Melody Fwygon

  • 0 Posts
  • 49 Comments
Joined 1 year ago
cake
Cake day: June 1st, 2023

help-circle


  • Melody Fwygon@lemmy.onetoPrivacy@lemmy.mlWhat is the most private phone?
    link
    fedilink
    English
    arrow-up
    13
    arrow-down
    1
    ·
    edit-2
    15 hours ago

    I actually don’t agree with this video; and firmly believe it is more than a little biased.

    For example, the Pixel, AOSP and Android are given several undeserved points due to lack of proper information or understanding of how certain features work. I imagine this is the case too for the iPhone; if a bit less so.

    The review apparently doesn’t deep dive into settings or attempt to maximize privacy by turning off unwanted ‘features’ when settings switches are available to the user; nor does it assume that you set up accounts in as private of a manner as reasonably possible or toggle off as many default-on consent switches as needed.

    While I would support scoring and dinging each case or instance for “Privacy Settings that don’t actually work”…this video really doesn’t do a lot of legwork and leans on the anecdotal evidence of scary news stories too much.

    Worse was the fact that the entire video felt like they were shilling for Graphene OS; which is known to have a slightly unfriendly maintainer and community surrounding him to say the least.

    No mention of Lineage or other privacy oriented Android ROMs were analyzed. AOSP too, was unfairly lumped in and dinged for specific points of the Default Pixel configuration…and yes there are major differences between AOSP and Pixel Android; even though Google tries to be less in-your-face invasive than the other OEMs. Not enough credit is given for the “On-Device” smart features implemented properly on the Pixels.

    Out of personal experience; I’d actually rate a proper Lineage OS install of 4 whole Android versions ago to be more private than stock. Not quite as private as Graphene; but not quite as invasive and much more enforcing of privacy. The debloating provided by a clean AOSP-like ROM, such as Lineage, as opposed to a “Stock Android” configuration from a major OEM is stark.

    Most importantly I personally feel that the privacy model chosen for the video is far too thickly detailed for an average person. Most of the privacy concerns listed on each card contained concern points that might only tangentally apply or don’t apply at all to mobile phones. The way that each card was scored and applied felt low effort. None of the points on any of the card(s) were weighted with average users in mind.

    I really hope someone goes into a much deeper dive; this video is basically clickbait that parrots the commonly parroted advice in the privacy community; which isn’t even good advice, it’s just ‘One-Size-Fits-All’ style advice which gives the user no room to make necessary ‘Privacy vs Convenience’ tradeoffs that they themselves could have made if they understood proper threat modelling.



  • Actually; (basically) SIP over (basically) IPSec sounds pretty correct. Wish the dense technical manuals I read had explained it that way; makes a lot more sense to me as a Net Admin type of IT person.

    I do remember reading that the protocol was basically encapsulated. Dunno about any encryption; probably there’s not any at the IPSec level. I do know that the SIMs themselves probably contain certs that have some value; I just don’t know if they handle any encryption or if they’re just lightweight little numbers for authentication only.


  • If I’m understanding how 'WiFi Calling" works; it’s still “identifying you” to the cell provider the same way; via your SIM. The only difference is they don’t get an exact location because you’re not using any cell towers typically.

    I do suspect SIMs and eSIMs are still doing all the heavy cryptographic signing done on a typical phone network though…they’re just not screaming your IMEI/IMSI all over open or even encrypted airwaves; nor is a WiFI signal triangulate-able typically due to it’s short range.





  • Keybase is better than Signal. You may not like it’s current owners but it still works, still functions, and can be used to chat privately. It’s entirely OSS on the client side; and server-side software isn’t provided; but with an open Client; it’s likely trivial to reverse and re-implement your own. (Keybase itself doesn’t provide their server code; it’s private due to abuse constraints)

    Keybase is End to End Encrypted. It may not be as “feature rich” but all features are private.

    I’m not sure if it’s indev anymore though; and it does allow you to be as public or as private as you’d like to be about your identity.


  • It occurs to me that adding a visual watermark might actually serve to obscure a visual watermarking scheme that is otherwise invisible by providing data that scrambles or breaks the watermark decoder itself.

    Audio watermarks can be distorted in any number of ways; and it could be that some of the wildly poor audio quality in most cam-rips is probably the only way you can defeat the watermark; by using a LQ microphone and encoding the audio to a very limited bitrate and then re-upsampling; to defeat any subtle alterations a digital watermark might make to the audio waveform.


  • Watermarks are only an issue in-as-much as it is used to trace down which copy was leaked.

    With modern digital projection systems; you don’t get a reel of film; you get a briefcase of [SS/HD]Ds containing the raw, encrypted, footage. The digital projection system will decrypt using provided keys. There’s no output except the standard ones for the theatre projectors and sound systems…so capturing the output is difficult.

    If you do intercept the signal; the projection system might detect it; and refuse playback or wipe the decryption keys. Watermarking is also a danger; since your theater can get identified as the leak source and sued.


  • Low quality article that ignores the issues and fails to acknowledge the reason for phones being necessary in school; likely because they’re talking about a non-American school.

