Open maltfield opened 6 months ago
@Jertec is it just me or did this ticket get deleted?
Yeah it looks like it. What gives?
Apr 27, 2024 14:49:51 Michael Altfield @.***>:
@Jertec[https://github.com/Jertec] is it just me or did this ticket get deleted?
— Reply to this email directly, view it on GitHub[https://github.com/maltfield/os-issue-tracker/issues/1#issuecomment-2081139555], or unsubscribe[https://github.com/notifications/unsubscribe-auth/ASY2VE56R4KDFUQ7SWMWH5TY7PXM3AVCNFSM6AAAAABG4JSFD6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBRGEZTSNJVGU]. You are receiving this because you were mentioned. [Tracking image][https://github.com/notifications/beacon/ASY2VE7RA22G3LVSCFOOSSTY7PXM3A5CNFSM6AAAAABG4JSFD6WGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTT4BOVWG.gif]
Adding comment from jertec because I thought it was very insightful
Thank you for taking the time to reply. From your response, I'm gathering that Graphene won't develop any features, unless they directly enhance security. Even basic features that have been with lineage for over a decade, since the early Cyanogen days. I understand why this might be. Let me just respond to two points you made, because I believe this feature does actually fit with with graphene, based on what you said.
Force close on back isn't a legacy navigation mode feature. It's alive and well right now in the gesture base navigation system. You can witness it in lineage, as a gesture. The back gesture is enhanced. The user can execute the gesture as normal for the simple back functionality. To force closing the foreground app, the user executes the same gesture, but pulls further along the screen. I use this frequently on my pixel running lineage 21, and would find it difficult to live without.
This is certainly a security feature. If I find that an app is behaving in a way that I find threatens my security, in one gesture I can kill its processes. One example might be if I accidentally click on a malicious link, and find my browser opening up to a page I dont trust, or have reason to suspect could be malicious. Being able to kill the process within two seconds is critical.
@jertec this info may be useful for CalyxOS:
CalyxOS's ticket is still open. They got stuck on the implementation for gesture-based nav. I don't think they know that it's available for gesture nav.
Probably Calyx would implement this into CalyxOS if we could point them to the code implementation of it in Lineage that you described above.
On 2023-03-022, @thestinger wrote:
There is no back button in the modern navigation mode (gesture navigation). We don't take proposals for improvements to traditional 3 button navigation.
This is an important security feature for a user who is playing with a new app. Sometimes a fat-finger mistake or a misbehaving app may begin to do something undesired (eg exfiltrating data by mistake), and it's necessary for the user to quickly kill the app.
The above process takes a long time, and is probably not fast enough to kill an app that, for example, is sending an unwanted POST request. By adding this feature, the time to kill the app could be reduced to ~1 second.
It's not a security feature and this is not a real world scenario.
@thestinger can you please check to see if you accidentally deleted the ticket (and, if so, undelete it), so the historical record isn't lost and others won't open a similar ticket in the future (because they can't find the now-deleted ticket)?
Thank you. One of the reasons why I use lineage is for this feature. Graphene just caught my interest, so I literally searched this feature to make sure it was implemented before installing. That's how I came across your posts about it from last year. Have you used Graphene yet? What about Calyx? I just recently heard about Calyx. Is it just as secure? I might have to check it out as well.
I'm disappointed to see the issue deleted like this. Have you communicated with anyone in the Graphene Telegram channel about this? How was it received? I'm thinking of posting a video of the feature in use, if needed. It seems that there's a chance that too many haven't seen this deployed as a gesture.
Apr 27, 2024 14:52:34 Michael Altfield @.***>:
Adding comment from jertec because I thought it was very insightful
Thank you for taking the time to reply. From your response, I'm gathering that Graphene won't develop any features, unless they directly enhance security. Even basic features that have been with lineage for over a decade, since the early Cyanogen days. I understand why this might be. Let me just respond to two points you made, because I believe this feature does actually fit with with graphene, based on what you said.
Force close on back isn't a legacy navigation mode feature. It's alive and well right now in the gesture base navigation system. You can witness it in lineage, as a gesture. The back gesture is enhanced. The user can execute the gesture as normal for the simple back functionality. To force closing the foreground app, the user executes the same gesture, but pulls further along the screen. I use this frequently on my pixel running lineage 21, and would find it difficult to live without.
