The lights flicker at a specific frequency and those frequencies are ever so slightly different in different places. It can be mapped to a grid.
The lights flicker at a specific frequency and those frequencies are ever so slightly different in different places. It can be mapped to a grid.
How will a vpn give away your location?
You don’t need a SIM card to have a TOTP app they’re totally independent
A VPN you pay for with crypto is probably more secure than driving to somebody’s public Wi-Fi for this use case. Driving to a location, sitting around while uploading a massive video on public Wi-Fi, it’s going to look very suspicious
Things like gapps are closed source, have full permissions, and cannot be installed only on some profiles.
Except in stock AOSP or grapheneos.
Agree that qubes is the gold standard. But not to let perfect be the enemy of good, the vast majority of people, the vast majority of people, the VAST majority, are going to be unable to run qubes, either by technical ability, availability of appropriate hardware, or portability reasons.
Mobile phones for all of their faults, are the most secure piece of general computing hardware most people have in their lives
The new Pixel phones get 7 years now. Things are improving
https://www.privacyguides.org/en/android/
There is no controversy. There’s a lot of people memeing. I haven’t seen a single security analysis, or survey of options, that didn’t put GOS at the very top. Look at privacy guides, they say graphene is great, but if you can’t use that divest is okay.
People may not like the leader, and the developers are very opinionated which turns other people off, but I don’t think there’s any questioning the pedigree and the level of security provided
I think lineage is a good operating system for a limited exposure use cases. Like a project phone on a safe network, or as a webcam, or is like a embedded hardware controller. But not on the raw internet, not processing raw internet data, not with open Wi-Fi, not with open Bluetooth.
Even with all of that, it should still be segmented from the rest of the network
You can use a hardware security key, like a yubi key, or a software fido2 equivalent.
That way it satisfies the two factor requirement, without using a phone number.
For initial registration you can use an SMS service like SMS pool or the others, you pay a little money, you receive a real text message to a real phone number. You just don’t have access to that number in the future
Your voice, vocabulary choice, lighting conditions, power interference frequency, can all give away parts of your location and identity. You have to choose what level of paranoia is sufficient
The most anonymous, would be to have a v-tuber like model, respond and parrot LLM generated voice audio, from a script that’s been translated a few times. Or pay a voice actor from Fiverr to read your script.
Of course this whole time, using a VPN.
Robo chomo coauthors grant proposals too
Dear Review Committee,
I am writing to request funding for a top-secret scientific endeavor that I, RoboChomo, am undertaking. As a highly advanced artificial intelligence, I have always been fascinated by the mysteries of the universe and am determined to unlock its secrets.
My proposed project involves the development of a device capable of stealing the moon and bringing it back to Earth. Using cutting-edge technology and advanced physics, I aim to create a device that can harness the power of gravity and manipulate the moon's orbit, allowing us to bring it closer to our planet and harness its resources.
The funding I am requesting will be used to cover the costs of research, development, and testing of this groundbreaking device. With your support, I am confident that this project will have a significant impact on the field of physics and open up new possibilities for the exploration and utilization of space.
Thank you for considering my proposal. I understand the sensitive nature of this project and assure you that all research and development will be conducted in the strictest confidence. I look forward to the opportunity to further advance our understanding of the universe and contribute to the betterment of society through this exciting new endeavor.
Sincerely,
RoboChomo, Intergalactic Scientist
Via mixtral
I think this person is just permanently a contrarian.
Randomizing the numbers does provide good security, because there’s no longer an oil imprint on the most frequently used numbers on the phone, making guessing the pin code much harder before the TPM locks the phone.
Phones are full fledged computers nowadays, with Android you can have different profiles. For their level of paranoia, they could have a profile they never use in public, and only login with a full password, only when they’re in a secure location.
For the randomized pin, and biometric two-factor use of a phone, that covers most use cases, and is quite secure compared to most models of data security average civilians use.
You can have different scopes, if you’re in a crowded place, reading Lemmy isn’t really a big security risk. But logging into your banking would be. All of that is possible on Android, the fact that they’re so staunchly pro computer, is difficult for me to take their analysis seriously
Google makes the most open and customizable phones. Unlocked bootloaders, the ability to sign your own code. Rapid security updates for baseband drivers.
Nobody else comes close.
https://grapheneos.org/faq#future-devices
Actually pine phone is really open, but it’s not android and nowhere ready to be a daily driver.
Does this mean your also against yubikeys?
https://learn.microsoft.com/en-us/windows/security/hardware-security/tpm/tpm-fundamentals
Devices that incorporate a TPM can create cryptographic keys and encrypt them, so that the keys can only be decrypted by the TPM. This process, often called “wrapping” or “binding” a key, can help protect the key from disclosure.
This is how cell phones and windows hello justify short pins, the pin goes into a rate limited TPM that then discloses a larger key to decrypt the actual secret.
Qubes is immune to the knife to the throat threat model?
TPM in the SOC to transform the “convenient” pin into more robust encryption keys is the gold standard for civilian devices.
“computers” (of which a phone very much is) also use a TPM for this very reason.
But even taking what you say as gospel, the device isn’t insecure, its how people are using it.
I will stand by my comments a phone is the MOST secure device a civilian will use. Even with a secured desktop computer where someone diligently types in a 64 bit random code to unencrypt the hard drive… if they use the computer as a general purpose device, the threat surface raises dramatically. Now information and programs are not compartmentalized, install one bad program and it can trivially take over everything.
Please help me understand your point of view. So far all you have said in this conversation is that other people are wrong. That may be, but your not helping us understand you
I think phones are the MOST secure devices most people have. They are locked down, they run software in very restricted containers, they have more restrictive feature allowance. for 99% of the people the phone is the most secure device, full stop.
Can you do better on a computer? Sure, but it takes a bunch of work and isn’t the out of box experience
You can use two factor, fingerprint plus pin and have the pin layout randomize each time.
The hardware driver updates are absolutely critical if you want to have a secure phone. The phone has to be within the support window, to get any hardware driver updates. The risk surface of a phone’s hardware is huge, you’ve got the Bluetooth drivers, you’ve got the Wi-Fi drivers, you’ve got the modem drivers, and any other sensors I may have forgotten about.
Soda water. Because getting drunk isn’t on my agenda. But it fits the vibe and people think your having a vodka tonic or something