• 1 Post
  • 15 Comments
Joined 1 year ago
cake
Cake day: June 13th, 2023

help-circle





  • The desktop security model is insecure in general. Phone OSes are much more secure.

    Reasonable desktop OS to use is Qubes, Fedora, MacOS, ChromeOS, or Windows pro/enterprise (hardened)

    Phones are much more secure especially the Pixel 8/pro with MTE immensely reducing remote exploitation. GrapheneOS is the only distro that enables MTE by default and recently implemented it in their Vanadium browser.

    Secure phones (secure elements are important): IPhones and Pixels (GrapheneOS or stock)

    Also yes, Chromium is much more secure on Linux than Gecko based browsers because of its great internal sandboxing and site isolation. Firefox on Windows is catching up though, but still bad on desktop Linux and android.

    This all doesn’t matter if you’re running an EoL device. Make sure your receiving official security and firmware updates.

    that’s about it



  • microG runs Google Play code just like Aurora Store. It is not fully open source. Here’s more information.. It is still connecting to Googles propriety servers.

    microG requires Signature Spoofing and alternative OSes usually ship with microG as a privileged system app. This increases the attack surface as it is not confined by the regular sandbox rules.

    Now you’re using a privileged component, which downloads and executes Google code in that privileged unprotected context, and which talks to Google servers because otherwise, how would FCM work for example?

    Despite doing both of those things, MicroG doesn’t have the same app compatibility as Sandboxed Google Play despite the extra access it has on your device. Even in some magical universe MicroG worked without talking to Google servers or running Google code (again, in a privileged context), the apps you’re actually using it with (the apps depending on Google Play) have Google code in them.


  • I recommend you purchase a Google Pixel 6a or above (minimum security support ends July 2027) and flash GrapheneOS. (Pixel 8/pro preferred)

    Aurora Store doesn’t avoid Google since a lot of the apps from the play store include Google’s SDK and libraries. microG also doesn’t avoid Google as it is still running proprietary Google code and has more privacy/security weaknesses

    Sandboxed Google Mobile Services is a much better implementation which is featured in GrapheneOS. The services are not privileged and is treated like any other app. They don’t downgrade privacy or security unlike the other alternatives.

    There are much more privacy and security benefits using GOS. Here is a 3rd party comparison between different mobile OS.




  • Genghis@monero.towntoLinux@lemmy.ml*Permanently Deleted*
    link
    fedilink
    arrow-up
    3
    ·
    edit-2
    1 year ago

    I actually just installed Arch on my gaming PC a few days ago. I’ve been testing out many games with it and I’m very happy with it. I was hesitant to switch from Windows because I wasn’t sure if the game support would be an issue, but thanks to Proton, I finally switched.

    No issues using an Intel CPU and Radeon GPU as of now, except the archinstall wasn’t working for me so I had to do it the normal way.



  • Yeah a lot of substantial improvements have been made to GrapheneOS in the last couple of years to expand app compatibility. There’s Sandboxed Google Play now, as well as things like the exploit protection compatibility mode toggle so that people can use apps with memory corruption bugs which are caught by hardened_malloc if they wish to. Back in the day, apps with memory corruption would crash and there would be no way to use the until they fixed their app. They now have a toggle to disable hardened_malloc per app when you want to use it regardless.