• 18 Posts
  • 86 Comments
Joined 1Y ago
cake
Cake day: Jun 20, 2021

help-circle
rss

The only browser which actually made improvements to mitigate fingerprint is Tor Browser. It’s basically make all users look the same thus making fingerprint way more difficult. If you need protection against that form of tracking you don’t have other choice. Also, IceRaven it’s just a fork of Firefox which doesn’t lag behind updates. Therefore, it’s highly recommended stay away of it. If you don’t want telemetry then disable it through about:config in Firefox.

If you are looking for privacy and security, Bromite is a good mixture. Way more secure than any gecko base browser.




Please, stop with the trolling.
Today I opened Lemmy and I sincerely horrified when I saw all the junk that some people posted. I'm not here to insult anyone. I'm writing this post because i want to warn all the people involved in this unspeakable acts. I beg you to stop because in the end you're going to make your life miserable. You're continuing to create new identities in order to spread abysmal content for what? It's pointeless, really. You will not able to damage the project in the long term, admins are very active and they will ban you pretty quickly. What you're really doing here is damage your own mental health. Trust me when i say that the ones who are getting damaged are you and not Lemmy. Please do something in your life which has a meaningful purpose, eventually you'll feel better about yourself. P.s. I don't know if this is the right place to post it.
fedilink

Really off-topic, but i love your profile pic.


What does your profile image represent? Why did you choose it?
What's the story behind your profile pic? My represent Sosuke, from Ponyo on the Cliff by the Sea. Is my favorite anime film.
fedilink


I’m so happy about this announce. Thank you so much for bringing this topic here, on Lemmy!


If you want to ban me, go ahead. I have no problem with that.

https://lemmy.ml/post/140015/comment/105195. Look at you. Why are you posting this image? Its pointless because commerscamOS has never been affiliated with GrapheneOS. You’re accusing communities to be racist without a proof, you’re accusing a me to follow some sort of agenda without any proff. That’s you. You always do that. At this point I’m genuinely amused, nothing more nothing less.

You have been banned from spite, grapheneOS, r/privacy r/privacytoolsio r/Firefox and now r/privacyguides for your content and your behavior. That’s all. No other reasons. And in my opinion you’re going to be banned elsewhere most likely, because at some point people get tired of people acting like you. The first person reply under your post said that you’re an asshole. Literally. That’s actual sad and explain all in my opinion.

I don’t know why @dessalines@lemmy.ml and @nutomic@lemmy.ml have not banned you already. You behavior is so evident. You are also the same person which months ago was defining GrapheneOS users as "WORTHLESS DESPICABLE RAT. and now you’re pretending to be the nice guy of the situation by telling people to be the “better person”. Again, that’s explain all.


Hi @krolden@lemmy.ml. The best thing you can do in this case is not feed the troll. It’s pointless and not productive to engage a discussion with an individual whose intentions are pretty clear. For the sake of your time and your mental health, the best thing you can do now is block him. Don’t give him attention. If you want to understand better who is this individual just look at the post made by B0risGrishenko on Reddit as well as his answers and last but not least the moderatons comments under the OP post. If you any doubts, don’t hesistate to write me on matrix. @tessaiga:matrix.org.


Oh my. I’m so, so happy! Thank you really much to all the people who have make this possible; you’re are really changing the world for the better.


Hi! Really sorry for the delay.

Every new generation of pixel bring privacy and security improvements hardware wise. In particular, the new pixels have set a new standard for mobile security;

https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html


I don’t know about DivestOS. However, GrapheneOS is dramatically better than LineageOS. That’s because GrapheneOS is focused on privacy and security rather than customization like LineageOS. GrapheneOS starts from the strong baseline of the Android security model and brings a lot of privacy and security improvements. While LineageOS doesn’t have real privacy and security improvements, it also weakens the android security model.

There is a very good article written by madaidan, who explain the security of Android and the problems about lineageOS; https://madaidans-insecurities.github.io/android.html


Google Pixels have no backdoors. Recently, Maxime Rossi Bellom , Philippe Teuwen and Damiano Melotti did a deep research about the Google’s Chip, called TITAN M, in order to give an understanding regard it’s attack surface as well as the known and previously vulnerabilities.

Presentation Material

There is also a repository on GitHub, which contains the tools they used in their research on the Google Titan M chip.

