Email security on GrapheneOS vs desktop (eg. Linux)
gk7ncklxlts99w1 I recall the GOS forum account mentioning that GrapheneOS is more secure than any desktop OS right now (which I think is very likely).
That's not just very likely, that's a fact. Desktop OSes don't even come close.
gk7ncklxlts99w1 Would I be correct in deducing that I am less likely to be compromised by a malicious email attachment on GrapheneOS, than I am on desktop?
Generally yes, but this also depends on the programs you use and the settings of the email program, for example it is important to deactivate scripting and dynamic content.
gk7ncklxlts99w1 If I ever need to use my email on desktop, I would use it in Brave browser installed via flatpak
Using a browser for this is a good way to view emails and their attached PDFs, due to the browser's additional security measures like sandboxing. But using the browser as a Flatpak is not a good idea, since it weakens the browser's own sandboxing.
- Edited
TheGodfather Using a browser for this is a good way to view emails and their attached PDFs, due to the browser's additional security measures like sandboxing. But using the browser as a Flatpak is not a good idea, since it weakens the browser's own sandboxing.
This, especially chromium based browsers. The following is my own (perhaps flawed) understanding: there are different kinds of sandboxes, and using for example chrome in a flatpak, will cripple chrome it's own robust sandboxing, which i believe is more focused towards site isolation in the browser itself? While flatpak (with bwrap) sandboxes thing more from the OS. So i believe it could depend on your use case on how u would use chrome in this is example. Would u value it more kinda 'separated' from the OS, but have weaker site isolation in browser itself, or the contrary?
This is my own understanding currently of this pretty complex matter, and i'm mainly posting this as perhaps an expert could shed some light on my perhaps flawed view and clear some things up.
- Edited
The ill conceived advice to simply not open attachments at all is completely impractical, along with other sagely advice like "don't ever connect to the internet".
VM is not really part of my question though, I'm aware they would provide some additional security but for simplicity I'm just asking for hosts. A follow up question could be; could malware installed via email attachment in a VM be more damaging than on Android, and how likely is it the malware will escape the VM? VM escapes are notoriously difficult to perform, so it's beyond the scope of my question.
tV0gr compared to not using flatpak, like installing from your default package manager? To my understanding, malware would have a harder time escaping bubblewrap than it would otherwise, but I guess your default package manager is less likely to have malware in the first place.
dhhdjbd My question only addresses common garden variety malware, not spearfishing attacks or attacks carried out by nation states.
Generally yes, but this also depends on the programs you use and the settings of the email program, for example it is important to deactivate scripting and dynamic content.
I would imagine Tuta and Proton take their security more seriously than any other email providers, I'm guessing they address those things.
But using the browser as a Flatpak is not a good idea, since it weakens the browser's own sandboxing.
Can you elaborate? So it's better to use your distro's package manager instead of flatpak?
I think your comment really reflects the complex nature of this subject. Every time I try to learn about browser security and sandboxing, the subject goes in a hundred different directions. It is indeed very complicated.
But if it's a fact that GrapheneOS is more secure than any desktop OS, then that should mean you're much better off running an email client on your phone than on desktop. I just want to know if my reasoning is correct, cause a lot of the things I do for security I do based on assumption.
gk7ncklxlts99w1 But if it's a fact that GrapheneOS is more secure than any desktop OS
I believe on the topic of browsers it actually is.
Vanadium is hard to beat from a security perspective, i believe no browser on desktop could even come close. It has full (hardened?) Chromium sanbox, runs in android sandbox, and has userland selinux enforcement. Though this again is based on my current ( perhaps flawed) understanding.
- Edited
I use the Tuta and Proton apps. I believe the Tuta app is effectively a browser. Maybe it would be even more secure to use these email clients in Browser instead of the apps?
There's probably no area in my threat model that requires such a high level of security than email. Of all the things I do, email security is my main focus. Which is why I care so much and why I'm so pedantic about it.
I said not open attachments from sources you do not trust.. not to never open any.
