From 44c31be2d6452c85d1f2d24cbf00422796550f56 Mon Sep 17 00:00:00 2001 From: inference Date: Sun, 18 Jun 2023 16:26:02 +0100 Subject: [PATCH] Add HTML sections. --- about.html | 1032 ++++++++++++++++++++++++++-------------------------- 1 file changed, 521 insertions(+), 511 deletions(-) diff --git a/about.html b/about.html index b61b3e1..fc90f4c 100644 --- a/about.html +++ b/about.html @@ -5,7 +5,7 @@ - + @@ -30,518 +30,528 @@

About

- -

Table of Contents

- - -

About Me

-

I am Jake Winters, also known by my pseudonym "Inference", a cybersecurity researcher - based in United Kingdom.
- I am the founder, lead developer, and administrator, of Inferencium.
- All opinions are my own, and are not necessarily shared with projects or people I am - affiliated with.

-

I write about my research and experience in cybersecurity and also physical security. - Most of my postings are security-related, but I occasionally post about other aspects of - my life.

-

I am an open source advocate for the preservation and modifiability of source code. I - believe source code should be considered human knowledge as much as past knowledge and - teachings were; it is how modern humanity survives and runs.
- Source code being modifiable allows it to be adapted for use by anyone, whether to add - features, harden it for increased security and/or privacy, or provide accessibility for - disabled users.
- I am also a modular design advocate for the ability to securely and robustly make - changes to hardware and software without the entire system being affected.

-

If you want to contact me for any reason, you can use my - contact methods.

-

I run the public Systems Hardening XMPP channel dedicated to systems security and - privacy hardening at sys-hardening@muc.xmpp.inferencium.net, and its - respective off-topic channel at - sys-hardening-ot@muc.xmpp.inferencium.net.

-

Licensing

-

Inferencium cares about upstreaming and sharing code, strongly preferring licenses which - have high license compatibility in order to permit sharing code with as many other projects - as possible; for this reason, permissive licenses are our preferred choice, while avoiding - copyleft licenses and other licenses which place restrictions on how our code may be used, - and prevent us from including important proprietary code, such as firmware, which can patch - security vulnerabilities, privacy issues, and stability issues. All Inferencium code is and - will be permissively licensed unless specific circumstances make it impractical or - infeasible to do so. Our goal is to share code which has the least amount of restrictions as - possible, to allow wider propagation of our code and allow more use cases and possibilities, - as well as ensuring proprietary code, whenever required, is permitted to be included.

-

ISO 5962:2021 - is used for licensing, in the format - SPDX-License-Identifier: <license>; see the - SPDX license list - for the full list of available licenses under this standard.

-

Preferred

-

Code

-
BSD 3-Clause Clear License
- SPDX-License-Identifier: BSD-3-Clause-Clear -

Type: Permissive

-
-

BSD 3-Clause Clear License - is a highly permissive - license which allows content licensed under it to be - used in any way, whether in source or binary form, and - allows sublicensing under a different license, with the - only restrictions being the original copyright notice - must be kept in order to attribute the original creator - of the licensed content, and the name of the project - and/or its contributors may not be used to endorse or - promote products derived from the original project.
- BSD 3-Clause Clear License is a derivative of - BSD 3-Clause "New" or "Revised" License, - which adds - an explicit statement clarifying that patent rights are - not granted by the license alone, and must be granted - separately by the copyright and/or patent holder(s). We - prefer this license over the BSD 3-Clause "New" or - "Revised" License due to this explicit statement which - removes any possibility of debate and misunderstanding - in regards to patents applied to code using the BSD - 3-Clause "New" or "Revised" License.

-
-
MIT License
- SPDX-License-Identifier: MIT -

Type: Permissive

-
-

MIT License - is a highly permissive license which - allows content licensed under it to be used in any way, - whether in source or binary form, and allows - sublicensing under a different license, with the only - restriction being the original copyright notice must be - kept in order to attribute the original creator of the - licensed content.
- Due to this license allowing the original project's name - and/or contributors to be used to endorse or promote - products derived from the original project, unless an - explicit statement is made alongside this license, - increasing complexity and deviating from the standard - license text, we prefer - BSD 3-Clause Clear License; - however, MIT License is - a great choice when derivatives using the name of the - original project and/or its contributors is a non-issue.

