If that were true, threat modeling wouldn’t exist.
I feel like we’re talking about different things. I’m talking about static concepts, if X is more secure than Y, not individual setups where something is tweaked. Threat modeling is tailoring the security to your needs. It doesn’t bend security of a static object or make the application of something less than what it is. It requires one’s actions to do that by not utilizing it.
Take bullet proof glass, for example. Bullet proof glass is more secure than regular glass. Now, do you need (does your threat model require) bullet proof glass? No? Ok, that doesn’t mean bullet proof is now less secure than regular glass, it’s just unneeded.
Depends on the particulars, and on the needs of the individual.
That’s not really how things like security works. It’s either more secure or it’s not. The security of a thing does not depend on needs. Now, does the application of it or does someone need it to be more secure? That’s where risk acceptance and the needs of the individual come into play.
I’m not going around presuming to tell other people what’s better for them, as one or two others in this thread are doing.
Same. I’m not saying “stop doing this.” I’m just trying to educate people and make sure they’re not operating with a misunderstanding. Needs of the individual and all that. I think some people just go crazy for something that’s not big tech, and then quit looking at the particulars.
the ground should absolutely be on the bottom because gravity.
Not necessarily. You typically want the ground longer so it’s the first in and last out. Type G has the ground on top. I vaguely remember hearing that’s because if it comes slightly out and something sharp or metal falls on the plug, you want it to hit the ground and not the live part…but I don’t know how reliable that story is.
Seriously. I don’t want to install something on my phone when the dev is just using a WebView, if that’s what it’s called. When the app is basically just a website with the browser hidden....
I just checked Lineage OS and it looks like Google Play Services doesn’t let you disable sensors permission. Can you do it on Graphene OS?
Yep, there’s a toggle to disable by default globally. I also individually checked Google Play Services, Google Play Store and Google Services Framework, and all three can be denied the Sensors permission.
This is due to Sandboxed Google Play: “GrapheneOS has a compatibility layer providing the option to install and use the official releases of Google Play in the standard app sandbox. Google Play receives absolutely no special access or privileges on GrapheneOS as opposed to bypassing the app sandbox and receiving a massive amount of highly privileged access. Instead, the compatibility layer teaches it how to work within the full app sandbox.”
A marketing team within media giant Cox Media Group (CMG) claims it has the capability to listen to ambient conversations of consumers through embedded microphones in smartphones, smart TVs, and other devices to gather data and use it to target ads, according to a review of CMG marketing materials by 404 Media and details from a...
Except the device is already in your home, and most people leave their account logged in. That’s basically like you inviting someone into your house, they hang out in your spare bedroom…and they’re still there. So no need to re-grant consent to a situation that hasn’t changed. Unless you mean it auto-logs out (or you log out) and have to re-grant consent then? Most do require consent on logging in, and the average consumer would hate having to log in every time and would probably use weak passwords because of this.
But, you can at least kick them out (revoke consent).
I just don’t see how a proper law/regulation would fix/restrict this, except to make certain personalization attempts (targeted ads) illegal.
I want to get back into reading, so I’m thinking of getting a Paperwhite. But I have no idea if it’s possible to transfer files to it from a computer, and I have no experience with pirating books....
Amazon’s logic is you paid a subsidized/cheaper price that is offset by included ads. You can buy it without ads (more expensive, obviously) from the start.
Blocking older known malware still blocks them, so that’s good (and saves bandwidth because the connection never happens, so this is really good).
If the site is hijacked, it needs blocked till it’s unhijacked. So this is good as well.
This is not really a point?
Number one above, stopping the connection before it happens, is really the best benefit, in my opinion. And if they boast a high false positive, you need better lists. You keep saying “they don’t block this or block that.” They are (nothing is) a one stop shop. Simply because they don’t block what you’re cherry picking does not make them bad. Use multiple layers. You say “don’t use a blocklist, use MS Defender instead.” Why not use both the blocklist, MS Defender, and even more stuff? Multiple layers. Defense in depth.
As I’ve said before: myself. Using unbound as a recursive resolver and cutting out the middlemen of CloudFlare, Quad9, Google, etc.
Edit: or do you want the authoritative name/root servers my recursive resolver asks? Ok. I didn’t give these as that’s who everybody asks, to include Google, Quad9, etc…hence me harping on saying cutting out those middlemen and asking the root servers directly. www.iana.org/domains/root/servers
tl;dr: Cut out Cloudfare’s recursive resolver (or anyone else’s) and run your own via PiHole and Unbound.
You don’t cut the middle man, you create the middle man with Unbound.
Umm, Unbound is on your machine. So you’re saying you are your own middle man lol…which is the same as cutting out the middle man as you (rather, your server) are you.
And Unbound needs to ask other DNS servers on the internet to resolve DNS queries.
