So have you seen Rob Braxmans latest video? Hense my first response to you. Lol
1 Like
See CIA, you need to watch the video again. https://youtu.be/ZAfFAJ0LJwM?t=321
It clearly tells you that if a state actor gets physical access to your phone the phone is compromises. I posted the ling from the minute you have to listen.
My whole point was that the phone was in customs too long and how to restore the original system.
1 Like
Wipe and install (including reflashing firmware) is fairly straight forward using spf flash tool as outlined here. Using the flash tool will wipe and format ALL partitions, not just the system partition.
6 Likes
@Proton
Your anxiety about this subject are legitimate.
Even if @rik and @brinerustle are very good at their job which is promoting how well iode team is working ( which they are quit not but that’s another problem) and to make you more consensual about that subject (which is a legitimate goal on their part) with some totally accurate facts but also quite a false perspective and thus interpretation on how State is working. Plus they clearly did not work as closely as we did against Pegasus with amnesty international for example and certainty not lab tested those tools against their programming skill level.
The first comment of @xancudo going that way too + his unshakeable need to make fun of the counterpart in the process which you can see in every one of his comments but we are used to him since the beta… probably he is also like that in real life (that last one is just interpretation on my part ).
As myself quite familiar with the process as my field work, in one phrase you can’t.
You can’t be sure it has not been tampered. After all rootkits which can fool and checksum and system process and bootloaders exist. They do not work everywhere but they do exist. A bit of other tools too.
But probably not on a hardware level and let’s see if what you should really be afraid of.
But let’s take some recent examples would you?
I am going to put aside the recents attacks including the collapse of the Russian military hardware by the ukr and coalition linked actors.
For kaspersky, it took 2 years for them to find out all their iPhone were hacked (you can say whatever you want about iPhone but if that’s not a locked system, I don’t know what is), and 4 months to resolve the situation.
For Sky ECC, secret services, law enforcements did not try to hack the system(well they did but they failed miserably numerous times), they put someone on the inside.
Pegasus and other malware which are acting as rootkits once they are inside the system, did infected large quantity of people. Random useless people even often like @xancudo would love to call them,.
So it would be easier to hack your phone on a software level in the countless attack vectors of all the apps you choose to install, than to tamper on a hardware level.
Also Brax phone to my knowledge has never been goal oriented as defeating state actors.
And if you want phone that defeat that, well then you should
1/ pay more
2/ use other kind of phones which are specially designed to do that. They do exist. They are not numerous but they are out there as sky ecc has proven. Cryptophone used in some journalistic inquiries to detect imsi catcher for example are one example but not the only one.
In a million line of code piece of software you will always find attack vector. The less the better of course but there is no active counter measure for that. Pegasus and alike has proven that now numerous times. Unless you are prepared to pay quite some money and also have quite some equipment and knowledge to analyze every bit of traffic data and otherwise (whether it is radio frequency and such) to defeat that.
To my knowledge brax phone was always being goal oriented to defeat GAFAM and data brokers actors. Nothing else.
4 Likes
hey wingnut, are you babbling now? Seems like it. For someone so concerned about security, you seem to know so little…
1 Like
The useless one is you… cant seem to get connected to wifi, for whatever reason… oh, and there was you crayola crayon icon pack… geeze man… give it a break… since day one you have whined continuous… until mods had to ban you… please… take a pill or something.. Aussie, right???
1 Like
first don’t man me. I am not your mate. And I am not a man. So just stop your mansplaining to me.
Second you are and always has been a disrespectful one against everyone who were not agreeing with you. You are acting as a child each time by not able to actually being constructive when you are trying to discuss with others, no you need to diminish them each time.
Do you actually think that I agree with those here who are conspyracy theorist? I am merely simply trying to listen to their concern adn see what can be done about it.
From day one there was a problem with the wifi that’s exactly my point. And a big one and from day one I told them exactly what to do to reproduce the bug and gave them even people who actually could have help with AND the hardware to reproduce it who could loan them for free AND the coding issue.
But no the little troll who are can’t exactly so important than you can’t actually understand that I am trying for people to not buy a paper weight like it has been for so many IT crowdsourced project. But I applaud you, you finally succeed to actually get a logcat from your arse like I asked you to do from the beginning on the beta. Good for you, Dude 
You should try at some point get an education, might be good for you
Just a side note… It is a bit rich coming from you to attack Proton on his email since should I remind you, you are the one so focused on proton when installing something on your phone a good day my dear
2 Likes
At least my insurance company will not be able to track my miles driven and Google will not be able so sell my data. I think I understand now the limits of this phone.
I just changed my insurance and they wanted to sell me something to put in my car to track my driving. I refused and the insurance guy was almost furious. he said that anyway they get my data from the dealer. I told him that I do my oil change, my brakes jobs, CV axles, anything on the car so I do not go to the dealership. my cars are 2008, 2010 and 2011 and even disconnected the Bluetooth in the car. told him that I also have a googled phone. had a dogoogled phone since Cyanogen mode.
1 Like
You are, and i found another post were you are getting bullied 
1 Like
Though the discussion has degraded into insults, and it might be a waste of time, I’d like to add my 2 cents, and agree with @Proton…
It is important to distinguish between privacy and security when discussing the kinds of attacks on civil liberties and human rights being raised in this thread..
The Brax3 is a privacy phone. For anyone using a googled device, you have given google unrestricted access to all the permissions. They are monopoly actors, so they carefully designed AOSP to easily allow any apps to be prevented from accessing sensors, GPS, microphone, camera, etc. The exception, is of course, Google themselves - they have irrevocable permissions to everything. So there is already spyware on every android device with a stock OS. And all manufacturers (even alternatives like Fairphone) are bound to exclusivity agreements: in order to install google products on their devices (which most users want) they cannot easily offer an alternative OS to those who don’t. This is why initiatives like the Brax3 are so important, because privacy is the default.
