the database when not in use,
- and
- utilising Android StrongBox
- to protect user keys
- using the device's hardware security module.
-
- Molly is available in
- 2 flavours:
+
+
+
+
+ - About Me
+ - Licensing
+
+ - Preferred
- - Molly, which includes the same
- proprietary Google code as Signal to
- support more features.
-
- - Molly-FOSS, which removes the
- proprietary Google code to provide an
- entirely open-source client.
+ - Code
+
+ - Non-code
+
- |
- Open source
+ Other
+
+
+ Recommendations
+
+
+
+
+
+
+ I am Jake Winters, also known by my pseudonym "Inference", a cybersecurity researcher
+ based in United Kingdom.
+ I am the founder, lead developer, and administrator, of Inferencium.
+ All opinions are my own, and are not necessarily shared with projects or people I am
+ affiliated with.
+ I write about my research and experience in cybersecurity and also physical security.
+ Most of my postings are security-related, but I occasionally post about other aspects of
+ my life.
+ I am an open source advocate for the preservation and modifiability of source code. I
+ believe source code should be considered human knowledge as much as past knowledge and
+ teachings were; it is how modern humanity survives and runs.
+ Source code being modifiable allows it to be adapted for use by anyone, whether to add
+ features, harden it for increased security and/or privacy, or provide accessibility for
+ disabled users.
+ I am also a modular design advocate for the ability to securely and robustly make
+ changes to hardware and software without the entire system being affected.
+ If you want to contact me for any reason, you can use my
+ contact methods.
+ I run the public Systems Hardening XMPP channel dedicated to systems security and
+ privacy hardening at sys-hardening@muc.xmpp.inferencium.net, and its
+ respective off-topic channel at
+ sys-hardening-ot@muc.xmpp.inferencium.net.
+
+
+
+ Inferencium cares about upstreaming and sharing code, strongly preferring licenses which
+ have high license compatibility in order to permit sharing code with as many other projects
+ as possible; for this reason, permissive licenses are our preferred choice, while avoiding
+ copyleft licenses and other licenses which place restrictions on how our code may be used,
+ and prevent us from including important proprietary code, such as firmware, which can patch
+ security vulnerabilities, privacy issues, and stability issues. All Inferencium code is and
+ will be permissively licensed unless specific circumstances make it impractical or
+ infeasible to do so. Our goal is to share code which has the least amount of restrictions as
+ possible, to allow wider propagation of our code and allow more use cases and possibilities,
+ as well as ensuring proprietary code, whenever required, is permitted to be included.
+ ISO 5962:2021
+ is used for licensing, in the format
+ SPDX-License-Identifier: <license>; see the
+ SPDX license list
+ for the full list of available licenses under this standard.
+
+
+
+ SPDX-License-Identifier: BSD-3-Clause-Clear
+ Type: Permissive
+
+ BSD 3-Clause Clear License
+ is a highly permissive
+ license which allows content licensed under it to be
+ used in any way, whether in source or binary form, and
+ allows sublicensing under a different license, with the
+ only restrictions being the original copyright notice
+ must be kept in order to attribute the original creator
+ of the licensed content, and the name of the project
+ and/or its contributors may not be used to endorse or
+ promote products derived from the original project.
+ BSD 3-Clause Clear License is a derivative of
+ BSD 3-Clause "New" or "Revised" License,
+ which adds
+ an explicit statement clarifying that patent rights are
+ not granted by the license alone, and must be granted
+ separately by the copyright and/or patent holder(s). We
+ prefer this license over the BSD 3-Clause "New" or
+ "Revised" License due to this explicit statement which
+ removes any possibility of debate and misunderstanding
+ in regards to patents applied to code using the BSD
+ 3-Clause "New" or "Revised" License.
- (GPL-3.0-only) |
-
-
- | Messenger |
- 
-
- Conversations |
- Conversations
- is a well-designed Android
- XMPP
- client which serves as the de facto XMPP
- reference client and has great usability. |
- Open source
-
- (GPL-3.0-only) |
-
-
-
For a curated list of music I enjoy, visit my
- music page.
+
+ SPDX-License-Identifier: MIT
+ Type: Permissive
+
+ MIT License
+ is a highly permissive license which
+ allows content licensed under it to be used in any way,
+ whether in source or binary form, and allows
+ sublicensing under a different license, with the only
+ restriction being the original copyright notice must be
+ kept in order to attribute the original creator of the
+ licensed content.
+ Due to this license allowing the original project's name
+ and/or contributors to be used to endorse or promote
+ products derived from the original project, unless an
+ explicit statement is made alongside this license,
+ increasing complexity and deviating from the standard
+ license text, we prefer
+ BSD 3-Clause Clear License;
+ however, MIT License is
+ a great choice when derivatives using the name of the
+ original project and/or its contributors is a non-issue.
