• 0 Posts
  • 29 Comments
Joined 1Y ago
cake
Cake day: Jun 16, 2023

help-circle
rss

Yes, verified boot will have out-of-bands alerts for you by design. Without the online component, you will risk not being able to detect tampering.


If the hardware is tampered, it will not pass the attestation test, which is an online component. It will fail immediately and you will be alerted. Thats the part of verified boot that makes this so much harder for adversaries. They would have to compromise both systems. The attestation system is going to be heavily guarded.



If the hardware signatures don’t match, it wont boot without giving a warning. If the TPM/Secure Enclave is replaced/removed/modified, it will not boot without giving a warning.




Why exactly am I re-reading your post? Im in complete agreement with you? Should I not be?



Having Signal fill in gaps for what the OS should be protecting is just going to stretch Signal more than it already does. I would agree that if Signal can properly support that kind of protection on EVERY OS that its built for, go for it. But this should be an OS level protection that can be offered to Signal as an app, not the other way around.


If your device is turned on and you are logged in, your data is no longer at rest.

Signal data will be encrypted if your disk is also encrypted.

If your device’s storage is not encrypted, and you don’t have any type of verified boot process, then thats on you, not Signal.



You can get an Apple TV, which is an external device you connect to your TV if you’re already in the apple ecosystem. You can use your iPhone as a remote for it.

There is also the Nvidia Shield option, which is a solid Android TV option.

And of course, you can just use any pc as an input device and use that.

The firmware thats actually on the “smart tv” might be tough to replace with an open source solution. Im sure there are some TV modders out there, but its probably very niche. Best to get an external device of your choice imo.


There was a lawsuit to remove Windows Explorer? Did you mean to say Internet Explorer?


Each developer will have to be authorized by Apple to switch engines “after meeting specific criteria and committing to a number of ongoing privacy and security mitigations,”

Now they can babysit other browsers and make sure they’re secure too, ig. Might as well throw that responsibility on the trillion dollar company. At least the browsers will end up more secure once the apple security team audits them.


The lack of updates to old devices might be exactly why apple doesn’t want to be compatible with them. It’s a HUGE attack surface. They can’t babysit every device’s downfall.



Sure. An ex-boyfriend doesn’t take the breakup from his girlfriend well, and decides to locate her. He remembers his phone used to be paired with hers, and decides to use that to find her.

As much as you want to fight me and make fun of me for this, this is a serious concern.



Thats why I’m asking if they know why the feature was removed so I can look up the specifics.


Thats not true. There are still phones out there being actively used that have been end of life for years now. There is no way to corral those insecure devices.






Do you have an example of them rejecting a quality product from being used in their phones?


“We need you to stop making a good product so your customers can finally move away from it.”


They do a lot of work to keep your phone number private, or at least any data that is tied to it. This username upgrade is solely for someone to communicate over Signal without needing to hand over your phone number.

For example, you can now be in group chats with internet strangers by just giving them your username.

On top of that, once MLS is adopted, you can communicate with other messengers as well.


To add to this, you arguably cant have privacy or anonymity without security first.

If there are any vulnerabilities or design flaws for your device or its OS, you shouldn’t fully trust your device to handle sensitive tasks.