>systemctl disable NetworkManager
>apt remove network-manager
>echo "blacklist r8169" >> /etc/modprobe.d/blacklist
/thread

>>105988175 (OP)
>>systemctl disable NetworkManager
>>apt remove network-manager
>>echo "blacklist r8169" >> /etc/modprobe.d/blacklist
huh

>>105988297
>already downloaded the gentoomen library
>Terabytes of tv series, movies, animu, manga
>hundreds of survival, gardening, chemistry, pre-modern medical and botany books (both real books and pdfs)
I already own everything, und I VILL be happy

>>105988366
Then why are you here?

Why does is this guy shillimg iphones so hard? How is this supposed to be better for privacy, when you MUST use a apple ID? Tying an account to your device is THE WORST thing you can do privacy wise. No matter if it is a Google or apple account.

>>105988539
An observation I've had, that seems to hold with basically all "professional privacy people", is that whilst trying to take an empirical approach you inevitably stumble down the route of learning about the security of various devices and services. Once you discover that X platform has Y security vulnerability it becomes this rent-free lingering apprehension you have, until you become slightly numb to practicality. You no longer perceive platform X to be private because in your mind at any moment a random person could use Y and have complete access to the user's data, even though in reality it's a niche attack that 99% of users will never have to be concerned with.
As such, iPhones become "more private devices" because a, idk, Pinephone for instance is vulnerable to this, this and this and allows (a hypothetical) "anyone" to compromise it, whereas iPhones are only beholden to Apple's invasions. The fact that most people that own whatever the prima facie more private device is will go its entire lifespan without encountering such compromise is considered irrelevant and in their mind would be disingenuous to ignore when giving recommendations.

To their credit, I don't think it's completely misguided, but it leads to this strange mentality where the ethos and philosophy of freedom and privacy is met with disdain in favor of absolute security and reliability found in invasive services. Choose where you stand on this if you can; I'm conflicted personally.

>>105988539
Apple has put a lot of effort into overall hardware security. see https://support.apple.com/guide/security/welcome/web
Apple hardware is imo by far the most secure available consumer hardware on the market. The software side is worse than grapheneos and they do not put as much effort into schizo mitigations like completely disabling USB data lines, but they do atleast give a shit and genuinely try. I daily drove both iOS and GOS on and off the last few years - In my eyes perfect phone would be Apple hardware + Grapheneos software. But Pixel hardware is not that far off especially with secure element and more recently memory tagging support.

Linux kernel overall is a fucking mess in terms of security due to being monolithic and I have great respect to micay for building a secure OS on top of it, he's said publicly before that one of the long-term goals is virtualizing linux kernel per-profile using KVM, and even longer term he wants to fully remove it for a linux-compatible microkernel but that would require shitloads of funding and development and so far there's not really any interest

See also https://madaidans-insecurities.github.io/linux.html but this is mainly for deskotp linoox

>>105988539
Because the loss of privacy caused by Apple having seeing you have a burner account that knows nothing except what apps you download is infinitely better than a platform that opens you up to malware due to shitty security that leads to privacy leaks far beyond what Apple would ever have access to.

Buy a thinkpad x230 and install heads. Write protect the flash chip. Put nail polish on the screws and take high resolution pictures to ensure signs of tampering. Do NOT use a HDD or SSD. They have DMA so a malicious firmware could do a lot of damage, use of USB is preferred since they do not have DMA. Completely remove the microphone, sound card, webcam and the WWAN card from the laptop. Remove the fan to prevent binary acoustic data transmission. Replace the default wifi card with a supported atheros card. Disable wifi when not in use, preferably by physically removing the card. Make your own independent Linux distro from scratch. Most Linux distros value convenience over security and will thus never have good security. Your only option is to make your own. Use musl instead of glibc, Libressl instead of openssl, sinit instead of systemd, oksh instead of bash, toybox instead of gnu coreutils to reduce attack surface. Enable as little kernel modules as possible. Use a hardened memory allocator. Apply strong SELinux and sandboxing policies. Restrict the root account heavily to make sure it never gets compromised. Disable JavaScript and CSS in your browser. Block all FAGMAN domains in your hosts file. Monitor all network requests. Do not use a phone. Never speak near anyone who owns a phone, they are always listening. Never use any non-corebooted technology made after 2006. Never leave your devices unattended. Tape triple layer aluminum foil all around your room as tempest shielding. Type really quietly as defense against audio keylogging. Use ecc ram to minimize rowhammer and rambleed. Encrypt everything multiple times with various different encryption implementations. Compile everything from source. Use hardened compilation flags. Always read through the source before installing something if possible. Only use the internet when absolutely necessary.

