Things like gapps are closed source, have full permissions, and cannot be installed only on some profiles.

Except in stock AOSP or grapheneos.

Agree that qubes is the gold standard. But not to let perfect be the enemy of good, the vast majority of people, the vast majority of people, the VAST majority, are going to be unable to run qubes, either by technical ability, availability of appropriate hardware, or portability reasons.

Mobile phones for all of their faults, are the most secure piece of general computing hardware most people have in their lives

I think it’ll generate 5 days converted into seconds number of operations.

To decrypt however, you have to do all those operations, so I think it would take 5 days to decrypt. Even if you wait 10 days to start the operation

You can use a hardware security key, like a yubi key, or a software fido2 equivalent.

That way it satisfies the two factor requirement, without using a phone number.

For initial registration you can use an SMS service like SMS pool or the others, you pay a little money, you receive a real text message to a real phone number. You just don’t have access to that number in the future

Your voice, vocabulary choice, lighting conditions, power interference frequency, can all give away parts of your location and identity. You have to choose what level of paranoia is sufficient

The most anonymous, would be to have a v-tuber like model, respond and parrot LLM generated voice audio, from a script that’s been translated a few times. Or pay a voice actor from Fiverr to read your script.

Of course this whole time, using a VPN.

This seems interesting. But for something so complex I would really like them to have a white paper to see how they achieve this.

https://eprint.iacr.org/2023/189 Other systems, for instance, use a third party network to broadcast the parts of the secret that are needed to decrypt over time. So you’re relying on a third-party service, and if that third party service disappears you can’t unencrypt

I think this person is just permanently a contrarian.

Randomizing the numbers does provide good security, because there’s no longer an oil imprint on the most frequently used numbers on the phone, making guessing the pin code much harder before the TPM locks the phone.

Phones are full fledged computers nowadays, with Android you can have different profiles. For their level of paranoia, they could have a profile they never use in public, and only login with a full password, only when they’re in a secure location.

For the randomized pin, and biometric two-factor use of a phone, that covers most use cases, and is quite secure compared to most models of data security average civilians use.

You can have different scopes, if you’re in a crowded place, reading Lemmy isn’t really a big security risk. But logging into your banking would be. All of that is possible on Android, the fact that they’re so staunchly pro computer, is difficult for me to take their analysis seriously

Predicting the future with 100% accuracy is difficult. It’s unknowable if physical money will completely disappear.

The one thing I hold as an absolute constant, is humans are adaptable, humans will trade and use whatever they can, whatever is convenient, to their advantage.

Can you trade today, gold for a donut? Yes, but you’re going to put a lot of effort into that trade, just to find a counterparty. And then for the counterparty to verify it’s actually gold etc etc but you can do it.

Fascist governments like the centralized power, and that includes centralizing money, including peer-to-peer exchanges. So there’s always going to be the urge to control the absolute flow of all money. That being said, not every government has perfect cell phone coverage over their whole and nation, not all of their people have phones, not all of those phones are always on the network. The one thing money needs to do is work even offline.

You see the boat in the photos? You see how it’s got a flat bottom, and a ramp that can be lowered? It is literally designed to land on beaches and offload cargo. No Pier needed

I’m pretty sure all the upvotes are coming from the same person’s sock puppet accounts. Just like in this thread they are talking to themselves with the different sock puppets

Mosh plus tmux is amazing.

Does this mean your also against yubikeys?

https://learn.microsoft.com/en-us/windows/security/hardware-security/tpm/tpm-fundamentals

Devices that incorporate a TPM can create cryptographic keys and encrypt them, so that the keys can only be decrypted by the TPM. This process, often called “wrapping” or “binding” a key, can help protect the key from disclosure.

This is how cell phones and windows hello justify short pins, the pin goes into a rate limited TPM that then discloses a larger key to decrypt the actual secret.

The device you’re thinking of has 42 decibels of sound. You should be aware of that, I don’t think it’s actually fanless

Noise is going to be a huge factor for your home lab, so make sure you look at the data sheet for whatever you’re about to buy and check what it’s rated noise level is

Qubes is immune to the knife to the throat threat model?

TPM in the SOC to transform the “convenient” pin into more robust encryption keys is the gold standard for civilian devices.

“computers” (of which a phone very much is) also use a TPM for this very reason.

But even taking what you say as gospel, the device isn’t insecure, its how people are using it.

I will stand by my comments a phone is the MOST secure device a civilian will use. Even with a secured desktop computer where someone diligently types in a 64 bit random code to unencrypt the hard drive… if they use the computer as a general purpose device, the threat surface raises dramatically. Now information and programs are not compartmentalized, install one bad program and it can trivially take over everything.

Please help me understand your point of view. So far all you have said in this conversation is that other people are wrong. That may be, but your not helping us understand you

I think phones are the MOST secure devices most people have. They are locked down, they run software in very restricted containers, they have more restrictive feature allowance. for 99% of the people the phone is the most secure device, full stop.

Can you do better on a computer? Sure, but it takes a bunch of work and isn’t the out of box experience

You can use two factor, fingerprint plus pin and have the pin layout randomize each time.

The hardware driver updates are absolutely critical if you want to have a secure phone. The phone has to be within the support window, to get any hardware driver updates. The risk surface of a phone’s hardware is huge, you’ve got the Bluetooth drivers, you’ve got the Wi-Fi drivers, you’ve got the modem drivers, and any other sensors I may have forgotten about.

Could you explain how phones are insecure by design?

I’m pretty sure this person was just looking for a reason to sue, and then tried to construct the most salacious situation to sue about.

I’m not against them suing, I think web tracking is evil, so more power to them, but I definitely feel like a lawyer helped architect the actual complaint