>Desktop Linux is insecure. ESPECIALLY Debian and its derivatives.>Old thinkpads are insecure.>Google Pixels have some of the most secure mobile hardware available on the market.>Firefox is insecure. Chromium's sandboxing is far better.>F-Droid is insecure. Google Play is better.>Other custom Android ROMs are insecure.>GrapheneOS is the most secure operating system overall. iOS is a close second place.
I don't really get some of these recommendations. They may be secure but are not private at all + they are proprietary (and thus opaque) like the play store and iOS. The rest is true.To download (FOSS) apps you could use obtanium to download them directly from the developer, but the upside of f-droid is that they act like a repository, which means they can block app updates if they are malicious. Which happens sometimes. This is also why I kind of like stable GNU/Linux distributions since a malicious update from the developer almost never reaches the end user. Having a buffer can be a good thing.All of this doesn't change the fact that f-droid doesn't follow security best practices.Also I don't like not being able to control the JavaScript I run in their browser. No matter how secure and sandboxed, I should be able to control what software I run that websites send me. Having no extensions is ass.
>>107550104You don't have the fucking thing WAN exposed so the only way you shit is going to get hacked is if you let them in
Why are you making the same thread again?
unless you're the target of high level cyberespionage none of this shit matters nobody cares what your dorito mountain dew brain is doing on the internet
>>107551577I DON'T WANT THE CIA NIGGERS TO KNOW I LOVE FAT SLOPPY ANIME MOMMY TITS OKAY.
>>107550104GrapheneOS on the Pixel 9, Qubes OS on the Thinkpad P16. Suck it!
Thanks, but I'm sticking with Heads+Qubes.
>>107550104stop fedposting, glowie>>107551577>high level cyberespionage>using mobileKEK
>>107551620>Suck it!>>107551631>I'm sticking with Heads+QubesEven using fully libred stinkpad\coreboot\heads\Dasharo\libreboot\etc or intel without ME or whatsoever hardened can't guarantee you E2E.Even if you wiped the firmware to the SoC, you still have the display, which is proprietary, the hard drive which is proprietary.
>>107551689Shut up well poisoning glowie FUDmonger.
>>107551689I think Heads protocol recommends using USB instead of disk or ssd storage because less firmware or something.
>>107551725actually may have been a /g/ pasta not sure thats a Heads thing
>you can't trust ANYBODY dude>your LCD? Backdoored. Your hard drive? Backdoored. Every hardware manufacturer is a CIA front and after you personally to the point they're willing to burn every possible asset to fuck you over>except Google who would never do anything bad, buy a Pixel 10 Pro XL today with up to $300 back for our holiday sale :))))
>>107551689Okay? Only going to be using this in a Faraday room, kek.
>>107551577>why are you wearing clothes nobody want's to look at you bro
>>107551977oh yes the average person on their stupid phone needs the most iron clad security of all time. idiot. the average person is more susceptible to social engineering attacks that can't be prevented by anything
>>107552914like clothing, security comes in layers
>>107552914You're a contrarian faggotYou're in a space where tech conscious people post and don't want to be molested by big tech. Shut the fuck up you're only proving why you father hates you.This thread at it's core is a bait thread by some schizo with some vendetta against this project. We don't have alternatives Calyx is fucking dead atm and lineage is not as good
>>107551399The GOS team has repeatedly shown that they prioritize security over everything else, including privacy which is why some of their recommendations (use play store over aurora, chromium over firefox) sound counter intuitive, but there is a good reason for everything they say.It's ultimately up to (You) to decide where you fall on the Security/Privacy spectrum. Also they shit on desktop Linux quite a bit but they do recommend Qubes with Fedora or SecureBlue.
>>107553810For Linux desktop they recommend avoiding Debian and using up to date distros. They seem to be in the camp of "more updated = more secure" which a lot of /g/ is against.>Debian has much worse security than the baseline of an OS that's receiving proper updates and not applying very misguided patches and configuration changes including enabling a bunch of services by default upon installation. Recommend using Fedora or Arch if you want to at least have the baseline security provided by the upstream projects, which is quite poor for a lot of that desktop software stack but you can at least avoid having ancient software with a subset of security patches backported and many new problems introduced.
>>107553831/g/ is against updating because most of them are itoddlers/winbabbies and updates just add bloat and break things. From a security perspective being out of date us horrible.
>>107553810>they prioritize security over everything elseniggerno they don'tif they did they wouldn't have added sandboxed google playclearly some things are more important than security
>>107553900You don't need to use Sandboxed Google Play so how is it a security risk?
>>107553900What is insecure about that?
>you can only trust the google phone goyim everything else is risky>please buy the latest pixeldoes anyone actually fall for this shit?
