HackerLangs
TopNewTrendsCommentsPastAskShowJobs

armadyl

92 karmajoined 11 miesięcy temu

Submissions

FBI unable to extract data from iPhone 13 in Lockdown Mode in high profile case [pdf]

storage.courtlistener.com
13 points·by armadyl·5 miesięcy temu·7 comments

comments

armadyl
·8 dni temu·discuss
> But no one said we have to copy that flawed concept. macOS and Linux already have a good solution, requiring your full unlock password in a privileged dialog to authorize changes.

You use operating systems that have significantly worse security than GOS, iOS and even stock Android as your examples?

Also you literally are the owner with GrapheneOS, lacking security is not "full ownership." You can create your own build of GOS, you can modify it ahead of time, you can literally see all of the source code it's running.

Claiming GOS isn't true ownership is like complaining that you can't change your car's wheel alignment while driving it and saying it means you don't truly own your car.
armadyl
·9 dni temu·discuss
You’re right, they just fall for installing updates or CLI tools which install compromised dependencies and run wild on a rooted system before getting caught 24 hours later.
armadyl
·9 dni temu·discuss
You are free to make your own build of GrapheneOS with root access and have extremely reduced security. Just don’t expect support on the forums and waste everyone’s time when something happens.
armadyl
·9 dni temu·discuss
All of which have beyond horrific security. GrapheneOS is the only acceptable alternative from mainstream Android.
armadyl
·w zeszłym miesiącu·discuss
It's not really about supply chain security it's about the hardware itself. PC manufacturers in general just can't keep up since they don't have full control/integration over the hardware stack like Apple does. Also CPU, secure element etc security is limited but Qualcomm is catching up pretty quickly I believe if they aren't there already. We won't talk about Intel and AMD. But that's beyond my knowledge so I can't say anything too specific that's just what I have from general knowledge I'm sure someone will jump in with additional info if needed.

I don't think Apple is particularly any more secure against the US government than Intel is with supply chain vulnerabilities but I have nothing to back that up with aside from vibes.
armadyl
·w zeszłym miesiącu·discuss
Conversely, a Linux system with no verified boot can be easily tampered with without the user detecting it by people lower than the government such as casual hackers. So in a world where your government is going crazy, you're opting for an operating system that can be penetrated with relative ease (e.g. with persistent root malware) both by a non-government hacker on top of a state backed one.
armadyl
·w zeszłym miesiącu·discuss
This is incorrect macOS is fundamentally more secure than desktop Linux operating systems and it isn't particularly close.

No amount of Linux hardening will get a system even close to an M-chip Mac. Software insecurities aside, desktop Linux OS systems have almost none of the hardware-backed security benefits that Macs do.
armadyl
·w zeszłym miesiącu·discuss
The person you replied to is right, the "security" of Linux might as well be nonexistent compared to macOS and especially iOS/Android. Even the developers of Secureblue (https://secureblue.dev/) state that despite their hardening and mitigations Linux still lags far behind macOS (and possibly Windows) security-wise. The only Linux derivative that has proper security is Android, and even better GrapheneOS.

https://privsec.dev/posts/linux/linux-insecurities/

https://madaidans-insecurities.github.io/linux.html

I also commented here on Linux phones, the same can apply to Linux as a desktop OS: https://news.ycombinator.com/item?id=46997397

Also on top of that Linux/Windows laptops also lack the hardware-backed security that Macs and to an extent some Chromebooks have.
armadyl
·3 miesiące temu·discuss
None exist, it's literally all slop.
armadyl
·3 miesiące temu·discuss
How beneficial is this versus just being theater? The example used in this is the government accessing the reporters laptop via biometrics.

But in this case, and especially under this admin legal or not this app won't stop them, unless I'm misunderstanding the macOS security model. Even with FDE enabled, sending it to the lock screen with biometrics disabled will not do anything to stop them from being able to access the contents of the hard drive via forensic methods with relative ease.

I think that at best this will only stop the casual person (i.e. a family member or roommate/random snooper)? In which case there would be no point to switch away from biometrics.

You're far better off just keeping more private information on the iPhone and isolating that data from a Mac, since that has far more resistance to intrusion in AFU mode than a Mac.
armadyl
·3 miesiące temu·discuss
If you're in a situation where this is a pressing issue, it's not a good solution as it's trivial to detect if it's a fake environment, especially if they get suspicious and run external forensics on it.

iirc the GrapheneOS team won't implement this feature for that reason
armadyl
·3 miesiące temu·discuss
> it's just moving the risk from your cell provider to Google

Yeah and imo Google has better account access controls than any other mobile provider, especially if you enroll in the Advanced Protection Program.

The main downside of GV that I didn't have with jmp.chat is that numbers are almost guaranteed to be detected as VOIP which sucks but whatever.
armadyl
·3 miesiące temu·discuss
Well that's subjective. But Proton's response to that is also valid imo (which is also subjective):

https://www.reddit.com/r/privacy/comments/1nd07w0/comment/nd...
armadyl
·3 miesiące temu·discuss
> Protonmail is widely believed to be compromised and some evidence supporting this has come forth in two separate incidents in the last year.

There has been no evidence of this, stop spreading misinformation. They're clear on what they can and can't hand over and what you can do to reduce the information that they can hand over like billing info. For some inexplicable reason people expect a corporation to disregard legal government warrants and subpoenas. Thinking any company would do this is next level delusion. Even if you self-hosted, you wouldn't be able to escape this because it would just end up with you in jail.

The only protection against that is end to end encryption. And to this day Proton has handed over zero data that falls under their E2EE umbrella.

At best, even if you assumed that they were collecting incoming/outgoing emails before encryption it would be nonsensical to think that this wasn't happening to other providers, it's just the nature of email. Nobody who cares about absolute privacy should be using it as a means of critical communication regardless.

The notion that Proton capitulates and somehow hands over your emails or other encrypted data is false and completely unsubstantiated. Unlike Google on the other hand, who will hand over your entire inbox unencrypted with zero issue to DHS/the FBI merely for writing a letter to an attorney:

https://www.washingtonpost.com/investigations/2026/02/03/hom...

https://archive.is/kmWHG
armadyl
·3 miesiące temu·discuss
I'm not sure what the OP does, but at least for me I find myself chained to Google Voice for SMS 2FA use because it's basically the only phone number provider that cannot be exploited with a sim swap attack (same deal with Google Fi). And while I don't necessarily trust Google, their account security is leagues ahead of anyone else imo.

I previously looked at jmp.chat but they didn't really inspire confidence on the security front.
armadyl
·3 miesiące temu·discuss
"A plane crashed? See! FAA regulations are useless and the agency needs to be disbanded."
armadyl
·3 miesiące temu·discuss
Stripe does this to me and it's starting to get annoying. They offer an unsubscribe option to remove you from current mailing lists but perpetually have you auto added to new mailing lists effectively making the unsubscribe option useless.
armadyl
·3 miesiące temu·discuss
It was more of a security related change. MV3 overall objectively is far better for browser security than MV2. MV2 was essentially giving extensions a full on free RCE pathway. MV3 is what it should’ve been from the start imo.
armadyl
·3 miesiące temu·discuss
That domain is blocked by Hagezi's Ultimate list. Definitely remove that user's comment
armadyl
·3 miesiące temu·discuss
> As a general principle, application developers should not have free rein to modify my system's configuration, and OS's should do their part to make it very difficult for developers.

Funny enough macOS, iOS, iPadOS and Android do this and they are constantly attacked for it.

I do think there needs to be more strict adherence by developers to standards like XDG but I don’t know how it could be enforced.