tsonfeir@lemm.ee
on 12 Apr 2024 04:50
nextcollapse
Me feeling left out.
cy_narrator@discuss.tchncs.de
on 12 Apr 2024 04:59
nextcollapse
If you are a high value target, you should not carry normal phones made for normal people.
Its sad that none of the dumb phones were built with security in mind. Linux phones are the second best option, GrapheneOS and CalyxOS would be the least you should go.
Alot of people told me “No these old phones cannot do modern crypto” and I am like they managed to put in full 3d games for Nokia 5130c2 and 5300 such as “1916 Dogfight” and “Need for speed carbon” I am sure these phones have enough processing power to do all the modern crypto if someone tried to.
rottingleaf@lemmy.zip
on 12 Apr 2024 05:27
nextcollapse
if someone tried to
Cryptography is what you yourself first need. Also - depends for what, if we are not using hardware acceleration. Encrypting text - yeah. Voice - may be more problematic.
Also consumer hardware and software is generally not designed to protect high value targets.
It’s intended for protection against crooks and hooligans, which is necessary for businesses, which is an incentive for vendors.
Providing protection against nation states is something which may even be considered a bad thing.
cy_narrator@discuss.tchncs.de
on 12 Apr 2024 05:39
collapse
Maby it would be problematic for real time communication like voice when it comes to encryption but these phones do not even try to do text encryption bugs me.
I think we should just feel okay to say “I dont know what advice to give you if you are targeted by a nation”
le_saucisson_masquay@sh.itjust.works
on 12 Apr 2024 09:29
collapse
We know what snowden does, and this guy is targeted by the usa. Basically never use phone, only computer on ethernet running qubesos from external drive on computer bought with cash.
It’s not a secret by now.
le_saucisson_masquay@sh.itjust.works
on 12 Apr 2024 09:27
nextcollapse
Linux on phone is great for privacy but can you say that on security ?? It’s open source, not very popular. We’ve seen how it can go wrong recently.
Id put it in third after grapheneos. But the end result is that it’s not suitable anyway.
Which was an exception to the rule and found immediately because of open source but go on with your bad self. Hell, they did so much investigative work they figured out it was a Russian hacker masquerading as a Chinese hacker.
bitfucker@programming.dev
on 12 Apr 2024 16:39
nextcollapse
Wait, they have figured out the source now? Can you give me the link for more reading on how they did it?
le_saucisson_masquay@sh.itjust.works
on 13 Apr 2024 22:43
collapse
Exception to the rule ??
I’d argue you have no idea how many times it succeeded because that’s the point. We only know what failed, if this worked I have no doubt that companies running Pegasus which have hundreds of millions of dollar of budget every year can success.
Open source when not maintained properly is fundamentally flawed, there just need one weak element in the chain, one package maintained by a handful of people on their own time.
CrazyLikeGollum@lemmy.world
on 15 Apr 2024 10:16
collapse
Do you know how many times Microsoft has had a supply chain attack inject a critical vulnerability into Windows? Or how many times a malicious insider at Apple has added a backdoor to iOS?
Nope, and you cant possibly know because those systems are closed.
With open source software you have the ability to audit the code for vulnerabilities. We have the ability to reasonably state that that incident was an exception to the rule because its so easy to see the available code and major security incidents tend to become major news.
le_saucisson_masquay@sh.itjust.works
on 15 Apr 2024 22:46
collapse
An open not maintained system is worst than a well maintained but closed one. There are billions of $ behind window and macos. Some critical package on Linux are maintained by 2 guys during their spare time…
Later, nonprofit advocacy group Amnesty International reported that it had found Israeli spyware maker NSO Group’s invasive spyware Pegasus on the iPhones of prominent journalists in India.
Of course it’s fucking Pegasus.
If you haven’t seen the Frontline doc on it you should.
fiercekitten@lemm.ee
on 12 Apr 2024 06:38
nextcollapse
I’m of the opinion that we need to start calling NSO Group a terrorist organization.
threaded - newest
Me feeling left out.
If you are a high value target, you should not carry normal phones made for normal people.
Its sad that none of the dumb phones were built with security in mind. Linux phones are the second best option, GrapheneOS and CalyxOS would be the least you should go.
Alot of people told me “No these old phones cannot do modern crypto” and I am like they managed to put in full 3d games for Nokia 5130c2 and 5300 such as “1916 Dogfight” and “Need for speed carbon” I am sure these phones have enough processing power to do all the modern crypto if someone tried to.
Cryptography is what you yourself first need. Also - depends for what, if we are not using hardware acceleration. Encrypting text - yeah. Voice - may be more problematic.
Also consumer hardware and software is generally not designed to protect high value targets.
It’s intended for protection against crooks and hooligans, which is necessary for businesses, which is an incentive for vendors.
Providing protection against nation states is something which may even be considered a bad thing.
Maby it would be problematic for real time communication like voice when it comes to encryption but these phones do not even try to do text encryption bugs me.
I think we should just feel okay to say “I dont know what advice to give you if you are targeted by a nation”
We know what snowden does, and this guy is targeted by the usa. Basically never use phone, only computer on ethernet running qubesos from external drive on computer bought with cash.
It’s not a secret by now.
Linux on phone is great for privacy but can you say that on security ?? It’s open source, not very popular. We’ve seen how it can go wrong recently.
Id put it in third after grapheneos. But the end result is that it’s not suitable anyway.
Do you understand what you say?
Everything you typed here is wrong.
Oh my god you’re so right. Thanks for enlightening us.
There’s no “us” – just your dumbass.
Your dumbass should check XZ Backdoor.
It was open source, yet only blind luck led a Microsoft developer to uncover it. It would have gone in most Linux installation otherwise.
All because of an unpopular package that was maintained by a very few people.
Which was an exception to the rule and found immediately because of open source but go on with your bad self. Hell, they did so much investigative work they figured out it was a Russian hacker masquerading as a Chinese hacker.
Wait, they have figured out the source now? Can you give me the link for more reading on how they did it?
Exception to the rule ?? I’d argue you have no idea how many times it succeeded because that’s the point. We only know what failed, if this worked I have no doubt that companies running Pegasus which have hundreds of millions of dollar of budget every year can success.
Open source when not maintained properly is fundamentally flawed, there just need one weak element in the chain, one package maintained by a handful of people on their own time.
You’re a clown
Holy fuck, every time: one line answer, no explanation, just Insults. Find someone to fck instead of crying on the internet.
Triggered much, clownboy?
Do you know how many times Microsoft has had a supply chain attack inject a critical vulnerability into Windows? Or how many times a malicious insider at Apple has added a backdoor to iOS?
Nope, and you cant possibly know because those systems are closed.
With open source software you have the ability to audit the code for vulnerabilities. We have the ability to reasonably state that that incident was an exception to the rule because its so easy to see the available code and major security incidents tend to become major news.
An open not maintained system is worst than a well maintained but closed one. There are billions of $ behind window and macos. Some critical package on Linux are maintained by 2 guys during their spare time…
Modern crypto is often faster than old crypto. For example eliptic curve crypto in software is faster than AES in software
Is the old stuff beginning to break, or just slow?
Kinda both
Of course it’s fucking Pegasus.
If you haven’t seen the Frontline doc on it you should.
I’m of the opinion that we need to start calling NSO Group a terrorist organization.
Also; Modi and BJP. Carrying out assassinations in Canada should get you on that list.
Lol I’ve said this before on lemmy, everyone and their mom bought the Pegasus toolkit from Israel, even the nations that still don’t recognize Israel.