Thank you. I wouldnt have known this if it wasn’t for this post. I’ve never seen these sites. Good post.

Thats so wack

Nostr is awesome. I’m hoping it grows much further.

Why is a windows computer not my computer? makes no sense

A lot of the security work on Linux is being done by Google. It’s highly unlikely they are putting backdoors in their products.

The desktop security model is insecure in general. Phone OSes are much more secure.

Reasonable desktop OS to use is Qubes, Fedora, MacOS, ChromeOS, or Windows pro/enterprise (hardened)

Phones are much more secure especially the Pixel 8/pro with MTE immensely reducing remote exploitation. GrapheneOS is the only distro that enables MTE by default and recently implemented it in their Vanadium browser.

Secure phones (secure elements are important): IPhones and Pixels (GrapheneOS or stock)

Also yes, Chromium is much more secure on Linux than Gecko based browsers because of its great internal sandboxing and site isolation. Firefox on Windows is catching up though, but still bad on desktop Linux and android.

This all doesn’t matter if you’re running an EoL device. Make sure your receiving official security and firmware updates.

that’s about it

security theater

AOSP does get security updates first because GrapheneOS is based on unmodified AOSP. They are quick to port over updates though and they have extra features like hardened malloc and better user profile support.

Non pixel phones aren’t secure because GrapheneOS doesn’t support them. They aren’t secure because they either don’t have secure elements, broken verified boot, or don’t properly support alternative operating systems. This makes phones like OnePlus, Fairphone, etc not secure enough for GrapheneOS.

DivestOS I would say is the least worst option when it comes to supporting EoL phones. They’re at least honest about what they do and don’t provide unlike what other OSes do. On their website, they tell you they aren’t a secure OS and they can only try their best to reduce harm on an EoL device. DivestOS Security.

The only secure phone operating systems are either grapheneOS or stock. All the others usually are behind security updates.

For migration, I would just use a USB C drive and transfer files.

Here is a more detailed explanation: https://privsec.dev/posts/android/f-droid-security-issues/

Accrescent is a new appstore that fixes all these issues but its still in alpha stage and has 11 apps right now.

I replaced fdroid with Obtainium that pulls apks from github,gitlab,fdroid,etc and it has support for auto updates. It’s a little better than Fdroid but still has its own issues.

Why Fdroid is not secure:

1. Hosts an outdated APK client.
2. Utilizes an obsolete installation method.
3. Does not take advantage of modern appstore features.
4. Has no moderation.
5. Has no old app deletion.
6. Has an arbitrary FOSS only rule.
7. Does all building and signing themselves.

The Google Play Store is more secure.

Lol, I did update it and still wasn’t working :(

I actually just installed Arch on my gaming PC a few days ago. I’ve been testing out many games with it and I’m very happy with it. I was hesitant to switch from Windows because I wasn’t sure if the game support would be an issue, but thanks to Proton, I finally switched.

No issues using an Intel CPU and Radeon GPU as of now, except the archinstall wasn’t working for me so I had to do it the normal way.

Android System Webview allows apps to display browser windows in the app rather than taking you to your web browser app. On Android, chromium is used for webview. If you use Firefox as a default browser, the remote attack surface increases because they’re two different browsers with different security issues.

Site isolation enforces security boundaries around each site using the sandbox by placing each site into an isolated sandbox. Firefox doesn’t have that feature so they’re vulnerable to attacks like Spectre.

I haven’t been using Firefox for Android because I heard they don’t have a WebView Implementation so the firefox browser has to be used beside the Chromium WebView meaning there’s an attack surface of two browser engines. I also heard that the Firefox sandboxing and site isolation isn’t very good between websites.

I’ve been using Vanadium WebView and browser because of that.

deleted by creator