pfsense: Who needs AES-NI?
FutileRecipe @ FutileRecipe @lemmy.world Posts 9Comments 400Joined 2 yr. ago
FutileRecipe @ FutileRecipe @lemmy.world
Posts
9
Comments
400
Joined
2 yr. ago
But OP is, and still asking...
like i'm meant to feel sorry for them so generously losing money on something
But think of the shareholders and CEO. Won't someone please think of the shareholders and CEO?!
I know people with 2 or 3, but nowhere near 20.
I don't remember the full list as I've never used any or had any interest in them, but it was only OEM ones like Samsung's. No user ones, which could be solved by Google opening up the API.
Amazon's logic is you paid a subsidized/cheaper price that is offset by included ads. You can buy it without ads (more expensive, obviously) from the start.
I use ProtonVPN's Secure Core. Their entry nodes are in privacy-friendly countries — Switzerland, Iceland, or Sweden — and exit nodes can be to any of their VPN servers in dozens of countries around the world. It's a double hop which increases latency slightly, but I don't real-time game on this configuration.
It's part of defense in depth. No single piece will protect you from everything, so you you use multiple layers of protection.
Well, it does spell out the difference of Ultra HDR. However, you asked "need?" There is absolutely no need (in my opinion) of better pictures, but I also rarely take or view them so I might not be the best judge.
I'm against adding work stuff to personal phones, but if you have to, you have to. So I try and set it up as a separate/logical phone within a phone.
For Pixels, I always install GrapheneOS regardless, "the private and secure mobile operating system with Android app compatibility. Developed as a non-profit open source project." https://grapheneos.org
Then for work, I'd use a separate profile with only the needed apps for separation and, increased security and privacy: https://grapheneos.org/features#improved-user-profiles
Out of curiosity, why would you want to?
I honestly don't know as rooting and magisk go against the principles of a secure OS that GrapheneOS strives for. At that point, it is no longer GrapheneOS but GrapheneOS-derived, and the devs will not offer support... rightfully so, in my opinion.
Is it possible? I assume it is, but probably very difficult. Has someone gone through the effort to do so? Doubtful as that goes again the target audience of GrapheneOS users.
Well, your original question in the OP was "how secure is to go this way?" You've been given a similar answer of "not very and not recommended" by multiple people. Starting to sound like you just want assurance and will continue to use your current setup.
People used to got to Custom ROMs because OEMs were really doing shit job, that's not the case now given now.
Yep. I used to use custom (ROMs, kernels, etc) for the extra features and playing with my phone like a shiny new toy. Now I use GrapheneOS because OEMs and Google don't do security and privacy anywhere near as good as GOS. And I can live with the minor inconvenience of apps that use Play Integrity API, though I do encourage the app devs to switch to hardware backed attestation because: "Android's hardware attestation API provides a much stronger form of attestation than the Play Integrity API with the ability to whitelist the keys of alternate operating systems. It also avoids an unnecessary dependency on Google Play services and Google's Play Integrity servers." https://grapheneos.org/articles/attestation-compatibility-guide
That depends on the ROM/OS. Granted, we're in the Android community, but GrapheneOS uses a hardened rendering engine, and never Chrome's/Android's even if you install them both from the Play Store:
WebView-based browsers use the hardened Vanadium rendering engine, but they can't offer as much privacy and control due to being limited to the capabilities supported by the WebView widget. For example, they can't provide a setting for toggling sensors access because the feature is fairly new and the WebView WebSettings API doesn't yet include support for it as it does for JavaScript, location, cookies, DOM storage and other older features. For sensors, the Sensors app permission added by GrapheneOS can be toggled off for the browser app as a whole instead. The WebView sandbox also currently runs every instance within the same sandbox and doesn't support site isolation.
To be clear, GrapheneOS did not "get rid" of Daniel. Daniel stepped down as lead dev and shifted some of his roles to other devs. He still contributes code to GOS.
Not for long with Google cranking up the ads (amount of and length) as well as them stepping up their ad-blocking detection. Newpipe and such still work, but for how long?
Which one do you trust?
As I've said before: myself. Using unbound as a recursive resolver and cutting out the middlemen of CloudFlare, Quad9, Google, etc.
Edit: or do you want the authoritative name/root servers my recursive resolver asks? Ok. I didn't give these as that's who everybody asks, to include Google, Quad9, etc...hence me harping on saying cutting out those middlemen and asking the root servers directly. https://www.iana.org/domains/root/servers
And...who do you trust?
Trust me, I fully get it. You are trying to be pedantic and "technically correct," Um Actually style. I am speaking from the perspective of this sub (privacy and enhancing it). You are your network. You are not a middleman in the context of yourself or your network. You are not losing privacy in relation to yourself. That's being ridiculous. It's like saying "I didn't cook this steak at my house, um actually, my stove and pan did. Well, they (and I and the butter/oil) were the middleman. Let's not forget the fire. Etc." Again, ridiculous.
Also, you're right in that you have to ask a DNS server to resolve a name to an IP. But in this context, DNS servers ask the root name server. Those DNS servers are the middlemen, rootname is not. With Unbound and recursive, you are asking the authoritative root name server. They are not a middleman to themselves...they are the authority in DNS (it's in the name). Also, Unbound as Recursive does answer the question of OP which was "what DNS to use?" When you configure a recursive resolver, you don't (shouldn't) change it away from the root nameservers and insert a middleman (someone/something you don't control), and it doesn't do it by default. OP was clearly asking about non-authoritative DNS servers to use aka "should I use Quad9, CloudFlare, etc?" And my answer was...none. Cut out those middlemen that don't need to be there/asked (which takes away some privacy as you're asking a person who doesn't need asked), and ask the root nameservers yourself via Unbound recursively.
You seem to be stuck talking from the perspective of the client/PC. Next, are you gonna say "you're not actually going to the site. You're going to the switch, then the router, and a firewall, maybe traversing a DMZ, could be a proxy in there, then going through the core backbone routers of the internet, down into their network. Of course, if there's a VPN in there, that changes things. Let's not forget the middleman of your own NIC and CPU, not to mention the keyboard, motherboard, mouse, etc. Oh, of course fiber and cabling. Those are all middlemen." Do you see how fundamentally ridiculous that is?
tl;dr: Cut out Cloudfare's recursive resolver (or anyone else's) and run your own via PiHole and Unbound.
You don't cut the middle man, you create the middle man with Unbound.
Umm, Unbound is on your machine. So you're saying you are your own middle man lol...which is the same as cutting out the middle man as you (rather, your server) are you.
And Unbound needs to ask other DNS servers on the internet to resolve DNS queries.
It asks the authoritative nameservers, which is who external DNS servers ask. By using Unbound, you are cutting out those external DNS servers, because you/Unbound is the DNS server. You are asking the authoritative name server directly instead of inserting someone else to ask on your behalf.
Here's an explanation by Cloudflare: A recursive resolver (also known as a DNS recursor) is the first stop in a DNS query. The recursive resolver acts as a middleman between a client and a DNS nameserver....Most Internet users use a recursive resolver provided by their ISP, but there are other options available; for example Cloudflare's 1.1.1.1.
I copy/pasted the above quote from the article you linked. Again, Unbound (your machine) is asking the DNS nameserver. You're saying you are your own middleman lol. I'm saying cut out Cloudfare's recursive resolver and run your own via PiHole and Unbound. Did you read the article I linked?
If you don't use a VPN on the router, you won't need it.
But what if you decide to set one up so you can VPN in while on the road? Personally, I'd rather have it and not need it, than need it and not have it...as well as "buy once, cry once" rather than need to upgrade down the line.