Privacy is a team sport, so by default even those of us who take great measures to protect our privacy (like using iodeOS) will have our right to privacy constantly deprived of us by our friends and family’s stock Android and iOS devices. Metadata -who you network with and how often and in what context - is more valuable than raw data, which is very costly to process. The cheapest and easiest way for a state actor to get the dirt on you is to pay or coerce google to reveal the information they want. There is no need to go to great lengths to target brax users, who are no different than the millions who use lineageOS. And as @brinerustle describes above, would require considerable resources and planning, even to do in a few weeks. It is much more likely that the phones were simply stuck in paperwork, not flown into some lab for exploit injection. Brax users are not Hezbollah, and production chain attacks like people are speculating about here are very costly.
As you can see, now I’ve left the topic of privacy and wandered into security, what I was trying to point out - the two are easily confused. The AOSP security model is excellent, but of course, it depends on what your threat model is. If your threat model is getting individually targeted by the NSA, then you probably shouldn’t be using a phone at all for communication, or choose a security focused OS like that recommended by Edward Snowden: GrapheneOS. But most of us are not in this category of users who need this level of security (human rights defenders, politicians, journalists and their family, dissidents, etc) or even want it. And it comes with disadvantages: GOS is only available for Google Pixels: Pixels are overpriced. Pixels don´t have SD card expansion slots (need storage? use google services!), Pixels don’t have audio jacks. And by buying from Google you are financing monopolists, the loss of privacy, tech lobbies and many other evils. Not to mention that Google is a military contractor participating eagerly in genocide. This is why I participate in funding projects like the Brax3. We are early adopters who care about privacy, and know that small projects like this are a first step towards it becoming more mainstream.
So is the brax3 secure? Probably not, if you’re trying to prevent mercenary spyware like the NSO’s pegasus exploits. The business model of these companies is to buy carefully guarded exploits that cost millions, and then resell them to governments, with the excuse that they will attack terrorists and pedophiles. Time and time again, we see that the government agencies use these tools to attack who they see as threats to themselves, not threats to the public. They attack dissidents, human rights defenders, journalists, and political rivals, an abuse on human rights perhaps even more grave than the attacks on our privacy by surveillance capitalists. But they are a mafia, and their business model is to charge per device cracked, and pit rivals against each other, and promising to crack the other side’s communications. If they attack an entire western populace, this would be sloppy - they would soon reveal expensive exploits, which would get patched. We need to stop believing the bullshit that destroying digital rights to security and privacy will keep children safe from sex offenders and terrorists. Indeed it is quite likely the opposite is true: tools to spy on rivals help powerful criminals like Jeffrey Epstein and Donald Trump rise to more power and consolidate it.
But no comparison of privacy and security should forget that they are both often confused with anonymity, a right fundamental to free speech and democracy. Keep in mind that no phone is anonymous. As soon as you connect to a mobile network, your provider is tracking it’s identifiers and reporting it back to the government: the IMEI (unique device ID), the ICC (SIM ID) and the approximate location of the device (and the habits of the person carrying it) via cell tower triangulation and all the IPs you visit. This is why a VPN will protect you from IP logging, but not location tracking. One nice feature of the brax3 is that you can modify the IMEI, though I don’t recommend doing so, as this is probably illegal in your country.
9 Likes
I agree this has all gone south.
@LostEther and I have a record of fuckng with each other. So be it. Sorry sir!! Lol
When I replied to @Proton I wasn’t trying to be mean. I was being quite serious.
No person can specify or dictate what another is feeling about a particular topic. In @proton case, he was concerned about the device sitting in customs for an extended period. My response, as crude as some may have took it, was correct…
If I had been in @proton’s shoes, I would have asked for a refund and walked away. But that’s me.
That user felt the need to namecall. So I decided to have some fun.
Just for the record, and as a beta tester, I did just that. I got a refund and walked away. The device wasn’t what I thought it would be. I still.provide info for the beta, but I dont have a production device. I want the project to succeed, but I feel let down. So I canceled my order.
@proton, sorry if I offended you. It wasn’t meant to be. I was trying to provide valuable info. It just didnt come across that way.
3 Likes
Thank you for that at last my dear sir.
And apparently you can’t get over that I am woman. Well too bad for you I guess.
1 Like
@xacundo
I am not returning anything. still waiting for the phone. Even if it does not work I am still keeping the phone and help finance the project. I have another Linux phone that I paid $400 and does not work. They were never able to fix the battery draining fast.
I also have a lineage OS de-googled phone. For my wife and my kids I degoogled some google pixel phones.
So I did not appreciate you telling me to return the phone. Not everybody is a weak troll like you that might be working for who knows where.
4 Likes
I’m kinda digging this whole CIA thing… so I’m gonna change my handle to that.. but slowly. So it can acclimate.
I like you @proton! And while you think I’m weak(because you know absolutely nothing about me), I’ve actually contributed a lot to the project so that YOU would have a good device… and I have the same desires as you.. but remember this…
I am just a beta tester. I only find problems, I dont fix them…
1 Like
@LostEther seriously, I dont care either way.
What I do know is that you know some shit! Some serious IT shit… more than most out here. And that’s cool! And regardless of what you think of me, I’m fine with it. Keep pumping these folks for fixes!!
1 Like
This topic was automatically closed 4 days after the last reply. New replies are no longer allowed.