This is certainly a security feature. If I find that an app is behaving in a way that I find threatens my security, in one gesture I can kill its processes. One example might be if I accidentally click on a malicious link, and find my browser opening up to a page I dont trust, or have reason to suspect could be malicious. Being able to kill the process within two seconds is critical.
@Jertec[https://github.com/Jertec] this info may be useful for CalynxOS:
— Reply to this email directly, view it on GitHub[https://github.com/maltfield/os-issue-tracker/issues/1#issuecomment-2081148488], or unsubscribe[https://github.com/notifications/unsubscribe-auth/ASY2VE3MGRPLZSKAC6QB24TY7PXW7AVCNFSM6AAAAABG4JSFD6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBRGE2DQNBYHA]. You are receiving this because you were mentioned. [Tracking image][https://github.com/notifications/beacon/ASY2VE7ODJV6G3H376Q3OC3Y7PXW7A5CNFSM6AAAAABG4JSFD6WGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTT4BPHEQ.gif]
I've wanted to use both Graphene and Calyx, but--like you--I saw this feature as a requirement. I can't use an OS that doesn't let me kill misbehaving apps
This is certainly a security feature. If I find that an app is behaving in a way that I find threatens my security, in one gesture I can kill its processes. One example might be if I accidentally click on a malicious link, and find my browser opening up to a page I dont trust, or have reason to suspect could be malicious. Being able to kill the process within two seconds is critical.
Absolutely this. I use this feature at least a few times per day (though not just due to malicious links). It's very important to be able to quickly "turn it off and turn it on again" imho.
GrapheneOS and CalyxOS are very different. GrapheneOS is a hardened OS with substantial privacy/security improvements:
https://grapheneos.org/features
CalyxOS is not a hardened OS. It greatly reduces security vs. AOSP via added attack surface, rolled back security and slow patches.
Compatibility with Android apps is also much different. GrapheneOS provides our sandboxed Google Play compatibility layer:
https://grapheneos.org/usage#sandboxed-google-play
Can run the vast majority of Play Store apps on GrapheneOS, but not CalyxOS with the much more limited microG approach.
https://eylenburg.github.io/android_comparison.htm is a third party comparison between different alternate mobile operating systems. It could include many more privacy/security features but it's a good starting point.
https://privsec.dev/posts/android/choosing-your-android-based-operating-system/ is an article with more long form comparisons between OSes.
GrapheneOS and CalyxOS are very different. GrapheneOS is a hardened OS with substantial privacy/security improvements:
https://grapheneos.org/features
CalyxOS is not a hardened OS. It greatly reduces security vs. AOSP via added attack surface, rolled back security and slow patches.
Compatibility with Android apps is also much different. GrapheneOS provides our sandboxed Google Play compatibility layer:
https://grapheneos.org/usage#sandboxed-google-play
Can run the vast majority of Play Store apps on GrapheneOS, but not CalyxOS with the much more limited microG approach.
https://eylenburg.github.io/android_comparison.htm is a third party comparison between different alternate mobile operating systems. It could include many more privacy/security features but it's a good starting point.
https://privsec.dev/posts/android/choosing-your-android-based-operating-system/ is an article with more long form comparisons between OSes.
@thestinger can you please address the issue with the ticket having been deleted at this link in your repo?
It currently just says
This issue has been deleted.
@maltfield You were told to stop spreading misinformation about GrapheneOS and are now promoting an insecure OS which misleads users about privacy and security, directly against the rules of our issue tracker. As is, you're on track to be banned.
What misinformation did I spread?
When I click on the ticket, it shows me This issue has been deleted.
Jertec said he has the same issue.
Do you want a screenshot?
Thank you very much for the detailed breakdown with links. GrapheneOS is certainly what I want, then.
Apr 27, 2024 15:10:52 Daniel Micay @.***>:
GrapheneOS and CalyxOS are very different. GrapheneOS is a hardened OS with substantial privacy/security improvements:
https://grapheneos.org/features
CalyxOS is not a hardened OS. It greatly reduces security vs. AOSP via added attack surface, rolled back security and slow patches.
