Guys, please stop using telegram if you care for your security and privacy
Telegram is not fully open source, sometimes they release the source, but the hashes of the builds don’t even match (so it’s a different source code) 🚩
Zero transparency about data handling, even when they get caught they don’t tell details 🚩 (Telegram in the recent years has got really shady reputation)
Very often ways they implement security is weird: non open source app, non open source server, leaking APIs, use of phone numbers, at some point they started asking for an email, non encrypted chats by default, never encrypted group chats… it can continue forever 🚩
Non-standard encryption is a real red flag, non-open-source 🚩
I know some people that work/worked for the police, and they can read all the messages easy peasy, i was trying to tell to the people many years ago, but everyone was so amused by the stickers. Now you can just read stories of the journalists and activists, and how they got imprisoned with the use telegram 👁️🗨️💀
PLEASE, STOP USING TELEGRAM IF YOU CARE FOR YOUR PRIVACY OR SECURITY
Except if you open source server, there’s no way to verify it is using same code anyways and their client is already open source so waste point.
sometimes they release the source, but the hashes of the builds don’t even match.
When did this happen? Source?
Signal asks phone numbers, emails are universally known. If you don’t want to give them your real phone number, buy one from fragment.com (their web3 service where they sell phone number for crypto). Emails are already public and they ask them only for recovery process and its opt on so there’s no problem with that.
All chats are encrypted by default from private to group using mtproto, where there have been no breaches found yet so stop spreading misinformation.
Again telling personal experience which maybe lie, can you share source of your claims? Which journalist got arrested due to telegram?
Your best bet is to find a car where its easiest to disable the antenna/cellular modem for, so look for a car that has a fuse for the DCM(digital communications module) you can pull, as having it be a fuse means you can readily reconnect it should you need to, try to find its schematic online, or find the repair manual for the car or use a car maintenance program,
Apparently its also possible to call the car company and ask for an opt out when serviced,
I vaguely remember some people experimenting with replacing the head unit with aftermarket ones, but no idea how well that would actually go in practice
I vaguely remember some people experimenting with replacing the head unit with aftermarket ones, but no idea how well that would actually go in practice
This varies wildly from manufacturer to manufacturer and even year to year. For example, GM cars used to route damn near everything through the entertainment unit, so that was your central computer. Cell antenna, on star control panel, every that phoned home. That was as recently as mid 2010s. It also led to hilarious problems where a relatively simple issue like an OnStar button not working well required a complete replacement of the stereo unit (which was $8k or so in parts and labor). Now that instrument clusters are doing more while also getting more diagnostic and digital, things are transitioning to a more centralized computing system somewhere else. This can make it easier OR more difficult to get around, depends on design.
For other brands it’s borderline impossible to even use an aftermarket system. Mazdas for example the entire infotainment system relies on itself. There’s nowhere to even put a traditional aftermarket. I’m sure it’s possible, but the design of the interior is completely based around the infotainment unit.
What about just not using a proprietary client for an open source social media platform? You’ll find amazing FOSS Lemmy clients as well as a whole lot of other FOSS software on F-Droid. It’s the best source for Android apps. Thunder is my personal favorite.
I recommend ignoring update requests when they pop up. It’s not just Boost, I’ve seen so many of those kids of ads now that I just go check for updates through the system.
I wonder if they ever really have? When I was in school they taught you how to use a computer, but not what the computer was doing or how it worked.
I’m not too connected to the educational sector anymore but anecdotally it seems like becoming tech literate has a growing stigma (it’s always had a stigma). Happily ignoring what it’s doing while it’s actively abusing you.
Don’t have any stats but I do use tracker control. Having a Xiaomi tablet, I like that I can also extend functionality to system processes as well (at my own risk obviously).
It’s reasonable for an app like this to need root, but also reasonable for everyone to ask for third-party verification of anything they’re granting administrative access to their devices.
Izzydroid’s security policy appears to be primarily based around automated scans that enumerate badness, and has far fewer users than the official F-Droid repository making it less likely that problems will be noticed, reported, and acted on.
Is there more reputation information about this app available?
It’s from the same devs of aurora store, aurora droid
And really, so much talking and scepticism around a free and open source app, you can go and check the source, or at least read a review about it (though the app wasn’t update
OP is recommending a cool app to spark a conversation, but all the replies are just complaints
Cool people made a cool app, cool people are hosting an alternative fdroid repo so it’s easier and faster for devs to publish their projects for the world to see, and cool people found this app and decided to share with other people
But those people are just behaving like boomers and saying that everything around is fake, dangerous, and so on
If somebody cares for security, why would that person even have root in the first place, same with fdroid, if you care for security you shouldn’t use fdroid
Sorry if i’m being to rough, everything i said is not really addressed to you, i’m just being pissed by people not appreciating somebody’s will to start a nice conversation
P.s. the last update of this app was like 3 years ago, if somebody cares for security, they should never install an app that old, it’s not even about root or some policies
I’m not complaining. I’m asking for some evidence this app is trustworthy.
