Noxious @ Noxious @fedia.io

Posts

1

Comments

124

Joined

11 mo. ago

They only backport (some) OS patches, the firmware doesn't get updated after the vendor classifies a device as EOL.

To get Android into a fully patched state, you need both firmware updates that come from your phone's vendor, as well as OS patches that come from your OS developer (in this case GrapheneOS). GrapheneOS usually only provides OS updates as long as Google provides firmware updates, because they don't want people to run outdated and potentially insecure devices with old, unpatched firmware. But they have extended update cycles for some EOL devices like the Pixel 4a (5G) and Pixel 5.

Your bank specifically requires Play Protect? That's odd, I've never heard of something like that before. I'd still check this list to see if it might be compatible with GrapheneOS: https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/

You can get a Pixel 7a for under 300 EUR, and it is supported until 2028, so you don't lose out on updates.

Fairphones aren't even anywhere close to meeting the security requirements of GrapheneOS. Daniel Micay explained this many times, most notably in this Reddit thread (before they left Reddit and switched to their own, self-hosted forum) https://redlib.nohost.network/r/GrapheneOS/comments/10b5x4n/has_anyone_managed_to_install_grapheneos_on_a/j67pbny

They will only support Pixels for the foreseeable future, as these are the only devices that meet their hardware security requirements https://grapheneos.org/faq#future-devices

DivestOS is pretty good. I'd stay away from /e/OS, CalyxOS and LineageOS though, as they have some pretty serious security problems.

Really? That's your concern? People seeing you use a Google phone? Just put a case on it ffs, no one cares that much about the phone you use. With a case, basically all modern smartphones look the exact same.

https://grapheneos.social/@GrapheneOS/113049891764818911

Edit: That was the experimental release. There's a stable release now https://grapheneos.social/@GrapheneOS/113072219898252365

Their camera app got much better recently, but you can also just go ahead and install the stock Pixel camera app from the play store, and use Graphene's network toggle to deny it internet access

Yeah the search is pretty nice, but I prefer my selfhosted instance of bitmagnet

Going back to a "normal" text editor after using Vim for a few years would be horrible

Life without qBittorrent would also be pretty difficult, hell no, I'm not paying for DRM content that requires proprietary software to watch

Has anyone tried loading arkenfox user.js on there? That's the bare minimum for me to use a Firefox-based browser. I'm not using that without hardening.

Because Google is a monopolistic piece of shit and they try to lock you in to their shitty, privacy-invasive ecosystem. In my opinion it's like a hundred times worse than Apple. Only Google hardware (phones and tablets) are worth buying, but only for the strong hardware security features, definitely not for the stupid proprietary software they come with by default.

LibreTube could do that like forever

The Signal protocol is the de-facto standard for E2EE, and it works just fine even in large group chats. But you refuse to accept this reality. The Signal protocol is used by so many apps, obviously Signal itself, WhatsApp, Facebook Messenger, Instagram direct messages, Google Allo (back when it existed), Google Messages (RCS), Skype, Wire and many others. MTProto is developed by Telegram, only used by telegram, not properly audited and full of flaws. No one should actually use it. And the fact that it doesn't support group chats is a design choice, because ultimately Telegram doesn't give a fuck about their users privacy or security. They have repeatedly worked with governments and worked against the interests of their users. Their funding is also pretty unclear and shady, and the entire company just appears scummy. Give me one single reason why anyone should use this trash over a proper E2EE messenger like Signal, Threema, SimpleX or Wire.

Uh you appear not to understand how encryption works? Either something is end-to-end encrypted, and the service provider doesn't have access to the encryption keys, and thus can't read the messages, or it is encrypted in transit, the keys are held by the provider and the messages are decrypted on the server. The latter is exactly what Telegram does, even though they falsely try to market it as something else.

Also it seems there is still no proofs those vector attacks are being used at all.

Ah yes, definitely go with a messenger that has known vulnerabilities in its crappy encryption protocol, instead of one with an actual secure E2EE implementation.

no history is being saved in this mode

You can still make encrypted backups of encrypted messages, as can be seen on WhatsApp or Signal

and the desktop client doesn't support it

I don't know what you mean, both Signal and WhatsApp have managed to ship desktop clients with full E2EE support for years now. Only Telegram is too incompetent to do that.

Telegram got implemented e2e between 2 users before other messengers got it working in any form of group chats

Just stop lying. Telegram Secret Chats have been introduced in 2017, both Signal and WhatsApp have had E2EE (including for group chats!) for much longer. Signal has had (encrypted) group chats in 2014, back when it was called TextSecure: https://signal.org/blog/the-new-textsecure/ And WhatsApp followed in 2016.

I'll think about it if they ditch electron.

Are you mad that Signal is focusing on privacy and security by improving their encryption protocol, instead of wasting time on some UI garbage? This shows your priorities really well. Keep using unencrypted Telegram, for the cool stickers and convenient cloud backup, and keep in mind that Telegram can read all of your messages, as well as hand them over to governments.

I agree, the ranking is not great. China definitely needs to be on the list, and it needs to be up high, together with Russia, Belarus, North Korea, the UAE, Saudi Arabia and Iran. Israel should remain No. 1 though.

Stop pretending that Telegram cares about the security of their users, because they clearly aren't, as can be seen in their shitty encryption protocol, and the fact that by default all messages are stored on their servers in plain text

That's right, but it's not properly implemented in Telegram. https://eprint.iacr.org/2015/1177.pdf