-
-
GNU General Public License v2.0
- SPDX-License-Identifier: GPL-2.0-only -

Type: Copyleft

-
-

GNU General Public License v2.0 - is a strong - copyleft license which restricts use of content licensed - under it by requiring all source code of the content to - be publicly available, making binary-only form and - inclusion of proprietary code impossible, requiring all - derivatives to be licensed under the same license - (allowing sublicensing under only newer GPL licenses if - GPL-2.0-or-later is specified in the SPDX- - License-Identifier), and requiring the original - copyright notice to be kept in order to attribute the - original creator of the licensed content.
- Due to the restrictive and invasive nature of this - license, it is avoided unless such restrictions would be - beneficial to Inferencium code; whenever this is the - case, the GNU General Public License v2.0 will be used, - rather than the more restrictive - GNU General Public License v3.0, - and relicensing - derivatives under the GNU General Public License v3.0 - will be disallowed.

-
-

Non-code

-
Creative Commons Attribution 4.0 International
- SPDX-License-Identifier: CC-BY-4.0 -

Type: Permissive

-
-

Creative Commons Attribution 4.0 International - is a - highly permissive license which allows content licensed - under it to be used in any way, in any medium, with the - only restriction being the original copyright notice - must be kept in order to attribute the original creator - of the licensed content.

-
-

Other

-

Code

-
GNU General Public License v3.0
- SPDX-License-Identifier: GPL-3.0-only -

Type: Copyleft

-
-

GNU General Public License v3.0 - is a strong - copyleft license which restricts usage of content - licensed under it by requiring all source code of the - content to be publicly available, making binary-only - form and inclusion of proprietary code impossible, - requiring all derivatives to be licensed under the same - license (allowing sublicensing under only newer GPL - licenses if GPL-3.0-or-later is specified - in the SPDX-License-Identifier), requiring the content - to be made available only on systems which allow - modifying the content, such as systems with - unlocked/unlockable bootloaders and/or which are - unsigned by the OEM, and requiring the original - copyright notice to be kept in order to attribute the - original creator of the licensed content.
- Due to the restrictive and invasive nature of this - license, and the fact it requires code to be included - only on specific systems, further restricting usage of - Inferencium code, it is avoided completely.

-
-

Non-code

-
Creative Commons Attribution Non Commerical 4.0 International
- SPDX-License-Identifier: CC-BY-NC-4.0 -

Type: Permissive non-commercial

-
-

Creative Commons Attribution Non Commercial 4.0 International - is a permissive license which allows - content licensed under it to be used in any way, in any - medium, with the restrictions being commercial usage is - prohibited, and the original copyright notice must be - kept in order to attribute the original creator of the - licensed content.
- Due to the non-commercial restriction of this license - preventing Inferencium code from being used for any - purpose, specifically preventing commercial usage we do - not want to prevent, it is avoided completely.

-

Recommendations

- -

Hardware

-

Smartphone

-
- - - - - - - - - - - - -
TypeHardwareDescriptionSource model
-
- (License - SPDX)
Smartphone
-
- Google Pixel		Google Pixel devices are the best Android devices - available on the market for - security and privacy.
-
- They allow locking the bootloader with a - custom Android Verified Boot (AVB) key - in order to - preserve security and privacy features when installing a - custom operating system, such as - verified boot - which verifies that the OS has not - been corrupted or tampered with, and - rollback protection - which prevents an adversary - from rolling back the OS or firmware version to a - previous version with known security vulnerabilities.
-
- They also include a - hardware security module - (Titan M2, improving on - the previous generation - Titan M) - which is extremely resistant to both - remote and physical attacks due to being completely - isolated from the rest of the system, including the - operating system. Titan M2 ensures that the device - cannot be remotely compromised by requiring the side - buttons of the device to be physically pressed for some - sensitive operations. Titan M2 also takes the role of - Android StrongBox Keymaster, - a - hardware-backed Keystore - containing sensitive user - keys which are unavailable to the OS or apps running on - it without authorisation from Titan M2 itself. - Insider attack resistance - ensures that Titan M2 - firmware can be flashed only if the user PIN/password is - already known, making it impossible to backdoor the - device without already knowing these secrets.
-
- Google Pixel device kernels are compiled with - forward-edge control-flow integrity - and - backward-edge control-flow integrity - to prevent - code reuse attacks against the kernel. MAC address - randomisation is - implemented well, along with minimal probe requests and randomised initial sequence numbers.
-
- Google releases - guaranteed monthly security updates, - ensuring - Google Pixel devices are up-to-date and quickly - protected against security vulnerabilities.
-
- Pixel 6-series and 7-series devices are a large - improvement over the already very secure and private - previous generation Pixel devices. They replace - ARM-based Titan M with RISC-V-based Titan M2, reducing - trust by removing ARM from the equation. Titan M2 is - more resiliant to attacks than Titan M, and is - AVA_VAN.5 certified, - the highest level of - vulnerability assessment. Google's in-house Tensor SoC - includes Tensor Security Core, further improving device - security.
-
- Pixel 6-series and 7-series devices are supported for a - minimum of 5 years from launch, - an increase from - previous generations' - support lifecycles of 3 years.
-
- -

