Well damn. It has been a while since I had looked at it.
Conversation
Yeah. The developer is working on a new CopperheadOS-like successor...
1
1
The original open source project started before Copperhead continued under permissive licensing as GrapheneOS:
grapheneos.org
github.com/GrapheneOS
Auditor and AttestationServer are usable with stock OS on a bunch of devices too:
attestation.app/about
3
3
I am aware that GrapheneOS is based on original source code from CopperheadOS before the legal spat, since you still had possession of the project.
2
1
Yeah, I can see that you follow me, but most of the other people in the thread are probably not aware. The early funding and support from people who understood what happened allowed the project to continue and become GrapheneOS:
twitter.com/snowden/status
It was a very rough year.
Quote Tweet
For my infosec peeps, if you aren't already following this guy, here are two good reasons to change your mind: twitter.com/DanielMicay/st…
2
2
Since the project's Twitter account was seized by the company along with the infrastructure, they were able to very successfully cover up what happened and prevent the users / customers from finding out about the permissively licensed and free as beer continuation of the project.
2
2
There was a link in this thread posted earlier in which on reddit you had said that the Infrastructure for CHOS was comprised and I’d like a bit of clarification on that if possible.
2
1
The project infrastructure was seized by the company from the project. They were providing it to the project so they were in a position to do that. I considered a greedy psychopath willing to do or say anything for money including screwing over users to be a compromise of it.
2
3
I wanted to part ways with Copperhead and James for a long time. I ended up trapped in that situation because I had to keep working on it in that context for years to continue support for the users and customers. Eventually, James decided he'd be better off without me anyway.
1
3
Since it was never going to be possible to create another update or to continue using the old branding, I wiped the signing keys used to sign the releases. That was important because James was demanding they be turned over including threatening to trick the police into helping.
1
3
Keeping the signing keys would have allowed users to sideload the initial AndroidHardening release as an upgrade instead of backing up, unlocking, flashing, locking and restoring but I think it was the right approach. It took almost a year to get things fully going again anyway.