this post was submitted on 25 Jul 2023
334 points (100.0% liked)

Privacy

789 readers
9 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

also on r/privacy

top 33 comments
sorted by: hot top controversial new old
[–] Mongostein@lemmy.ca 29 points 1 year ago (1 children)

Oh, so this third party would rat you out for having an adblocker and websites would be like, “naahhhhh”

I say no to this.

[–] qwertyqwertyqwerty@lemmy.one 35 points 1 year ago (1 children)

This goes way beyond that. According to the article, this would be the equivalent of getting identified to prove you're a real person with an unmodified web browser (presumably Chromium-based) to enable a fully-controlled browsing experience.

The closest analogy I can come up with is it's like creating a HOA for web content. Keep your web browsing experience "gated" so it is "untainted" by extensions that block ads and/or manipulate web pages. Google is trying to make it sound like it's holding your hand and keeping you safe, but in reality is trying to put handcuffs on your web browser.

[–] InFerNo@lemmy.ml 1 points 1 year ago* (last edited 1 year ago) (1 children)

It sounds that it actually is safer, that people for example can expect there are no malicious mitm things spying on their browsing or changing/injecting things that are malicious (like these scams lately where they ask to take over your computer and change numbers via dev tools because people don't know what the fuck they're looking at), but at the same time it would make things very cookie cutter. Ads everywhere, no way of changing things with client-side scripts, no looking at source code because why would you can't change it anyway, no alternative frontends for popular websites with horrendous tracking, etc.

Of course, that is for the websites that take advantage of this technology. I can't predict how many websites would implement this, but I hope deep down there are still websites that would not go this route and remain free to visit and browse. That will be my world wide web. I know where the web came from, taking a step back to a smaller sub-web of sorts doesn't really scare me, it might even bring back some of that forgotten glory of what the web once was. Smaller, less content, but with heart.

[–] possiblylinux127@lemmy.zip 4 points 1 year ago

They problem is that this means that the web is controlled exclusively by google.

[–] ApathyTree@lemmy.dbzer0.com 18 points 1 year ago* (last edited 1 year ago) (2 children)

I’ve been seeing a lot of shit about google being evil lately… I’m actively transitioning off their products. I’ve now got Firefox on my phone (I fucking can’t do safari, it’s so trash), I’m off android (about a year now) which was super fucking difficult. iOS is much worse, and they aren’t that much better as a company, but it gets updates for more than 2 years..but I hear Linux phones are improving so that will probably be my next move.

My next step is getting rid of gmail which I’ve been on basically since it was launched.. that’s going to be painful.

[–] GrappleHat@lemmy.sdf.org 6 points 1 year ago* (last edited 1 year ago) (1 children)

I through all that myself. Except on the phone front I went GrapheneOS & LineageOS. There's nothing wrong with base Android (the problems with Android are added by Google, Samsung, etc at downstream steps)

And I agree that Gmail was hard to leave. But I went ProtonMail and had Gmail forward there for awhile until eventually nothing was going through Gmail anymore.

[–] ApathyTree@lemmy.dbzer0.com 2 points 1 year ago (1 children)

Pardon the wall of text incoming -

The reason I didn’t do that is my last two devices (cumulative 5 years of use) had no recovery partition, I didn’t want to brick them until I had a replacement (I did brick one of them -my first ever full bricking 🥹!-, the other was already broken beyond normal use but it took the flash, and I learned), and I didn’t want to buy a new device for the sole purpose of changing the os. There’s a ton of research that goes into doing that which I simply didn’t have the energy for when my last device bit it.

Maybe I should have, but I figured I’d try iOS first. I hate it passionately, but I’ll probably keep it until my phone dies, apple fucks up big dog (I’m aware of the slave labor, almost no tech is spared that, though, and I didn’t know about fairphone) or a good Linux os/device comes out. Hell bonus if I can jailbreak and flash a different OS on this fucker, but I know alllll about how locked down apple is… can’t replace components, can’t even change a fucking ringtone without a gob of work.. it fucking sucks after a decade on android using it as fully as I could. I even switched to Linux (ubuntu) because it felt like android for my pc. (Also fuck windows 8/10/11. Windows 7 was the last reasonably good iteration, and I formatted my drive and reinstalled that shit every 6 mths -bootleg master disc, took about that long for windows to flag me as not genuine- to keep using it until I swapped to Linux. Learned good data management habits in the process!)

