router99 Go on....
Uses outdated very insecure standards like X11, has outdated packages which lack most security fixes, is a fork of a fork. Uses a base (Ubuntu) which basically has moved to Snap as the main packaging mechanism, but Mint doesn't use Snap, so they get only the second-class packages. Lacks modern exploit mitigations, meaningful MAC policies, sandboxing and verified boot.
TheGodfather Yes, of course it does. And with admin rights it can do nearly anything. I choose not to trust cracks no matter how many stars people have given them. I cannot assume that these people have read and understood the source code. Neither can I understand Powershell code. You are welcome to disagree and put forth arguments on why this piece of crack is fully secure.
Relaks The way massgravel works is by "convincing" microsoft servers that the computer can be activated with a digital license.
So if one does not trust massgravel code, it is possible to execute it and then format the computer. During Windows install, the computer still will be recognized by microsoft servers as having a valid license, while being an unaltered installation.
Until there is significant hardware change, that is.
4nu4b During Windows install, the computer still will be recognized by microsoft servers as having a valid license, while being an unaltered installation.
Only with HWID, because the license is bound to the hardware ID. There are also other methods available.
Relaks You are welcome to disagree and put forth arguments on why this piece of crack is fully secure.
Some methods can also be done by hand. But I am not here to waste time convincing people. If you feel better with reinstalling Windows again and again just to get it somewhat working, that's fine. Without activation some things simply don't work.
Windows 10/11 IoT versions. They are at least relatively well de-bloated . I realize even with my pi-hole, a vpn and the help of resources such as privacy.sexy, I am probably giving up a lot more data to Microsoft then someone running Qubes or a more hardened OS but my threat model is such that I can opt for the convenience of Windows.
TheGodfather Without activation some things simply don't work.
Enterprise trial provides all of the features of the paid version. It can reactivated up to 9 months IIRC. Then you have to reinstall to get another 9 months. This is no biggie for me.
Thank you all for having patience with my weird behaviours.
I'm currently using ChromeOS. Adversary is a competent violent stalker. A laptop with QubesOS installed was compromised before (I know without any doubt that it was compromised). I'm just wondering if GrapheneOS on the next Pixel Tablet (with MTE) will be more safe compared to ChromeOS? (disregarding Google privacy issues)
I hope this doesn't come off as patronizing. For all I know, you are Mitnick-meets-007...or quite simply, more adept than I within the realm of OpSec. But it bears repeating that not GOS -- nor any other security tool -- can/will protect you from a persistent adversary. If someone is stalking you, the solution is far from upgrading your tablet (assuming physical stalking).
Of course you know this. Still, we see many folks become hyper-fixated on thwarting ubiquitous bad-actors; consumed with ideals and concepts that are often impossible to achieve (Tbf, network security is like, the mother of all rabbit-holes too, tho.)
No doubt, the peace of mind alone achieved from using such an effective tool as GOS is noticably beneficial from day one. But you'll never truly appreciate this if you are burdened with persistent doubt. And again...maybe you aren't.
Are you? If you feel like sharing, I can try to help. Either way, I hope that you can remove this person's negative influence en totale and when you do, I hope that you have the wherwithal to compartmentalize any doubt back where it belongs and enjoy living your life! ;)
ezlover I'm kind of an idiot when it comes to OpSec. I used Firefox with prefetching enabled (I think that this was what revealed my IP address). The physical stalking stopped I think. You're right, it's always possible to improve something and I don't want this to become my full-time hobby. I'll probably just use whatever I enjoy to use for now.
aosjdio I'm just wondering if GrapheneOS on the next Pixel Tablet (with MTE) will be more safe compared to ChromeOS?
GrapheneOS is more secure than ChromeOS, even without MTE, deducing from what I read from Daniel Micay. However both should be plenty enough to keep stalkers from compromising the system with spyware, as long as you do not accidentally weaken security or make OPSEC mistakes and as long as the stalker does not have access to state-level exploits.
