Share
Latest episode
21. Know Your Threat Level: GrapheneOS vs. SovereignOS — Which One Should You Actually Be Running?
42:20||Season 1, Ep. 21SovereignOS is a fork of GrapheneOS — Spicy Corp took the gold standard of open-source mobile security and gave it what they call "the Shelby treatment." Like Carroll Shelby re-engineering the Mustang into the GT350, they stripped attack surfaces at the kernel level, replaced stock Google branding, and added operational capabilities GrapheneOS was never designed to include. This episode covers what each system actually does, where each has the edge, and the three-tier decision framework for choosing the one that matches your real threat level.Key ResourcesGrapheneOS — Official Site & Web Installer (https://grapheneos.org)GrapheneOS Features Overview (https://grapheneos.org/features)GrapheneOS Installation Guide (Web Installer) (https://grapheneos.org/install/web)SovereignOS — Spicy Corp (https://spicycorp.com)GrapheneOS in 2026: An Honest Review — Noctis Privacy (https://noctisprivacy.com/blog/grapheneos-review-2026)GrapheneOS Advanced Privacy Features Guide 2026 (https://www.live-laugh-love.world/blog/grapheneos-advanced-privacy-features-guide-2026/)GrapheneOS vs. SovereignOS: The Shelby Treatment for Secure Phones — Spicy Corp (https://spicycorp.com/2025/07/10/grapheneos-vs-sovereign-os-the-shelby-treatment-for-secure-phones/)SovereignOS Phone — Product Page (Spicy Corp) (https://spicycorp.com/product/sovereignos-phone/)The Three-Tier Decision FrameworkTier 1 — Surveillance Capitalism: GrapheneOS. Free, open source, eliminates Google tracking, hardened exploit mitigations.Tier 2 — Elevated Targeting: GrapheneOS with hardened configuration; consider SovereignOS if facing realistic device seizure risk.Tier 3 — Active Adversarial Engagement: SovereignOS. Anti-forensics, covert identity management, silent SMS detection, security temperature modes.GrapheneOS Key CapabilitiesHardened memory allocator (defeats heap corruption exploit classes)MTE hardware memory safety (Pixel 8+)Per-app network and sensor permissionsStorage Scopes (granular file access control)Vanadium hardened browserSandboxed Google Play (optional)Full open-source codebase — fully auditableFreeSovereignOS Key CapabilitiesFork of GrapheneOS — inherits the full GrapheneOS security foundation, then adds operational layerUSB data and developer options removed at the kernel level (not disabled — removed)All telemetry endpoints stripped, including "anonymous" onesPIN-to-profile routing (covert identity management, hidden profile switcher)Private Space — hidden app container, separate from profile routingSentry — dedicated tool protecting against unauthorized access attemptsComms Installer — provisions secure comms stack (Signal, SimpleX, Element) at install from developer sourcesMultiple wipe triggers: USB connect, Faraday detection, inactivity, failed unlock, duress password (silent wipe — no "ERASING" text)Silent SMS detection (Type 0 / flash SMS — not available in stock GrapheneOS)GPS location spoofing / network fingerprint maskingSecurity temperature modes (Mild / Medium / Hot — one slider, 30+ settings)Stealth branding — stock Google boot animation, no custom OS identifiers visibleATAK plugin support / Meshtastic compatibilityExplicit threat defenses: Pegasus, NoviSpy, stalkerware, RATs, banking trojans, rootkits, zero-daysHardware: Pixel 8 through Pixel 10 series (10 models supported)$249.99–$299.99 BYOD, one-time no subscription — spicycorp.comIf you are still running stock Android as a daily driver, it's time to level up!Everyone benefits from GrapheneOS. Some require the high performance of SovereignOS.It is time to get serious and make a decision, because your privacy and your security is your responsibility.