There is also a very interesting thread from Daniel Cuthbert, in which he showed some part about their presention. In the same thread, he also wrote that the Titan M is the reason why he switch from iPhone to Pixel.

We’re are talking about BlackHat here, not some random guy which claims things without any proof.

Regard the OS, GrapheneOS is far better than CalyxOS; it offers much better privacy and security improvements. You can see the list of the features here; https://grapheneos.org/features



crosspostato da: https://lemmy.ml/post/89030 > [Maxime Rossi Bellom](https://www.blackhat.com/eu-21/briefings/schedule/speakers.html#maxime-rossi-bellom-42634) , [Philippe Teuwen](https://www.blackhat.com/eu-21/briefings/schedule/speakers.html#philippe-teuwen-42673) and [Damiano Melotti](https://www.blackhat.com/eu-21/briefings/schedule/speakers.html#damiano-melotti-42674) did a deep research about the Google's Chip, called TITAN M, in order to give an understanding regard it's attack surface as well as the known and previously vulnerabilities. > > # Presentation Material > > - [Download Slides](http://i.blackhat.com/EU-21/Wednesday/EU-21-Rossi-Bellom-2021-A-Titan-M-Odyssey.pdf) > > - [Download Whitepaper](http://i.blackhat.com/EU-21/Wednesday/EU-21-Rossi-Bellom-2021_A_Titan_M_Odyssey-wp.pdf) > > There is also a repository on [GitHub](https://github.com/quarkslab/titanm), which contains the tools they used in their research on the Google Titan M chip. > > There is also a very [interesting thread from Daniel Cuthbert](https://nitter.net/dcuthbert/status/1458754900347789313#m), in which he showed some part about their presention. In the same thread, he also wrote that the Titan M is the reason why he switch from iPhone to Pixel. > > Very interesting in my opinion.
fedilink

[Maxime Rossi Bellom](https://www.blackhat.com/eu-21/briefings/schedule/speakers.html#maxime-rossi-bellom-42634) , [Philippe Teuwen](https://www.blackhat.com/eu-21/briefings/schedule/speakers.html#philippe-teuwen-42673) and [Damiano Melotti](https://www.blackhat.com/eu-21/briefings/schedule/speakers.html#damiano-melotti-42674) did a deep research about the Google's Chip, called TITAN M, in order to give an understanding regard it's attack surface as well as the known and previously vulnerabilities. # Presentation Material - [Download Slides](http://i.blackhat.com/EU-21/Wednesday/EU-21-Rossi-Bellom-2021-A-Titan-M-Odyssey.pdf) - [Download Whitepaper](http://i.blackhat.com/EU-21/Wednesday/EU-21-Rossi-Bellom-2021_A_Titan_M_Odyssey-wp.pdf) There is also a repository on [GitHub](https://github.com/quarkslab/titanm), which contains the tools they used in their research on the Google Titan M chip. There is also a very [interesting thread from Daniel Cuthbert](https://nitter.net/dcuthbert/status/1458754900347789313#m), in which he showed some part about their presention. In the same thread, he also wrote that the Titan M is the reason why he switch from iPhone to Pixel. Very interesting in my opinion.
fedilink

A good start would be ‘how to develop a threat model’. There are very useful guide about it like the one written by EFF.

Security planning helps you to identify what could happen to the things you value and determine from whom you need to protect them. When building a security plan answer these five questions:

  • What do I want to protect?
  • Who do I want to protect it from?
  • How bad are the consequences if I fail?
  • How likely is it that I will need to protect it?
  • How much trouble am I willing to go through to try to prevent potential consequences?

About Android’s security;


How PayPal Shares Your Data
The quantity of data that PayPal share with third parties is quite scary.
fedilink

according to the Tor browser:

Fingerprinting is the process of collecting information about a device or service to make educated guesses about its identity or characteristics. Unique behavior or responses can be used to identify the device or service analyzed.

So, to answer your question, yes, fingerprint contribute to tracking. The only browser which really protect you from fingerprint is Tor browser since it aims to make all users look the same. The rest is just marketing and not real substance.

So, if you really need protection against fingerprint, use Tor browser.


