Blog

🎥 Video Link Links referenced for video https://www.privacy-handbuch.de/handbuch_21i.htm - Firefox Snake Oil - Main article referenced https://www.eff.org/deeplinks/2009/09/online-trackers-and-social-networks - EFF original announcement of DNT https://gizmodo.com/do-not-track-the-privacy-tool-used-by-millions-of-peop-1828868324 https://www.wired.com/story/browser-fingerprinting-tracking-explained/ https://www.groovypost.com/reviews/internet-explorer-10-preview-windows-7/ https://www.wired.com/2012/08/microsoft-do-not-track-is-good-for-users-on-by-default-in-ie-10/) https://news.yahoo.com/yahoo-stops-supporting-not-track-privacy-setting-163054926.html - Yahoo stopping support for DNT https://martech.org/know-twitters-latest-privacy-policy-update/ - Twitter stopping support for DNT https://support.google.com/chrome/answer/2790761 - Google doesn’t support DNT https://www.macworld.com/article/232426/apple-safari-removing-do-not-track.html - Apple removes DNT from Safari How to disable “Do Not Track” in popular browsers https://support.google.com/chrome/answer/2790761 - How to disable “Do Not Track” in Chrome https://support.mozilla.org/en-US/kb/how-do-i-turn-do-not-track-feature - How to disable “Do Not Track” in Firefox https://answers.microsoft.com/en-us/windows/forum/all/do-not-track-setting-in-edge/b3d7b40f-dfce-47f7-b9ab-9d0e940ccf97 - How to disable “Do Not Track” in Edge Transcript Please excuse any grammatical errors. I used a tool to generate the transcript and haven’t had a chance to read through it yet. ...

🎥 Video Link Links referenced for video https://grapheneos.org/ - GrapheneOS https://jkuester.github.io/unlauncher/ - Unlauncher https://github.com/jkuester/unlauncher - Unlauncher GitHub https://signal.org/ - Signal https://store.google.com/category/phones - Google Pixel https://youtu.be/B0RVWU_nROk - YouTube Video - I used a flip phone for 30 days https://youtu.be/Vl5OrbsXBI8 - YouTube Video - One Month with a Minimalist Dumb Phone | Light Phone II Review https://www.thelightphone.com/ - Light Phone https://palm.com/pages/product - Palm Phone https://mudita.com/products/phones/mudita-pure/ - Mudita Pure https://github.com/sduduzog/slim-launcher - Slim launcher (Unlauncher is a fork of this project) Transcript Please excuse any grammatical errors. I used a tool to generate the transcript and haven’t had a chance to read through it yet. ✔️ ...

🎥 Video Link Links referenced for video https://grapheneos.org/install/web - GrapheneOS Web installer https://grapheneos.org/donate - GrapheneOS donation page https://grapheneos.org/features#sandboxed-google-play - Sandboxed Google Play details https://sideofburritos.com/docs/setup-guides/mobile-privacy/ - Mobile Privacy & Security Guide https://youtu.be/SZ0PKtiXTSs - How to install Sandboxed Google Play in a separate User Profile https://nitter.net/DanielMicay/status/1552966692749414402#m - Twitter thread explaining OEM unlocking Transcript Please excuse any grammatical errors. I used a tool to generate the transcript and haven’t had a chance to read through it yet. So in today’s video, I’ll be demonstrating how to install graphene iOS on the Google Pixel seven specifically, but if you have a different Google Pixel, this process will be relatively similar, I’m going to be using the web installer. And if you use that, it’s nearly impossible to mess up your phone. So don’t be afraid to attempt this. Now with that being said, there are a few hiccups you may run into during the install process. And I’ll cover those at the relevant points in the video. The computer I’m demonstrating this from is running Mac OS, and I’m using the brave browser. So to get started, we’re going to head on over to Griffin os.org. All websites that I mentioned in the video will be linked down below in the description box. So once you get here, click on Install Griffin OS. As I mentioned, we’re going to be using the web based installer. So once you get to this page, we’re going to scroll down to the prerequisites, give this a read through make sure that you have all of these requirements met. Make sure you’re using one of the supported OSS, like I said, I’ll be installing from macOS. So besides a supported operating system, make sure you are using a supported browser. There is an important note here, if you are using chromium on Ubuntu, it’s broken and will not work. So use a different browser, such as Google Chrome. Another important note here do not use incognito or private browsing mode. And so once you give that a read through, I’m not going to waste your time by reading it to you, and you make sure that all the prerequisites are met, we can then proceed on to the first step, which is enabling OEM unlocking in the screen we’re currently on is the screen that you’ll see if you just bought it brand new and just took it out of the box. So first, I’m going to walk through the initial setup. If you’re already past this part, you can skip it, I’ll leave the timestamps down below in the play bar. So we’re going to go ahead and select to get started. I’m not going to connect to a mobile network, I don’t have a SIM card in my phone. Skip. I’m going to skip connecting to Wi Fi select Setup offline, continue. Date and time, you can leave that set to default. You don’t need to uncheck these but I like to anyways click Accept limited warranty. Next additional legal terms except we are going to be erasing the phone so you don’t really need to set a pin but I think it’s good practice anyways ...