It asks the authoritative nameservers, which is who external DNS servers ask. By using Unbound, you are cutting out those external DNS servers, because you/Unbound is the DNS server. You are asking the authoritative name server directly instead of inserting someone else to ask on your behalf.
Here’s an explanation by Cloudflare: A recursive resolver (also known as a DNS recursor) is the first stop in a DNS query. The recursive resolver acts as a middleman between a client and a DNS nameserver…Most Internet users use a recursive resolver provided by their ISP, but there are other options available; for example Cloudflare’s 1.1.1.1.
I copy/pasted the above quote from the article you linked. Again, Unbound (your machine) is asking the DNS nameserver. You’re saying you are your own middleman lol. I’m saying cut out Cloudfare’s recursive resolver and run your own via PiHole and Unbound. Did you read the article I linked?
Trust me, I fully get it. You are trying to be pedantic and “technically correct,” Um Actually style. I am speaking from the perspective of this sub (privacy and enhancing it). You are your network. You are not a middleman in the context of yourself or your network. You are not losing privacy in relation to yourself. That’s being ridiculous. It’s like saying “I didn’t cook this steak at my house, um actually, my stove and pan did. Well, they (and I and the butter/oil) were the middleman. Let’s not forget the fire. Etc.” Again, ridiculous.
Also, you’re right in that you have to ask a DNS server to resolve a name to an IP. But in this context, DNS servers ask the root name server. Those DNS servers are the middlemen, rootname is not. With Unbound and recursive, you are asking the authoritative root name server. They are not a middleman to themselves…they are the authority in DNS (it’s in the name). Also, Unbound as Recursive does answer the question of OP which was “what DNS to use?” When you configure a recursive resolver, you don’t (shouldn’t) change it away from the root nameservers and insert a middleman (someone/something you don’t control), and it doesn’t do it by default. OP was clearly asking about non-authoritative DNS servers to use aka “should I use Quad9, CloudFlare, etc?” And my answer was…none. Cut out those middlemen that don’t need to be there/asked (which takes away some privacy as you’re asking a person who doesn’t need asked), and ask the root nameservers yourself via Unbound recursively.
You seem to be stuck talking from the perspective of the client/PC. Next, are you gonna say “you’re not actually going to the site. You’re going to the switch, then the router, and a firewall, maybe traversing a DMZ, could be a proxy in there, then going through the core backbone routers of the internet, down into their network. Of course, if there’s a VPN in there, that changes things. Let’s not forget the middleman of your own NIC and CPU, not to mention the keyboard, motherboard, mouse, etc. Oh, of course fiber and cabling. Those are all middlemen.” Do you see how fundamentally ridiculous that is?
Assuming they’re talking about what most businesses, especially large ones with huge legal resources, do: exploit loopholes to not pay, or pay reduced, taxes.
It’s been my experience that for most people, Google services are not a requirement, but a luxury… especially for daily life. Now, most Google-esque services are a requirement for daily life, but as they said, there are alternatives that you can use that work.
The Boost android client for Lemmy is displaying these dark pattern ads pretending to be system notifications. What security/privacy conscious Lemmy clients do you recommend? (lemmy.ml)
Age range (lemmy.zip)
this plug doesn't have the little holes (lemmy.world)
Why are there so many apps that could be websites?
Seriously. I don’t want to install something on my phone when the dev is just using a WebView, if that’s what it’s called. When the app is basically just a website with the browser hidden....
Any good alternative to Niagara Launcher?
Hello fellow pirates, did anyone know any good alternative to Niagara Launcher?...
Marketing Company Claims That It Actually Is Listening to Your Phone and Smart Speakers to Target Ads (www.404media.co)
A marketing team within media giant Cox Media Group (CMG) claims it has the capability to listen to ambient conversations of consumers through embedded microphones in smartphones, smart TVs, and other devices to gather data and use it to target ads, according to a review of CMG marketing materials by 404 Media and details from a...
E-Books, best places to get them?
I want to get back into reading, so I’m thinking of getting a Paperwhite. But I have no idea if it’s possible to transfer files to it from a computer, and I have no experience with pirating books....
What site should I trust?
Even the site that considered safe in the megathread, there’s report of malware and trojan and I don’t know what site to use
deleted_by_author
Trying to understand "Stalled" Status
So a file I was needing is showing as 9 seeds, 5 peers, but its stalled....
How to stay safe on Strava (cyclingmagazine.ca)
Some good tips to preserve a bit of privacy for those who use the Strava platform....
I'm ditching htop for btop, look how cool it is (lemmy.ml)
Gen Z is turned off by onscreen sex, wants no-mance over romance, a new study finds (www.latimes.com)
Google forced to reveal users' search histories in Colorado court ruling (www.techspot.com)