>>107553867Linux updates also break things. Libraries update and packages just stop working. Old software doesn't work on most up to date distros and old systems are as good as useless even with older packages because anything you get will inevitably depend on some other package in a repo that's been down for ages. Windows and Mac pretty stable in the past, Linux never was. Some Appimages depend on shit they don't even include, negating the whole point.
>>107554794>Some Appimages depend on shit they don't even include, negating the whole point.You're acting like you never ran a .exe that couldn't run because it depended on some missing .dll file
>>107554038>>107554070it shows security is not their ONLY priority because sandboxed google play isn't a security feature
>>107555323I need to use an app that is only on the Playstore. How can I do this in a more secure way than a throwaway email account used to set up Sandboxed Google Play?
>>107553352k you can easily not deal with big tech by degoogling that's not an argument for graphene tho you can degoogle in endless number of ways. graphenes solutions try and make it sound like they have a strangehold on security but they don't their security is pointless majority of the time
I bet most people who use grapheneOS don't even use a VPN
>>107550104I think the most secure OS is the one that sells data to big corporations. You know, the one that the GrapheneOS creator started. It was called CopperheadOS.Wait, maybe that titan chip blob controlled by a megacorporation was the friend he made all along.
>>107550104>GlowOS
Just pretend you're a White supremacist or Christian extremist and the FBI will basically delete your file.Hacking isn't just a physcal thing, it has an element of social engineering.
>>107556459>hacking is social engineeringSpoken like a true scamjeet.
>>107551399I have yet to see a response from GrapheneOS or other updooters on how to deal with supply chain attacks. The vast majority of "security threats" that are rolled out to apps just aren't a threat to most users. Meanwhile, the six-gorillion dependencies that your Rust app has pulled in a backdoor.You want a threat model? How about an Israeli ad company might buy one of my favorite apps and enshittify it with ads. That's the real threat. Happened with Simple Mobile tools. Fdroid didn't push the update, Play did.
>>107550104>GoypheneOS take on securityim not taking advice from glowies.
>>107556532>You want a threat model? How about an Israeli ad company might buy one of my favorite apps and enshittify it with ads.How is that a threat if you have app sandboxing? An annoyance sure but not a security issue.
>Not using Red Star OS
>>107556562What did he do lol?
>>107556679he was being stupid.
>>107550104>Desktop Linux is insecure. ESPECIALLY Debian and its derivatives.Yes, do hightly recommend the fedora btw>Old thinkpads are insecureYes. No libreboot does not make your device any more secure>Google Pixels have some of the most secure mobile hardware available on the market.Yes>Firefox is insecure. Chromium's sandboxing is far better.Yes.>F-Droid is insecure. Google Play is better.The fdroid project makes no checks for code quality or security so yes.>Other custom Android ROMs are insecure.Yes with the best general one being lineageOSall other ones are pajeet shit>GrapheneOS is the most secure operating system overall. iOS is a close second place.Yes
>>107551763>>except Google who would never do anything bad, buy a Pixel 10 Pro XL today with up to $300 back for our holiday sale :))))Compared to other security chip implementations(intel ME, Amd PSP, Qualcomm Trustzone) yeah.Google's is also the most open one(although not completely) with frequent whitepapers and firmware updates.So yes.There's a reason why Google Pixels are the recommended choice by security researchers.
>>107556827Hi Daniel. Did you make friends with Google and support the Titan chip after harvesting user data on CoppheadOS or was it cohencidence?
>>107550104>Fdroid is insecuregoddamn, it's trying too hard...
>>107556840my opinions on Daniel.
>>107556827>No libreboot does not make your device any more secureExplain this one.
>>107556932no verified boot.You can't be certain that the firmware hasn't been tampered with.Also they completely like to ignore the existance of hardware root of trust because it's proprietary.Libreboot prioritizes freedom over security.GrapheneOS makes use of it because... it's actually a good thing in terms of security.Now there's a few attempts to create an open hardware root of trust by google called OpenTitan but I am not familiar with it.
>>107557239I always assumed libreboot had the same functionality as Heads. If I am understanding this correctly then is the threat level for libreboot only in case I think that state actors have manipulated me into going to a certain electronics store at a certain time to buy a certain laptop that they tampered with before I bought it? God I hate freetards.
>>107555323My god you're stupid.Micro g, Aurora, and F-Droid are all insecure sources for app installation - therefore they develop and distribute sandboxed Google play store as a secure alternative. They explain a bit more on their forum: https://discuss.grapheneos.org/d/4290-sandboxed-microg/11
>>107556679Murdered someone and then self-owned on twitter/grapheneos forums/his own telegram in effort to direct responsibility of his premeditated murder onto grapheneos.
>>107550104Imagine still using smartphones.
>>107558920How else can I contact your mother and adult sister/aunt for penile and anal oral stimulation?
