Threat Alerts
Internal Risk Privacy Easy 2 min

Privacy Trap in GrapheneOS

Close

The hidden privacy trap in the very first step of de-Googling your Pixel that instantly links your identity to your device before you even install GrapheneOS.

For anyone serious about de-Googling their life, you need to know about this. I've seen privacy concerned people overlook a crucial step in the GrapheneOS installation process that creates a direct link to Google.

The Step: On a Google Pixel, before you can unlock the bootloader, you must enable "OEM unlocking" in the Developer Options. The moment you toggle that setting, your phone makes a network request to Google's servers. Google receives that request and can see your IP address.

If you're doing this from your home network, an IP tied to your name, you've just created a digital fingerprint linking you (and your location) to that specific device's serial number before you even wiped it. Google now knows that
1) the person at your IP address is in possession of that specific Pixel phone, and
2) that you intended to modify its software!!!

How to Mitigate:
Use a trustworthy VPN, or preferably, public Wi-Fi (like a café) that is not associated with you.

External Risk Kleptography Hard 30 min

Silent Leak in Hardware Wallets

Close

We trust our hardware wallets to be silent vaults, broadcasting only valid signatures to the network. But what if every transaction you sign is secretly broadcasting fragments of your private key?

Coming soon...

External Risk Transaction Risk Hard 15 min

Replay Risk in Bitcoin Forks

Close

When a Bitcoin hard fork creates a duplicate version of your coins, the temptation to sell the "free" forked tokens can accidentally cost you your original Bitcoin.

Coming soon...

Every article on this site is tagged as either Internal Risk or External Risk to clarify where the threat originates. Internal Risks are mistakes within your control, such as setup errors or poor backup habits. External Risks are systemic threats outside your control, like dishonest suppliers of wallets or network forks, requiring you to adapt your strategy to survive. These tags help you identify whether you need to fix your own actions or defend against the wider ecosystem.