More episodes
View all episodes
20. COVERT Protocol Action #10: Segment your Online Personas
06:41||Season 1, Ep. 20Deliberately create separate digital identities or “personas” for different parts of your online life so that your personal information, behavior, and interactions don’t all link back to a single profile. This reduces linkage between activities (shopping, social, work, banking, etc.), limits how much data ad networks and trackers can build about you, and helps contain exposure if one profile is compromised. Creating segmented personas also supports pseudonymization (using alternative identities instead of your real personal details) to minimize privacy risk.Steps to Segment your Online Personas:1. Define your primary digital roles, ie personal, work, banking.2. Create unique contact identifiers for each persona, Name, location, email, login credentials.3. Use alias tools to manage identities, ie MySudo, Cloaked, etc.4. Maintain compartmentalization, ie Separate browsing contexts, computer profiles, or devices.5. Review regularly and update as needed.Recommended tools:MySudo - lets you create multiple distinct Sudos (digital profiles) with separate email, phone, and payment details so you can use a different identity for each online purpose without exposing your real contact information.Cloaked - generates unique alias identities (email, phone number, and contact info) for each online service so your real personal details aren’t shared or tracked, helping compartmentalize your online presence.IronVest - privacy-centric browser extension and masking tool that helps block trackers and pseudonymize interactions (including generating proxy info), making it easier to separate and protect different online personas.
19. COVERT Protocol Action #9: Harden your Home Network
10:01||Season 1, Ep. 19Strengthen your home network so that your router and connected devices are resilient against attacks, unauthorised access, and privacy invasions. This includes upgrading to more secure firmware, encrypting local and internet traffic, and creating network-level protections that block unwanted connections whileallowing only legitimate ones. A hardened home network reduces the risk of compromise for all devices connected to it.Steps to Harden Your Home Network:1. Upgrade your router firmware or hardware: Replace or upgrade your existing router with one that supports secure, up-to-date, customizable firmware such as OpenWRT, which provides advanced security features, more frequent updates, and strong configuration options compared to many stock router firmwares.2. Enforce strong Wi-Fi encryption: On your router (especially one running OpenWRT), enable current security standards such as WPA3 or at least WPA2 for wireless networks. Older unsecured modes greatly increase vulnerability to eavesdropping.3. Set strong administrative credentials: Change the default router admin password to a unique, strong passphrase and disable remote administration over the internet. Default credentials are easily discovered and exploited.4. Configure network-level VPN: Install and configure a VPN connection at the router level so that all traffic leaving your home network is encrypted and protected from eavesdroppers on public networks and your ISP. Router-level VPN ensures devices that don’t natively support VPN software still benefit from encrypted internet traffic.5. Segment your network: Create separate network segments or VLANs for trusted devices, guests, and IoT devices so that a compromise in one segment (e.g., insecure IoT) does not easily spread to other critical devices.Recommended tools:OpenWRT routers -GL.iNet Flint 3 (GL-BE9300) - Tri-band Wi-Fi 7 Home RouterGL.iNet Slate 7 (GL-BE3600) - Dual-band Wi-Fi 7 Travel Router
18. COVERT Protocol Action #8: Audit and Clean Your Online Exposure
08:07||Season 1, Ep. 18Systematically reduce your publicly visible personal information by identifying where your data appears online (search engines, data brokers, people-search sites) and using services to request removal or opt-out, so third parties and automated systems can’t easily collect, sell, or expose your PII. This step helps protect against spam, identity theft, unsolicited marketing, and malicious activity such as doxxing.Steps to scrubbing your online footprint:1. Scan for exposure: Search major search engines (e.g., Google) for your name, email, phone number, and other PII to see what’s publicly visible. Note where your data appears.2. Use a removal service: Sign up for a data removal service to automate opt-out requests to data brokers and people-search sites that hold or publish your personal information.3. Submit opt-out requests: Depending on the service, you may need to confirm the data to remove or authorize the provider to act on your behalf.4. Verify removal: After the service processes requests, check periodically (every few months) to confirm your data has been removed or suppressed, and resubmit if necessary.5. Monitor ongoing exposure: Some services continually monitor your footprint and renew removal requests as new records appear.6. Repeat periodically: Online exposure evolves over time; schedule regular scrubs to maintain a minimised digital footprint.Recommended tools:Pentester.com: primarily a vulnerability and digital footprint scanner that helps discover compromised credentials or exposed data, and can be used to identify where your personal information might be leaking online.DeleteMe a long-established privacy service that contacts data brokers and people-search sites on your behalf to remove your personal information; it covers hundreds of brokers with ongoing updates.Incogni: a comprehensive personal information removal service that scans numerous data broker sites and submits removal requests, often including coverage of many niche or lesser-known sources.