>>107551399>They may be secure but are not private at allI've said it before and I was called a retard every time, but people are finally starting to understand what GrapheneOS writes clearly on their website. They care about security, not privacy. They don't give two shits if google, microsoft or the US government figerprint you, track you, access your phone, etc. because those are trusted entities. Their only concern is that some script kiddies can't access your phone through some technical vulnerability.
>>107558979A phone by concept is insecure.Graphene gives you the option of shutting down and blocking google while maintaining better security.What the fuck else do you want anon?You might as well get a fucking laptop if you want privacy not a fucking phone.
>>107551620Should i buy a nitropad v56 or a novacustom v56 with qubes + heads preInstalled or should i do it all myself with a thinkpad? Which option is better for long term usage and paramount security and privacy? Im a crypto whale and currently using a macbook with lockdown mode and file vault on.
>>107559019Set up multisig wallets using your mac would be better than buying an extra secure computer with a single wallet if you only care about long term storage.
>>107558995>>Desktop Linux is insecure. ESPECIALLY Debian and its derivativesDid you misread what was claimed in OP? GrapheneOS is secure and all desktops are not, according to the Daniel Micay.
>>107559063You made this thread alreadyDebain is less secure than more bleeding edge distros, are you perhaps not paying attention?If I recall you even have to manually turn on your firewall unlike distros like Fedora with it setup and active upon install.Security and privacy do not go hand and hand.So I ask you again anonWhat the fuck do you want?
>>107559051I use a hardware wallet called gridplus lattice 1, its basically an airgapped computer in itself so im only worried about clipboard hacking and other such attacks. Thanks for the advice.
>>107550104Yeah, they tend to trust Big Tech's security more than the middle cap companies that cobble their leftovers together at markup prices. There are less feature-rich alternatives to Graphene out there if you don't trust them.
>>107558939Did I hurt your feelings, goysloplover tranny?
>>107554085No, nobody falls for your shit. You glowniggers are almost as transparent as the vacuum of space you glow through.
>>107559083seems like the case for a desktop being insecure is due to usability defaults for an inexperienced user.seems like a nothingburger for someone who actually knows what's happening behind the scenes of your OS setup.
>>107559083I'm not OP.
Privacy IS security. If your device is not private it doesn't matter how secure it is, you're already leaking your data to marketers and likely to glowniggers too.
>>107552914>oh yes the average person on their stupid phone needs the most iron clad security of all time.This attitude is why professional engineering licensure, warranty, and hefty civil and criminal liabilities need to come to proprietary software. You charge money for licenses to your program? (Or better: you charge money to access a service hosted on proprietary applications?) You (or the proprietary application maker) need a software PE on team to sign off on the code before shipment, and that PE and organization which hires him must be made liable. A security breech that costs hundreds of millions of dollars, or billions of dollars, should be resulting in decades of prison and/or bankruptcy for the more negligent system designers and administrators. No joke, Equifax leak should have ended the company. If you have to re-issue shared secrets with all of your citizens because of a data breech, people need to go to prison.Same thing for individuals. If an insecure proprietary program was written by someone not holding a PE, and he charged for it, and it results in crimes (such as stalking, illegal surveillance, data or identity theft) happening the customer, then the developer should be at risk for criminal liability for being accessory.We WILL have computational devices which are designed with strong protection* against betraying its owner, just like we have pencils and forks and pocket scientific calculators which are designed with protection against betraying its owner. If we cannot buy those devices now because you are not developing them then we will find ways of putting you at risk of imprisonment until you do, or you get out of the way and create space so someone more competent and capable than you can step in and do the work.Your choice, bucko!*Where said protection does not contravene right to own, right to operate, or any other FSF/GNU-spirit right over one's hardware.
>>107559019I'm not sure what your threat model is for needing Heads. Having a really good second GPU on the system while Qubes dom0 uses the crappier primary is a boon, unless your goal is not a generalist modern Qubes OS environment but merely a lockbox for important secrets. I think your biggest threats I can think of are going to be remote attack (targeted or not), and targeted physical attack such as kidnapping, home invasion, threats or blackmail, etc. So long as you keep your firmware up to date, I do not see any case where a nation state intelligence service with the keys to a hypothetical IME backdoor wants to attack you specifically, risk secrecy of their tools, all to steal a relative pittance from you. For that reason Heads would take a lower priority to a really good second GPU because I want to build a generalist system (RAMmaxxed implied). If a lockbox is all you want AND you want to rest assured that even NSA [probably] can't steal your cookies from the lockbox then go with Heads.I'm not crypto rich, so my Cadillac-tier workstation Thinkpad has to do many things.
>>107560154this closes it, i dont know why i keep seeing retards like op parroting goyphene's takes, you can harden any linux distro, debian included, to be the most secure system out there, if you know what youre doing. all limits rest on you, as an user, and you got the freedom to do everything.
