Jonah @jonah@social.privacytools.io

@MasTorDon yeah I did see that documentation.

I'm less interested in serving this web interface over a .onion address, and more interested in the ability for this instance to federate with other onion-only instances (are there any?) but *that* is what is less documented.

@MasTorDon that's too bad. I've been thinking about adding Tor federation to *this* server in the future but it's not very well documented.

@darylsun they were suspended lol

@epochorange yeah. You can PM me.

@Outernaut you need to enter your full username, ending in @social.privacytools.io, not @mastodon.host.

@a360 hey! Welcome to our instance. If you're looking for people to follow check out https://social.privacytools.io/about/more and https://communitywiki.org/trunk/ 😄

@emacsomancer maybe ideologically, but in practice an iPhone XS is going to be more secure compared to a Galaxy S5 or even a standard Linux laptop against both malware attacks and targeted/local attacks, and that’s what’s going to provide the most immediate benefit to consumers, both individual and in enterprise environments.

@emacsomancer right, like I said there's certainly valid reasons to use Lineage.

I would probably disagree with that last part though. Mobile devices are arguably the most secure devices people own (strong sandboxing, malware protection, hardware security, etc). Which is why it's such a shame most Android OEMs completely disregard it.

@emacsomancer it's probably significantly more relevant to mobile devices.

I would probably consider any device no longer receiving security updates to be "old hardware" in this context.

So if the Titan M stopped receiving firmware updates in 5 years, but the 2024 Pixel phone was receiving up-to-date security patches, then yes the Titan M would be old hardware.

@emacsomancer right. I'm speaking from a *purely* security focused standpoint, where it is essentially unacceptable to use old hardware. There's certainly other reasons people might prefer something like an S5 and Lineage over a Pixel and Graphene.

@emacsomancer have a screenshot? Haven't used Lineage in a while but IIRC at the time they just used whichever was higher which seemed very unethical. So if they show both that's definitely a huge improvement.

But regardless, I'd be willing to bet the vendor security patches are far behind. The main reason Graphene is more secure is because it forces you to use a Pixel, which is objectively more secure hardware.

@Outernaut seeing as privacytools.io makes exactly 0 requests to servers outside our control (i.e. no "third-party" network requests of any kind), I literally have no idea what you're talking about 🤔 @greyor

@jj I use both AdGuard and AdGuard Pro on my phone currently.

AdGuard adds filter lists locally, so if you only use it as a Safari content blocker it's entirely local. They have an optional premium subscription that will route your DNS through their servers, yes.

AdGuard Pro also does filter lists locally, and has a DNS "VPN" built-in. Notably, while AdGuard's DNS servers are the default, you can choose to use any DNS servers you'd like, including OpenNIC, or even custom DNS over TLS servers!

@ben_dw I just meant my reply to supernova (https://social.privacytools.io/@jonah/102502378974709298) you probably read it.

If you're interested in learning more though I'd definitely join the GrapheneOS IRC channel on Freenode (#grapheneos:privacytools.io on Matrix), they're usually around to answer questions about what makes Graphene more secure.

@ben_dw the Titan M’s firmware is also completely open source, whereas the HSM on the P2 is essentially a black box, so that’s another reason the P3 is superior.

The 3a has the same Titan M chip, so theoretically it should be equally as secure as the 3.

@ben_dw as far as the Pixel devices go, the Titan M chip in the Pixel 3 grants a lot of additional functionality in Graphene. I don’t know the specifics of what it’s currently used for but I’m told it’s a significant difference. The Pixel 2 has an off the shelf HSM which does similar things, but not everything the Titan M does. The Pixel 1 doesn’t have a dedicated HSM at all AFAIK, which is the main reason it’s a “Legacy” device according to Graphene.

@ben_dw Graphene is also the only custom ROM that has you load in custom boot signing keys so that the trusted boot process can begin. On most phones this process only happens with the stock ROM, so having that layer of protection blocks any boot modifications or silent malware from infecting your phone without your knowledge. Basically if someone were to want to modify your phone somehow they’d need to unlock the bootloader again and that would be obvious.