Blocking him is the best thing you can do. He is really a known troll, who has already been banned in other communities. He spreads dangerous misinformation, as you can see, and accuses people of being racist without any proof. Furthermore, he basically just a bully who like to harass other people in every discussion he has. As @ArtilectZed@lemmy.ml said, don’t feed the troll is the best approach.



Se questo èin uomo - Primo Levi

Il mestiere di vivere - Cesare Pavese


There is a very interesting article written by Snowden dealing with this topic.

https://edwardsnowden.substack.com/p/conspiracy-pt1

The greatest conspiracies are open and notorious — not theories, but practices expressed through law and policy, technology, and finance. Counterintuitively, these conspiracies are more often than not announced in public and with a modicum of pride. They’re dutifully reported in our newspapers; they’re bannered onto the covers of our magazines; updates on their progress are scrolled across our screens — all with such regularity as to render us unable to relate the banality of their methods to the rapacity of their ambitions.

The party in power wants to redraw district lines. The prime interest rate has changed. A free service has been created to host our personal files. These conspiracies order, and disorder, our lives; and yet they can’t compete for attention with digital graffiti about pedophile Satanists in the basement of a DC pizzeria.


The UI. Really awful, it feels so bloated and uncomfortable. No, Reddit, I won’t use your mobile app.


Yes, i’m doing better, thank you very much! Yes, i’m still in touch with her, and i couldn’t be any more happier about it!


A 7 years old MicroG bug leaks google account password on login.
As the title say, a bug which has been confirmed to be around for 7 years leaks the google account password as well as the 2FA code -if enabled-. Steps to reproduce the behavior: - Open MicroG Settings - Add a Google account - Login with your Google account - Check logcat with adb logcat | grep GmsAuthLoginBrowser Therefore, through logcat is possible to see the password, which is a gigantic security hole. This happens even without root. Is also important to underline that microG per se has security [problems.](https://madaidans-insecurities.github.io/android.html#microg-signature-spoofing) For more information about the bug, see [here.](https://github.com/microg/GmsCore/issues/1567)
fedilink

cross-postato da: https://lemmy.ml/post/82216 Finally, the https everywhere add on is going to be deprecated in favor of the native HTTPS-Only mode feature implemented in modern browsers.
fedilink

Finally, the https everywhere add on is going to be deprecated in favor of the native HTTPS Only mode feature implemented in modern browsers.
fedilink



cross-postato da: https://lemmy.ml/post/78179 > This release is kinda awesome. Reading the blog post about it is suggested: https://newpipe.net/blog/pinned/release/newpipe-0.21.9-released/.
fedilink

[Tiny guide] how to disable JIT on your browsers.
The JIT compiler requires violating the standard [w^x policy](https://en.m.wikipedia.org/wiki/W%5EX). Therefore, memory can be both writable and executable at the same time. This a very security concern because an attacker could inject and execute their own malicious code from the JIT region during exploitation of a vulnerability. Disabling this results in enormous attack surface reduction and will kill off a huge amount of browser exploits. > Looking at CVE (Common Vulnerabilities and Exposures) data after 2019 shows that roughly 45% of CVEs issued for V8 were related to the JIT engine. > Moreover, we know that attackers weaponize and abuse these bugs as well; an analysis from Mozilla shows that over half of the “in the wild” Chrome exploits abused a JIT bug. [Source.](https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/) Disabling JIT is quite simple. # Firefox On Firefox you can go in the about:config page and change those settings: `javascript.options.ion` to false `javascript.options.baselinejit` to false This approach works both on desktop and mobile. (Although, the stable version of Firefox on android doesn't allow about:config page) # Chromium On chromium based browsers you have to add this command line. ` --js-flags="--jitless" ` This approach works only on desktop browsers. On android, the only browsers who enabled this feature are [bromite](https://bromite.org) and [Vanadium](https://github.com/GrapheneOS/Vanadium).
fedilink


