redwheelbarrow

redwheelbarrow no problem at all. I agree with everything you said, I was just pointing out something that often people forget, that your device itself can, in many circumstances, satisfy MFA requirements.

Regardless, welcome to the forum! I'm always happy to see new members and help each other on our privacy/security journeys!

redwheelbarrow I have also always wondered why MFA didn't give you the OPTION to add more than, say, a separate PIN to complement a fingerprint, etc. Is it just me, or is there a really good reason why the OPTION to add, say, a requirement to submit: something you have, something you know, and something you are with EVERY login attempt has never been an option?

This is really complicated code to write. And to test. And it's really really bad if there is a bug in it. Honestly if this code had lots of feature churn arguably people should be nervous.

Last but not least, remember that Google ecosystem was not developed with your best interests at heart but theirs and only theirs so for that purpose you don't always need to run to their defense, they don't need it and they tirelessly work on new methods of implementing tracking technologies that would, surprise, work to their advantage.

I'm not surprised that my question about evidence of data collection from a Google app is taken as me somehow "defending" Google. My general impression is that posters in online privacy communities are rarely interested in engaging in nuanced discussion, or to reflect on whether their beliefs are grounded in evidence. This community is usually, sometimes, an exception.

Clearly lots of users here are concerned about Google acting like some kind of malware distributor by distributing an app harvesting data even when the option to opt in is disabled. There are many past posts in this forum expressing this concern. But has anyone actually tried to MITM Gboard's connections to check what data it's sending when the data collection options are disabled? Is there any concrete evidence on this subject at all? Or even concrete indications?

redwheelbarrow

Thank you for your advice, no worrys.
I think i understand what you mean and will try to approach it all more like this :D

dhhdjbd am not sure what i would recommend someone who has a high threat model

You should not try to advise them anything but reaching out to a professional. I understand that 'being a target' may seem 'cool' with everything that's happening in media right now, but vast majority of people who claim have a 'high treat model's or 'were hacked' etc have really no idea what they're talking about, and correlate things which simply are not there in the first place..

Just use the phone as you'd normally do, and don't overcomplicate your everyday usage.. Security needs to be balanced with usability otherwise you'll quickly drop it because you won't be even able to do a simple things with your phone.

Absolutely necessary.
The numbers are way too big.

Would be nice if there was a setting to resize the numbers on the pin code input screen so they're smaller.

This could be combined with the randomized layout to make shoulder surfing more difficult, and it would significantly increase the resolution that would be required to obtain your PIN from a video recording.
The font sizes/rotation of every individual digit could even be randomized slightly within a range, since there are cases where that may be beneficial.

Idk if this is an idea which has been considered before but I thought I'd put it out there for consideration as it doesn’t seem like it would have a particularly complex implementation.