I used to use cyanogenmod and a couple others waaaay back in like 2012-2018 or whatever, and I really liked rooting and flashing os, but privacy focused OS weren’t available for my devices. I’m poor, so can’t afford good phones, especially if I’m gunna fuck up the warranty immediately by rooting (only reason I paid as much for an iPhone as I did is they do support devices long-term, which is sorely lacking in stock android and, to me at least, entirely unknown for custom). Especially since a lot of better devices, to my understanding, have a rooted flag that can’t be un-flown by disabling root.

As for proton, I’ve heard good things, from a lot of people. I’m currently looking into self-hosting options for various things to un-dependent myself from services run by unknown entities (it’s gunna be a blast learning everything from square one… but so much better than my shit being “owned” by someone else), and haven’t really decided if I want to try hosting my own email or not. Probably not but it might be fun to play with while I decide.

[–] Ilandar@aussie.zone 5 points 1 year ago (2 children)

I’m poor, so can’t afford good phones

Sorry if this is a stupid question, but have you looked at secondhand phones? Some of the deGoogled Android ROMs still offer support for old models and if you shop around you can find one in basically new condition (excluding battery degradation). Buying secondhand also ties in with your ethical concerns.

[–] ApathyTree@lemmy.dbzer0.com 1 points 1 year ago* (last edited 1 year ago) (1 children)

That is very true, and I have actually bought used before but it was a miserable experience because it wasn’t listed as carrier-locked (it was, however, a long time ago, well before carrier unlock was required/universal unlock was commonly available).

Perhaps I’ll look into getting a used phone while I have a working one and play with it a bit, if I can find one for a reasonable price, as long as they don’t have the same replacement lockout apple has. I’ve been using GSM carriers exclusively so I can bring my device if I ever (need to or can) emigrate, so probably a decent market of devices available.

Not a stupid question and thanks for reminding me that’s an option. I tend to distrust used/refurbished tech -replaced for a reason sort of thing, especially when warranty replacements of major models tend to be refurbished and have their own problems.. but I probably shouldn’t assume others treat their tech the way I do - my forever precious. Like cars, I run them until they die, and someday I’ll make a fucking sculpture with all the broken old phones I have. I recently found my first semi-smart phone, which I had when I was… 22-24, I think? The Motorola rival A455 in purple. Fuck was technology pretty!

https://www.bing.com/images/search?q=motorola+a455+purple&form=HDRSC3&pc=MOZW&first=1

[–] Ilandar@aussie.zone 2 points 1 year ago* (last edited 1 year ago) (1 children)

I tend to distrust used/refurbished tech -replaced for a reason sort of thing

I would never buy refurbished unless it was the only option. You basically paying extra for someone to repair a broken phone (possibly with inferior parts) at that point, whereas used you can find phones that have babied by their owners with a case and screen protector and have nothing wrong with them. In Australia, most newer used phones are being replaced due to an upgrade because the owner reached the end of their plan and can essentially move to a newer phone for "free", or because they damaged something like the screen and they'd rather buy a new phone than repair their current one. With the latter, the cosmetic damage is usually clearly visible and described by the seller and is therefore easy to avoid. For older models, it's usually just a normal upgrade.

Water damage used to be a bigger risk with secondhand phones, but these days so many have decent waterproofing that it is practically a non-issue. In terms of just general risk, used phones are really low in my opinion. I think people are a little too obsessed with warranties and have this doomsday scenario in their head where they buy a used phone and it just instantly dies. It's just not realistic at all, phones will last a very long time as long as they aren't exposed to extreme conditions. Just be patient, be smart and research the phone and the seller thoroughly before buying and you basically can't go wrong. People are really sleeping on used phones, and electronics more generally. They are great value and a much better choice ethically.

EDIT: That's a sick looking phone by the way, I wish there were more made with that type of colour scheme.

[–] ApathyTree@lemmy.dbzer0.com 1 points 1 year ago

Thank you for the detailed reply, and that’s actually something I hadn’t really considered. I know I baby the fuck out of my phone, so I’d probably be one of those people 😁 but also phones themselves have gotten a lot more durable and harder to break.

And that’s a good point that in other countries, unlocked gsm phones are just the norm even with regular upgrade plans, where here (Midwest us) it’s kinda hard to find because a lot of the larger carriers are CDMA, so my standard experience is just different. I haven’t really looked too much other than refurbished, and those aren’t cheap-er enough to be worth it, but I’ll take a look.

[–] argv_minus_one 1 points 1 year ago (1 children)

Buying a secondhand phone also gives you an insecure phone. That's why GrapheneOS doesn't support old phones.

[–] Ilandar@aussie.zone 2 points 1 year ago (1 children)

Technically you're correct but it really depends on the user's threat model as to whether this is actually an issue. The remote risk to an unlocked bootloader is very low, so it's only really an issue if someone actually physically has the phone. The average thief is not going to have the skills, knowledge or even the interest to actually exploit the phone in this way.