While browser extensions are often suggested as a method to improve your privacy, they could make things way worse. I linked an article about the anti-fingerprint extensions however, every extension that you installed on your browser make you stand out [more](https://arxiv.org/abs/1808.07359). This happens even with adblocker extensions. First of all, [enumeration badness](https://www.ranum.com/security/computer_security/editorials/dumb/) it's not a good approach against tracking, that's why Tor browser doesn't use any adblocker. >Site-specific or filter-based addons such as AdBlock Plus, Request Policy, Ghostery, Priv3, and Sharemenot are to be avoided. We believe that these addons do not add any real privacy to a proper implementation of the above privacy requirements, and that development efforts should be focused on general solutions that prevent tracking by all third parties, rather than a list of specific URLs or hosts. >Trying to resort to filter methods based on machine learning does not solve the problem either: they don't provide a general solution to the tracking problem as they are working probabilistically. Even with a precision rate at 99% and a false positive rate at 0.1% trackers would be missed and sites would be wrongly blocked [Source.](https://2019.www.torproject.org/projects/torbrowser/design/#philosophy) Moreover, every site visited can detect every change you made including blocked domains and so, instead of achieve privacy you'll stand out more. If you're going to use and adblocker it'd be a good idea using only the standard filters.
fedilink

Debian has (finally) ditched OpenPGP for repository signing.
Finally, Debian has ditched OpenPGP for repository signing in favor of Ed25519 with SHA512. This is a step ahead for privacy and security. You can see the article [here](https://wiki.debian.org/Teams/Apt/Spec/AptSign). As [@anon123@lemmy.ml](https://lemmy.ml/u/anon123) pointed out, the following issues about PGP are not specifically related to Debian article I linked. - No authenticated encryption. - Receiving a signed message means nothing about who sent it to you - Usability issues with GnuPG - Discoverability of public keys issue. - Bad integration with emails. - No forward secrecy. There's usuful documentation about it: - [The PGP Problem](http://latacora.micro.blog/2019/07/16/the-pgp-problem.html) - [More PGP Problems](https://saltpack.org/pgp-message-format-problems) - [Whonix article about PGP](https://www.whonix.org/wiki/OpenPGP#Issues_with_PGP) - [Alternatives to PGP](https://www.cryptologie.net/article/502/alternatives-to-pgp/)
fedilink

