Flatpak shouldn’t require a reboot after install. I never have needed on any distro. It takes me about the same time as regular package manager. Odd to say the least.
Flatpak shouldn’t require a reboot after install. I never have needed on any distro. It takes me about the same time as regular package manager. Odd to say the least.
Application sandboxing is just SO important. If the app isnt available as Flatpak, you could install it normally and use Bubblejail to restrict it.
What specifically don’t you like about it?
Try to still all your desktop apps through Flatpak. Flatpak applications are sandboxes (meaning they are regulated by the system using permission toggles and variables). It is better for security/privacy, and makes transferring app data to a new OS install easy (app data is stored in ~/.var/app/
)
Bluefin (MacOS look) or Aurora (Windows look) are great starter Linux distros. It won’t give you the typical Linux experience (mostly that you won’t really need to do much terminal stuff).
If you won’t a more typical Linux experience, I recommend Fedora Workstation (the KDE spin if you want that Windows look).
Webcord is another good client. It is more so designed for security and isolation, but supports theming and plugins. Vencord (more specifically Vesktop) is probably a more interesting client.
Sadly, KDE Plasma has not yet secured the windowing protocols, so applications can freely record your screen. Only GNOME stops this ATM. Not a deal breaker, and KDE plans on improving this. Still a security risk.
I do agree that generally when we refer to the fediverse, we mean ActivityPub federation. I also just wanted to point out that ActivityPub is not synonymous with fediverse.
It is federated, just with other Matrix protocol servers. Just like how email is federated.
Element is default E2EE for 1-to-1 direct messaging. Rooms require setting up encryption.
WebCord supports it.
Unique to you, shared between your different browsers.
Except for shared unique similarities. Fingerprinting designers know “not all data is good data” and will then filter out bad data and use hard to change charateristics, like hardware or software similarities, which can enable cross-browser fingerprinting.
Lying about your host OS does nothing to protect against OS fingerprinting. Your OS can still he determined through the differences in how each OS renders and handles the Browser, and underlying architectural differences between browsers on each OS.
This is true. I still agree that closed source OSes are not private or as secure as if they were open source. Something like deblobbed AOSP (DivestOS) is better because it has strong sandboxing, full system MAC policies, and vastly reduced attack surface to google Android (or Apple). Desktop does not have a strong enough threat model, wish it was better.
I was referring to the OP’s comment on “iOS having a backdoor”. I am not saying I agree with OP, just was trying to see if there was something like a backdoor.
This maybe be what they are referring to: https://9to5mac.com/2023/12/27/most-sophisticated-iphone-attack-chain-ever-seen/
Neither of the methods I mentioned are hard. They have no 'if’s or 'but’s, only the same prerequisite as any bit of malware, get run. Do you know how to protect against either of the attacks I mentioned? You can poke some holes in them if you like.
The attacks I mentioned (and even more in the articles and wiki’s for the “Security focused linux distros” I shared) are often not possible on Windows or OSX because of the hardening present on basically every other modern OS. Linux just makes it easy. I don’t really understand what you mean by “I did a lot of reading in my time”, Security research is continuous and you can never get to a point where you understand everything or anything. I learn new things everyday, I suggest you expand your horizons and learn more about the topic you have such confidence in. Nothing that I shared is a long read, there are no tricks and I am not trying to tell you to stop using Linux mobile. Just that it isn’t “secure”, or more specifically it isnt as secure (out of the box or even with moderate hardening) as OSX/Windows/BSD/Android. Default Linux IS more private than any closed source systems, but when compared to other open source OSes like DivestOS (deblobbed hardened AOSP), Kicksecure (Debian Linux), Secureblue (Fedora Atomic), or hardened BSD, it is missing out on a lot of necessary hardening policies/changes.
CVEs are often go mislabeled as normal bugs and dont get the attention needed. It also may take a bit for such vulnerabilities to make it downstream.
A simple privilege escalation attack on basically every system goes as follows: add a function into the bashrc file of a users that runs a script, have the script intercept the users sudo credentials and pass the command on normally as if it was just the regular sudo command. Now you have root. Nothing here requires priveleges beforehand. Anything, be it a script, appimage, malicious binary, etc can follow those steps and gain root access by compromising the wheel user. Even without compromising a user, it could simply add a Systemd user service that keylogs (keylogging is still possible on Wayland without security hardening)
A prerequisite of course is getting that file onto the user’s computer. There are a plethora of ways. Simplest way is to learn what applications the user installs, find the weakest link, and compromise them.
There are of course much more sophisticated and better ways, some of which are detailed in the supporting links I sent. Every Security expert and researcher I have talked to can recognize that Linux has an outdated security model. The best links to read would be the hardening guide and “linux isnt secure”.
I only mentioned physical port attacks in a much larger list of things Linux MUST improve on. I am not a grapheneOS shill, nor did any of the supporting articles I sent relate to GOS, so I don’t really understand your response. Read through the links I posted and learn more about the operating system you use. I am NOT saying linux is dogshit, I very much love linux. Why not just educate yourself on this topic instead of assuming things from a place of ignorance or constructing a strawman. I spend multiple hours per day reading and putting into practice Linux hardening techniques, I am not just working with a surface level understanding of Linux security.
Even open source is vulnerable. Two questions: do you examine all the commits on every app you use? Do you compile every update to the apps you use from source? Sandboxing is important because if an application is compromised it cant lead to privilege escalation or userspace spyware.
QKSMS is abandoned, QUIK is a maintained fork.