Sony didn’t go through with account linking in the end.
Yet
Sony didn’t go through with account linking in the end.
Yet
Things like gapps are closed source, have full permissions, and cannot be installed only on some profiles.
Except in stock AOSP or grapheneos.
Agree that qubes is the gold standard. But not to let perfect be the enemy of good, the vast majority of people, the vast majority of people, the VAST majority, are going to be unable to run qubes, either by technical ability, availability of appropriate hardware, or portability reasons.
Mobile phones for all of their faults, are the most secure piece of general computing hardware most people have in their lives
The new Pixel phones get 7 years now. Things are improving
https://www.privacyguides.org/en/android/
There is no controversy. There’s a lot of people memeing. I haven’t seen a single security analysis, or survey of options, that didn’t put GOS at the very top. Look at privacy guides, they say graphene is great, but if you can’t use that divest is okay.
People may not like the leader, and the developers are very opinionated which turns other people off, but I don’t think there’s any questioning the pedigree and the level of security provided
I think lineage is a good operating system for a limited exposure use cases. Like a project phone on a safe network, or as a webcam, or is like a embedded hardware controller. But not on the raw internet, not processing raw internet data, not with open Wi-Fi, not with open Bluetooth.
Even with all of that, it should still be segmented from the rest of the network
I think it’ll generate 5 days converted into seconds number of operations.
To decrypt however, you have to do all those operations, so I think it would take 5 days to decrypt. Even if you wait 10 days to start the operation
You can use a hardware security key, like a yubi key, or a software fido2 equivalent.
That way it satisfies the two factor requirement, without using a phone number.
For initial registration you can use an SMS service like SMS pool or the others, you pay a little money, you receive a real text message to a real phone number. You just don’t have access to that number in the future
Your voice, vocabulary choice, lighting conditions, power interference frequency, can all give away parts of your location and identity. You have to choose what level of paranoia is sufficient
The most anonymous, would be to have a v-tuber like model, respond and parrot LLM generated voice audio, from a script that’s been translated a few times. Or pay a voice actor from Fiverr to read your script.
Of course this whole time, using a VPN.
This seems interesting. But for something so complex I would really like them to have a white paper to see how they achieve this.
https://eprint.iacr.org/2023/189 Other systems, for instance, use a third party network to broadcast the parts of the secret that are needed to decrypt over time. So you’re relying on a third-party service, and if that third party service disappears you can’t unencrypt
I think this person is just permanently a contrarian.
Randomizing the numbers does provide good security, because there’s no longer an oil imprint on the most frequently used numbers on the phone, making guessing the pin code much harder before the TPM locks the phone.
Phones are full fledged computers nowadays, with Android you can have different profiles. For their level of paranoia, they could have a profile they never use in public, and only login with a full password, only when they’re in a secure location.
For the randomized pin, and biometric two-factor use of a phone, that covers most use cases, and is quite secure compared to most models of data security average civilians use.
You can have different scopes, if you’re in a crowded place, reading Lemmy isn’t really a big security risk. But logging into your banking would be. All of that is possible on Android, the fact that they’re so staunchly pro computer, is difficult for me to take their analysis seriously
Google makes the most open and customizable phones. Unlocked bootloaders, the ability to sign your own code. Rapid security updates for baseband drivers.
Nobody else comes close.
https://grapheneos.org/faq#future-devices
Actually pine phone is really open, but it’s not android and nowhere ready to be a daily driver.
Predicting the future with 100% accuracy is difficult. It’s unknowable if physical money will completely disappear.
The one thing I hold as an absolute constant, is humans are adaptable, humans will trade and use whatever they can, whatever is convenient, to their advantage.
Can you trade today, gold for a donut? Yes, but you’re going to put a lot of effort into that trade, just to find a counterparty. And then for the counterparty to verify it’s actually gold etc etc but you can do it.
Fascist governments like the centralized power, and that includes centralizing money, including peer-to-peer exchanges. So there’s always going to be the urge to control the absolute flow of all money. That being said, not every government has perfect cell phone coverage over their whole and nation, not all of their people have phones, not all of those phones are always on the network. The one thing money needs to do is work even offline.
War… War never changes.
He has a point.
Does this mean your also against yubikeys?
https://learn.microsoft.com/en-us/windows/security/hardware-security/tpm/tpm-fundamentals
Devices that incorporate a TPM can create cryptographic keys and encrypt them, so that the keys can only be decrypted by the TPM. This process, often called “wrapping” or “binding” a key, can help protect the key from disclosure.
This is how cell phones and windows hello justify short pins, the pin goes into a rate limited TPM that then discloses a larger key to decrypt the actual secret.
The device you’re thinking of has 42 decibels of sound. You should be aware of that, I don’t think it’s actually fanless
Noise is going to be a huge factor for your home lab, so make sure you look at the data sheet for whatever you’re about to buy and check what it’s rated noise level is
Qubes is immune to the knife to the throat threat model?
TPM in the SOC to transform the “convenient” pin into more robust encryption keys is the gold standard for civilian devices.
“computers” (of which a phone very much is) also use a TPM for this very reason.
But even taking what you say as gospel, the device isn’t insecure, its how people are using it.
I will stand by my comments a phone is the MOST secure device a civilian will use. Even with a secured desktop computer where someone diligently types in a 64 bit random code to unencrypt the hard drive… if they use the computer as a general purpose device, the threat surface raises dramatically. Now information and programs are not compartmentalized, install one bad program and it can trivially take over everything.
Please help me understand your point of view. So far all you have said in this conversation is that other people are wrong. That may be, but your not helping us understand you
I think phones are the MOST secure devices most people have. They are locked down, they run software in very restricted containers, they have more restrictive feature allowance. for 99% of the people the phone is the most secure device, full stop.
Can you do better on a computer? Sure, but it takes a bunch of work and isn’t the out of box experience
I really enjoy the game, but now me and my friends are maxed out. Max samples, max medals, max upgrades. With nothing to progress to there is far less incentive to play.
The way my friend group works, and I imagine many others work, when I see one of my friends online playing a game, I join their game. And hell divers was great for that, they made joining games effortless. So it was very social.
But without any of my friends actually progressing towards something in the game, it’s far rarer for us to just join on each other cuz we’re not playing it alone. So now Helldivers is a an option, when we’re already together online, trying to figure out something to do, we will hell dive and have fun no problem. But it’s far less likely now
If they want to maintain a larger user base, they need to have something for people to constantly progress towards. It could just be donating samples to a new research project, that could be infinite grind