How does DivestOS compare to Graphene in your opinion?
Divest is based on Lineage, which isn’t as secure as Graphene (by a significant margin), but my understanding is Divest has done some things to improve sscurity/privacy.
I realize since we’re talking a Pixel here, Graphene is the security/privacy answer. I have other phones in my “support circle” that can use Lineage or Divest, and I’d like to advise people appropriately.
This announcement doesn’t have anything to do with cryptocurrencies or nfts. I’m not sure if I like the idea yet either, but please don’t conflate it with all that other scammy nonsense.
While it is funny (honestly replacing any tech term with circlejerk in a tech article makes it sound so funny to me, I have the mind of a child), it’s not very relevent here.
Tl;dr: TPMs are very unlikely to make your privacy better or worse, but they could definitely be abused by a company like MS to make end users’ experiences worse. They could also be used for significant security and privacy gains… they’re a tool.
The TPM can be used to provide a cryptographic binding between aspects of your system’s configuration and a unique key which is resident within the TPM (a process called “attestation”). It can also generate secondary keys that are associated with the base key, and use those to do cryptographic operations like encryption/decryption and authentication.
Telemetry wise, the TPM’s only utility might be to “prove” that the data sent from your PC wasn’t tampered with. That said, I don’t think MS is actually doing that, and they don’t need to in order to be incredibly invasive in their telemetry.
The (imo) worst way in which a TPM might be abused in a user-hostile sense is to detect if the OS has been modified by the user, or if an installation isn’t legitimate, etc. That could be used to disable certain features if you try to install unauthorised software, dual boot Linux or whatever. This would be similar to the smartphones of today, which can for example disable access to banking apps if jailbroken/rooted.
TPMs (>2.0 at least) otherwise have the potential to realise a significant improvement in security and privacy for users, if used correctly. They can be used for encryption and credentials that are bound in hardware and therefore practically impossible to steal. And can detect hardware tampering and potentially foil Evil Maid attacks. Imagine if your login sessions for various websites were bound to your hardware, such that a dodgy extension could never steal your cookies.
If privacy and security are your top priorities, which it sounds like they are, and you want a performance similar to OnePlus 8, go with the Google Pixel 8 with GrapheneOS. It’s more aligned with your need for strong app sandboxing and convenient Google services integration, etc.
Though beware that although good in terms of performance, features and sturdiness (as long as you encase that glass back) or camera, Pixels are not flawless in terms of plain quality. Their battery life could be better and mine loses signal from time to time. Some features like 5G might not be available at every carrier in your country as well if Google has no official distribution there.
There’s no way to sync contacts and calendars between an iPhone (and other mail clients) and protonmail. The app does one way sync from the phone to protonmail, but not the other way round.
8 years ago a feature request was made to add support for CardDAV and CalDAV, but even with the release of bridge it’s not there.
So iOS users have to resort to using other calendar services, or 3rd party bridges to enable it.
This is a cool proof of concept and pretty easy to adapt for almost any purpose not just text. I don’t think it’s “useful” but then again “usefulness” isn’t exactly well defined in the first place.
In this POC, you can only encrypt content using Redakt’s public key. That way you are guaranteed to see the content since the key is already installed in the extension.
I intend to add the option to encrypt with a custom sharable key in the v.2.
i wish people would stop viewing this guy as someone who is a guru extreme online privacy.
Bazzell is good at one thing primarily, and that is Real Life privacy/hiding, when one’s adversaries on nongovernmental. that is his specialty and what he should be respected for.
Bazzell is not a huge expert in thwarting mass surveillance or thwarting nation-state adversaries in technology. otherwise he wouldnt be giving recommendations that involve closed sourced software or cloudflare lol.
He is a practical guy and knows enough to keep his clientele’s privacy for the types of adversaries he is accustomed to going up against (not nation state or federal gov)
Agreed! I tend to see what he can offer on regards to privacy for real life stuff like home address, data broker scrubbing (his extensive lists I mean), etc. But when it comes to the technology portion of it, I go with what I prefer, albiet I still hear what he has to say in case he introduces me to something I didn’t know about before.
Why would knowing every single email be seen as something positive? Nice way to have spam-heaven. The keys also don’t need to be public. If you need something THAT secretive, there are safe ways to do a permanent key exchange.
