Andromxda 🇺🇦🇵🇸🇹🇼 @ Andromxda @lemmy.dbzer0.com

Mastodon: @Andromxda@infosec.exchange

---

Read more

Posts

50

Comments

1,792

Joined

1 yr. ago

Moderating

---

The more they will try to screw us over, the more people will resist.

Sorry, forgot to include a blockquote. I was talking about microG. Ntfy is a regular user-installable app, you just need to grant it permission to run in the background, i.e. disable battery optimization.

You're damn right

We need another Luigi

News at 11

I'm sorry, there's no other way to say this, but such a major issue slipping through is just a massive sign of incompetence. I support Fairphone's mission and philosophy, but I just can't trust this company. This isn't the only security issue either. I wouldn't recommend their devices to anyone for this reason.

your only other choice is microg

Doesn't work on GrapheneOS, since it requires root access for signature spoofing. And it's not any better than Sandboxed play services.

!luigimangione@lemmy.world

Yes it is

Fairphone fails to properly sign their own operating system. They use the publicly available (!) AOSP test private keys instead of an actual secret key. This breaks fundamental security features of Android like Verified boot, rollback protection, etc. They're also pretty slow with updates, including important monthly Android Security Bulletin patches. This is just the bare minimum for any OEM, and Fairphone fails to properly implement it.

Google goes above and beyond, and offers cutting edge hardware security in their Pixel devices. They have features that currently can't be found in any other Android phone, like ARMv9 MTE (hardware memory tagging), the Titan M2 secure element, which supports Android StrongBox, the Weaver API and comes with insider attack resistance. GrapheneOS takes full advantage of these features, and combined with their numerous software security improvements offers the most secure mobile OS + hardware combination on the market. You can read more about all the hardening of GrapheneOS on their features overview page: https://grapheneos.org/features
Plus it's degoogled by default, so it doesn't come with any trackers or bloatware. You can opt to install Google Play services, but they are confined in the standard Android application sandbox, just like any other user-installable app. They don't get any elevated privileges like on other Android-based operating systems.

I like HeyForm. Here's the source code, as well as instructions for self-hosting. It looks very clean and modern, and has a similar UX to Typeform.

The second best option would be Nextcloud Forms (source code).

I recommend Ice as a FOSS alternative to Bartender. Recently discovered it through a Mastodon post https://mastodon.macstories.net/@comfortzone/113600838579784511

Also stats as an alternative to iStats Menu btw

GPLv3

I fully agree on the Framework laptop, but Fairphones are insecure and suck. Get yourself a (preferably used) Google Pixel instead and load GrapheneOS on to it, it's very easy and maybe takes 10 minutes.

That's not really piracy, is it? I'd say it's more like censorship circumvention.

This "app tracking protection" is just a DNS filter. You can achieve the same by setting a filtered DNS resolver like base.dns.mullvad.net in the Private DNS options.

Auditor just verifies that your installation of GrapheneOS is real and unmodified, meaning it hasn't been tampered with by an attacker or corrupted in any other way.

I would recommend using a VPN. That's also why I prefer the DNS filter over something like app tracking protection, since it doesn't occupy your VPN slot. GrapheneOS only improves the actual Wi-Fi connection privacy (by randomizing your Wi-Fi MAC address), but it has nothing to do with the data transmission over the Wi-Fi network. That's what you need a VPN for. You can check out this comment about the Pros and Cons of VPNs, as well as the criteria for picking a good and trustworthy VPN provider: https://lemmy.dbzer0.com/comment/15631872 Here's some more advice about VPNs: https://www.privacyguides.org/en/vpn/

AirVPN has port forwarding if you need that. You can also do it with Proton, but last time I used it, it was quite janky.

You can use this FOSS tool to automatically claim those games.

https://github.com/vogler/free-games-claimer

Some even work pretty well on Linux using the Heroic Launcher.

WireGuard is now even part of the Linux kernel. The protocol and the reference implementation are fully open source, you can just download a WG profile from your provider and you won't even have to use their application.

On the pros, some offer DNS blocking

You can also set that up without a VPN, or independently of your VPN. The standard WireGuard client doesn't interfere with your DNS setup.

Yeah. Proton, Mullvad and IVPN are the three best providers out there. That's also why they're recommended by privacy/security enthusiasts: https://www.privacyguides.org/en/vpn/?h=vpn#recommended-providers