In April, @mullvadnet provided sponsored DataPacket servers for GrapheneOS in Dallas and Frankfurt which each have 50Gbps peak bandwidth capacity. These now serve a large portion of the updates to GrapheneOS users and add a lot of capacity to our other services including our anycast authoritative DNS.
We also have sponsored servers from ReliableSite, Cherry Servers, Zare and Xenyth. There are a total of 8 sponsored servers where 7 are primarily update mirrors. The update mirror servers also serve our website and network services as a replacement for VPS instances for the locations we have them.
We host 2 anycast networks with our own ASN and IP space in order to self-host anycast DNS servers providing the authoritative DNS resolution for all of our services. Both IPv4 /24 blocks we use for anycast DNS were obtained for free via from ARIN via NRPM 4.10 along with the IPv6 space.
We host 2 anycast networks with our own ASN and IP space in order to self-host anycast DNS servers providing the authoritative DNS resolution for all of our services. Both IPv4 /24 blocks we use for anycast DNS were obtained for free via from ARIN via NRPM 4.10 along with the IPv6 space.
If one of our DNS servers goes down or fully loses connectivity, BGP routing across the internet will quickly adjust to send traffic to the other servers in the network. If a DNS resolver fails to get an answer from one of the anycast DNS networks, it will automatically fall back to the other one.
Our GeoDNS was recently massively improved via @ipinfo sponsoring us with free access to their standard GeoIP database. They use over 1300 probes to scan the internet instead of relying on very inaccurate/incomplete WHOIS/geofeed data. We nearly always use the right server thanks to this database.
We need additional dedicated servers for updates and other services in APAC where bandwidth is more expensive (Singapore, Sydney and Tokyo). We also need another server in North America to go along with our 2nd server from Cherry Servers in Amsterdam used to provide our opt-in geocoding service.
We have enough bandwidth for updates in Europe and North America to handle quite a lot of further userbase growth. We do need additional servers for other things. Several other server providers contacted us with sponsorship offers but we mainly need several APAC servers now which is more costly.
Like how Arc Browser changed how I use browsers, Aerospace (i3-like) changed how I use Operating Systems.
Instead of cycling though desktops and windows, just hit a key, and it gets you what you want, also it can auto-organize your apps and move them to the workspace you want.
Maybe you don’t know this, but Apple just made a deal with Israel, and new iPhones are expected to include Israeli chips. Funny how many people probably won’t even pay attention to who’s listening.
‼️🚨 ALARMING: Google now treats privacy as suspicious behavior by default. Users of GrapheneOS, CalyxOS, /e/OS, and other deGoogled Android phones are being locked out of millions of websites unless they install the exact Google Play Services software they deliberately removed.
GrapheneOS is recommended by the EFF and used by journalists, lawyers, and activists in high-risk environments. The audience most likely to read Google's data practices and refuse its terms is now flagged as fraudulent for that exact decision.
What happened?:
▪️ Google announced "Cloud Fraud Defense" at Cloud Next on April 22-23, 2026, branding it "the next evolution of reCAPTCHA." Existing reCAPTCHA customers were auto-migrated.
▪️ When the system flags traffic as suspicious, the old click-the-bus puzzle is gone. Users get a QR code instead.
▪️ Scanning the QR code requires Google Play Services running on the device. Internet Archive snapshots show this requirement has been live since at least October 2025, silently rolled out for 7 months before anyone noticed.
▪️ No Play Services = no QR scan = locked out.
The bigger picture:
▪️ Google already tried this in 2023. It was called Web Environment Integrity (WEI), and it would have let Google decide which devices were "real enough" to access the web. Standards bodies and the public pushed back hard, and Google killed it. Three years later, the same idea is back, just hidden behind a QR code instead of a browser feature.
▪️ reCAPTCHA runs on millions of websites. Every developer who keeps using it is now, by default, telling deGoogled Android users they're not welcome...
Apple and Google are gradually expanding their use of hardware-based attestation. They're convincing a growing number of services to adopt it. Google's Play Integrity API and Apple's App Attest API are very similar. Apple brought it to the web via Privacy Pass, which Google intends on doing too.
Google's Play Integrity API requires hardware attestation for the strong integrity level and is gradually phasing in requiring it for the more commonly used device integrity level. Apple already has it as a requirement. Over the long term, this will increasingly lock out hardware and OS competition.
The purpose of these systems is disallowing people from using hardware and software not approved by Apple or Google. This is wrongly presented as being a security feature. Banks and government services are the main ones adopting it but Apple and Google are encouraging every service to use it.
Apple's Privacy Pass brought hardware attestation to the web to help with passing captchas on their own hardware. Many people saw that as harmless since few sites would be willing to lock out non-Apple-hardware users. Apple and Google are both likely to bring broader hardware attestation to the web.
Google's reCAPTCHA is planning an approach where they use Privacy Pass on Apple hardware, their own approach on Google Mobile Services Android devices and a QR code scanning system to require an iOS or Google certified Android device for Windows and other systems:
https://t.co/7rQnioRa8A
Banking and government services increasingly require using a mobile app where they can use attestation to force using an Apple or Google approved device and OS. Apple's privacy pass, Google's 'cancelled' Web Environment Integrity and now reCAPTCHA Mobile Verification are bringing this to the web.
