this post was submitted on 29 Oct 2023
27 points (100.0% liked)

Privacy

789 readers
4 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

"[GNU/]Linux being secure is a common misconception in the security and privacy realm."

https://madaidans-insecurities.github.io/linux.html

"[GNU/]Linux is thought to be secure primarily because of its source model, popular usage in servers, small userbase and confusion about its security features. This article is intended to debunk these misunderstandings".

Based on this, one should try to do as much as possible on a GrapheneOS device

@privacy

top 14 comments
sorted by: hot top controversial new old
[–] ono@lemmy.ca 22 points 1 year ago (2 children)

Based on this, one should try to do as much as possible on a GrapheneOS device

To be clear, that is OP's opinion, not a recommendation in the article.

Personally, I would be more interested in GrapheneOS if using it didn't require (directly or indirectly) giving money to Google.

[–] jlou@mastodon.social 5 points 1 year ago* (last edited 1 year ago) (1 children)

The author in another article does recommend GrapheneOS.

https://madaidans-insecurities.github.io/android.html

"The best option for privacy and security on Android is to get a Pixel 4 or greater and flash GrapheneOS. GrapheneOS does not contain any tracking unlike the stock OS on most devices. Additionally, GrapheneOS retains the baseline security model whilst improving upon it with substantial hardening enhancements ... includ[ing] a hardened memory allocator, hardened C library, [and] hardened kernel"

[–] moreeni@lemm.ee 18 points 1 year ago (2 children)

on Android

GrapheneOS is still not perfect. The general consensus among people is that running QubesOS with a Whonix/Kicksecure container is the best you can get atm but even that it is not perfect.

The point of the Linux insecurities article is to fight common misconception by the FOSS community that using a Linux distro is going to solve every single security concern you might have. It does not mean, however, that Linux is inherently insecure and shouldn't be used.

The author himself had said he uses Linux and Firefox despite what he wrote in the posts.

[–] Jesus_666@feddit.de 6 points 1 year ago (1 children)

The real point is not that Linux is less secure than often said but that "inherently secure" is not a thing, especially not when a network is involved. Your system can make it easier for you but you still have to look after your own safety.

[–] moreeni@lemm.ee 5 points 1 year ago (1 children)

That's pretty much what I have said

[–] Jesus_666@feddit.de 4 points 1 year ago

Yes; I was summarizing, not offering a differing viewpoint.

[–] Pantherina@feddit.de 1 points 1 year ago

I would say QubesOS is for sure the safest, but having normal sandboxes and permissions should be enough. QubesOS is like making an insecure OS secure, as there are no permissions or portals, so you need to go way beyond and run multiple VMs at a time. This is not suited for any daily use, my modern laptop really struggles to run 2 VMs at a time

[–] scott@lem.free.as 3 points 1 year ago (1 children)

That's why I buy secondhand Pixels. You can normally get near-new quality if someone orders one as a gift and it's the wrong colour, or they accidentally chose the wrong storage size, or something similar.

That way Google's not getting my money.

[–] ono@lemmy.ca 8 points 1 year ago* (last edited 1 year ago)

They're getting money from people willing to pay for new Pixels knowing they can recover some of the cost later by selling them to you. (The used market bolsters the new market.) That's what I meant by indirectly.

[–] jman6495@lemmy.ml 19 points 1 year ago

Please stop sharing bullshit articles full of technically uninformed disinformation

[–] fosserytech@mstdn.social 12 points 1 year ago

@jlou @privacy No OS is fully secure. Windows and MacOS also have several security holes. It's also a common misconception among people that MacOS is so secure and perfect but it's not.

[–] dataprolet@lemmy.dbzer0.com 11 points 1 year ago

Oh the FUD-blog again.

[–] hottari@lemmy.ml 8 points 1 year ago

Irrelevant. Some systems may be hard to compromise but most humans are not.

[–] Pantherina@feddit.de 3 points 1 year ago* (last edited 1 year ago)

I agree there needs to be a

  • hardened kernel
  • hardened malloc
  • hardened C library
  • SELinux confined user
  • verified boot
  • easy 3rd factor audit
  • flatpaks that actually use portals

So Linux Distros like Fedora Atomic could get close to that, by shipping the hardened components etc. But for now, this would simply break apps. And having fully verified boot requires a custom BIOS or something else, like a bootloader on your USB stick or whatever.