Session was a good idea, but not implemented well

All file attachments go to a central server I think in Canada

They copied the signal protocol, and monero, to build their application but they removed perfect forward secrecy. Because it was hard to implement. This means of any session device ever gets compromised, somebody can look at the entire conversation from packets they captured on the wire

I’m much more excited about simplex and briar

You should be clear about what your threat model is. What are you willing to accept? What are you willing to trade?

Using a phone only as a Wi-Fi device is probably going to reduce the information surface you exposed to the world.

The best version has warts?

socksv5 proxies, or you could dig into the settings and find a option to disable local connections (not sure where)

many browsers allow connection to localhost ports, this is how discord opens discord links in the app and not the browser on people’s desktop computers.

your not wrong, but every browser exposes it via javascript. so if that is part of your threat model you can’t use a local browser.

If any of that information is critical, you should not be running JavaScript. You should remote into a virtual machine and then browse from there.

Even the tor browser bundle gives away machine architecture

Depends what you mean by local information

Your best method:

Use a socksv5 proxy with your browser so it can’t connect to localhost

Use a incognito browser for the login session

Okay, you’ve lost me. What is your core objective?

Grapheneos aims to be the most secure phone out of the box. That means the least amount of risk surface out of the box. That means all the control to the user.

To accomplish this mission, graphene OS uses Pixel phones. Because they give the most control.

If you want to encourage other developers to make other phones, that’s great. I actually support that. I’m looking forward to postmark os becoming mature.

For you to determine what vendors to trust, you have to have a good understanding of your personal risk model. What your threats are, and what you’re willing to trade to mitigate those threats. By default, out of the box, there is no trust for any vendor in gos.

You as the user have a blank slate, a locked down phone, with minimal risk surface, and no preconceived notions. If you want to install the Google store, you can. If you want to use f Droid, you can. If you want to install apps directly from GitHub from developers that you trust you can. You have total control. That is what GOS gives you, total control

Does Lemmy count?

and what ecosystem does better? this attack impacts EVERY KNOWN PHONE

GOS OUT OF THE BOX isn’t vulnerable. That is not failing at simple things. That is good decision making.

GOS lets you decide what apps to trust… your in control, that is the whole point.

GOS is EXTREMELY clear about who their product is for

Ok, so your issue isn’t with GOS… this attack method exists all all known phones. IPC and specifically localhost connections are part of the general model of computers.

For instance this is exactly how discord hijacks clicks on computers (windows, apple, and linux)

There are mitigations for this specific type of attack, that you can implement on GOS (using a sockv5 enabled web browser, or blocking localhost connections) for instance.

And the second post in your own link:

By default our Vanadium browser disables the peer-to-peer aspect by only using server-based (proxied) connections.

So GOS out of the box is already hardened against the meta attack…

GrapeheneOS failed to save you from meta? how?

spyware is deployed remotely on journalist and protester phones… security is privacy.

I strongly agree! The current food pyramid experiment isn’t working.

The friendly police officer wants to look at my phone: they’re going to attach it to an industrial device to hack into my phone and take all the data.

Every security risk is a privacy risk. Most people live in places where the police will investigate their phones, it’s not even rare anymore. Phones are examined at border crossings, arrests, everywhere.

Fatphobia energy should be redirected into carbohydrate education. We ban cigarettes not smokers. Teach overweight people their problem is all the carbs in their diet (sugar, soda, pizza, candy, etc).

Security risks are privacy risks.

Keep your equipment on hard flat surfaces with good clearance on all sides.

If the equipment runs hot place it on a wire shelf to increase airflow to the bottom

Lots of finger travel! I wonder what the wpm would be