this post was submitted on 28 Jun 2024
61 points (93.0% liked)

Privacy

31862 readers
241 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Hi,

A friend wants to degoogle his phone, so I suggested the OS I'm currently using. The one we can't talk about... He wants a small/compact phone, so I suggested pixel 4a (not buying second hand though), but I'm afraid that planned obsolescence may kill the phone rather soon. What's your opinion?

Cheers and thank you for your help,

you are viewing a single comment's thread
view the rest of the comments
[–] jet@hackertalks.com 5 points 4 months ago (1 children)

Depends on your friends threat model, lineage will work on it.

No security updates makes the Pixel 4a a bold choice for your main phone. I don't recommend it

I would follow the graphene OS recommended phone guide, that gives you maximum flexibility to put any operating system you want on the phone.

[–] delirious_owl@discuss.online -2 points 4 months ago (1 children)

Phones are insecure devices, by design. Should be OK.

Just don't do anything on a phone that falls under "sensitive" on your threat model. Use a proper computer with a proper password for that.

[–] jet@hackertalks.com 7 points 4 months ago (1 children)

Could you explain how phones are insecure by design?

[–] delirious_owl@discuss.online 3 points 4 months ago (1 children)

How long is your password? Do you ever type it in public?

[–] jet@hackertalks.com 3 points 4 months ago (1 children)

You can use two factor, fingerprint plus pin and have the pin layout randomize each time.

[–] delirious_owl@discuss.online -1 points 4 months ago (1 children)

That's extremely insecure compared to a computer

[–] zfr@lemmy.today 2 points 4 months ago (2 children)
[–] jet@hackertalks.com 1 points 4 months ago (1 children)

I think phones are the MOST secure devices most people have. They are locked down, they run software in very restricted containers, they have more restrictive feature allowance. for 99% of the people the phone is the most secure device, full stop.

Can you do better on a computer? Sure, but it takes a bunch of work and isn't the out of box experience

[–] delirious_owl@discuss.online 0 points 4 months ago (1 children)
[–] jet@hackertalks.com 1 points 4 months ago (1 children)

Please help me understand your point of view. So far all you have said in this conversation is that other people are wrong. That may be, but your not helping us understand you

[–] delirious_owl@discuss.online 0 points 4 months ago (1 children)

The key to encryption is to have your key encrypted with a strong passphrase.

Phones are literally designed to be convenient. Convenient is the antithesis of security.

You want a 20-100+ character passphrase to symmetrically encrypt your private keys, and you want to never type that in public.

Most people have 4 digit pins on their phones, and they constantly type them in public, in plain view of others. And its super easy to snatch out of their hands and run.

Phones are, by design, not secure devices. Marketing teams trying to sell you something say otherwise. Don't be gullible.

[–] jet@hackertalks.com 1 points 4 months ago (1 children)

TPM in the SOC to transform the "convenient" pin into more robust encryption keys is the gold standard for civilian devices.

"computers" (of which a phone very much is) also use a TPM for this very reason.

But even taking what you say as gospel, the device isn't insecure, its how people are using it.

I will stand by my comments a phone is the MOST secure device a civilian will use. Even with a secured desktop computer where someone diligently types in a 64 bit random code to unencrypt the hard drive... if they use the computer as a general purpose device, the threat surface raises dramatically. Now information and programs are not compartmentalized, install one bad program and it can trivially take over everything.

[–] delirious_owl@discuss.online 1 points 4 months ago (1 children)

TPMs protect the data on the drive if the drive is separated from the computer. If the drive is still in the computer, then it doesn't protect the data. It doesn't provide protection from physical attacks.

[–] jet@hackertalks.com 1 points 4 months ago (1 children)

https://learn.microsoft.com/en-us/windows/security/hardware-security/tpm/tpm-fundamentals

Devices that incorporate a TPM can create cryptographic keys and encrypt them, so that the keys can only be decrypted by the TPM. This process, often called "wrapping" or "binding" a key, can help protect the key from disclosure.

