My signal app tries to update itself. Installed from obtanium. It is a very irritating process, the thing tries to update, there is sometimes weird response times from clicking it (you click the notification and simply do not know if something is happening) and then without notice the thing restarts and then usually it works. But sometimes, the update notification still comes back. Because of that, I just update via obtanium

So what you want to do, effectively, is to have different security requirements for different accounts. Correct? And all in the same file.

For now I just want to get a few things out of the way:

• with this strategy, what are you protecting against?
• how likely is this to happen?
• what is your contingency plan?

I believe its good to have different levels of security for different things, but you also have to understand at what cost you need it.

I can propose a different thing altogether: for the very important passwords, like banks and such, use the pepper method. This means, you have on your password manager part of your password, and a small portion is something you know. Example: generate a 25 chars password, and have at the beginning or end, more 5 chars that you know (can be letters and numbers, and can be something you remember every day, like the first letters of your address plus house number).

With this approach, there are a couple of benefits:

• you can still have computacionaly heavy passwords
• if an attacker gets a hold of your open vault and try to login, it will fail since the password is effectively not complete

Biggest downside I see is remembering the pepper always. And make sure is not written anywhere. And of course, yo can always argue it is possible at some point to get the correct password with the base password known. But at this point, thus should give you enough time to change it and thwart the attack. Remember: there is no perfect security solution, only sufficiently good ones that can be usable and effective.

I never encountered this I have to say. Will bookmark it and save it for later when I need to double check this. But from what I see, FP 4 and 5 can be locked again after custom ROm imaging. This is actually good news. Thanks for the share!

This is also a good perspective. One thing I was thinking just now: at some point, side loading on iOS will be a thing. I wonder at that time we can truly use an iPhone without an account at all (not even to install stuff), but my guess is, considering their track record, they will do the wildest malicious compliance possible…

The comment is no longer there, but claimed that FP did have a graphene image, which I found weird, and so I checked the website. I still ask if there was a chance was an unofficial image somewhere, since those things can actually exist

I did hear about the extended warranty because of this issue, but I was completely unaware of the check boxes stuff. Thanks for the heads up! Also… Clearly there are issues and stiil try to pull some shit with dark patterns. Classy

For the reasons you mention, I really REALLY hope pinephone goes far and we have something else viable on the long run

Haven’t touched other phones in a while, so there is a chance this is not correct. However, I do remember trying to have my old s10e to have anything else that is not Samsung ROM. Its a nightmare.

I did check their page, do not see it there https://grapheneos.org/faq#supported-devices

Is it an unofficial image that works on FP 4 and 5?

Didn’t look iode before. I am not a fan of iode in general (as principle, as an os is probably a good daily driver). From what I see, the phone available from there that I could get would be the fairphone. But the lack of relocking after installing calyx is not exactly amazing

I do understand where you’re coming from. I never buy a phone without a somewhat good discount (which I got on this one). As for the risk flashing, quite frankly the cases of breaking are so far and few in between that for the odds given nowadays, I am OK in doing this on a brand new pixel (for other phones that require unlock first and all that jazz I do not try it on brand new).

As for the lineage os bit: lots of devices, but the lack of unlock for me is a no no. If it was an older device without important stuff such as banking sure, I would totally go for it.

EDIT: where you read unlock I actually meant root. Most phones cannot be unlocked unless you have root

I did check their list just now. I am surprised some one plus devices are there, shame is the old ones only. I will for sure have a closer look to this list and see how it goes.

That could be. And also, this is 2024. Why is this even an issue with something basic as static? Surely is not the first time this problem was dealt with before shipping this stuff out.

And I will. Still does not mean I will go after something else immediately after warranty is over (or even before if issues happen in difficult times, like traveling).

That was my first thinking. But then again, no relocking makes things a lot harder

Last time I heard, fairphone did support calyx, but no dice on the relocking. A shame really, since I do believe the people at fairphone are doing quite an important mission on the phone world.

This is what I feared. Either I deal with the shoddiness of the pixels and get mad from time to time but at least is safe, or no relocking. sigh Thanks for the answer though

That is for sure a good question, although I would say it would present limitations.

Let’s put it this way: Id photos are very standard. Front facing, until the neck, white lights, white background. Now lets say everyone’s photo got leaked (or used) and the only source of photos for a certain photo is the Id one only. I didn’t study the matching algorithms, but I will say that variation for a certain subject under different circumstances increase the matching possibilities. If by any chance you try to match someone live and the only source would be id photos, my guess is it would present a big error rate. Possibility could be fine tuned, not sure up to how much.

Now lets consider what we have today. For a single person, I will bet there are on average more than 15 photos of themselves somewhere available (for those chronically attached to stuff such as IG of fb) and a lot of the times tagged as well (and manually as well, there was a time on fb this was a big thing). With this amount of comparison points, I would say the matching for sure works a lot better

There is a detail that makes it possible: the absurd over sharing everywhere. If only everyone did not think to plaster everywhere their face with their selfies and decide to share everything everywhere, then maybe something like this would be a lot harder to implement (if possible on certain cases)

What a fantastic website not to visit

Mooltipass looks sick actually. I have my reservations regarding the ble part, but I would have to look into it more to understand it. Might get one to check around how well it works (once availability is there)

Curiously enough, I never heard of those. Do you happen to know good ones so I can further check?

Do you want to know the kicker? There are banks (yes, you heard me right) that straight up don’t allow more than 20 chars. 20!!! And they say you got to use the app for X things because it’s secure and shit (e.g.: use the app to 2FA credit card transactions). Meanwhile, does not allow you to add a yubikey for Fido authentication

I am not sure if by any chance they do the extra mile to check on that. However, as a rule of thumb you should try to keep private stuff away from work stuff, meaning, at work maybe is not the best idea to boast about your reddit profile where you happen to follow some nsfw stuff (or other stuff that can be considered offensive and/or can lead to controversy). I would imagine they try to check things such as accounts attached to an email or phone number (for instance). If a set of aliases were used for this (or different info) from your work email phone etc., you should be able to keep it separate.

Fantastic. Time to deliver opnsense and/or pfsense to the masses. Or better, recycle a router with openwrt or similar

I was making a quick check, and yes, the DoH situation is a bit more dicey. From how I see it, the best way to make this work is to, at the firewall level, either block as much as possible any requests that look like DoH (and hope whatever was using that falls back to regular DNS calls) or setup a local DoH server to resolve those queries (although I am not sure if it is possible to fully redirect those). In that sense, pihole can’t really do much against DoH on its own

EDIT: decided to look a bit further on the router level, and for pfsense at least this is one way to do this recipe for DNS block and redirect

Hm… I am not familiar with that device myself, and since I use opnsense for a while I forget most people do not use routers outside of the provided one.

But in a theoretical sense, this firewall rule should look something like this:

• origin of traffic is any IP that goes into port 53
• outgoing traffic has to go to pi hole on port 53

Forgot to mention the port but that’s it. Notorious devices like smart TVs and consoles like to use the hard coded DNS method

It does. Probably op meant something different

Pi hole is an amazing tool and gives a lot of insight on what is being queried and blocked against the block lists. Also, makes completely transparent on the entire network to have nasty things blocked. One thing I will mention to make the setup better: make sure on the firewall level you can have a rule that makes every request for a DNS to go through pi hole. Some devices will use a hard coded DNS instead of respecting the one on the network