Security is not binary. Having root can be bad for security, but it doesn’t have to be especially if you’re careful about what apps you grant root to, which is the point of my original comment. Having root can also be a security benefit because it offers more opportunities for detecting and blocking harmful and privacy-invasive apps, as this app does (if it’s trustworthy).
I don’t think F-Droid with the official repositories is a negative for security either; I suspect it’s less likely to contain outright malware than Google Play, and I’m sure the average app on F-Droid is less likely to be privacy-invasive. Adding random repositories suggested by strangers on the internet can be a different story, and asking who can vouch for the one suggested in this thread seems like a reasonable mitigation to me.
My last comment wasn’t really addressed personally to you, sorry i sounded like that
Having root is almost never a security benefit, it allows you to close one hole, but opens up 10 new more
It means you have your bootloader unlocked, you have secure boot disabled which allows for persistent malware. Just having root by itself opens up many more remote, zero click, or just very dangerous exploits
F-droid is not secure, some of the issues had been resolved, but it’s still not recommended for best practices
Of course, everything depends on the thread model
I personally really like fdroid and izzy, and other custom repos. And root is a cool thing, although i don’t have it on my daily driver(but have on my test phone)
There may be some other comments being unfair. People shouldn’t complain about free software someone else gives to them falling short of perfection, but we should be careful about granting random apps root permissions.
Having root is almost never a security benefit, it allows you to close one hole, but opens up 10 new more
I think it’s more like two:
If an app granted root privileges is compromised, the damage it can cause is much greater
The bootloader has to be unlocked for most approaches to gaining root; I consider it a design flaw that it isn’t easier for users to add signing keys and re-lock the bootloader
F-droid is not secure, some of the issues had been resolved, but it’s still not recommended for best practices
This is another very binary statement about security. The article addresses a number of design issues with F-Droid and concludes that most users are better off getting apps from Google Play. I don’t disagree with the design complaints in theory, but in practice it doesn’t hold up. I’ve seen people get malware from Google Play and read a number of documented cases. I have never heard of malware in the official F-Droid repository.
I’m reminded of comparing Windows to Linux 20 years ago. In theory, Windows had a more sophisticated permissions model and more reliable logging, making it potentially more secure. In practice, it took significant care to keep a Windows desktop clean, while Linux was very unlikely to be compromised.
Of course someone with high-value secrets on their device or who’s likely to be directly targeted by sophisticated threats should probably take a more conservative approach, install very few apps, and consider a hardened ROM like GrapheneOS.
The bootloader has to be unlocked for most approaches to gaining root;
Did you know you can root grapheneos, and lock the bootloader? 😂 pretty dangerous stuff to do, but possible!
concludes that most users are better off getting apps from Google Play.
In general, screw google play, and screw google, or any big corpo, it’s not even about security, but about them being bad companies and bad services
And the same about windows, joy is the most important thing, if software is full of trackers and just designed poorly, why would anyone want to use it 🫠
I did not know that it was possible to have root on GrapheneOS with a locked bootloader, but there have been ROMs with SU functionality built in, and adding their keys would be a straightforward way to have root and a locked bootloader.
just wanna point out that using a secure mail service won’t help if all your emails are sent to Gmail/Google first and then forwarded to your secure mail
I think C and C++ are safer options, because GNU doesn’t use this technology in particular. But Dart are obviously using opt-out telemetry. You should disable it manually. Idk the case of Ruby, sorry :(
This is the sad true. Nowdays, sdk haves tons of these analytics and telemetry. According to Dart documentation we can disable its analytics. And the first time the CLI is executed, this analysis is not used (respecting the opt-out concept). Is at your discretion trust Google’s words (or investigate Dart’s source code to find out if it is true or not, or if there are even other unethical means, although I find it a bit unlikely). If you wanna do the second, You can use something like CatFish to help you.
Delete all data from the previous account and make a new one. Report the troll to moderators. Consider never visiting that place again if the mods won’t help you with the harassment.
If the troll doesn’t have access to the forum’s server, then all you have to do is learn some opsec and be aware of what you share with strangers on the Internet.
If the troll does have access to the server and you absolutely need to visit the forum (which I’d advise not to in such a case), then in addition to what has been said above, use VPN with a hardened browser or Tor to access the forum.
Well, it might be helpful in the current predicament. Going after the perp, without taking care of the vulnerabilities might make them take a real interest and get more data out. So make sure it’s all off the grid.
Make sure it’s also deleted from the Internet archive. From search engines and so on.
We got police scammed for a while because my streaming wife’s contact was in some obscure 15-year-old backup of her first website on the internet archive. Before we used a service for that stuff. It had been offline for a decade already, so nobody even thought about it.
Shit I ain’t a saint, we all can better about it. My point is that if you wanna go in the offensive online, be sure it can’t bite you in the ass, at least in this regard.
privacy
Oldest
This magazine is from a federated server and may be incomplete. Browse more on the original instance.