This is how cell phones and windows hello justify short pins, the pin goes into a rate limited TPM that then discloses a larger key to decrypt the actual secret.

[–] delirious_owl@discuss.online 2 points 4 months ago (1 children)

Do you need me to link to the vulnerabilities of TPMs? They do not provide physical security.

[–] jet@hackertalks.com 1 points 4 months ago (1 children)

Does this mean your also against yubikeys?

[–] delirious_owl@discuss.online 2 points 4 months ago

Hardware keys can be used well to increase your secuirty (U2F MFA) or used to increase convienence and reduce security (passwordless auth)

It depends how the tool is used.

[–] delirious_owl@discuss.online -1 points 4 months ago (2 children)

So you're saying that, in order for me to steal everything on your phone, all I have to do is stand behind you in a supermarket and film you unlock your screen once. Then, on the way to your car, I quickly pull a knife on you and force you to tap your finger on your phone, then I hop on a motorbike and ride away.

Hope you didn't have any banking apps or crypto on your phone, because now that's gone.

QubesOS on a laptop is much much safer.

[–] jet@hackertalks.com 2 points 4 months ago (1 children)

Qubes is immune to the knife to the throat threat model?

[–] delirious_owl@discuss.online 2 points 4 months ago

They would need to kidnap you to type multiple different passwords. The point is that they can't quickly unlock the device. Mobile phones are literally designed to be easy to unlock.

[–] zfr@lemmy.today 2 points 4 months ago (1 children)

If you have GrapheneOS, I'm pretty sure you can randomize the numbers on the pin. You can also set a password instead of a pin and disable biometrics if you use stock Android. All the more difficult to obtain access.

For banking/crypto, I assume a wallet app would allow you to set an app password/pin.

[–] delirious_owl@discuss.online 0 points 4 months ago (1 children)

What does randomizing the numbers do? I just film you tapping them, and it doesn't provide any security.

[–] zfr@lemmy.today 2 points 4 months ago (1 children)

I suppose you are correct there. Maybe try a privacy screen protector or use a password. It would be harder to catch each symbol with either of those.

[–] jet@hackertalks.com 1 points 4 months ago* (last edited 4 months ago) (1 children)

I think this person is just permanently a contrarian.

Randomizing the numbers does provide good security, because there's no longer an oil imprint on the most frequently used numbers on the phone, making guessing the pin code much harder before the TPM locks the phone.

Phones are full fledged computers nowadays, with Android you can have different profiles. For their level of paranoia, they could have a profile they never use in public, and only login with a full password, only when they're in a secure location.

For the randomized pin, and biometric two-factor use of a phone, that covers most use cases, and is quite secure compared to most models of data security average civilians use.

You can have different scopes, if you're in a crowded place, reading Lemmy isn't really a big security risk. But logging into your banking would be. All of that is possible on Android, the fact that they're so staunchly pro computer, is difficult for me to take their analysis seriously

[–] delirious_owl@discuss.online 2 points 4 months ago (1 children)

Things like gapps are closed source, have full permissions, and cannot be installed only on some profiles.

Qubes is safer and better compartmentalization.

[–] jet@hackertalks.com 1 points 4 months ago* (last edited 4 months ago) (1 children)

Things like gapps are closed source, have full permissions, and cannot be installed only on some profiles.

Except in stock AOSP or grapheneos.

Agree that qubes is the gold standard. But not to let perfect be the enemy of good, the vast majority of people, the vast majority of people, the VAST majority, are going to be unable to run qubes, either by technical ability, availability of appropriate hardware, or portability reasons.

Mobile phones for all of their faults, are the most secure piece of general computing hardware most people have in their lives

[–] delirious_owl@discuss.online 2 points 4 months ago

I might agree with you, with that stipulation. That is an important stipulation.