We've identified a dozen serious privacy and security issues in various upstream projects over the past couple months. It's frustrating, since we lack the resources to fix it all ourselves. Been reporting most of the issues but progress on resolving them is usually very slow.
Conversation
We're working on resolving some of these ourselves. It's taking up a lot of our development time. One of the issues is lack of communication and coordination with upstream projects. It can be hard to tell if they understand the issues and are actually working on resolving them...
Replying to
Currently working on a release fixing some of these problems. It replaces several of our workarounds for user profile information leak / denial of service issues with proper fixes, including one contributed upstream by Sony. It also applies some driver fixes missing upstream.
1
7
Remaining: IPv4 privacy issue, IPv6 privacy issues (I've posted about related issues before), use-after-free when disconnecting keyboards, serious memory corruption bugs in one of the most popular game engines, multiple profile issues (races, wrong query context) and much more.
5
Replying to
I know it's impossible to know when these might be fixed. But, I'm curious as to when...I've been looking forward to the new installation platform and I have a new device that I want to use it on.
1
Replying to
It's not a reason to avoid installing GrapheneOS. It's about our ongoing work to improve privacy and security.
Ideally, most of our efforts could be spent developing new features but we need to spend a lot of time fixing upstream bugs uncovered by our features or research.
1
Show replies