Compatibility with Android apps is also much different. GrapheneOS provides our sandboxed Google Play compatibility layer:
https://grapheneos.org/usage#sandboxed-google-play
Can run the vast majority of Play Store apps on GrapheneOS, but not CalyxOS with the much more limited microG approach.
https://eylenburg.github.io/android_comparison.htm is a third party comparison between different alternate mobile operating systems. It could include many more privacy/security features but it's a good starting point.
https://privsec.dev/posts/android/choosing-your-android-based-operating-system/ is an article with more long form comparisons between OSes.
— Reply to this email directly, view it on GitHub[https://github.com/maltfield/os-issue-tracker/issues/1#issuecomment-2081154904], or unsubscribe[https://github.com/notifications/unsubscribe-auth/ASY2VEZZKFT36DDR3S7HBT3Y7PZ3TAVCNFSM6AAAAABG4JSFD6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBRGE2TIOJQGQ]. You are receiving this because you were mentioned. [Tracking image][https://github.com/notifications/beacon/ASY2VEZISSKGKX7QKASKHTTY7PZ3TA5CNFSM6AAAAABG4JSFD6WGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTT4BPTVQ.gif]
@maltfield The issue was deleted because of your behavior there. It was only deleted because of what you were doing. You then created this repository where you continued and escalated the inappropriate behavior. As is, you're banned from participating either on our issue tracker or elsewhere. The starting point for being unbanned would be removing this repository and talking to us about the issue in private instead of trying to create drama as you're doing. You could have simply left the issue alone and it wouldn't have been deleted.
@thestinger What did I do that was bad behaviour? I didn't even leave a single comment on the ticket..
The starting point for being unbanned would be removing this repository and talking to us about the issue in private
I created this repo so I could message @Jertec because they have no contact info on their user profile and DMs are not possible on GitHub.
@maltfield Delete this fork of our repository where you're spreading misinformation about GrapheneOS. Your choice if you want to be permanently banned across platforms.
@thestinger Sorry, I'm confused. Can you please tell me what misinformation I am spreading?
@maltfield Repeatedly making false claims about GrapheneOS, misrepresenting what this feature does and promoting malicious projects heavily involved in attacks on GrapheneOS.
...
@maltfield You know why this is inappropriate and you know what you're doing wrong. Don't play games trying to create public drama.
...
@maltfield You're currently banned for 1 hour. It will be doubled for every 5 minutes you fail to delete this repository.
If I open a feature request for two distinct ROMs, then I'm spreading misinformation?
Just to be clear: you banned me because I opened a ticket for a feature request with two distinct ROMs instead of just GrapheneOS. Is that correct?
No, you're banned for making this fork of our repository where you're making false claims about GrapheneOS, false claims about what this feature does and you're promoting a malicious group.
...
The ban is also going to apply to Matrix, Mastodon, Twitter, email and any other platform. It hasn't been done there yet simply because if you stop then it's easier to only have to undo it on GitHub.
What was the false claim? Because I consider the ability to do a fast kill -9
on a misbehaving app to be a security feature?
Just to be clear: you banned me because I consider a shortcut to kill an app to be a security feature? Is that correct?
No, that's not correct.
...
It seems you simply want to create public drama. This is why the issue was deleted and why you're headed towards being banned forever across platforms, including for future projects. Entirely your choice to do this. ... The ban is now for 2 hours.@maltfield You're currently banned for 1 hour. It will be doubled for every 5 minutes you fail to delete this repository.
This is why the issue was deleted
I created that ticket over a year ago, and I haven't commented on it since. Can you please quote me in the ticket and tell me what I said that was unacceptable?
@maltfield The unacceptable behavior was here.
...
If you want to discuss it seriously, then do it in private. We're not interested in an attempt to get your way creating public drama.
@thestinger I created this ticket after you deleted the other ticket, so I could contact @Jertec
So if I didn't do anything unacceptable, then why did you delete the ticket?
@maltfield It was deleted due to how the issue got derailed and the issue tracker rules being broken there, after what was requested had been rejected.
Ok, so the ticket was deleted because a user left a comment on a closed ticket. And it's against your rules to comment on a closed ticket.
Just to be clear: you deleted the ticket because it is against your policy for users to comment on closed tickets. Is that correct?
No, that's not correct. If you want to double down on creating public drama instead of resolving a conflict civilly then it seems you simply want to never participate in our community or have contact with us again, so we'll begin implementing the ban across other platforms.
...