17. COVERT Protocol Action #7: Harden your Devices
14:19||Season 1, Ep. 17Harden your Devices: strengthen the security and privacy of your phones, tablets, laptops, and desktop computers by reducing their attack surface, protecting stored data, and blocking common threats. This includes encrypting data at rest, securing network traffic, tightening web browsing, and using malware protection. Hardened devices are much safer if lost, stolen, or actively targeted.Steps to Harden Your Devices:1. Enable full disk encryption (FDE): Turn on encryption for your device’s storage so that data isunreadable without your passcode, even if the device is lost or stolen. Most modern OSes allowthis (e.g., BitLocker on Windows, FileVault on macOS).2. Use a VPN connection: Install and configure a reputable Virtual Private Network (VPN) on eachdevice. This encrypts your network traffic when you are on untrusted Wi-Fi or public networks,making it harder for attackers to intercept your communications. 3. Harden your browser: Choose a browser that respects privacy, or harden Firefox yourself. Enforce HTTPS for secure connections.Install privacy/security extensions (e.g., script blockers, ad blockers) to reduce tracking and malicious content. Regularly clear cookies and site data. This reduces exposure to trackers and exploitation.4. Harden you device: Keep software updated. Install antivirus/anti-malware software. Remove unnecessary software. Use least-privilege accounts. Review privacy/security settings. Back up your dataRecommended tools:Privacy Browsers: Brave, LibreWolf, DuckDuckGo Private BrowserBrowser Extensions: NoScript, uBlock Origin, Firefox Multi Account ContainersVPN Service: Proton, Mulvad, NordVPNAntivirus Software: Bitdefender, Avira, Malwarebytes
16. COVERT Protocol Action #6: Audit Your Children Social Media Accounts
35:35||Season 1, Ep. 16Throughout the latest episode, we have discussed operational security in professional settings. Today, we are bringing Gabriel Fanelli, director of training at Grey Dynamics and a former United States SIGINT operator with a Bronze Star commendation, to talk about something more than hardening your devices and obfuscating your networks: Family SecurityFirst of all, you are not your kids' best friends; you are their protector and last line of defence against all the threat actors lurking in the dark corners of the Internet. Having said that, here is what you will learn in the episode.The Types of Threats Present in Video Games and Online ForumsHow To Explain Family Security Procedures to Your SpouseHow to Talk To Your Kids About Grooming and ExtortionSocial Media Rules to Have Around the HouseMaintaining Your Kid's Security While He Plays Online GamesFollowers Vetting Processes and Second Device Auditing Your children and your family's security and privacy are your responsibility. They don't have the ability or capability to do it themselves, and you already know what's out there. Harden Up. #Opsec #Security #Family #Home #Veteran
15. COVERT Protocol Action #5: Audit Your Social Media Accounts
07:58||Season 1, Ep. 15Audit your social-media exposure, review all your public or private social-media accounts and online profiles; check what personal information (photos, posts, bio data, connections) is visible; then remove, reduce, or restrict exposure of anything risky or unnecessary.Steps to audit your social media exposure:1. Make a full list of every social-media profile or public/social online account you’ve ever created (active or dormant). Include mainstream platforms and smaller/less-used ones.2. Visit each account and carefully examine what can be seen publicly: profile pictures, bio information (name, location, birthdate, contact info), past posts, comments, photos, tags, friend lists.3. Adjust privacy and visibility settings on each account so that only trusted contacts (friends/followers) can see sensitive content. Delete, lock down or hide: personal details, contact info, location data, old posts.4. Remove or deactivate any accounts you no longer use, or that you don’t want publicly visible. Dormant accounts may still leak personal data.5. Scan for “people-search” or public-record sites listing you (or old usernames/email) check what information about you is exposed outside social media.6. Periodically repeat the audit (every 3–6 months) privacy settings and platform defaults can change; content from connections (tags, shares) or old posts may re-expose you.