Robo chomo coauthors grant proposals too

I think this person is just permanently a contrarian.

Phones are full fledged computers nowadays, with Android you can have different profiles. For their level of paranoia, they could have a profile they never use in public, and only login with a full password, only when they’re in a secure location.

For the randomized pin, and biometric two-factor use of a phone, that covers most use cases, and is quite secure compared to most models of data security average civilians use.

You can have different scopes, if you’re in a crowded place, reading Lemmy isn’t really a big security risk. But logging into your banking would be. All of that is possible on Android, the fact that they’re so staunchly pro computer, is difficult for me to take their analysis seriously

Google makes the most open and customizable phones. Unlocked bootloaders, the ability to sign your own code. Rapid security updates for baseband drivers.

Nobody else comes close.

https://grapheneos.org/faq#future-devices

Actually pine phone is really open, but it’s not android and nowhere ready to be a daily driver.

You see the boat in the photos? You see how it’s got a flat bottom, and a ramp that can be lowered? It is literally designed to land on beaches and offload cargo. No Pier needed

Does this mean your also against yubikeys?

https://learn.microsoft.com/en-us/windows/security/hardware-security/tpm/tpm-fundamentals

Devices that incorporate a TPM can create cryptographic keys and encrypt them, so that the keys can only be decrypted by the TPM. This process, often called “wrapping” or “binding” a key, can help protect the key from disclosure.

This is how cell phones and windows hello justify short pins, the pin goes into a rate limited TPM that then discloses a larger key to decrypt the actual secret.

It is the foolish ferengi who asks for what he wants, the cunning take it and don’t reveal their intentions

Qubes is immune to the knife to the throat threat model?

TPM in the SOC to transform the “convenient” pin into more robust encryption keys is the gold standard for civilian devices.

“computers” (of which a phone very much is) also use a TPM for this very reason.

But even taking what you say as gospel, the device isn’t insecure, its how people are using it.

I will stand by my comments a phone is the MOST secure device a civilian will use. Even with a secured desktop computer where someone diligently types in a 64 bit random code to unencrypt the hard drive… if they use the computer as a general purpose device, the threat surface raises dramatically. Now information and programs are not compartmentalized, install one bad program and it can trivially take over everything.

Please help me understand your point of view. So far all you have said in this conversation is that other people are wrong. That may be, but your not helping us understand you

I think phones are the MOST secure devices most people have. They are locked down, they run software in very restricted containers, they have more restrictive feature allowance. for 99% of the people the phone is the most secure device, full stop.

Can you do better on a computer? Sure, but it takes a bunch of work and isn’t the out of box experience

You can use two factor, fingerprint plus pin and have the pin layout randomize each time.

The hardware driver updates are absolutely critical if you want to have a secure phone. The phone has to be within the support window, to get any hardware driver updates. The risk surface of a phone’s hardware is huge, you’ve got the Bluetooth drivers, you’ve got the Wi-Fi drivers, you’ve got the modem drivers, and any other sensors I may have forgotten about.

Could you explain how phones are insecure by design?

I’m pretty sure this person was just looking for a reason to sue, and then tried to construct the most salacious situation to sue about.

I’m not against them suing, I think web tracking is evil, so more power to them, but I definitely feel like a lawyer helped architect the actual complaint

Depends on your friends threat model, lineage will work on it.

No security updates makes the Pixel 4a a bold choice for your main phone. I don’t recommend it

I would follow the graphene OS recommended phone guide, that gives you maximum flexibility to put any operating system you want on the phone.

Identity is a human right, digital systems should NOT have the power to revoke your identity.

It is of critical importance to design digital identity systems that ensure the privacy of citizens as well as protecting them from issuer corruption. Unfortunately, what Europe’s and USA’s public sectors are currently developing does not offer such basic protections. We aim to solve this issue and propose a method for untraceable selective disclosure and privacy preserving revocation of digital credentials, using the unique homomorphic characteristics of second order Elliptic Curves and Boneh-Lynn-Shacham (BLS) signatures. Our approach ensures that users can selectively reveal only the necessary credentials, while protecting their privacy across multiple presentations. We also aim to protect users from issuer corruption, by making it possible to apply a threshold for revocation to require collective agreement among multiple revocation issuers.

From a showrunner perspective, you want to have a diverse set of sets, activities, and situations you can perform in. That leaves you either with wealthy characters, who can justify doing these things in these exotic places. Or poor characters who behave wealthy inexplicably.

Ie friends where people working dead end jobs had housing better than most millionaires.

Mid tier B550m.