+
+
+ SPDX-License-Identifier: GPL-2.0-only
+ Type: Copyleft
+
+ GNU General Public License v2.0
+ is a strong
+ copyleft license which restricts use of content licensed
+ under it by requiring all source code of the content to
+ be publicly available, making binary-only form and
+ inclusion of proprietary code impossible, requiring all
+ derivatives to be licensed under the same license
+ (allowing sublicensing under only newer GPL licenses if
+ GPL-2.0-or-later is specified in the SPDX-
+ License-Identifier), and requiring the original
+ copyright notice to be kept in order to attribute the
+ original creator of the licensed content.
+ Due to the restrictive and invasive nature of this
+ license, it is avoided unless such restrictions would be
+ beneficial to Inferencium code; whenever this is the
+ case, the GNU General Public License v2.0 will be used,
+ rather than the more restrictive
+ GNU General Public License v3.0,
+ and relicensing
+ derivatives under the GNU General Public License v3.0
+ will be disallowed.
+
+
+
+ SPDX-License-Identifier: CC-BY-4.0
+ Type: Permissive
+
+ Creative Commons Attribution 4.0 International
+ is a
+ highly permissive license which allows content licensed
+ under it to be used in any way, in any medium, with the
+ only restriction being the original copyright notice
+ must be kept in order to attribute the original creator
+ of the licensed content.
+
+
+
+
+ SPDX-License-Identifier: GPL-3.0-only
+ Type: Copyleft
+
+ GNU General Public License v3.0
+ is a strong
+ copyleft license which restricts usage of content
+ licensed under it by requiring all source code of the
+ content to be publicly available, making binary-only
+ form and inclusion of proprietary code impossible,
+ requiring all derivatives to be licensed under the same
+ license (allowing sublicensing under only newer GPL
+ licenses if GPL-3.0-or-later is specified
+ in the SPDX-License-Identifier), requiring the content
+ to be made available only on systems which allow
+ modifying the content, such as systems with
+ unlocked/unlockable bootloaders and/or which are
+ unsigned by the OEM, and requiring the original
+ copyright notice to be kept in order to attribute the
+ original creator of the licensed content.
+ Due to the restrictive and invasive nature of this
+ license, and the fact it requires code to be included
+ only on specific systems, further restricting usage of
+ Inferencium code, it is avoided completely.
+
+
+
+ SPDX-License-Identifier: CC-BY-NC-4.0
+ Type: Permissive non-commercial
+
+ Creative Commons Attribution Non Commercial 4.0 International
+ is a permissive license which allows
+ content licensed under it to be used in any way, in any
+ medium, with the restrictions being commercial usage is
+ prohibited, and the original copyright notice must be
+ kept in order to attribute the original creator of the
+ licensed content.
+ Due to the non-commercial restriction of this license
+ preventing Inferencium code from being used for any
+ purpose, specifically preventing commercial usage we do
+ not want to prevent, it is avoided completely.
+
+
+
+
+
+
+
+
+
+ | Type |
+ Hardware |
+ Description |
+ Source model
+
+ (License - SPDX) |
+
+
+ | Smartphone |
+
+
+ Google Pixel |
+ Google Pixel devices are the best Android devices
+ available on the market for
+ security and privacy.
+
+ They allow locking the bootloader with a
+ custom Android Verified Boot (AVB) key
+ in order to
+ preserve security and privacy features when installing a
+ custom operating system, such as
+ verified boot
+ which verifies that the OS has not
+ been corrupted or tampered with, and
+ rollback protection
+ which prevents an adversary
+ from rolling back the OS or firmware version to a
+ previous version with known security vulnerabilities.
+
+ They also include a
+ hardware security module
+ (Titan M2, improving on
+ the previous generation
+ Titan M)
+ which is extremely resistant to both
+ remote and physical attacks due to being completely
+ isolated from the rest of the system, including the
+ operating system. Titan M2 ensures that the device
+ cannot be remotely compromised by requiring the side
+ buttons of the device to be physically pressed for some
+ sensitive operations. Titan M2 also takes the role of
+ Android StrongBox Keymaster,
+ a
+ hardware-backed Keystore
+ containing sensitive user
+ keys which are unavailable to the OS or apps running on
+ it without authorisation from Titan M2 itself.
+ Insider attack resistance
+ ensures that Titan M2
+ firmware can be flashed only if the user PIN/password is
+ already known, making it impossible to backdoor the
+ device without already knowing these secrets.
+
+ Google Pixel device kernels are compiled with
+ forward-edge control-flow integrity
+ and
+ backward-edge control-flow integrity
+ to prevent
+ code reuse attacks against the kernel. MAC address
+ randomisation is
+ implemented well, along with minimal probe requests and randomised initial sequence numbers.
+
+ Google releases
+ guaranteed monthly security updates,
+ ensuring
+ Google Pixel devices are up-to-date and quickly
+ protected against security vulnerabilities.