Opening attachments is essentialy downloading a file onto your device and opening it/ executing it there.
(Definitly the case for pdfs in proton app and in proton vanadium browser, for example. For some file types a preview is avaible tho)
It does not really matter that it was part of an email.
If you do this, anything can happen, who knows maybe the app which you use to open a specific file type has an possible exploit..
But yes it is not likely that a random malware exploits the grapheneOS pdf viewer (and webview sandbox). It is realistically fine.
I really think some of people advising and/or speaking about potential issues/threats when using XYZ software on anything but GOS have no understanding of how tech works and why would the main account say what they do about the benefits (security wise) when interacting with various technologies.
This also unfortunately makes some people perceive that anything slightly out of the ordinary is a valid proof that they got hacked..
People used email/web etc for years even when GOS was not even in their creators mind and they lived, and usually did not get popped. Same now. It's not like you will get popped by the first exploit available when you'll use Firefox on Linux while browsing your Hotmail emails attachment. If you open any attachment without thinking OR you click any link you get from email/sms/signal I can guarantee you, no protection will be enough to save you. No exploit protection will save you. Recent vuln in chrome sandbox was so severe that even the researchers who discovered it found it hard to believe. And it did not even looked that malicious in nature. All it took was a bug in the software.
I'd like more people to stop worrying and just use the software as it was intended to be used. No matter if it's android, iOS Linux or even windows. You will be fine as long as you will exercise caution and common sense.
If your work/nationality/location call for it, yes you will most likely want to skip certain tools/technologies. But you will know, you won't need some random forum stranger to tell you that.
gk7ncklxlts99w1 compared to not using flatpak, like installing from your default package manager? To my understanding, malware would have a harder time escaping bubblewrap than it would otherwise, but I guess your default package manager is less likely to have malware in the first place.
Tough question. I would expect that they will fail in their own regards for different reasons. I think the problems that flatpak aim to solve is great and my N00b impression is that it's not the right tool for the job if the concern is a specific and near-universal program like a mail client and security. It can certainly be an effective way to obtain a program and solve many problem along the way.
Few of the other options would be to directly get package, use a different repository, compile from source. A bit out of context but using a different email client is also an option.
- Edited
0xsigsev I'd like more people to stop worrying and just use the software as it was intended to be used. No matter if it's android, iOS Linux or even windows. You will be fine as long as you will exercise caution and common sense.
As much as I agree with the part above I have to disagree with this one. 2024 was bad for cyber security for myself and looking at the news, for a lot of people. 2025 might be even worse. Last year I had to replace both my computer and router, and I experienced firmware issue on both of them. I never had that problem before. And somehow isolating my LAN from my ISP is now a lot harder than it used to be. I certainly have my own ignorance to blame but it is still more difficult than it used to be.
I know it's not what you meant but I have a problem on where "how intended to be" technology is heading. I don't need or want my smart TV to find new ways to link to my computer, or my OS to decide for me that I want to put everything on the cloud. Or my router to find new ways to interconnect my IoT devices to my ISP. Might as well be cancer.
I said not open attachments from sources you do not trust.. not to never open any.
The solution would be simple if this was the only logic check. You may trust "Amazon" but "Amazon" may not be Amazon. Hackers are relying on your trust in the companies you're familiar with. It's not enough. You should treat every downloaded attachment as if it were malware, the only way to do this is with a secure OS / VM.
tV0gr Fully agree. Common sense isn't enough, you need to think like a hacker, at least some times. Common sense would not be enough to protect you against the threat of ACR on TV's to record your laptop screen when it is connected to the TV via HDMI. And finding the option to disable these things takes practice, you kinda have to learn how dark patterns are used to prevent you from easily finding a setting (eg. to delete your account or cancel a subscription).
gk7ncklxlts99w1 Common sense would not be enough to protect you against the threat of ACR on TV's to record your laptop screen when it is connected to the TV via HDMI.
Please provide a reputable source where such things were discovered, and shown where it was either stored during capture or was exflitrated via network.