The public part of it would be the RSA pubkey, likely linked with an identifier such as the SHA-256 hash of the email. You could quite easily have that ledger public and it would take millennia to crack any of the emails, much easier to use fuzzing with common words and names than trying wasting computing power for a single email. The whole point of blockchain is that it’s an immutable public ledger which would actually suit this idea quite well.
I understand how public-private keys work, and I understand why you’d want one. I just think this implementation of a register is bad. Not from a security risk, from a use case point of view; it’s for all intent and purposes an email which if ever compromised is forever compromised and non reusable. It’s an email that’s unrecoverable so not usable in many companies.
I’m sure there are other reasons to not like the idea, but that’s what I can think off the top of my head.
It’s an email that’s unrecoverable so not usable in many companies.
It doesn’t sound like you understand why someone would want to do email with public key cryptography, it sounds like rather you do not like the idea of doing email with public key cryptography. Being unrecoverable is just the tradeoff there. Again, what do you think the problem described even is? For reference,
The issue, Yen said, is ensuring that the public key actually belongs to the intended recipient. “Maybe it’s the NSA that has created a fake public key linked to you, and I’m somehow tricked into encrypting data with that public key,” he told Fortune. In the security space, the tactic is known as a “man-in-the-middle attack,” like a postal worker opening your bank statement to get your social security number and then resealing the envelope.
I think if you actually acknowledge the problem of trust for propagating public keys as a real one that is worth being solved, it would be hard to argue that blockchain is a bad fit for that problem, because it is not. Trustless, verifiable propagation of data is one of the things it actually offers unique benefits for.
I’m sure there are other reasons to not like the idea, but that’s what I can think off the top of my head.
It might be useful to start by considering the idea itself and what it is saying, instead of looking for arguments to make against it.
You’re not adding anything that wasn’t argued towards before. Soon or later, you have to trust something. There are ways to transfer keys by other means which you can use to corroborate.
The tradeoffs of this idea are just not worth it for 99% of the people.
What are the tradeoffs, assuming an email encryption scheme based on self custodied private keys and publicly published public keys? I don’t see any major disadvantages to using blockchain for this, and significant advantages. It’s a big deal if no one can selectively remove/conceal previously published info. If associating a key with an email, and someone is trying to impersonate you, you’ll know it, it’s not going to be hidden from you and specifically shown to someone else. It just makes sense to do it that way. Yes, you have to trust something at some point, but this is a way to minimize how much trust you have to give.
I think the main pro of this system would be that it requires no trust. The immutability would be actually a con for privacy: if you’re burned or doxxed later, there would be hard evidence of your identity in the blockchain.
Except the trust of the source of the blockchain, or some certificate authority somewhere at some point, but ya, that’s kinda assumed as there is no way of making a “first handshake” that’s secure.
For me, it all looks like someone is trying to make a product rather than solve an actual issue.
This is solving a problem we DO have, albeit in a different way. Email is ancient, the protocol allows you to self identify as whoever you want. Let’s say I send an email from the underworld (server ip address) claiming I’m Napoleon@france (user@domain), the only reason my email is rejected is because the recipient knows Napoleon resides on the server France, not underworld. This validation is mostly done via tricky DNS hacks and a huge part of it is built on top of Google’s infrastructure. If for some reason Google decides I’m not trustworthy, then it doesn’t matter if I’m actually sending Napoleon’s mail from France, it’s gonna be recognized as spam on most servers regardless.
A decentralized chain of trust could potentially replace Google + all these DNS hacks we have in place. No central authority gets to control who is legitimate or not. Of all the bs use cases of block chain I think this one doesn’t seem that bad. It’s building a decentralized chain of trust for an existing decentralized system (email), which is exactly what “block chain” was originally designed for.
I’m glad there are authorities out there (like Google) that act as gatekeepers and track the worthiness of senders. Without that, there would just be no way to close the floodgates. Is Google the best company for that? It’s definitely one of the good ones for that.
No, you can’t forge emails easily as you say. Maybe DMARC isn’t perfect, but it works just fine. Attacks that bypass that are done on misconfigured systems, so human error, which can happen with any tech, the one from this post included.
Yes email is an old tech, but let’s not pretend like it hasn’t evolved. It’s not perfect, but it generally works. I don’t think you need to go fully decentralized, but some steps to have more than a single authority could be positive.
privacy
Hot
This magazine is from a federated server and may be incomplete. Browse more on the original instance.