user0 so is it more "secury" if u use a wifi only ipad? Like with the pixel tablet?
Is GrapheneOS the most secure OS in the world?
10 days later
- Edited
andrej567 the point you're making is moot
The devs of GrapheneOS are aware that reducing permissions leads to a more secure OS. Something that has less lines of code allows for less chance for vulnerabilities, and its easier to maintain, less chance for things to break. Of course the most secure OS is one that is effectively a brick - but that would not be an operational system. Dumbphones could be cited here as an example if it weren't for the fact that you probably use it to do SMS and calls, which are incredibly insecure compared to say, Signal. If you use a dumbphone and never insert a SIM card, and never enable bluetooth, you could say it's pretty secure but also pointless for anything other than playing snake.
Is Pixel 9 known to have any security improvements over previous generations?
- Edited
How is NordVPN a scam? Just because it mentions military grade encryption, does not make it a scam. All that says is their marketing is vague and deliberately sensational to get you to buy their product. That doesn't equate to scamming.
gk7ncklxlts99w1 nord and pia share the same owner whos a shady dud, these two are the lowest of the list of vpns I'd trust slightly above "free" vpns. If you want to know more do your research I won't be spamming this thread.
- Edited
grayway2 By the end of 2023, Apple said that they were not aware of any successful attack against individuals using lockdown mode : https://techcrunch.com/2023/12/07/apple-says-it-is-not-aware-anyone-using-lockdown-mode-got-hacked/
So since then, I did not find real public proof of devices running last iOS update + lockdown mode on being exploited remotely
Apple would say that because why won't they. They're a marketing-oriented company, first and foremost.
CitizenLab (Canada) is more humble in its assessment (in the same blog post you shared):
Given that we have seen no indications that NSO has stopped deploying PWNYOURHOME, this suggests that NSO may have figured out a way to correct the notification issue, such as by fingerprinting Lockdown Mode.
GrapheneOS It doesn't enable a bunch of advanced hardening features.
Yep. Inexplicably, iOS' Hardened Runtime remains opt-in, instead of turning it ON in Lockdown Mode for all apps.
gk7ncklxlts99w1 Is Pixel 9 known to have any security improvements over previous generations?
https://grapheneos.org/faq#recommended-devices
There's a lot of good material on the GrapheneOS web site.
By the end of 2023, Apple said that they were not aware of any successful attack against individuals using lockdown mode
Apple is not aware of their devices being exploited in general, and hardly anyone uses lockdown mode, so why would they be aware of that happening? It's a marketing claim with very little substance behind it. Safari is regularly remotely exploited with lockdown enabled, as are the OS and other apps. Lots of real world, publicly available evidence proves you completely wrong. Apple is using misleading marketing by claiming they aren't aware of something which they would realistically have no way of being aware of in the first place especially considering they aren't really trying to find it themselves. It's as worthless as it would be for us to say we have no evidence of there ever being a successful remote exploit in the wild against GrapheneOS with any configuration. That is true but we don't say nonsense like that because we know it's highly misleading and marketing GrapheneOS that way would be dishonest.
I'm aware of the shadiness. But you're saying they're a scam and it's not true. Do you know what a scam is? They're not scams, they're just egregious with their policies and likely sell your data to third parties. Not a scam, but it's scummy. They're also not the worst VPNs you could come across - the worst ones will probably ruin your life.
- Edited
from what I can glean from that info, looks like hardware memory tagging is the only security feature that is present on the newer devices. Probably not enough to get me to buy one soon, that being said I don't even really know what hardware memory tagging is aside from what I could glean from a quick duckduckgo search.
gk7ncklxlts99w1 No, there are multiple security improvements on the newer devices. Hardware memory tagging (MTE) is the most significant one and heavily used by GrapheneOS to implement much stronger defenses against exploitation. It's not used by the stock Pixel OS in production but is nearly exclusive to Pixels in practice. Pointer authentication codes (PAC) and branch target identification (BTI) are similarly only on 8th gen and later Pixels due to them being ARMv9 instead of ARMv8.2. Those aren't the only security improvements, but they're the most obvious ones.
gk7ncklxlts99w1 I don't even really know what hardware memory tagging is aside from what I could glean from a quick duckduckgo search.
Here is an explainer linked to a while back by @Titan_M2: New Memory Tagging Extension User Guide for Android OS Developers.
Quick summary: MTE is pretty good at stopping some popular methods used by malware to attack devices, such as buffer overruns and use-after-free. If MTE is on, a covered attack has a fair chance of crashing the attacked app (or the attacked kernel) before execution of malicious code can get very far. MTE isn't perfect, because nothing is, but, for people concerned about devices being attacked, any substantial defense mechanism is of interest, and MTE is substantial.
- Edited
Thanks for the explanation. I still don't think it's financially viable to get the new model any time it comes out. I'll probably wait until 2027, right before my Pixel 7 stops getting updates. Unless there's an official recommendation to get a new one sooner.