zwekihoyy @ zwekihoyy @lemmy.ml

Posts

0

Comments

245

Joined

2 yr. ago

what obscurity.. is that?

? eh?

this is correct.

nix package manager works on all posix compliant os' and doesn't touch system directories. everything is stored in /nix/store and symlinked to ~/.nix-profile.

personally I run an arch build and then only use nix for my packages.

the only thing I'll say is the piece about "no viruses" would kinda go away if desktop Linux picked up at all. the security on a default Linux system is worse than macos and windows with substantial hardening efforts needed. the only reason viruses and other malware isn't common on Linux as is is because of the tiny user base.

with all this said, if enterprise use got more common, security would quickly become an important aspect.

play store build is broken because of its insecurities via sdk29 usage.

there is a difference between no verified boot and getting the this device is loading a different operating system message. for example, grapheneos has verified boot. anything other than stock will result in that splash screen though.

I mean, losing message history is kinda a known drawback of e2ee. not that big of a deal

fission is functional with no noticeable issues on Firefox mobile as of like ~ff115/116. it just has to be manually enabled in about:config.

well, your own server and every other server you've ever connected to.

out of curiosity, what do you use it for? I've never been able to find a useful function of it beyond a niche party trick

telemetry as a whole isn't bad. it depends what they are collecting. companies should provide a log of the (raw) telemetry data they've collected from you. if they're not comfortable sharing it it's probably too invasive.

oh great. rooting, smh

there isn't really mitigating any hardware fingerprint. whatever you're using sounds like a bit of a scam lol.

okay.

Mobile platforms like android and iOS (more specifically GrapheneOS), are leagues ahead of desktop operating systems in terms of security because of these strict policies. and besides, you are treating untrusted code as untrusted code. I don't see the flaw in that logic.

sure, they could use more apis for accessing system directories and stuff like that securely, but that's not really in scope. this is for end users. not field deployment on an sbc for something.

that's fair I suppose, I wasn't saying not to use it, just that it is worth noting. these strict security policies are what makes mobile platforms much more secure than desktop platforms. I typically use my phone for security sensitive tasks because of this, so I tend to care a lot more about this stuff. if you have any banking info or password managers stored on the device, be careful.

I'll admit, it is pretty unlikely anything to happen, though. always just better knowing.

this doesn't matter but I found it interesting bc of all the people recommending tools like shelter and insular, using profiles or work profiles to separate data would be siloing not sandboxing.

edit: with that said, as others have pointed out, apps are already sandboxed on Android. they can only really communicate with mutual consent ipc. so say for example, Google services can communicate with other Google apps because they both explicitly call for each other. while ipc is still technically something to think about, the mutual consent requirement makes it somewhat difficult to make malicious use of it.

apps aren't capable at accessing other app data whenever they wish, though. even with storage permissions granted it only really has access to user directories (downloads, documents, etc.).

edit2: additionally, it's worth noting that using any profiles (work or normal), will increase ram and battery usage by a decent margin as this will make a second user with all system apps running alongside your main user.

any solution involving root should also be considered a non-option as well, since gaining root access completely cripples androids security model.

termux targets an extremely out of date sdk and is therefore quite insecure.