[–] argv_minus_one 1 points 1 year ago (1 children)

That's not the problem. Remotely exploitable firmware vulnerabilities, for which no patch will ever be available, are the problem.

[–] Ilandar@aussie.zone 1 points 1 year ago (1 children)

They are both potential problems. As I said, it depends on the user whether they are significant concerns. Around half the Android userbase is stuck on 10 or lower, presumably on older devices that haven't had firmware updates for years. Theoretically there is a risk, but there is no evidence to suggest the likelihood is anything other than very low.

[–] argv_minus_one 1 points 1 year ago (1 children)

Unless I'm mistaken, there have been firmware RCE vulnerabilities that give successful attackers unrestricted access to the entire system and can be attacked by anyone capable of sending network packets to it. That is not “very low”. That's insecure to the point that “your” phone is basically the property of some overseas crime ring and they're letting you borrow it.

[–] Ilandar@aussie.zone 1 points 1 year ago (1 children)

Unless you have some evidence that half of the Android userbase is using devices that are "basically the property of some overseas crime ring", I am going to assume this is just hysteria on your part. Please read the definition of "likelihood" while you're at it.

[–] argv_minus_one 1 points 1 year ago* (last edited 1 year ago) (1 children)

I do indeed: the Android Security Bulletins. Bear in mind that most people don't install a custom operating system after the stock OS stops receiving updates.

Even for those who do, however, those vulnerabilities listed under a heading like “Qualcomm closed-source components”—that is, firmware vulnerabilities—are still present on their devices. See, for example, this list of firmware vulnerabilities fixed in an update as of December 2019. If you have a device that stopped receiving updates before then, it still suffers from those vulnerabilities no matter what OS you run on it, and many of them are RCEs that give successful attackers complete control of the device.

As for “likelihood”, infosec does not work that way. Cybercriminals and hostile foreign intelligence agencies don't sleep and don't show mercy. If you have a vulnerability that your adversaries know about and can feasibly exploit, then they are already exploiting it. That's why vulnerability disclosure embargoes are a thing.

[–] Ilandar@aussie.zone 1 points 1 year ago (1 children)

Was there something specific in there that actually backed up your claim? A link to a generic landing page is not what I was asking for. As I have said repeatedly, I do not deny that there are exploits which are theoretically feasible and have been carried out on some scale. What I am asking for is evidence that every old Android device has already been compromised (your claim) and/or for data that proves this is a widespread issue.

[–] argv_minus_one 1 points 1 year ago (1 children)

Was there something specific in there that actually backed up your claim? A link to a generic landing page is not what I was asking for.

My previous comment contains two links. The second one points to a list of vulnerabilities in Qualcomm closed-source firmware that were fixed.

For your convenience, here it is again: [link]

What I am asking for is evidence that every old Android device has already been compromised (your claim) and/or for data that proves this is a widespread issue.

Cybercrime groups obviously aren't going to publish reliable statistics on the crimes they've committed. One should generally assume that known vulnerabilities are already actively exploited unless there is evidence to the contrary.

[–] Ilandar@aussie.zone 1 points 1 year ago

I don't know why you keep linking examples of known vulnerabilities .This is not what I am asking for, and I have never once denied their existence. If you can't provide evidence to support your claim that every old Android device has already been exploited and is "the property of an overseas crime ring" then just say so. Stop shifting the goalposts and pretending otherwise - it's a waste of my time and yours.

[–] possiblylinux127@lemmy.zip 1 points 1 year ago

Just use lineage

[–] Umbra@kbin.social 16 points 1 year ago

Whatever google does is bad pretty much.

[–] LollerCorleone@kbin.social 12 points 1 year ago (1 children)
[–] rhino@lemmy.ml 1 points 1 year ago (1 children)
[–] reclipse@lemdro.id 17 points 1 year ago (1 children)
[–] rhino@lemmy.ml 2 points 1 year ago (1 children)

he typed, on the copycat of r/privacy

c/nobodyasked, feeling better now? 🤣

[–] possiblylinux127@lemmy.zip 5 points 1 year ago

To link a community you type !communitynameserverurl

[–] possiblylinux127@lemmy.zip 4 points 1 year ago

The scary part is this could role out to chrome and most people wouldn't know the difference

[–] Samsy@lemmy.ml 3 points 1 year ago (1 children)

I have to ask this, if I use grapheneOS with a Firefox browser like mull and my search engine isn't google, do I have to give a fuck about this DRM bullshit?

[–] shiham@lemmy.shihaam.me 2 points 1 year ago

if websites you need start using it, then yes.