Software

-

Desktop

-
- - - - - - - - - - - - - - - - - - - -
TypeSoftwareDescriptionSource model
-
- (License - SPDX)
Operating system
-
- Gentoo Linux		Gentoo Linux - is a highly modular, source-based, - Linux-based operating system which allows vast - customisation to tailor the operating system to suit - your specific needs. There are many advantages to such - an operating system, with the most notable being the - ability to optimise the software for security, privacy, - performance, or power usage; however, there are - effectively unlimited other use cases, or a combination - of multiple use cases.
-
- I have focused on security hardening and privacy - hardening, placing performance below those aspects, - although my system is still very performant. Some of the - hardening I apply includes - stack protection, - signed integer overflow wrapping, - and GrapheneOS' - hardened_malloc - memory allocator.
-
- You can find Inferencium's Gentoo Linux configurations - in Inferencium's - configuration respository.		Open source
-
- (GPL-2.0-only)
Web browser
-
- Chromium		Chromium - is a highly secure web browser which is - often ahead of other web browsers in security aspects. - It has a dedicated security team and a very impressive - security brag sheet. - Chromium's security features include a strong - multi-layer sandbox, - strong - site isolation, - Binding Integrity - memory hardening, and - control-flow integrity (CFI).Open source
-
- (BSD-3-Clause)
-
-

Smartphone

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TypeSoftwareDescriptionSource model
-
- (License - SPDX)
Operating system
-
- GrapheneOS		GrapheneOS - is a security-hardened, - privacy-hardened, secure-by-default, Android-based - operating system which implements extensive, systemic - security and privacy hardening to the Android Open - Source Project used as its base codebase. Its hardening - includes closing gaps for apps to access sensitive - system information, a secure app spawning feature which - avoids sharing address space layout and other secrets - AOSP's default Zygote app spawning model would share, - hardened kernel, - hardened memory allocator - (hardened_malloc) - to protect against common memory - corruption vulnerabilties, - hardened Bionic standard C library, - stricter SELinux policies, - and local and remote - hardware-backed attestation - (Auditor) - to ensure the OS has not been corrupted or - tampered with.
-
- GrapheneOS only supports - high security and well-supported devices - which - receive full support from their manufacturers, including - firmware updates, long support lifecycles, secure - hardware, and overall high security practices.
-
- For an extensive list of features GrapheneOS provides, - visit its - official features list - which provides extensive - documentation.		Open source
-
- (MIT)
Web browser
-
- Vanadium		Vanadium is a security-hardened, privacy-hardened - Chromium-based web browser which utilises GrapheneOS' - operating system hardening to implement stronger - defenses to the already very secure Chromium web - browser. Its hardening alongside Chromium's base - security features includes - disabling JavaScript just-in-time (JIT) compilation by default, - stubbing out the battery status API to prevent abuse of it, - and - always-on Incognito mode as an option.
-
- Vanadium's source code, including its Chromium patchset, - can be found in its - official repository.		Open source
-
- (GPL-2.0-only)
Messenger
-
- Molly		Molly - is a security-hardened, privacy-hardened - Signal - client which hardens Signal by using a - variety of - unique features, - allowing - locking the database when not in use, - and - utilising Android StrongBox - to protect user keys - using the device's hardware security module.
-
- Molly is available in - 2 flavours:
+
+ +

Table of Contents

+
Open source
+
  • Other
    • + + +
  • Recommendations
    • + + + +
    + +

    About Me

    +

    I am Jake Winters, also known by my pseudonym "Inference", a cybersecurity researcher + based in United Kingdom.
    + I am the founder, lead developer, and administrator, of Inferencium.
    + All opinions are my own, and are not necessarily shared with projects or people I am + affiliated with.