TheGodfather They should not have access to state-level exploits. They're not even wealthy, so I was surprised about QubesOS. It's either that or they somehow managed to read data transferred with HTTPS, after they compromised the router. I don't know what is more likely. They already managed to compromise a basic Linux distro before, but that isn't surprising.
aosjdio It's either that or they somehow managed to read data transferred with HTTPS, after they compromised the router
HTTPS has nothing to do with your router. It works between your endpoint device and the server.
aosjdio so I was surprised about QubesOS.
If you use QubesOS like it's supposed to, a compromise from some hobby hacker will be very unlikely. How do you know that it got compromised?
I use Pop OS. I prefer Debian-based distros and I've found Pop OS's ability to have hard drive encryption built in, built in backup storage when things inevitably go wrong, no snap packages, flatpak automatically included, the ability to install any of the four major desktop environments, and potential paid support from System76 if necessary to be a nice combination. It is Ubuntu without the shortcomings of Ubuntu.
TheGodfather The person posted information on social media that could not have been retrieved in any other way. I was in another country in a temporary location, so there's no physical access. The stalker is kind of an idiot in some ways, but he/she is good at manipulating people into helping him/her.
I know for a fact that they are capable of this because someone who was close to him/her in the past told me. The person who told me is currently in hiding as well.
When I mentioned the router I meant some kind of MITM attack, but I think that's unlikely? I didn't see any certificate errors.
aosjdio When I mentioned the router I meant some kind of MITM attack, but I think that's unlikely? I didn't see any certificate errors.
Not possible then via MITM. You would have seen certificate errors.
TheGodfather
Indeed, that is why I use it, I am kind of a n00b with GNU+Linux so that is why I began with Mint, it is quite stable for me and does not demand too much knowledge of terminal commands.
But if I would choose a security-based OS, I would choose Qubes with its sandboxing possibilities, it sounds fantastic, but I honestly don't think I am ready for that kind of difficulty yet.
Windows 11 for the gaming and Fedora KDE on my laptop and surface go
I have tried countless linux distros, none of them satisfied my security needs. Deksktop OSs are all flawed by design. I can say that with probably more confidence than a dumbass like me should have. I will link a bunch of websites where I have found useful information. Do your own research. My personal conclusion is that Standard Linux distros are a big nono, Immutable ones are better. Maybe try secureblue. But it also sucks, because it's always about tradeoffs. I am still searching for what I want, currently dual booting into kionite with hardedining applied and windows as my primary. I want to leave windows at some point completely, but I can't find anything like equalizer APO for linux. Qubes OS is a very niche thing and imo a waste of time for most people. I'm sorry if I offend anyone with my incoherrent ramblings, but I wrote this in one go on my phone without stopping for a second except for adding the links. I wish you more luck than I have had until this point researching this.
Some useful links:
https://madaidans-insecurities.github.io/index.html
https://www.qubes-os.org/intro/
https://privsec.dev/
https://seclists.org/dailydave/2010/q3/29
I recmmend reading every link possible on all the linked sites that refrences something. And of course, check other sources aswell. This is very basic information, that as I already mentioned, was sharted out by a dumbass in one go.
[deleted] GigaN Deksktop OSs are all flawed by design
They're not, especially the ones that allow you to tweak everything.
From the first link he shared:
It's a common assumption that the issues within the security model of desktop Linux are only "by default" and can be tweaked how the user wishes; however, standard system hardening techniques are not enough to fix any of these massive, architectural security issues. Restricting a few minor things is not going to fix this. Likewise, a few common security features distributions deploy by default are also not going to fix this. Just because your distribution enables a MAC framework without creating a strict policy and still running most processes unconfined, does not mean you can escape from these issues.
The hardening required for a reasonably secure Linux distribution is far greater than people assume. You would need to completely redesign how the operating system functions and implement full system MAC policies, full verified boot (not just for the kernel but the entire base system), a strong sandboxing architecture, a hardened kernel, widespread use of modern exploit mitigations and plenty more. Even then, your efforts will still be limited by the incompatibility with the rest of the desktop Linux ecosystem and the general disregard that most have for security.
I've replaced Fedora Kinoite with Arch and I'm now considering using Tommytran's script, I'd probably make it my daily Linux driver if what I want to do with it doesn't pose any particular issues.