+
+ Pixel 6-series and 7-series devices are a large
+ improvement over the already very secure and private
+ previous generation Pixel devices. They replace
+ ARM-based Titan M with RISC-V-based Titan M2, reducing
+ trust by removing ARM from the equation. Titan M2 is
+ more resiliant to attacks than Titan M, and is
+ AVA_VAN.5 certified,
+ the highest level of
+ vulnerability assessment. Google's in-house Tensor SoC
+ includes Tensor Security Core, further improving device
+ security.
+
+ Pixel 6-series and 7-series devices are supported for a
+ minimum of 5 years from launch,
+ an increase from
+ previous generations'
+ support lifecycles of 3 years. |
+
+
+
+
+
+ | Type |
+ Software |
+ Description |
+ Source model
+
+ (License - SPDX) |
+
+
+ | Operating system |
+
+
+ Gentoo Linux |
+ Gentoo Linux
+ is a highly modular, source-based,
+ Linux-based operating system which allows vast
+ customisation to tailor the operating system to suit
+ your specific needs. There are many advantages to such
+ an operating system, with the most notable being the
+ ability to optimise the software for security, privacy,
+ performance, or power usage; however, there are
+ effectively unlimited other use cases, or a combination
+ of multiple use cases.
+
+ I have focused on security hardening and privacy
+ hardening, placing performance below those aspects,
+ although my system is still very performant. Some of the
+ hardening I apply includes
+ stack protection,
+ signed integer overflow wrapping,
+ and GrapheneOS'
+ hardened_malloc
+ memory allocator.
+
+ You can find Inferencium's Gentoo Linux configurations
+ in Inferencium's
+ configuration respository. |
+ Open source
+
+ (GPL-2.0-only) |
+
+
+ | Web browser |
+
+
+ Chromium |
+ Chromium
+ is a highly secure web browser which is
+ often ahead of other web browsers in security aspects.
+ It has a dedicated security team and a very impressive
+ security brag sheet.
+ Chromium's security features include a strong
+ multi-layer sandbox,
+ strong
+ site isolation,
+ Binding Integrity
+ memory hardening, and
+ control-flow integrity (CFI). |
+ Open source
+
+ (BSD-3-Clause) |
+
+
+
+
+
+ | Type |
+ Software |
+ Description |
+ Source model
+
+ (License - SPDX) |
+
+
+ | Operating system |
+
+
+ GrapheneOS |
+ GrapheneOS
+ is a security-hardened,
+ privacy-hardened, secure-by-default, Android-based
+ operating system which implements extensive, systemic
+ security and privacy hardening to the Android Open
+ Source Project used as its base codebase. Its hardening
+ includes closing gaps for apps to access sensitive
+ system information, a secure app spawning feature which
+ avoids sharing address space layout and other secrets
+ AOSP's default Zygote app spawning model would share,
+ hardened kernel,
+ hardened memory allocator
+ (hardened_malloc)
+ to protect against common memory
+ corruption vulnerabilties,
+ hardened Bionic standard C library,
+ stricter SELinux policies,
+ and local and remote
+ hardware-backed attestation
+ (Auditor)
+ to ensure the OS has not been corrupted or
+ tampered with.
+
+ GrapheneOS only supports
+ high security and well-supported devices
+ which
+ receive full support from their manufacturers, including
+ firmware updates, long support lifecycles, secure
+ hardware, and overall high security practices.
+
+ For an extensive list of features GrapheneOS provides,
+ visit its
+ official features list
+ which provides extensive
+ documentation. |
+ Open source
+
+ (MIT) |
+
+
+ | Web browser |
+
+
+ Vanadium |
+ Vanadium is a security-hardened, privacy-hardened
+ Chromium-based web browser which utilises GrapheneOS'
+ operating system hardening to implement stronger
+ defenses to the already very secure Chromium web
+ browser. Its hardening alongside Chromium's base
+ security features includes
+ disabling JavaScript just-in-time (JIT) compilation by default,
+ stubbing out the battery status API to prevent abuse of it,
+ and
+ always-on Incognito mode as an option.
+
+ Vanadium's source code, including its Chromium patchset,
+ can be found in its
+ official repository. |
+ Open source
+
+ (GPL-2.0-only) |
+
+
+ | Messenger |
+
+
+ Molly |
+ Molly
+ is a security-hardened, privacy-hardened
+ Signal
+ client which hardens Signal by using a
+ variety of
+ unique features,
+ allowing
+ locking the database when not in use,
+ and
+ utilising Android StrongBox
+ to protect user keys
+ using the device's hardware security module.
+
+ Molly is available in
+ 2 flavours:
+
+ - Molly, which includes the same
+ proprietary Google code as Signal to
+ support more features.
+
+ - Molly-FOSS, which removes the
+ proprietary Google code to provide an
+ entirely open-source client.
+
+ |
+ Open source
+
+ (GPL-3.0-only) |
+
+
+ | Messenger |
+
+
+ Conversations |
+ Conversations
+ is a well-designed Android
+ XMPP
+ client which serves as the de facto XMPP
+ reference client and has great usability. |
+ Open source
+
+ (GPL-3.0-only) |
+
+
+
For a curated list of music I enjoy, visit my
+ music page.
+