🎥 Video Link Links referenced for video https://joinmastodon.org/ - Mastodon create account https://joinmastodon.org/covenant - Mastodon Server Covenant https://debirdify.pruvisto.org/ - Debirdify - Twitter migration tool https://apps.apple.com/us/app/mastodon-for-iphone/id1571998974 - Apple/iOS Mastodon mobile app https://play.google.com/store/apps/details?id=org.joinmastodon.android - Android Mastodon mobile app https://axbom.com/mastodon-tips/ - Mastodon helpful tips https://sideofburritos.social/@josh - My Mastodon profile https://infosec.exchange/ - Mastodon instance I signed up with Transcript Please excuse any grammatical errors. I used a tool to generate the transcript and haven’t had a chance to read through it yet. So let’s talk about mastodon. There’s a lot of videos out there on why you should sign up for Mastodon, but I thought I would make a video on what it is a step by step guide with a live demo on how to sign up some basic usage, importing your Twitter followers and how to log into the mobile app. It’s also important to realize that you shouldn’t see Mastodon as a direct replacement for Twitter, or wonder if it can replace Twitter. It’s a different platform, it’s going to be a different community. So I suggest just checking it out, giving it a try seeing what you think, and kind of going from there. So before we go into the step by step of how to sign up for an account on Mastodon, I want to first talk about what it is and what it means to be a federated service. If you already understand the basics of Mastodon, you can skip this part, I will have the timestamps in the play bar below. So Mastodon is a federated service, which means it’s a group of servers hosted by individuals, even you could host your own if you wanted, and they’re federated together, which means they have a common communication protocol, which lets each individual server interact with one another. To understand that a little bit better. Let’s take a look at some pictures. So the first example is what a non federated service looks like. So if you, the user want to sign up for twitter.com, you go to the one location of Twitter, which is twitter.com. users sign up and they interact with each other on that platform. Another example is Facebook. If you want to sign up for Facebook, you go to facebook.com, sign up with an account, and you interact with users on that platform. But for all intents and purposes, these two platforms operate independent of one another. If you’re searching for something on Twitter, if you’re posting to Twitter, you’re not going to be interacting with anyone on Facebook, there’s a hard line between the platforms, they are run by a singular organization. There’s no Twitter to Twitter, three, Facebook to you sign up on one platform, it’s all centralized. And all content and interaction happens on that singular instance. So again, this is an example of a non federated centralized service. So now before we talk about Mastodon, let’s talk about another federated service that you are most likely already using, but did not realize it. So email is a federated service, you can sign up on different providers, whether that’s Yahoo, AOL, Gmail, proton mail. And so even though you signed up for your email address on these individual platforms, someone on proton mail can send an email to someone on Gmail, and vice versa. These platforms are all independently operated, but they use a common protocol, which lets them communicate with one another, which is why email is considered federated. Another example would be cell phone service, you can call another number that’s on another carrier, T Mobile AT and T you could even call someone from the United States to someone in Europe and communicate. They’re all operated by individual companies. But they use an agreed upon standard which lets them communicate with one another scenario that we saw an example of a non federated service, a federated service, such as email, let’s talk about Mastodon specifically. So Mastodon is not a centralized service. It is Foss, or free and open source software that is run on different servers operated by different individuals or groups on what are referred to as instances. So what you have here is you’ll have someone hosting a mastodon instance, you have other individuals or groups again, hosting the same software running on their server that they control. And then what makes Mastodon a federated service is that each of these instances that are operated by different groups or individuals use an agreed upon protocol that allows them to communicate and interact with one another. So as you’ll see, shortly, when we sign up for an account, we’re going to pick a specific instance where we sign up with our account. So for example, let’s say we sign up for an account on Tiger since Mastodon is a federated service. Even though we just signed up on this singular instance, we will be able to communicate with anyone on a different instance. So you sign up on Tiger, you can still talk with someone on lizard or fish, they’ll be able to search for you and your content, they’ll be able to see your posts, but this is mostly so you can get the basic understanding that it is a decentralized service comprised of different instances run by individuals and groups that can all talk with one another. No singular organization controls the mastodon