this post was submitted on 05 May 2024
331 points (97.4% liked)

Privacy

31869 readers
298 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Simple steps to take before hitting the streets

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 6 months ago (1 children)

Most of that is solved by installing a ROM that's not user hostile, keeping it updated of course, and using the phone strictly as a purpose specific device.

That means you run a trusted VPN on it so HTTP/S and DNS concerns go out the window.
Sandboxed processes, blocked JS? Fine if you only install what's necessary and don't use the web browser. JS blocking is not a huge hurdle though, ublock does it with just 2 clicks.

Then if you have pegasus, the only way for security is to reflash the A/B partitions, both. Factory reset is not secure as it will keep what is already in the system partitions.

That's right but I don't think that this is enough. If the Pegasus malware (package) really is able to do that many things, it's a walk in the park for it to modify any of the partitions, including that which contains the modem, or just data like the modem's IMEI and MAC addresses.
In the cause I would either restore a backup of all partitions, or throw the phone away (not literally).

The firmware is protected and signed by the vendors, so it is likely clean.

Except if they patched the verification mechanisms of the OS.
Also, the firmware may be protected, but what about data partitions which are read by vulnerable software.

This makes them poorly pretty expensive. I think a slightly outdated GrapheneOS phone is okay though.

Are you sure? My 6 years old phone still receives LOS updates

[–] [email protected] 1 points 6 months ago (1 children)

Not sure if VPN eliminates all risks with 2G and 3G, maybe it does.

Sandboxing, javascript

Vanadium has sandboxing but its javascript blocking is useless (no granular control)

Mull has no process isolation at all, but support for UBO and Noscript. Bad situation

it's a walk in the park for it to modify any of the partitions

These cannot be written without TPM verification or stuff, ask GrapheneOS devs about that, I dont know. The firmware signing is required, the verification will not be done inside the OS, that would be totally flawed.

If they have the firmware signing keys, they can fuck you. If they dont, they can only write to the system partition, and Attestation can see that.

Reading data has nothing to do with that. They likely can, but that doesnt matter.

My 6 years old phone still receives LOS updates

This will not include firmware and likely even the kernel.

[–] [email protected] 1 points 6 months ago (1 children)

Not sure if VPN eliminates all risks with 2G and 3G, maybe it does.

It doesn't, but probably even on modern phones it only does if you explicitly set it to only use 4G but nothing below that.

Mull has no process isolation at all, but support for UBO and Noscript. Bad situation

If you only visit known reputable websites it's probably not really a problem, but also, I think there are chromium browsers that have addons. Not sure though if there's one that besides that also has the security patches.

These cannot be written without TPM verification or stuff

I doubt that it couldn't be written, I believe TPM can only verify its contents and make the phone refuse to boot if it doesn't agree on the authenticity of the partition contents.
However it's also a question which partitions are checked that way: only the system partition? Or more? Probably not all, because they can't verify e.g. the main user data partition, because it's ever changing contents were never signed by the manufacturer. There's a few dozens of partitions usually so this is not trivial to answer.

the verification will not be done inside the OS, that would be totally flawed.

Yes, verification is done by one of the bootloaders. At least partly, the OS and maybe other layers must be doing it too, just remember why Magisk had a feature to hide it's processes and the controlling app itself from select system services and other apps.

Reading data has nothing to do with that. They likely can, but that doesnt matter.

Didn't mean that. I meant writing data that is later being read by other important system software that is vulnerable to specially crafted quirks in that data.

[–] [email protected] 1 points 6 months ago (1 children)

Not sure but GrapheneOS has an "LTE only" mode, stock Android only has preferred Network afaik.

visiting only known websites is not a scaleable option, a browser needs to be secure. Kiwix is the browser that basically runs desktop Chromium on Android, so it has Addon support. But that is also soon manifest v3 restricted, and likely pretty insecure.

of course the user data partition is not checked, but every other important one. I have not tested what would happen when it is modified though.

I dont know what magisk did, but I think that is only about Google Play adding their "safety" scanning to the OS. Nothing regarding boot. But yes, likely there could, can or should be OS components scanning things too.

Googles stuff is pretty insecure, for example the latest SafetyNetFix simply disabled hardware cryptography, as they still support insecure phones.

For sure this is very complex and there are always vulnerabilities found in Android and GrapheneOS.

[–] [email protected] 1 points 6 months ago (1 children)

visiting only known websites is not a scaleable option

On the regular day to day use, that's right. But on a protest you really should be careful, more than usual.

but every other important one

Is that universally true for all phones?