GrapheneOS may implement a shortcut for force kill that's quicker than using the app info shortcut from recent apps or the launcher but that's not going to change anything about a ban based on you trying to start public drama and harm the GrapheneOS project.
Sorry, I guess I can see how me attempting to archive a ticket that you deleted is somehow ban-worthy -- but I'm still not sure why the ticket that I'm archiving was deleted to begin with.
If it's OK for users to comment on closed tickets, then can you please quote from @Jertec's comment and state specifically what they said that violated your project's policy and lead you to delete the ticket?
As long as you're engaging in public attacks on the GrapheneOS project and trying to create public drama, the only thing that's going to be happening with you is having your ban implemented across more platforms and extended to a longer time period. If you want to engage in constructive discussion then cut out the public drama and contact us privately.
I just want to understand your policies and how they were violated.
Why did the ticket get deleted?
@maltfield Deleting rule violating comments and locking it would have been what was usually done. It was deleted because it was an old duplicate issue about the legacy navigation mode with inaccurate claims made there already before it was revived.
Oh, can you please link to the original ticket? I was unable to find it, which is why I opened the ticket.
It has been filed a dozen times, and the duplicates are often (not always) deleted.
well, Daniel, if you keep deleting the tickets than people will keep filing it again.
I think it might be more helpful to just link them to the original and close the ticket. That would prevent folks from submitting the same feature request over-and-over.
@maltfield If you want to have a constructive discussion then do it in private instead of making public attacks which come across as an attempt at directing harassment towards me.
You've substantially disrupted development now.
@maltfield If you want to have a constructive discussion then do it in private instead of making public attacks which come across as an attempt at directing harassment towards me.
... You've substantially disrupted development now.
attacks? I'm sad that I can't contribute to GrapheneOS anymore. I wish you well, free of harassment, and hope you reconsider the ban against me.
If you want to be unbanned, then delete this repository.
Since you've taken it this far, being unbanned will also require us to review your level of involvement with malicious groups involved in harassment, since that explains what you're doing here.
@maltfield I don't understand why you're so determined to spread misinformation about GrapheneOS and create drama. If you can't understand why something like this is nonsense and inappropriate then you're beyond hope.
Thank you for taking the time to reply. From your response, I'm gathering that Graphene won't develop any features, unless they directly enhance security. Even basic features that have been with lineage for over a decade, since the early Cyanogen days. I understand why this might be. Let me just respond to two points you made, because I believe this feature does actually fit with with graphene, based on what you said.
If you want to be unbanned, then delete this repository.
...
Since you've taken it this far, being unbanned will also require us to review your level of involvement with malicious groups involved in harassment, since that explains what you're doing here.@maltfield I don't understand why you're so determined to spread misinformation about GrapheneOS and create drama. If you can't understand why something like this is nonsense and inappropriate then you're beyond hope.
Thank you for taking the time to reply. From your response, I'm gathering that Graphene won't develop any features, unless they directly enhance security. Even basic features that have been with lineage for over a decade, since the early Cyanogen days. I understand why this might be. Let me just respond to two points you made, because I believe this feature does actually fit with with graphene, based on what you said.
Just to be clear: the comment quoted above was written by github user Jertec
, not me.
Yes, and you made sure to create another place to promote that and made your own attacks on the project.
@maltfield Do you support Kiwi Farms harassment including swatting attacks? If not, why do you support a project heavily involved in that?
Yes, and you made sure to create another place to promote that and made your own attacks on the project.
...
@maltfield Do you support Kiwi Farms harassment including swatting attacks? If not, why do you support a project heavily involved in that?
Because I use the 3-button navigation, I was not aware that LineageOS had already implemented a "kill" shortcut on their "go back" gesture navigation.
Force close on back isn't a legacy navigation mode feature. It's alive and well right now in the gesture base navigation system. You can witness it in lineage, as a gesture. The back gesture is enhanced. The user can execute the gesture as normal for the simple back functionality. To force closing the foreground app, the user executes the same gesture, but pulls further along the screen. I use this frequently on my pixel running lineage 21, and would find it difficult to live without.
I found the comment by github user "Jertec" to be insightful in this regard, and I was sad to see that this useful information (that the "kill on back in gesture nav" has already been implemented by another ROM -- and therefore the code can be re-used by other ROMs) got deleted.
