• 0 Posts
  • 26 Comments
Joined 1 year ago
Cake day: June 13th, 2023
  • @Genghis@monero.towntoLinux@lemmy.mlSecurity advise collection - what do you recommend?
    17 months ago

    The desktop security model is insecure in general. Phone OSes are much more secure.

    Reasonable desktop OS to use is Qubes, Fedora, MacOS, ChromeOS, or Windows pro/enterprise (hardened)

    Phones are much more secure especially the Pixel 8/pro with MTE immensely reducing remote exploitation. GrapheneOS is the only distro that enables MTE by default and recently implemented it in their Vanadium browser.

    Secure phones (secure elements are important): IPhones and Pixels (GrapheneOS or stock)

    Also yes, Chromium is much more secure on Linux than Gecko based browsers because of its great internal sandboxing and site isolation. Firefox on Windows is catching up though, but still bad on desktop Linux and android.

    This all doesn't matter if you're running an EoL device. Make sure your receiving official security and firmware updates.

    that's about it

  • @Genghis@monero.towntoDeGoogle Yourself@lemmy.mlMy internal fight over what device to buy
    08 months ago

    microG runs Google Play code just like Aurora Store. It is not fully open source. Here's more information.. It is still connecting to Googles propriety servers.

    microG requires Signature Spoofing and alternative OSes usually ship with microG as a privileged system app. This increases the attack surface as it is not confined by the regular sandbox rules.

    Now you're using a privileged component, which downloads and executes Google code in that privileged unprotected context, and which talks to Google servers because otherwise, how would FCM work for example?

    Despite doing both of those things, MicroG doesn't have the same app compatibility as Sandboxed Google Play despite the extra access it has on your device. Even in some magical universe MicroG worked without talking to Google servers or running Google code (again, in a privileged context), the apps you're actually using it with (the apps depending on Google Play) have Google code in them.

  • @Genghis@monero.towntoDeGoogle Yourself@lemmy.mlMy internal fight over what device to buy
    48 months ago

    I recommend you purchase a Google Pixel 6a or above (minimum security support ends July 2027) and flash GrapheneOS. (Pixel 8/pro preferred)

    Aurora Store doesn't avoid Google since a lot of the apps from the play store include Google's SDK and libraries. microG also doesn't avoid Google as it is still running proprietary Google code and has more privacy/security weaknesses

    Sandboxed Google Mobile Services is a much better implementation which is featured in GrapheneOS. The services are not privileged and is treated like any other app. They don't downgrade privacy or security unlike the other alternatives.

    There are much more privacy and security benefits using GOS. Here is a 3rd party comparison between different mobile OS.

  • @Genghis@monero.towntoPrivacy@lemmy.mlSwitching to custom rom on android device with data
    18 months ago

    AOSP does get security updates first because GrapheneOS is based on unmodified AOSP. They are quick to port over updates though and they have extra features like hardened malloc and better user profile support.

    Non pixel phones aren't secure because GrapheneOS doesn't support them. They aren't secure because they either don't have secure elements, broken verified boot, or don't properly support alternative operating systems. This makes phones like OnePlus, Fairphone, etc not secure enough for GrapheneOS.

    DivestOS I would say is the least worst option when it comes to supporting EoL phones. They're at least honest about what they do and don't provide unlike what other OSes do. On their website, they tell you they aren't a secure OS and they can only try their best to reduce harm on an EoL device. DivestOS Security.

  • @Genghis@monero.towntoAsklemmy@lemmy.mlWhats your favorite free open source software that everyone should try?
    010 months ago

    I think your thinking im against FOSS but you’re not understanding. Many people in the FOSS community only care about privacy and ignore security. A developer can implement security benefits to FOSS but many people don’t care to do it.

    Accrescent is FOSS and it has much higher security benefits than F-Droid. Accrescent allows both open and closed sourced apps because there’s no benefit being exclusive to having FOSS apps in their catalog.

    If the user chooses to not use proprietary apps on Accrescent, they don’t have to install them.

  • @Genghis@monero.towntoAsklemmy@lemmy.mlWhats your favorite free open source software that everyone should try?
    010 months ago

    2 - Manual installation methods can be insecure because a lot of people don’t update their apps all the time. Obviously rooting a phone is insecure, but having no auto updates in 2023 is crazy.

    4 - It is very true, having zero quality control on new apps. The flagging of apps with problems is just following the FOSS philosophy. Any FOSS app can be added to F-Droid.

    5 - Not sure why you would want to install abandoned apps on F-Droid, let alone use an EOL device. A lot of people don’t check if apps are maintained because they trust their app store.

    6 - FOSS doesn’t automatically mean its secure or private. Also, why is it that I have to install proprietary apps only on the Google Play Store?

    7 - FDroid signing keys isn’t an advantage because it requires an extra layer of trust. I’m already trusting the developer by installing their app, so the developer should be signing the keys. This is a reason why Signal is not on F-Droid.