network. It’s a group of instances that can communicate with one another that creates the federated network. So that was a basic overview of Mastodon and how a federated network operates. If that just made it more confusing, don’t worry, the actual signup might make things a little bit clearer once you can see it. So the first step for actually signing up for a mastodon account is to head on over to join mastodon.org. As always, links will be down below in the description. Once you get here, we’re going to select Create Account. And so like I mentioned in the example, we’re going to have a bunch of instances that we can select from ritually sign up for our account. And so the reason we’re going to join mastodon.org to find a server is that while this isn’t a list of all servers that are out there, it’s a list of servers that have committed to the mastodon covenant, which is a good starting point. Like I said, these servers are operated by individuals or small organizations, which means that those individuals or groups control the content that can appear on there as well. As how those servers are run, such as backups and different things like that. So at the bare minimum, at least know the servers listed here committed to the following four items, which is a good starting point. And just because you don’t see a server listed here doesn’t mean it’s bad. It just means that the operator did not submit their server to be indexed here. So the instance you choose is kind of like selecting your local bar or pub that you might frequent. And once you get in there, you can still communicate with everyone else, it’s just that that location you selected is your entry point into the network. Let’s say that your Pub is located in North America. And you want to find one that has the same interest as you so that when you enter there, first UC people that like to talk about the same things. In my case, North America, I like technology, some locations might require you to apply for an account. But for the sake of this example, I want an instant account. And so now we’re looking at instances that are legally based in North America with the topic of technology that have instant sign up. So I’m just going to pick this IOC data exchange. But regardless of what I initially choose, I can still interact with anyone on the mastodon network. And one more thing before we sign up, if you’re like me and afraid of commitment, do not worry, you can sign up for an instance. And if for some reason you don’t like the people that are on there, you can always migrate and switch to a different one at a later time. So take your time look around to try out different instances until you find one that you’d like. So to actually sign up, we’re going to click Create Account. And we are now taken to the homepage for this instance, which is IOC data exchange, as we can see in our browser. So as I was mentioning about looking around and checking out the instance, before you actually join, once you get to the homepage, you can kind of take a look around and see what the posts look like. You can see some stats about the server, this IOC that exchange has 17,000 active users, you can check out the Explorer option, local, they give a little explanation here, these are the most recent public posts from people whose accounts are hosted by IOC data exchange. So again, local to the instance that we are on currently, there is then the federated option. And these are the most recent public posts from people on this and other servers on the decentralized network that the server knows about. So let’s say that someone on IOC that exchange follows another user on a different federated server. And since someone on IOC that exchange is following someone on mastodon.rt, those two servers know about each other in the federated network, which is why you see posts from mastodon.rt on the federated page. And so as far as researching the instance that you want to sign up for goes, here, we have who it’s administered by, again, server stats, we can click learn more, we can kind of see some details about it, the server roles. And so since this is decentralized, and individuals are hosting these instances, you can see some details about the hosting. So here we have, it’s hosted in Linode. It’s costing them around $300 a month, where media files are hosted different details like that. So each of the servers here should have some sort of information like that. So if we take out, so we check out tech hub dot social. Again, we can see who it’s administered by 42,000 active users. Learn more, we can see details about it. So look through different servers, check out the local content, see if it’s things you’re interested in. There’s a lot of servers to choose from. So take your time and test them out. So for this example, like I said, I’m going to create an account on IOC that exchange. So create an account, just some ground rules, except, so your display name is what will show on your profile. So in my case, I’m just going to put side of burritos, your user name, this is going to be your handle on mastodon. So I’m just going to do side of burritos, enter your email address, password, agree and sign up. Select most online accounts, you need to go click the confirmation link that went to your email address. Once you click that, you’ll then be able to login. ...

