Aside from that, people can use a strong diceware passphrase on GrapheneOS due to us massively raising the character limit from 16 to 128. This is far more usable on GrapheneOS because people can combine it with fingerprint+PIN secondary unlock instead of fingerprint-only secondary unlock. 5 attempts are allowed for fingerprint unlock and the 2nd factor PIN being entered incorrectly counts towards that so even a random 4 digit one works well. That's convenient to use with the passphrase only having to be entered 48h after the last successful passphrase unlock and after reboot.
We also won't do it and cannot be forced to do it under Canadian laws. France's laws are going to be as relevant to us as North Korean laws once we've finished replaced our OVH servers in Beauharnois, Canada with a Canadian provider. France could currently force OVH to mess with our static website or mail server but we haven't done anything illegal so it would be outrageous and a diplomatic incident due to violating Canadian sovereignty during a time period when foreign server hosting companies being subject to foreign law is already in a recent news cycle. We're not waiting around for them to hijack our website though.
Assuming Canada is like most countries and there exists an agency (or laws can be passed to create an agency) which has the authority, optionally after running it by a judge, to compel an entity to secretly implement a backdoor of their choice and they hand such an order to Google, Shiftphone, GrapheneOS, LineageOS, Samsung, or anyone else that is operating within their jurisdiction. Not meaning to single you out, but needing to trust your OS' updates does seem fundamental for a practically workable threat model. Unless you trust your vendor to prefer going out of business and destroying the keys on the way out, over implementing a backdoor for 1 user and tripping the warrant canary (many people will have that level of trust in GrapheneOS but not, say, Samsung; it's a tall ask of any vendor though)
Some authority compels me to give them signing keys so now they can push anything they want, to any device they want?
https://news.ycombinator.com/item?id=46038241
It does appear to be what they want from us, but it's not possible to bypass the Weaver disk encryption throttling via compromised OS updates or even secure element updates. It's fully not possible to bypass the security of a strong passphrase, which we encourage via optional 2-factor authentication support for fingerprint+PIN as the main way people unlock to make using a passphrase as the primary lock method after booting or 48h timeout much more convenient.
Been a happy user of Graphene since the Copperhead days. Thanks for all the work you do. I know you've endured a ton of shit.