- Edited
If you're looking for scientific/academic evidence for this, you can skip the middleman (me) and look for it yourself. I don't believe I have a handy URL bookmarked for this. Look up how ACR works. If your TV is connected to the internet, and ACR is enabled, and you connect your computer to the TV via HDMI, it will monitor your screen and send the results (whether in the form of screenshots or telemetry or both) back to HQ. ACR captures whatever is on the screen in a likely arbitrary manner, so it doesn't care if you're scrolling through Netflix or doing "research" on your laptop.
If you find a good article please share it with me.
- Edited
gk7ncklxlts99w1 look for it yourself. I don't believe I have a handy URL
So, trust me bro? No thanks. Not gonna waste time for a FUD/Doomsday crap shared by someone who believes in anything they find on the internet without any real evidence.
- Edited
It's no skin off my back if you don't believe it. If you're genuinely interested in the topic then I trust you'll find it yourself. I have a feeling you're not really interested in learning anything, you're just trying to be annoying and unnecessarily pedantic.
If you want to learn things, sometimes you have to do your own research. This is a forum, and I'm not your personal assistant.
gk7ncklxlts99w1 You've come to the point of what the discussion sometimes looks like: prove it, if not, it means you are wrong. The problem of knowledge: I would not be surprised if I read: Look around and prove to me that the Earth is not flat. If you do not do this, it means that you are wrong saying that it is not flat. You can answer in the same way: prove to me that I'm wrong, if you can't, it means you're wrong. This approach kills the whole discussion and brings it to a senseless quarrel. However, this is a note outside the topic of discussion.
You asked if the email on GOS is more safe than on Linux desktop. Yes, and this is due to the fact that Proton and Tuta use the entire safe environment offered by GOS (Vanadium WebView, hardened malloc, MTE etc.). Even if you use Brave on desktop and you think it is safe, this browser uses huge external libraries that are written in C/C++ and often have limited security so that other poorly written programs work (more) properly.
This, however, does not change the fact that you can safely use an email on desktop, but it requires awareness of what you do and what is risky. None of these safeguards will protect against stupidity.
- Edited
I believe that when I interact with people on an online forum, I have faith that they will speak in a way that is in accordance with the truth. I do not ask that they prove every claim they make, because that would imply I don't trust people enough to come up with their own conclusions. That attitude does not get you anywhere. If your threshold for determining what constitutes misinformation is so low that you distrust anything that doesn't reference peer reviewed research from a scientific journal, you won't make it very far and you won't learn much, and nobody will like you. As I said, this is a forum, not a research database or a judicial court, and I'm not obligated to do the research for you. If you are interested enough in the subject at hand then I trust you will find it for yourself, and I would love to hear back from you.
fid02 set a pretty good example of how to conduct yourself in a different thread. I luckily had a link bookmarked, and he responded to the article and criticised it for being too vague and citing various other articles. He didn't criticise me specifically, he just showed why the referenced article needed more work. And I asked him for his take, cause I also thought it was vague. Neither he nor I am obligated to cite anything, but I expect people will act in good faith, and where I want clarification, I will kindly ask for any sources they have. If not, I'll find it myself if I'm really interested. Here's the discussion: https://discuss.grapheneos.org/d/21322-does-provider-get-unique-id-of-fido2-device/7
However I do acknowledge the challenge of what we're discussing but it extends beyond the scope of this post. How verbose should we be? What sources should we trust, and how thoroughly do we examine others' claims without stifling discussion (I'll say that again: without stifling discussion)? And perhaps most importantly, do we trust that others will speak truthfully, especially in the absence of a consensus? It's a complex problem, basically. I appreciate critical thinking but "prove it, if not, it means you are wrong" is silly.
I've removed a lot of off topic posts here that were starting to be confrontational and now the end of this thread has yet another confrontational feel to it. The original question was discussed and the topic had already moved on anyway, so I'm going to keep this thread locked.
Just a friendly reminder to please be polite to each other. If you need to get moderators' attention, please use the flag feature.