Me loving GrapheneOS intensifies.
Chromium and Webview ripped out and replaced with hardened Vanadium.
this post was submitted on 19 Feb 2025
184 points (100.0% liked)
Cybersecurity
6372 readers
74 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
founded 2 years ago
MODERATORS
Man, I had gaming scheduled for this weekend. I guess I gotta move up my plan to backup everything and switch over to GrapheneOS.
Its a pretty easy switch and has some nice perks like disabling the software restictions on the USB C port so you can actually hook up displays
If you have a Pixel, yes.
If you have a Galaxy, you're in for some s**t
I thought it wasnt even possible on a galaxy
It's possible, but a huge PITA. Learning how to do it, that is. Once you know all the magic incantations and have your potions and elixirs available, it's easy enough.
Most of the "how to" guides don't mention all the little crap you need to know so it takes a lot of trolling through forums to find why this next step isn't working.
I have a galaxy phone but haven't pursued the idea of installing grapheneOS on it as I thought it would be impossible. Please share you arcane knowledge of the unholy incarnations.
How does GrapheneOS play with folding phones? Nicely?
Probably as well as any other stock Android ROM, because that's all it is, plus a few security patches on top.
Do Linux next 🐸
I'm still waffling between CachyOS and Bazzite. 😆
I've been daily driving bazzite for a few months, I would highly recommend you give it a distro hop for a bit to see if it fits you. The main downside is getting used to the atomic mindset and changing how you install your tooling
I actually have it on a laptop, because I wanted something virtually bulletproof that my SO could have that just works. No worrying about broken configs or leftover cruft.
Just undecided if I want it on my main desktop. I've had a few minor but annoying issues with it, though nothing unworkable. Ricing is sometimes problematic, and that's something I enjoy. I really like the build process, though, and how you can downstream your own version, and I like ostree backups (plus I can't wait for bootc).
gimme a decent rom guaranteed to work with my six-year-old unsupported hardware
Sorry didn't realize you were asking for ROM
Lineageos is your best bet.
load more comments
(1 replies)
What service provider are you using with Graphene? I want to de google but it seems a wasted effort when I have FI
According to multiple users on the GrapheneOS forum it works just fine https://discuss.grapheneos.org/d/7950-does-grapheneos-work-with-google-fi/2
I'm able to use Organic Maps with RH Voice with the sandboxed Google Play + Android Auto Graphene uses for my travelling/cycling/Public-transit map needs.
Mint Mobile. I'm fine with 5GB/5G:$15/month ~$185/year. 🤘😁.
I download flac songs/albums for off line use with Tidal when not streaming on WiFi.
PipePipe for YouTube/etc stuffs. 720p or background playback to save bandwith/battery isn't bad.
Thunderbird for my gmail account.
But in process of moving to Tuta.
Last I recall, Vanadium lags behind customized-Firefox in privacy features, and even more behind the Tor Browser.
Having a tool like Noscript is absolutely necessary, with today's browsers, if you want to fight fingerprinting.
All I known is DivestOS is dead as is Mull 😮.
And there's things Vanadium/web view offer that Android Firefox never can:
By default Vanadium's JIT JavaScript is blocked. Can easily turn off regular JavaScript if ya want on site settings.
this article does not attempt to compare the privacy practices of each browser but rather their resistance to exploitation.
The Madaidans article lacks relevance, we are talking about fingerprinting.
Android Firefox never can
That's just not true, many of those are things that Android Firefox likely won't do, but that doesn't mean they can't do it.
That said, I care more about privacy than theoretical attacks. Companies are tracking me, black hats might attack me.
The clowns just wsnt to run all these code on PC man... Why don't you let them?
Yeah I'm going with a Murena phone and /e/os installed, as they're both European.
I unfortunately can't really see how a browser could still be nice to use and properly resist fingerprinting.
The site https://amiunique.org/fingerprint tries to fingerprint your browser and lists the used attributes along with their uniqueness within their dataset. And while a browser could pretty reliably lie about its User Agent or Platform, it's often just necessary for a modern website to know, for example, what your view-port's resolution is or what kind of audio/video codecs your device supports. Going through my own results, I'd say combining these necessary data points is probably enough to identify me, even though I'm pretty privacy-conscious.
Maybe I'm overly pessimistic, but I think preventing fingerprinting would need a regulatory instead of a technical solution. Unfortunately that doesn't seem very likely anytime soon.
I’d say combining these necessary data points is probably enough to identify me
The EFF has had a couple of websites that would profile you on exactly this data, so you're completely correct in that even the basic normal required metadata is more than enough to identify you pretty well.
coveryourtracks.eff.org is where it's living now, and a quick glance shows that just using browser capabilities and such is absolutely enough to identify me.
For the lazy: https://coveryourtracks.eff.org/
This helps so much more on mobile using an app. Thank you for your service!
Thats very good thank you
There are extentions for Firefox that randomise most of that. They add random supported codecs for example, enough to make it believable, not enough to make it a unique combination.
It's not perfect, nothing is, but it seems to be good enough.
Browser?
Lol they own Android...it's the entire os. They're fingerprinting every android phone.
No, AOSP is FOSS. They dont own it. By default it doesn't install any google blobs.
Always reinstall your OS when you buy a new device.
Try Tor Browser.
Good idea, but unfortunately even the Tor Browser doesn't seem to reliably protect against fingerprinting.
I've just tested fresh installs on Manjaro and Windows 11, both with Standard and Safest security levels. I haven't resized the window or done anything else. According to the website, I still always had a unique fingerprint.
Tor Browser is definitely protecting you against fingerprinting. Every user has the same fingerprint.
That's unfortunately not how fingerprinting works. There isn't one fingerprint defined for every browser. The methods of generating such fingerprints are ever evolving and although the Tor Browser does obfuscate more data points than regular browsers, it is not able to guarantee identical fingerprints for all users.
For example, this demonstration of a WebGL fingerprinting method produces different WebGL Report Hashes on two of my systems using the Tor Browser. The hash even stays the same on each machine between browser sessions, so it's indeed very useful for fingerprinting.
Don't get me wrong, your chances of avoiding fingerprinting are probably much better when using the Tor Browser. But it's only mitigating the problem, not solving it.
load more comments
(2 replies)
You mean it didn't already?
My read is that before they did the fingerprinting on their side and used it to construct profiles to sell to their customers.
But now there's just giving the fingerprints directly to their customers.
Perhaps this will motivate makers of web browsers to finally get serious about making fingerprinting less easy. Looking at you, Mozilla.
Mozilla already has anti fingerprint settings.
Yes, but with a few caveats. Last time I used the 'Resist Fingerprinting' option, it made window resizing funky and some sites flat out rendered wrong.
It needs some polish and some user controls.
That's the tradeoff you have to make. Your window size is a good fingerprint, so spoofing the size makes sense. But websites that need to window size for legitimate reasons are breaking.
How else could it be? The window size directly identifies you AND determines the page layout.
load more comments
(1 replies)
After reading these reports of intensified fingerprinting I decided to block all scripts on my browser using uBlock. Can't do much regarding the IP tho
Getting away from Google isn't easy, but it's required.
I think its pretty easy. Did the transition like 10 years ago. Today its easy as pie.
I mean, do you not use YouTube? How do you search? Do you avoid anything built on googleapis?
I can't use YouTube since they banned VPNs.
I use ddg for search..
I dont know anything that requites googleapis, but its blocked in my browser so it shouldn't matter.
view more: next ›