I think this information is useful to many ROM devs, including Graphene.
Whoa, I'm kot attacking anyone @thestinger. I just got here. Haven't even installed the ROM yet. You said that this issue feature wouldn't be implemented, since it doesn't enhance security. My interpretation from that comment is just that. Only security features would be implemented. How can I deduce anything else, from what you said?
@maltfield We're aware of it and it doesn't change that we don't think it's a good way of doing this. It doesn't change that this is not actually a real security feature, regardless of trying to portray it as one and coming up with a convoluted case where force stop would even stop something that is going to take seconds to happen where closing the activity wouldn't. It's a contrived way of trying to pressure us to add it and it contributed to the issue being deleted among other reasons.
@Jertec Not what was said.
The last thing I want to do is attack GOS. Why would I do that? I truly believe in your stated mission. I've been hoping for something like this for years. Too bad I'm late to the party.
@maltfield Burning an hour of my time, having me lose a whole day of energy to work on GrapheneOS and creating this public drama post to be used as additional attacks on GrapheneOS by the people you're supporting is helping us how exactly?
Could we discuss the substance of my comment, instead? Please take for granted that I'm acting in good faith, and consider my comment on how this feature isn't just a legacy feature, and can be implemented into the gesture based navigation, and also that it does enhance security. Could we discuss implementation?
@Jertec Not what was said.
Understood. Thank you for explaining, and a thousand apologies for mis-deducing. If you reopen the issue, I will delete my comment, remove that piece, and post repost the rest. I don't want to create any drama.
As soon as this repository is deleted, there can be a constructive discussion about implementing a shorter way to force kill than pressing app info in recent apps, launcher or settings.
Now I have to go do something else and the whole time I'll be concerned about further attacks on GrapheneOS and myself from this repository.
@maltfield Hello. I'm the community manager for the GrapheneOS project. Would you be okay with me sending you an e-mail to further discuss? I don't think what's going on here is achieving anything productive.
If you're okay to discuss, I'll use the e-mail found in your GitHub profile.
@Jertec I'd also be happy to reach out to you, but see no public way of doing so.
@Jertec I'd also be happy to reach out to you, but see no public way of doing so.
@matchboxbananasynergy now you're where I was ~2 hours ago. I decided to open this ticket and @ them. It works.
@maltfield Hello. I'm the community manager for the GrapheneOS project. Would you be okay with me sending you an e-mail to further discuss? I don't think what's going on here is achieving anything productive.
If you're okay to discuss, I'll use the e-mail found in your GitHub profile.
You're welcome to email me, but--unless you're sending me secret keys or PII--I prefer to have conversations openly (licensed CC BY-SA), especially regarding bans. Is there any reason you can't discuss this here?
@matchboxbananasynergy now you're where I was ~2 hours ago. I decided to open this ticket and @ them. It works.
You're welcome to email me, but--unless you're sending me secret keys or PII--I prefer to have conversations openly (licensed CC BY-SA), especially regarding bans. Is there any reason you can't discuss this here?
I'll send you an e-mail now. Feel free to respond and take it from there.
I don't see having public discussions like this in public as productive, but rather an opportunity for unnecessary drama to be caused. I don't believe that to be your intention, so I don't see a reason why you'd be opposed to discussing in private.
@Jertec I'd also be happy to reach out to you, but see no public way of doing so.
Sorry, I've barely done anything with this github account. You can find me on Telegram, and I've subscribed to the GrapheneOS group. Feel free to mention me @JerTek.
This ticket is a feature request to add an option that allows the user to "kill -9" the currently-open app by holding the back button for ~1 second.
This is an important security feature for a user who is playing with a new app. Sometimes a fat-finger mistake or a misbehaving app may begin to do something undesired (eg exfiltrating data by mistake), and it's necessary for the user to quickly kill the app.
As far as I can tell, the only way to do this in GrapheneOS is currently to:
The above process takes a long time, and is probably not fast enough to kill an app that, for example, is sending an unwanted POST request. By adding this feature, the time to kill the app could be reduced to ~1 second.
Also, this feature has long been available in LineageOS. Sometimes I use it several times per day for misbehaving apps (sometimes it's security related, sometimes it's just convenience for working with a buggy app).
Please consider adding this simple feature to GrapheneOS that allows users to kill the currently-open app by holding-down the back button.