    +

    I write about my research and experience in cybersecurity and also physical security. + Most of my postings are security-related, but I occasionally post about other aspects of + my life.

    +

    I am an open source advocate for the preservation and modifiability of source code. I + believe source code should be considered human knowledge as much as past knowledge and + teachings were; it is how modern humanity survives and runs.
    + Source code being modifiable allows it to be adapted for use by anyone, whether to add + features, harden it for increased security and/or privacy, or provide accessibility for + disabled users.
    + I am also a modular design advocate for the ability to securely and robustly make + changes to hardware and software without the entire system being affected.

    +

    If you want to contact me for any reason, you can use my + contact methods.

    +

    I run the public Systems Hardening XMPP channel dedicated to systems security and + privacy hardening at sys-hardening@muc.xmpp.inferencium.net, and its + respective off-topic channel at + sys-hardening-ot@muc.xmpp.inferencium.net.

    +
    +
    +

    Licensing

    +

    Inferencium cares about upstreaming and sharing code, strongly preferring licenses which + have high license compatibility in order to permit sharing code with as many other projects + as possible; for this reason, permissive licenses are our preferred choice, while avoiding + copyleft licenses and other licenses which place restrictions on how our code may be used, + and prevent us from including important proprietary code, such as firmware, which can patch + security vulnerabilities, privacy issues, and stability issues. All Inferencium code is and + will be permissively licensed unless specific circumstances make it impractical or + infeasible to do so. Our goal is to share code which has the least amount of restrictions as + possible, to allow wider propagation of our code and allow more use cases and possibilities, + as well as ensuring proprietary code, whenever required, is permitted to be included.

    +

    ISO 5962:2021 + is used for licensing, in the format + SPDX-License-Identifier: <license>; see the + SPDX license list + for the full list of available licenses under this standard.

    +

    Preferred

    +

    Code

    +
    BSD 3-Clause Clear License
    + SPDX-License-Identifier: BSD-3-Clause-Clear +

    Type: Permissive

    +
    +

    BSD 3-Clause Clear License + is a highly permissive + license which allows content licensed under it to be + used in any way, whether in source or binary form, and + allows sublicensing under a different license, with the + only restrictions being the original copyright notice + must be kept in order to attribute the original creator + of the licensed content, and the name of the project + and/or its contributors may not be used to endorse or + promote products derived from the original project.
    + BSD 3-Clause Clear License is a derivative of + BSD 3-Clause "New" or "Revised" License, + which adds + an explicit statement clarifying that patent rights are + not granted by the license alone, and must be granted + separately by the copyright and/or patent holder(s). We + prefer this license over the BSD 3-Clause "New" or + "Revised" License due to this explicit statement which + removes any possibility of debate and misunderstanding + in regards to patents applied to code using the BSD + 3-Clause "New" or "Revised" License.


    - (GPL-3.0-only)
    Messenger
    -
    - Conversations    		Conversations - is a well-designed Android - XMPP - client which serves as the de facto XMPP - reference client and has great usability.Open source
    -
    - (GPL-3.0-only)
    -
    -

    Music

    -

    For a curated list of music I enjoy, visit my - music page.

    +
    MIT License
    + SPDX-License-Identifier: MIT +

    Type: Permissive

    +
    +

    MIT License + is a highly permissive license which + allows content licensed under it to be used in any way, + whether in source or binary form, and allows + sublicensing under a different license, with the only + restriction being the original copyright notice must be + kept in order to attribute the original creator of the + licensed content.
    + Due to this license allowing the original project's name + and/or contributors to be used to endorse or promote + products derived from the original project, unless an + explicit statement is made alongside this license, + increasing complexity and deviating from the standard + license text, we prefer + BSD 3-Clause Clear License; + however, MIT License is + a great choice when derivatives using the name of the + original project and/or its contributors is a non-issue.

    +
    +
    GNU General Public License v2.0
    + SPDX-License-Identifier: GPL-2.0-only +

    Type: Copyleft

    +
    +

    GNU General Public License v2.0 + is a strong + copyleft license which restricts use of content licensed + under it by requiring all source code of the content to + be publicly available, making binary-only form and + inclusion of proprietary code impossible, requiring all + derivatives to be licensed under the same license + (allowing sublicensing under only newer GPL licenses if + GPL-2.0-or-later is specified in the SPDX- + License-Identifier), and requiring the original + copyright notice to be kept in order to attribute the + original creator of the licensed content.
    + Due to the restrictive and invasive nature of this + license, it is avoided unless such restrictions would be + beneficial to Inferencium code; whenever this is the + case, the GNU General Public License v2.0 will be used, + rather than the more restrictive + GNU General Public License v3.0, + and relicensing + derivatives under the GNU General Public License v3.0 + will be disallowed.

