Master Anonymity and Privacy: Essential Guides Compilation

c0mmando@links.hackliberty.org · 1 year ago

hi wravoc, good to see you again and i must say your git page is looking sweeet

c0mmando@links.hackliberty.org · 1 year ago

Master Anonymity and Privacy: Essential Guides Compilation

c0mmando@links.hackliberty.org · 1 year ago

Lobbyists Call For Increased Digital ID Funding

c0mmando@links.hackliberty.org · 1 year ago

Global internet freedoms fell again last year as the threat of AI looms

c0mmando@links.hackliberty.org · 1 year ago

New Bill Plans To Co-Opt USPS To Distribute Digital IDs

c0mmando@links.hackliberty.org · 1 year ago

deleted by creator

c0mmando@links.hackliberty.org · 1 year ago

Depending on your vehicle… It’s possible to remove all the Nanny tracking via some DIY hacks or even a call to “opt out”

c0mmando@links.hackliberty.org · 1 year ago

The Internals of Veilid, a New Decentralized Application Framework

c0mmando@links.hackliberty.org · 1 year ago

If you think Fdroid security is on par with Google security… then I got a bridge to sell you

c0mmando@links.hackliberty.org · 1 year ago

An upstream compromise that affects downstream hosts. A good example is the NPM supply chain attack -> https://hackaday.com/2021/10/22/supply-chain-attack-npm-library-used-by-facebook-and-others-was-compromised/

c0mmando@links.hackliberty.org · 1 year ago

The diminished security resulting from the increased likelihood of a (single point of failure) supply chain attack.

Yes its possible for malicious devs to trojan apps, but due to apk signing it is much more difficult for a third party entity to induce a supply chain attack, which is my real concern when it comes to phone security.

If you have a lower threat model, this post isn’t for you…

c0mmando@links.hackliberty.org · 1 year ago

Sure, atleast you admit there’s a trade off (security) for (FOSS) and maybe some additional privacy.

People should be made aware of the risks and choose according to their threat models, which is why I’ve highlighted some of these issues to begin with.

c0mmando@links.hackliberty.org · 1 year ago

Doesn’t affect the end user… beyond diminished security. Are you implying I should trust Fdroid devs as much as I would trust Google devs?

c0mmando@links.hackliberty.org · edit-2 1 year ago

Sure, I’ll spell it out for you since apparently the point went right over your head. Fdroid devs are a single point of failure by signing every application themselves. This introduces a potential for supply chain attack, not to mention Fdroid running on EOL servers.

When you use an individual dev repo, you can avoid any trojanized apps from Fdroid because the developers maintain their own infrastructure and sign their own apks.

That’s called… D I S T R I B U T E D T R U S T

c0mmando@links.hackliberty.org · 1 year ago

Did you even read the article? F-Droid signs all the apps in the main repo…

c0mmando@links.hackliberty.org · 1 year ago

Love F-Droid but be aware of the risks and always try to use a developer repo when possible…

https://privsec.dev/posts/android/f-droid-security-issues/

c0mmando@links.hackliberty.org · 1 year ago

Normie’s gonna normie. If we ain’t talking over signal we ain’t talking.