Current media coverage for reCAPTCHA Mobile Verification misunderstands it and the impact of it. They're bringing a hardware attestation requirement to Windows, desktop Linux, OpenBSD, etc. by requiring a QR scan from a certified smartphone to pass reCAPTCHA in some cases. They could expand it more.
Control over reCAPTCHA puts Google in a position where they can require having either iOS or a certified Android device to use an enormous amount of the web. Google defines certification requirements for Android which includes forcing bundling Google Chrome, etc. It's enormously anti-competitive.
Google's Play Integrity API bans using GrapheneOS despite it being far more secure than anything they permit. It also bans using any other alternative. This isn't somehow specific to an AOSP-based OS. You can't avoid this by using a mobile OS based on FreeBSD instead. You'll just be more locked out.
Google's Play Integrity API permits devices with no security patches for 10 years. The device integrity level can be bypassed via spoofing but they can detect it quite well and block it once it starts being done at scale. The strong integrity level requires leaked keys from TEEs/SEs to bypass it.
It doesn't provide a useful security feature, but it does lock out competition very well. Services requiring Apple App Attest or Google Play Integrity are primarily helping to lock in Apple and Google having a duopoly for mobile devices. Play Integrity is more relevant due to AOSP being open source.
Governments are increasingly mandating using Apple's App Attest and Google's Play Integrity for not only their own services but also commercial services. The EU is leading the charge of making these requirements for digital payments, ID, age verification, etc. Many EU government apps require them.
Instead of governments stopping Apple and Google from engaging in egregiously anti-competitive behavior, they're directly participating in locking out competition via their own services. Requiring people to have an Apple device or Google-certified Android device is anti-competition, not security.
reCAPTCHA Mobile Verification will currently work with sandboxed Google Play on GrapheneOS but it clearly exists to provide a way for them to start using hardware attestation on systems without it. People without an iOS or Android device will be locked out when this is required even without that.
This isn't about security or any missing functionality. GrapheneOS can be verified via hardware attestation. Google bans using GrapheneOS for Play Integrity because we don't license Google Mobile Services and conform to anti-competitive rules already found to be illegal in South Korea and elsewhere.
Services shouldn't ban people from using arbitrary hardware and operating systems in the first place. Google's security excuse is clearly bogus when they permit devices with no patches for 10 years but not a much more secure OS. It's for enforcing their monopolies via GMS licensing, that's all.
📱GrapheneOS sigue arreglando lo que Google ignora
Este problema permitía que la dirección IP real del usuario se filtrara cuando la VPN estaba activa o incluso cuando "Bloquear conexiones fuera de la VPN" estaba activado, exponiendo su ubicación y actividad.
Según la información, el error existía en la versión estándar de Android y Google decidió no solucionarlo.
El equipo detrás de este sistema más enfocado en la privacidad identificó el problema y lo arregló en sus propias versiones, mejorando la protección para quienes usan este software.
Esto destaca las diferencias entre las soluciones personalizadas de seguridad y las actualizaciones oficiales, especialmente en temas de privacidad como el uso de redes privadas virtuales.
❌ Just NO!
VPNs are a core element of digital citizen’s rights & a free society. Prohibiting VPNs under the guise of children’s rights is not acceptable.
As MEP I will continue to fight for digital privacy rights & against prohibiting VPNs.
In February 2026, Atlassian raised Loom prices by up to 100x.
One team's bill went from $240 a year to $24,000 a year. Overnight. No opt-in. No warning.
Loom Business now costs $12.50 per user per month. Loom Business + AI is $20.
A 50-person team pays up to $12,000 a year to send screen recordings.
A 100-person team pays up to $24,000 a year.
A 500-person team pays up to $120,000 a year.
For screen recordings.
Then a developer in Liverpool shipped Cap.
His name is Richie McIlroy. Solo founder. Built and sold four micro-SaaS products before this one. Started Cap in November 2023, six weeks after Atlassian announced the Loom acquisition.
Cap is the open source alternative to Loom.
Built in Rust and Tauri. Native macOS and Windows app. AGPL-3.0 licensed. Free forever for local recording. No usage limits. No watermark. No login wall.
Here is what it does:
→ Instant Mode: record and upload at once, shareable link the moment you stop
→ Studio Mode: 4K, separate screen and camera tracks, no compression, no upload
→ AI-generated titles, summaries, chapters, transcripts — automatic
→ Custom S3 storage: AWS, Cloudflare R2, Backblaze, MinIO, Wasabi
→ Custom domains: share from https://t.co/NbzBe1E4AP, not https://t.co/1YSDeiHgdv
→ Import your existing Loom videos in one click
→ Self-host everything with one Docker command
Here is the wildest part:
Loom hosts your videos on their servers. If Loom goes down, your links go down. If Atlassian raises prices again, you pay or your library disappears.
Atlassian has killed products before. Stride. HipChat. Both were buried.
Loom could be next.
Cap puts your videos on YOUR storage. If Cap disappears tomorrow, your recordings still sit in your S3 bucket. Every link still works. Every video still plays.
The numbers, today:
18,506 stars. 1,454 forks. 56 contributors. 1,762 commits in 2026 alone. Latest release v0.4.84, three weeks ago. Used by 30,000 teams.
A $63 billion public company raised the price of screen recording 100x in February.
A solo founder in Liverpool made it free the same year.
Your recordings. Your storage. Your links. No surprise invoice.
Free forever. AGPL-3.0 open source.
(Link in the comments)