    That said; they also didn’t acknowledge that the devices can be used to enrich studies when applied and used correctly.

    The study they cite in the article is low-quality data that conflates correlation with causation and relies on wildly inaccurate self-reporting from students, parents and teachers.

    This isn’t a controlled trial; this isn’t even a blinded study; nor is the data integrity controlled…it’s entirely self-collected and recorded by unqualified observers.


  • I’m not accounting for State laws; which may in fact be stricter. I’m talking about Federal Laws which might not explicitly forbid such things; so long as they’re done in an actually safe manner by professionals.

    But, as I said before, if the DEA believes it has the power to stop that none-the-less; that’s what they will do, without respect to if the law is actually legally unclear or borderline. Unfortunately many pharmaceutical places don’t care to invite the wrath of the DEA; even if what they’re doing could be considered permissible; so long as they do not synthesize an exact drug that the Feds specifically name as a controlled substance.

    Again; IANAL either. But I do think there’s a lot of room for small compounding pharmacies to synthesize various drugs to meet a patient’s needs quickly while waiting for proper shipments to arrive. There’s lots of compounds that are life-sustaining that do not fall under the DEA banner of authority.



  • I firmly think this would be a boon for many people; owning one of these is likely a lifeline that even small town physicians could utilize to dispense drugs freely or cheaply to patients in need.

    This is something that I think small-town pharmacies could use to create compounds in cases of drug shortages. I think tools and programs and small labs like what are discussed in the article are a positive force for good; and that they should be not only allowed, but encouraged, for many drugs that are expensive, unavailable to someone in need and can be readily synthesized safely with a basic college level of chemistry training by someone in a pharmacy.

    I think the potential risks and downsides are small right now; and I think more of it should be encouraged gently so that we can find out quickly what the flaws and limitations are so that we can put regulatory guardrails around it so that people do not harm themselves.



  • No; Piracy won’t stop.

    Analog loopholes still exist; and cannot be eliminated completely from the chain. Enterprising crackers will tinker and find weaknesses in systems. People will find bypasses, workarounds, and straight up just crack whole encryption schemes that were badly implemented.

    Encryption was never intended to protect content. It was intended to protect people. In the short term; sure, DRM and encryption can protect profits. In the long term, it provably cannot and does not. Oftentimes it gets cracked or goes offline; and the costs associated with keeping authentication servers up for long enough to keep lawsuits off your back is provably large and difficult to scale. I would even assert that it costs more to run DRM than it saves anyone in ‘missed profits’.

    Frequently companies also argue that it saves profits by recapturing “lost sales”; but that’s provably false. A consumer, deprived of any other viable choice, will in fact, just not buy the thing if they cannot buy it for what they deem as a fair price. It has also been proven; that if they can acquire the content freely; they will oftentimes become far more willing to buy whatever they acquired or even buy future titles. When a customer trusts; they may decide to purchase. But why should a customer trust a company that does not trust them?


  • To be clear; the Nintendo Switch tends to trade fluently in cryptographic certificates.

    The MiG Switch has one of these certificates; one it’s creators likely copied from a legitimate Nintendo Switch game title. All games have such certificates and they are uniquely serialized; much like a GUID or UUID would be. These certificates are signed by the Game Dev studio, and then Nintendo in a typical certificate signing chain scheme; Nintendo signs the Game Dev Studio cert, which signs the Title certificate, which signs the unique cart or digital copy cert.

    This banning is usually achieved by banning either the lowest certificate in the chain or the one directly above it; or even the Dev Cert if it was compromised.

    So the MiG Switch carts are likely hardware banned. Your Nintendo Switch probably advertises to Nintendo which cart(s) were inserted into it recently by sharing the fingerprints of the certificates. Then Nintendo can basically kill the certificate assigned to your Switch system and prevent you from connecting online; as your Switch uses it’s own system cert to identify itself to Nintendo services.

    In all cases this is un-evade-able when connecting to the internet; as Nintendo Switch system certs are burned into a PROM chip on the main board at manufacture. This chip is a WORM chip, which can only be written once and read many billions of times.

    A critical part of the way they try and curb cheating in online play is checking the integrity of the runtime environment; which includes checking what titles were launched recently; and if that happens to include a certificate they’ve banned for being cloned by the MiG Switch; then you’ll quickly be banned by their anti-cheating hammer.

    Most important is those checks typically don’t take place naturally; they only occur when you’re connecting to the EShop, or connecting to NN to play multiplayer online. The devil therein unfortunately lies in the details; and if you’ve ever purchased a Digital Title that means your Switch is regularly connecting to the EShop to renew Digital License Tickets needed. They tend to expire every 72 hours and must be renewed by presenting an expired Ticket, a valid Ticket Granting Ticket (given to your Switch when you buy the title) and contacting “Mommy Nintendo” and asking “Mommy, May I?”. Yeah. DRM sucks.

    If all goes well; your Switch gets a shiny new set of tickets. Unfortunately Nintendo was paying attention to requests and will issue out regular waves of bans for systems detected cheating. You won’t know when this will happen, and it won’t prevent Nintendo from letting you play your games; you’ll just suddenly find your Switch banned from online play after such ban waves.