🎥 Video Link Links referenced for video https://feed.bugs.xdavidhu.me/bugs/0016 - Complete Lock Screen Bypass on Google Pixel devices post by David Schütz https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/ - Accidental $70k Google Pixel: Lock Screen Bypass - by David Schütz https://nitter.net/xdavidhu/status/1590626467414958080 - Tweet by David Schütz announcing discovery of vulnerability https://source.android.com/docs/security/bulletin/2022-11-01 - Pixel Update Bulletin—November 2022 https://android.googlesource.com/platform/frameworks/base/+/ecbed81c3a331f2f0458923cc7e744c85ece96da - Technical details regarding fix https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20465 - CVE-2022-20465 https://support.google.com/pixelphone/answer/4457705 - Support schedule for Pixel Phones https://nitter.net/DanielMicay/status/1590941219462742018 - Tweet by Daniel Micay regarding scope of vulnerability https://grapheneos.org/features#auto-reboot - GrapheneOS Auto reboot feature https://grapheneos.org/ - GrapheneOS home page Transcript Please excuse any grammatical errors. I used a tool to generate the transcript and haven’t had a chance to read through it yet. ...

🎥 Video Link Links referenced for video https://grapheneos.org/install/web - GrapheneOS Web installer https://nitter.net/DanielMicay/status/1552966692749414402#m - Twitter thread explaining OEM unlocking https://grapheneos.org/donate - GrapheneOS donation page https://grapheneos.org/features#sandboxed-google-play - Sandboxed Google Play details Transcript Please excuse any grammatical errors. I used a tool to generate the transcript and haven’t had a chance to read through it yet. So the main purpose of today’s video is to install graphene OS on the Google Pixel six a specifically, the process will be similar regardless of which pixel you have. But the one I’m demonstrating on today is the six A, we’re going to be following the instructions on graphene os.org. I’ll put the link down below in the description as well as on the screen right now. And we will be using the web installer, it’s essentially impossible to break your phone using the web installer. So don’t be scared to try this, I’ve done the process probably about 50 to 100 times at this point, I’ve never had an issue with it. Now that being said, there are some issues that come up for some individuals when they are going through the install process. And I will point those out throughout the video for any tips, you can try to overcome those. But with that out of the way, let’s begin the installation process. So we’re at Griffin os.org, the web installer, we’re going to go down to the prerequisites, give this a read through the supported OS. I’m installing this from Mac OS today using brave browser, make sure you are using a supported browser and a supported OS. Otherwise you will encounter issues. This is a very important note for those on Ubuntu. If you’re using chromium that is broken and will not work. So make sure if you’re on a boon to you are not using chromium. So once you know you’re using a supported browser and OS, we can continue, make sure to give all this a read through I’m not going to waste your time reading it to you. But there’s some other important bits of information in here such as Do not use an incognito browser or private browser. Because again, you will encounter issues. So once you make sure all the prerequisites are met, we are on to enabling OEM unlocking. So just a note about where you get your information from always go to the source directly, in this case, Griffin os.org. That’s why I’m following along in their guide when showing you the developers do a great job documenting the installation process and different features. Always go to the source. First, don’t trust some random YouTuber talking about it, or some random forum posts that you saw, you’ll always get the best information directly from the source. So the first step for this OEM unlocking needs to be enabled from within the operating system, enable the developer options by going into settings about and pressing the build number entry until developer mode is enabled. So I’m going to be demonstrating this, like I just took my pixel out of the box. When you turn it on for the first time, you will see this screen. If you already past the initial setup, and you want to skip ahead, I’ll have that in the play bar below. So you can skip this section. But if you’re here, go ahead and press Get Started. I don’t have a SIM card in the phone yet. So go ahead and click Skip. So you could connect to Wi Fi at this point. But I like to skip this because we don’t need a Wi Fi connection, we can set up the pixel offline first. So we’re gonna go to Setup offline. Just a quick warning about setting up offline continue. Date and time. I uncheck these just for good practice. Except Except it’s always good practice to set a pin. Even if you’re just going to be erasing the OS quick. Sometimes I don’t but you should anyways. ...

🎥 Video Link Links referenced for video https://landing.google.com/advancedprotection/ - Enrollment page https://about.fb.com/news/2022/10/protecting-people-from-malicious-account-compromise-apps/ - Facebook/Meta compromised apps https://support.google.com/a/answer/9503534 - Advanced Protection Program FAQ https://support.google.com/accounts/answer/9289445 - Use your phone’s built-in security key https://support.google.com/accounts/answer/7519408 - How Advanced Protection Program works https://support.google.com/accounts/answer/46526 - Google Account Security Checkup

🎥 Video Link Links referenced for video https://youtu.be/hx2eiPTe7Zg - Sensors and Network permission toggle video https://grapheneos.org/features#sensors-permission-toggle - Sensors permission toggle https://grapheneos.org/features#network-permission-toggle - Network permission toggle https://discuss.grapheneos.org/d/502-mahjong-soul-game-constantly-crashing - Thread discussing Unity memory corruption bug https://grapheneos.org/usage#exec-spawning - Exec spawning https://grapheneos.org/usage#bugs-uncovered-by-security-features - Bugs uncovered by security features https://grapheneos.org/features#exploit-mitigations - Exploit mitigations

🎥 Video Link Links referenced for video https://blog.youtube/press/ https://blog.youtube/news-and-events/introducing-handles-a-new-way-to-identify-your-youtube-channel/ https://www.youtube.com/watch?v=1Cw-vODp-8Y - Video: YouTube Needs to Fix This https://www.youtube.com/watch?v=w3QxMFwQAfM - Video: YouTube Comment Giveaway SCAMS ft. Pleasant Green

🎥 Video Link Links referenced for video https://matt.traudt.xyz/posts/2019-10-17-you-want-tor-browser-not-a-vpn/ https://madaidans-insecurities.github.io/index.html https://privsec.dev/knowledge/commercial-vpn-use-cases/ https://www.cnet.com/home/internet/ftc-calls-out-internet-providers-for-amassing-user-browsing-data/ https://blog.james.cridland.net/why-you-probably-dont-need-a-vpn-e7bb35e7d744 https://www.tomsguide.com/news/you-may-no-longer-need-vpn