    +
    +

    Non-code

    +
    Creative Commons Attribution 4.0 International
    + SPDX-License-Identifier: CC-BY-4.0 +

    Type: Permissive

    +
    +

    Creative Commons Attribution 4.0 International + is a + highly permissive license which allows content licensed + under it to be used in any way, in any medium, with the + only restriction being the original copyright notice + must be kept in order to attribute the original creator + of the licensed content.

    +
    +

    Other

    +

    Code

    +
    GNU General Public License v3.0
    + SPDX-License-Identifier: GPL-3.0-only +

    Type: Copyleft

    +
    +

    GNU General Public License v3.0 + is a strong + copyleft license which restricts usage of content + licensed under it by requiring all source code of the + content to be publicly available, making binary-only + form and inclusion of proprietary code impossible, + requiring all derivatives to be licensed under the same + license (allowing sublicensing under only newer GPL + licenses if GPL-3.0-or-later is specified + in the SPDX-License-Identifier), requiring the content + to be made available only on systems which allow + modifying the content, such as systems with + unlocked/unlockable bootloaders and/or which are + unsigned by the OEM, and requiring the original + copyright notice to be kept in order to attribute the + original creator of the licensed content.
    + Due to the restrictive and invasive nature of this + license, and the fact it requires code to be included + only on specific systems, further restricting usage of + Inferencium code, it is avoided completely.

    +
    +

    Non-code

    +
    Creative Commons Attribution Non Commerical 4.0 International
    + SPDX-License-Identifier: CC-BY-NC-4.0 +

    Type: Permissive non-commercial

    +
    +

    Creative Commons Attribution Non Commercial 4.0 International + is a permissive license which allows + content licensed under it to be used in any way, in any + medium, with the restrictions being commercial usage is + prohibited, and the original copyright notice must be + kept in order to attribute the original creator of the + licensed content.
    + Due to the non-commercial restriction of this license + preventing Inferencium code from being used for any + purpose, specifically preventing commercial usage we do + not want to prevent, it is avoided completely.

    + +
    +

    Recommendations

    + +

    Hardware

    +

    Smartphone

    +
    + + + + + + + + + + + + +
    TypeHardwareDescriptionSource model
    +
    + (License - SPDX)
    Smartphone
    +
    + Google Pixel    		Google Pixel devices are the best Android devices + available on the market for + security and privacy.
    +
    + They allow locking the bootloader with a + custom Android Verified Boot (AVB) key + in order to + preserve security and privacy features when installing a + custom operating system, such as + verified boot + which verifies that the OS has not + been corrupted or tampered with, and + rollback protection + which prevents an adversary + from rolling back the OS or firmware version to a + previous version with known security vulnerabilities.
    +
    + They also include a + hardware security module + (Titan M2, improving on + the previous generation + Titan M) + which is extremely resistant to both + remote and physical attacks due to being completely + isolated from the rest of the system, including the + operating system. Titan M2 ensures that the device + cannot be remotely compromised by requiring the side + buttons of the device to be physically pressed for some + sensitive operations. Titan M2 also takes the role of + Android StrongBox Keymaster, + a + hardware-backed Keystore + containing sensitive user + keys which are unavailable to the OS or apps running on + it without authorisation from Titan M2 itself. + Insider attack resistance + ensures that Titan M2 + firmware can be flashed only if the user PIN/password is + already known, making it impossible to backdoor the + device without already knowing these secrets.
    +
    + Google Pixel device kernels are compiled with + forward-edge control-flow integrity + and + backward-edge control-flow integrity + to prevent + code reuse attacks against the kernel. MAC address + randomisation is + implemented well, along with minimal probe requests and randomised initial sequence numbers.
    +
    + Google releases + guaranteed monthly security updates, + ensuring + Google Pixel devices are up-to-date and quickly + protected against security vulnerabilities.
    +
    + Pixel 6-series and 7-series devices are a large + improvement over the already very secure and private + previous generation Pixel devices. They replace + ARM-based Titan M with RISC-V-based Titan M2, reducing + trust by removing ARM from the equation. Titan M2 is + more resiliant to attacks than Titan M, and is + AVA_VAN.5 certified, + the highest level of + vulnerability assessment. Google's in-house Tensor SoC + includes Tensor Security Core, further improving device + security.
    +
    + Pixel 6-series and 7-series devices are supported for a + minimum of 5 years from launch, + an increase from + previous generations' + support lifecycles of 3 years.
    +
    + +

