HackerTrans
TopNewTrendsCommentsPastAskShowJobs

tholdem

no profile record

comments

tholdem
·8 months ago·discuss
I am currently using 4 banking apps from 3 different banks on GrapheneOS, they all work just fine. I'm also using WhatsApp and would not use the backup feature to Google Drive even on PixelOS. Uber (haven't tried the for drivers app), and other ride hauling apps also work fine.

Why would I choose LineageOS instead of GrapheneOS? I can't see any benefits in using LineageOS, I only see major drawbacks.

Why is it always 0 or 1 with privacy? Why can't I use GrapheneOS with sandboxed Google Play Services? Seems like the best option. I can still use all the apps I want and also get privacy and security benefits. I only give Google what I want and still get to live like a normal person, without making huge compromises on security, privacy, usability and GrapheneOS has been the most stable OS I've used. More stable than the stock PixelOS.
tholdem
·10 months ago·discuss
Yes, all notifications work fine with sandboxed Play Services installed. All my banking apps also work fine. I haven't really had any problems with app support or any other problems for the many years I've run GrapheneOS as my daily driver.
tholdem
·10 months ago·discuss
What are these technical solutions?
tholdem
·10 months ago·discuss
If you allow root, there is no need for additional privEsc exploit. Also does LineageOS actually ship security patches reliably for software and firmware? How is Magisk helping to resist attacks?
tholdem
·10 months ago·discuss
If you are fine running an OS with horrible security and privacy, then LineageOS and it's forks are fine. If you want the best privacy and security, then GrapheneOS is the best option.
tholdem
·10 months ago·discuss
This just doesn't work the way you think, this mentality is not just outdated, but dangerous. People who think like that are more subject to "low IQ" attacks than people who accept the fact they are subject to the same "low IQ" attacks that work on everybody. You are overly confident. You can't be 100% alert and suspicious 24/7, around the clock. At some point you are tired, your attention is elsewhere or you are just not up-to-date on the latest techniques that attackers combine with some form of social engineering.

Also no matter how technical you are, it's almost impossible for you to detect zero-click 0days for which you are more vulnerable to than people without root privileges. You running rooted OS actually become easier and less costly target than people without rooted OS.
tholdem
·11 months ago·discuss
Maybe once the ads start showing on Whatsapp it gets easier to convince people to switch.
tholdem
·11 months ago·discuss
No root is a major security feature, you have chosen an OS that prioritizes security.

Use some other browser if dark mode is really important to you.

I think the launcher is good and I can't think of anything to improve on it. I'm happy it's the default, but I'm sure you can switch to a different launcher if you want.

Pattern unlock is also not there because of security.
tholdem
·12 months ago·discuss
So you're saying don't use a smartphone at all, which isn't possible, or use CalyxOS, which not only suffers from the same "problems" you criticize in GrapheneOS, but is also inferior in every way when it comes to security and privacy?

This does not make sense at all.
tholdem
·12 months ago·discuss
Why do you think that's interesting? Google is highly respected for its security practices. Do you think Apple engineers use some special hardened iOS?
tholdem
·12 months ago·discuss
Your logic seems to fall apart here.

> an operating system which essentially handles all of your private data.

This is exactly why one should continue using GrapheneOS as it is by far the best, most secure and private option. If you do not agree with one project member about something that is not related to the technical features of the project, it does not matter, since you can not be targeted with any GOS updates. Same updates would have to go to all GOS users and as stated before, the previous project leader has a stellar reputation when it comes to their work and prior actions regarding users security and privacy.

> the artist being "Google" and all their controversial practices

You believing this is a problem, you should then be using an iPhone anyway.

You are worrying GOS devs might push a malicious update, even when there are no proofs of that happening? What prevents the same from happening with other projects that are already inferior in every way? You are implying people should switch to less secure options because of this one thing that also applies to all other options? It does not make any sense and seems dishonest.
tholdem
·12 months ago·discuss
You don't need to wipe the phone when updating GrapheneOS. It's as painless as on stock Pixel OS. OTAs downloaded and installed on the background, just reboot the phone after.
tholdem
·last year·discuss
There is so much misinformation about GrapheneOS. Other hardware is not supported for very good reasons. Mainly because the most basic security features are simply not available on other hardware. Google goes out of their way to support other operating systems with proper verified boot using custom signing keys. Also Pixels have proper dedicated security module, Titan M, which I believe are missing from most, if not all other options. Also MTE support. Hardware security is important and none of the current options match Pixels.
tholdem
·last year·discuss
You are implying Meta and others were able to just siphon data from any website via WebRTC using their native apps, but this was not the case. They were only able to track which websites you visited if that website already embedded the company tracking. Many websites do, but not all.
tholdem
·last year·discuss
How can you compare iOS or Android security with desktop Linux security?

Have you checked what it takes to achieve those 0-click root exploits on iOS or Android compared to a desktop Linux distro?

Not even in the same league.
tholdem
·last year·discuss
Yes, but this was about Silverblue and how it implements some additional sandboxing, which it doesn't. SELinux is great, but maintaining it and creating configs is huge amount of work and where on AOSP, every process is strictly confined with SELinux, on Fedora, not so much. Not to mention the additional software the user installs. Not at all comparable to real Android or iOS sandboxing.
tholdem
·last year·discuss
It may be in the future, but for now it is no different from Fedora Workstation in terms of security. Please correct me if I am wrong. AFAIK Silverblue has no additional sandboxing or any other improvements to security.
tholdem
·last year·discuss
Sandboxing should be built in and by default, not DIY and glued on, like with apparmor and firejail.

"Your car does not come with a seatbelt? Seatbelt parts are easy to order online and assembled on any car, it's your fault for not using one."

> Also the very same npm backdoors have already hit android apps. What can sandboxing do if you backdoor a dependency of your banking app?

The whole point of sandboxing is that one compromised app can not compromise the whole system and other apps. Compromised dependency on my banking app on Android or iOS only compromises that banking app and nothing else.