Okay I'll bite, so I did the research on the case. They posted nothing to prove he was arrested for refusing a deal with the FBI. What actually happened is he pleaded guilty to an offence in 2014 and violated the terms of his bond / probation. Unless they go forth and show more, it is horse shit. Here is the individual pleading guilty: 📄.pdf He was arrested for not paying his bond, using a computer when he was forbidden to, ignored communications with his probation officer and more. Here is the petition of warrant to see what violations of his Bond he used: 📄.pdf How could he have been operating Tor nodes past 2014 if he wasn't allowed to have computers? I hate cops, but he deliberately tried to set them up. He refused to show up so they went to his door and so they arrested him. There were warrants out for his arrest. Here is the arrest warrant: 📄.pdf View quoted note →

A contributor for #GrapheneOS has been co-credited by Apple for information regarding a security vulnerability in USB Restricted Mode for Apple operating systems. >CVE-2026-43262: Purophoria, an anonymous researcher of GrapheneOS, James J. Kalafus, Michel Migdal Congratulations to our contributor.

Apple Support

About the security content of macOS Tahoe 26 - Apple Support (CA)

This document describes the security content of macOS Tahoe 26.

Build your own open source trackball mouse. Thats all. You won't regret it

Ploopy Classic 2 Trackball – Ploopy

View quoted note →

Keyboards and switches used by project team members when I asked: 1. "Keychron K2 Max" (Keychron Super Banana switches) 2. Weikav D75 with Kailh BOX Royals 3. (Photo of a split keyboard with palm rests) 4. "MMD Princess switches" / "Cherry MX2A Speed Silvers are my favourite" 5. "Waiting for my Hyper 7 to arrive" View quoted note →

Build your own keyboard. That's all. You won't regret it

Accrescent is an early alpha app store made by a sole developer. It is designed for security and privacy. The application has a hardcoded key that checks for a cryptographically signed app repository. If the repository is compromised, it would not be able to deliver anything malicious due to them not having access to the cryptographic keys to sign new repository metadata. The metadata is downgrade protected with a minimum version pinned to the app to prevent old repositories being used. In the signed repo metadata, the application ID, signing key hash, and minimum expected version for each app are available. This ensures a legitimate app install and prevents first installing an insecure outdated version. View quoted note →

Android applications are cryptographically signed by the developer of the application when they are packaged. When you install an application, the signing certificate is pinned by the operating system and trusted on first use (TOFU). This prevents an app with the same app ID (domain.company.application) having a different certificate be installed. This has a few benefits: - You ensure updates are only able to be delivered by the same entity, providing the signing certificates isn't compromised. - An app can't be tampered with since it will require being re-signed. - You can use the hash of the certificates as a form of app / developer verification. Outside of signing, apps are also protected by downgrade protections to prevent downgrade attacks. A limitation with TOFU is that it doesn't verify it an app is legitimate, only that it is different from the original install. App stores provide far more verification on an application being listed and are more likely to assure you getting a legitimate app than getting a random APK file off the internet. AppVerifier is an app by one of our app developers that lets you check the signing certificate hashes of an app. You can compare the signing hash with one the developer publishes with your own install to validate you have an authentic package. #GrapheneOS will eventually add this as a UI feature (e.g. in the install dialog) in the later future to not necessitate having an additional app. This information is heavily used to verify apps in an Alpha build app store called Accrescent which we'd like other app store apps to follow the model of. I will explain further about the workings of it later. Other app stores like F-Droid and recently Google Play compile the apps and/or sign them. The former only allowing own signings certificates if there is reproducible builds (a minimal amount). This is problematic, as it adds an additional trusted party. Apps should be exclusively signed by developers as a compromise of a shared signing certificate means a pwn of every app using that certificate. It also makes updates impossible should the apps be exited from the app store or if you want to get from another source. It is even more telling as F-Droid builds apps on extremely old infrastructure that missed features from processors added in the late 2000s - early 2010s.