Advice about security and privacy on Android.
• Hardware Hardware is as important as software. On Ondroid, most oems doesn't care about privacy and security. They delay security updates even for months, so the phone remain unpatched, which is really [bad](https://www.howtogeek.com/404700/androids-real-security-problem-is-the-manufacturers/). Moreover, they support phones for a very limited time, usually 2 years, which means after that period the phones won't receive security, firmware, and software updates. Furthermore, they lack support for for custom keys to be able to flash an alternative operating system without having to lose verified boot. Last but not least, they also lack [Secure Element](https://source.android.com/compatibility/cts/secure-element). If you want privacy and security, Pixels are the recommended device. Along with 3 years of support guaranteed -you can see the EoL of every pixel [here](https://endoflife.date/pixel)- , security updates every [months](https://source.android.com/security/bulletin) and firmware updates, pixels provide also best hardware, like [Titan M](https://www.blog.google/products/pixel/titan-m-makes-pixel-3-our-most-secure-phone-yet/), which has many security advantages, including: • Storing and enforcing the locks and [rollback counters](https://source.android.com/security/verifiedboot/verified-boot#rollback-protection) used by Android [Verified Boot](https://source.android.com/security/verifiedboot/avb) with support of custom [signing keys](https://android.googlesource.com/platform/external/avb/+/master/README.md#pixel-2-and-later) • Physical isolation of the chip in order to mitigate against entire classes of hardware-level exploits. • Isolation of the processor, caches, memory, and persistent storage from the rest of the phone's system in order to mitigate side channel attacks. • Ensuring that a malicious actor can't unlock a phone or install firmware updates until the valid lockscreen passcode is entered thanks to [Insider Attack Resistance](https://android-developers.googleblog.com/2018/05/insider-attack-resistance.html?m=1) • Securely store cryptographic material using the [StrongBox keystore](https://developer.android.com/training/articles/keystore#HardwareSecurityModule) and protection against bruteforcing attacks. You can see many more detail [here](https://security.googleblog.com/2018/10/building-titan-better-security-through.html?m=1) and [here.](https://madaidans-insecurities.github.io/android.html#conclusion) Along with Titan M, pixels provide many improvements, including [full mac randomization](https://android-developers.googleblog.com/2017/04/changes-to-device-identifiers-in.html?m=1), [exploit mitigations and a strict IOMMU to isolate physical components](https://i.blackhat.com/USA-19/Thursday/us-19-Pi-Exploiting-Qualcomm-WLAN-And-Modem-Over-The-Air-wp.pdf) and [Control Flow Integrity](https://android-developers.googleblog.com/2018/10/control-flow-integrity-in-android-kernel.html) • Software On android, privacy its not an option. Every manufacturer shipped the phone with a software full bloatware, first party and third party privacy invasive telemetry. Even if you disable most of the bloatware, isolate "the big brother apps", use only privacy alternative application etc. the problem still remains. Fortunately, there are a couple of alternative OS that can help you to take back your privacy and security: GrapheneOS and CalyxOS. Both mantein the strong baseline of AOSP [security](https://source.android.com/security) [model](https://arxiv.org/abs/1904.05572). After the installation, the phone remains unrooted, with the bootloader locked, and without third party recovery like twrp. •[GrapheneOS](https://grapheneos.org) GrapheneOS makes substantial improvements to both privacy and security in order to to mitigate whole classes of vulnerabilities and make exploiting the most common sources of vulnerabilities substantially more difficult. Security examples: Hardened malloc, hardened kernel, enhanced verified boot, hardened app runtime, strong app sandbox, hardware based attestation, jitless Vanadium (off by default) etc. Privacy examples: sensor permission toogle, network permission toggle, full mac randomization per-network, mitigations against browser fingerprinting, reboot the phone after N hours if its locked (off by default), secure application spawning [system](https://grapheneos.org/usage#exec-spawning) etc. You can see the full list of features [here](https://grapheneos.org/features) GrapheneOS is also shipped with an hardened chromium variant providing the webview called [Vanadium](https://github.com/GrapheneOS/Vanadium) that depends on [improvements](https://github.com/GrapheneOS/Vanadium/tree/11/patches) and exploit mitigations specific to GrapheneOS. The [Auditor](https://attestation.app/about) application that provide provide strong hardware-based verification of the authenticity and integrity of the firmware/software on the device. A [PDF](https://github.com/GrapheneOS/PdfViewer) viewer application based on pdf.js and content providers. The app doesn't require any permissions. The PDF stream is fed into the sandboxed WebView without giving it access to content or files. GrapheneOS will [never](https://grapheneos.org/faq#google-services) include either Google Play services or another implementation of Google services like microG, since it comprimises the android [security](https://madaidans-insecurities.github.io/android.html#microg-signature-spoofing) [model](https://teddit.net/r/LineageOS/comments/8p4169/what_is_lineages_position_on_signature_spoofing/e088xyh/) • [CalyxOS](https://calyxos.org) CalyxOS doesn't makes substantially privacy and security improvements, expect for a few features: full mac randomization per-network, disable bluetooth and Wi-Fi when they haven’t been used in a while. Instead, CalyxOS [aims](https://calyxos.org/de/faq/#goals) to encrypt the content of communications as much as possible, take countermeasures against metadata collection and geolocation tracking. In order to achive these goals, CalyxOS bundle different application, including; Three differents VPN applications: [Orbot](https://guardianproject.info/apps/org.torproject.android/), [CalyxVPN](https://calyx.net/) and [RiseupVPN](https://riseup.net/) Different network encryption applications: [signal](https://signal.org), [Briar](https://briarproject.org/) and [conversations](https://conversations.im/) Different browsers applications: [Tor Browser](https://www.torproject.org/), [duckduckgo](https://duckduckgo.com/app) A firewall application called [datura](https://calyxos.org/de/tech/datura/) Etc. You can see the full list of features [here](https://calyxos.org/features) CalyxOS is shipped with MicroG, which worsen the android security model in return of convenience. •[LineageOS](https://lineageos.org) severely [weaken](https://madaidans-insecurities.github.io/android.html#lineageos) the security model of AOSP by disabling [verified boot](https://source.android.com/security/verifiedboot/avb), using userdebug builds, disabling SELinux, installing third party repository and various other issues. Most LineageOS builds also do not include firmware, and security updates are very often delays. • Conclusion This is a research about different operating systems and hardware, I'm not suggesting what OS or phone you should install or not. It's up to your threat model and your user case. ~~In the nearly future, I'm planning to add information also about the hardware~~. Right now, this research its not well written and documented, i need to add more details. If someone give me an opinion, I would appreciate. :) log: i added a section about the hardware. I change the title of the post, since this isn't a comparison anymore.
fedilink