    Software

    +

    Desktop

    +
    + + + + + + + + + + + + + + + + + + + +
    TypeSoftwareDescriptionSource model
    +
    + (License - SPDX)
    Operating system
    +
    + Gentoo Linux    		Gentoo Linux + is a highly modular, source-based, + Linux-based operating system which allows vast + customisation to tailor the operating system to suit + your specific needs. There are many advantages to such + an operating system, with the most notable being the + ability to optimise the software for security, privacy, + performance, or power usage; however, there are + effectively unlimited other use cases, or a combination + of multiple use cases.
    +
    + I have focused on security hardening and privacy + hardening, placing performance below those aspects, + although my system is still very performant. Some of the + hardening I apply includes + stack protection, + signed integer overflow wrapping, + and GrapheneOS' + hardened_malloc + memory allocator.
    +
    + You can find Inferencium's Gentoo Linux configurations + in Inferencium's + configuration respository.    		Open source
    +
    + (GPL-2.0-only)
    Web browser
    +
    + Chromium    		Chromium + is a highly secure web browser which is + often ahead of other web browsers in security aspects. + It has a dedicated security team and a very impressive + security brag sheet. + Chromium's security features include a strong + multi-layer sandbox, + strong + site isolation, + Binding Integrity + memory hardening, and + control-flow integrity (CFI).Open source
    +
    + (BSD-3-Clause)
    +
    +

    Smartphone

    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    TypeSoftwareDescriptionSource model
    +
    + (License - SPDX)
    Operating system
    +
    + GrapheneOS    		GrapheneOS + is a security-hardened, + privacy-hardened, secure-by-default, Android-based + operating system which implements extensive, systemic + security and privacy hardening to the Android Open + Source Project used as its base codebase. Its hardening + includes closing gaps for apps to access sensitive + system information, a secure app spawning feature which + avoids sharing address space layout and other secrets + AOSP's default Zygote app spawning model would share, + hardened kernel, + hardened memory allocator + (hardened_malloc) + to protect against common memory + corruption vulnerabilties, + hardened Bionic standard C library, + stricter SELinux policies, + and local and remote + hardware-backed attestation + (Auditor) + to ensure the OS has not been corrupted or + tampered with.
    +
    + GrapheneOS only supports + high security and well-supported devices + which + receive full support from their manufacturers, including + firmware updates, long support lifecycles, secure + hardware, and overall high security practices.
    +
    + For an extensive list of features GrapheneOS provides, + visit its + official features list + which provides extensive + documentation.    		Open source
    +
    + (MIT)
    Web browser
    +
    + Vanadium    		Vanadium is a security-hardened, privacy-hardened + Chromium-based web browser which utilises GrapheneOS' + operating system hardening to implement stronger + defenses to the already very secure Chromium web + browser. Its hardening alongside Chromium's base + security features includes + disabling JavaScript just-in-time (JIT) compilation by default, + stubbing out the battery status API to prevent abuse of it, + and + always-on Incognito mode as an option.
    +
    + Vanadium's source code, including its Chromium patchset, + can be found in its + official repository.    		Open source
    +
    + (GPL-2.0-only)
    Messenger
    +
    + Molly    		Molly + is a security-hardened, privacy-hardened + Signal + client which hardens Signal by using a + variety of + unique features, + allowing + locking the database when not in use, + and + utilising Android StrongBox + to protect user keys + using the device's hardware security module.
    +
    + Molly is available in + 2 flavours:
    +
      +
    • Molly, which includes the same + proprietary Google code as Signal to + support more features.
      • +
      +
    • Molly-FOSS, which removes the + proprietary Google code to provide an + entirely open-source client.
      • +
    +     		Open source
    +
    + (GPL-3.0-only)
    Messenger
    +
    + Conversations    		Conversations + is a well-designed Android + XMPP + client which serves as the de facto XMPP + reference client and has great usability.Open source
    +
    + (GPL-3.0-only)
    +
    +
    +
    +

    Music

    +

    For a curated list of music I enjoy, visit my + music page.

    +