Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)ZW
Posts
0
Comments
245
Joined
2 yr. ago

  • I said nothing about not having anything to hide. I said it doesn't mean much. dns resolvers were intended to be cloud based. the only difference between nextdns and standard dns resolvers is the control over function nextdns hands the user.

    using cloud services also allows home devices to stay secured via keeping ports closed. the whole "the cloud is someone else's computer" is just another way of saying "I don't know how to practice good opsec".

    your isp/vpn provider also can log all your data, or are you going to suggest running everything over tor now?

    a dns query does not send that much info since all the contained data from site to user is encrypted and takes network routes separate from the DNS query.

  • Firefox has a weaker sandbox than chromium and less mature site isolation and therefore has lower security. privacy is a different story, but remember you're only as private as you are secure so Firefox is inherently not that private assuming a malicious site escapes the sandbox.

    I'm fully against chrome's growing monopoly as well as Google surveillance capitalism but let's not be so dramatic with the "google mother ship" nonsense.

    using chromium as a base does not equal data being sent back to Google, just like using Android as a base doesn't inherently send data back to Google.

  • most people don't nor do the aforementioned measures have substantial documentation that is easily accessible by the average user.

    they aren't even meant for enthusiasts but rather, in industry professionals

  • a better solution than giving blanket root access would be an API/daemon that provides more fine grained permission control, similar to how flatseal manages the flatpak sandbox.

    edit: anyone wanna help me on a new project idea...?

  • one of the reasons I use nix package manager is because it doesn't require root. it has separate build users and a daemon responsible for privileged file management. I also have a separate user with access if I absolutely need it, or I can log in with a live session and chroot into my system.

    if you need root for a general purpose application then it's badly designed

  • you can't lock your bootloader and retain access for one. that's an easy way to brick your device. it cripples security because in order to gain this access you are patching in the sudo binary (which doesn't normally exist on Android and is therefore not designed to be securely used) and a bunch of selinux policies that give extremely vague permissions systemwide. data exfiltration is made a much simpler task when a user has rooted their device.

    it is also increasing attack surface. you now have to trust that this per app permission model is actually functioning correctly and isn't exploitable.

    edit: it is worth noting that having root access on a desktop Linux system is horribly insecure as well, though. I completely remove sudo on my systems (although considering one can just invoke su -c or su - root that doesn't help too much in actuality)

  • that is a fair point, I wish people didn't trust cloud storage as much but I blame Microsoft for putting it as the default home directory on windows unless disabled. even chromebooks default to local storage unless you select Google drive while windows defaults straight to OneDrive without any obvious signifiers

  • windows sandbox is... getting there, macos is decent but iirc the app dev can choose to not use it. all Linux options require user intervention to ensure it's set up properly. ChromeOS' sandboxing technique is inherited from Android and is the strongest/strictest of any desktop operating system.

  • yes but no. the pixelbook was by far and away the nicest build quality of any laptop I've owned, and the Linux containers has basically made it a normal laptop other than requiring chrome. with that said, I bought it second hand for ~$200 would never have even considered it for its original $1000 or whatever it listed at.

    ChromeOS is also the most secure desktop focused os you can get so I usually use it for banking and stuff like that.

  • I 100% agree, I just think it's dangerous rhetoric to push because you end up with normies that have been told "open source is more secure" and end up running any script they find on GitHub without having a clue how to audit what it's actually doing. (this was me 5/6 years ago until I figured out what I was doing).

    this is the same reason I find people claiming that Linux is more secure than windows dangerous. I can exfiltrate data from the average Linux install much easier than windows. you can harden Linux to a much greater degree but if you don't know how or that you even need to, you are in a much worse position.