I assume they mean proprietary code blobs.
I assume they mean proprietary code blobs.
If they want proper anonymity, the user needs to protect against fingerprinting from the duckduckgo website (Tor or Mullvad). If by anonymity you are meaning from OpenAI, then duckduckgo needs to be running user’s text prompts through a paraphrasing LLM to normalize text and avoid deanonimization using writing-style Fingerprinting.
Unofficial MCPE launcher is the only way to run bedrock on Linux
Many mechanics, and bugs, and features. Redstone is very different because the bug/exploit parity doesn’t exist and even obvious features are different (Redstone attaches to pistons). When they add a new mechanic, the bugs are different and unique to each game. Like because cauldrons can hold potions in bedrock, you can (idk if its changed) use the newish block dripstone to increment the potion fullness, duplicating it.
I assume it has documentation, otherwise you can look at the Flatpak docs to see the equivalent terminal commands that are available in the GUI. Flatseal is pretty intuitive in my experience.
On linux for the Obsidian Flatpak, you can deny it having internet and filesystem permissions using Flatseal.
How recently. I tested with Mullvad and it gave me a notice.
They block VPN users.
deleted by creator
Microsoft Activation Scripts (MAS)
Alternatively to upgrading edition check out these apps:
Yeah, any security focused android ROM won’t include root because it breaks the android security model. Breaks the ability to have secureboot and system safety checks by apps.
DivestOS is the most degoogled (removes the most proprietary blobs) android ROM. See if your device is on this list: https://divestos.org/pages/devices
Extra reading: see Whonix comparison table to see what they look for when choosing a base OS that can be later hardened for security. Note that some things in the table are not security specific but important for anonymity (which Whonix modifies to Kicksecure to better protect). Whonix is a security focused operating. Here is a comparison of different memory allocators showing their features for preventing different types of exploitation. Memory based attacks consistently are reported to be one of the most common types of attacks.
Point still stands. postmarketOS isn’t hardenned. Default desktop linux isn’t hardened. Malware could easily infect your device and exfiltrate data, escalate privileges, modify the kernel, etc. Each of the things I have mentioned (hardened_malloc, immutable OS, hardened kernel, hardened firewall, removal of identifiers, full disk encryption, locking of root login [not the same as invoking root], MAC hardening through SELinux or/and AppArmor, service minimization for reduced attack surface, package manager hardening, secure boot, sandboxing of applications, etc) should be implemented for both Desktop or Mobile Linux to have “good” security. Security is preventative. All of these things come together to create a system better equipped to protect against know and unknown threats, which especially true for mobile devices which are near-costantly in unknown environments. A vulnerable device is weak link in the chain of your security, which can be used to compromise your privacy. You may never be attacked or have your device exploited, but that doesn’t make it secure as a result.
I would love to see an actually secure mobile device that is rid of Google’s stench. Problem is postmarketOS isn’t secure, its just default linux on a phone. If it saw largescale adoption (which we all would like a good alternative to do) it would be easily exploited.
It says postmarketOS is based based on alpine Linux, which according to Whonix doesn’t meet their threat model and it’s odd to claim “Alpine Linux was designed with security in mind” when Alpine’s package doesn’t pass The Update Framework model. A vulnerable package manager can be used to compromise a system, read more package management on TUF’s website.
Did you go to any of my links about Linux hardening? Do you implement any hardening yourself? Do you harden kernel flags or replace malloc with hardenned_malloc?
If PostmarketOS is just ARM linux with minimal changes than it isn’t secure enough for a mobile device. All apps should be sandboxes regardless of whether you can trust the code or developer. Each app expands the attack surface of your device.
Linux kernel also has proprietary blobs for firmware and device support. That is the difference between Linux normal or libre kernels.
Nah I dont think that at all. But DivestOS and GrapheneOS are the most security hardened. DivestOS takes extra steps to further deblob Android of proprietary bits to further reduce attack surface. See my other reply for my detailed (barely scratching the surface) insight into why Linux isn’t a good mobile OS, but more so how Linux isn’t security hardened well at all by default.
Security through obscurity is not security. There are special considerations that have to be taken on a mobile device. Mobile OSes, while unhardened normally, are still designed to protect against attack vectors that aren’t considered by normal linux. Linux can be hardened, but is very open by default. It also offers no default sandboxing of apps from each other. It isn’t immutable, unless postmarketOS is, which is a large security threat when considering device integrity. Full disk encryption isn’t enabled by default (unless changed in postmarketOS). Root login is enabled by default (a huge attack vector). Linux isn’t secure by default, but more private than any proprietary OS like Windows, iOS/MacOS, ChromeOS, and Android. But Linux because of its open default makes it vulnerable to spying 3rd party by apps installed by the user. It is also vulnerable to attacks from a network.
I recommend a deblobbed Android ROM like DivestOS (my personal fav and more deblobbed of proprietary blobs than any other ROM) or GrapheneOS. See a good comparison between ROMs here: https://eylenburg.github.io/android_comparison.htm
For linux hardening, check out Kicksecure for Debian distromorphing, Secureblue for Fedora Atomic (immutable) rebasing, and Brace by DevistOS’s developer for general security hardening of Fedora/RHEL, Debian/Ubuntu, Arch Linux, and OpenSUSE Tumbleweed.
Linux mobile is not threat modeled for a moble device. It is quite risky. Mobile devices must consider more known and unknown attack vectors than a device (like a Desktop) that stays in a consistent trusted environment (like home or a personal office in some cases).
This table is really good: https://www.messenger-matrix.de/messenger-matrix-en.html
DivestOS is the most thoroughly degoogled of the android ROMs (it removes the most proprietary binary blobs). DivestOS is also decently security hardened, better security hardening than any other Android ROM other than GrapheneOS. But since it removes more of these proprietary blobs, it further reduces the attack surface of the ROM. Both GOS and DivestOS are good options. As commented by another user, /e/OS falls behind on security updates often, which is quite bad for a security or privacy focused OS.