>>105988175 (OP)
windows 7 + simplewall = the most private and usable setup out there.

>>105989129
i prefer TinyWall desu

>>105989288
Will it run on 7 though?

>>105989339
no idea

>>105988175 (OP) not reading the thread yet but i just wanna show support, its very surprising this wasnt a general for ages so im glad if someone wants to run one finally now

>>105989359
/psg/?

despite having used every other network tool I still prefer networkmanager. even on something as simple that a systemd-networkd unit would suffice. it's just better.

>>105989398
This anon speaks the truth

>>105988978
I was talking about privacy, not security. But Micay is conflating these two constantly and is fueling this widespread confusion.

>>105989482
You can't really have privacy without security for any practical application. Almost all Websites use a bunch of 3rd party trackers that would 0-day you in a hot minute if they could and modern (android) apps aren't much different.

You need to contain them like bioweapons and i think at this point we've learned that the chink way of bioweapon containment doesn't work.

>>105989482
>he doesn't know about nanonymity
ngmi
Memes aside, you're right, Daniel is a VERY autistic person to the point he regularly fucks up like this. I still trust him more than any company that has ties to the PRISM program or the Chink/Russian/EU/ZOG governments though.

Keep getting this on every website. Want to buy a VPN to get around this shit.

Is there anything bad about a VPN? I have it in my head that you're not allowed to post on 4chan with one, is that true? Any other things like that I should know about?


Also this guy >>105975064 seems to imply a VPN won't work?

>>105989647
Britmutt and Redditor. I can't even...

You best options are, in order:
> Just KYS
> Leave your shithole country
> Try a VPN
> Try Residential Proxies

>>105989647
>Is there anything bad about a VPN?
It depends entirely on your threat model. Want to avoid geoblocks? ANY VPN is fine for that, Tor is fine for that (if they don't block it), residential proxies are fine too. Are you a whistleblower/criminal/CIAnigger? Avoid VPNs.
Also, DO NOT USE A VPN FOR BANKING, PERSONAL EMAILS, PERSONAL FAGMAN ACCOUNTS AND GOVERNMENT ACCOUNTS. They WILL ban you if you're retarded.
>I have it in my head that you're not allowed to post on 4chan with one, is that true?
Buy 4chan pass.
>Any other things like that I should know about?
RiseupVPN and CalyxVPN have free VPN clients on F-Droid, Proton is "free" too, although one could argue that these are honeypots but for getting around blocks / bans, they are fine.

>>105989482
Yeah I was mainly clarifying Micay's post in the screenshot. He was talking about security patches and /e/ OS features which I assumed referred to some security since GrapheneOS main features are security and they were being compared.

In terms of privacy iOS is semi-fucked, each device requires activation and phoning home with serial number before you can do fucking anything. And forced appleid to download apps, no app sideloading, more recently device-based (not account-based) geolocks to lock "sideloading" (still needs notarization and permission from Apple) in EU. But it's leagues ahead of Google whose indian OS sends telemetry every time you fucking breathe and gives the carrier a full gaping hole backdoor into the OS via CarrierServices, and /e/ OS looks like vaporware bullshit for privacy cucks that think they're getting something by buying their shit. Reminds me a lot of the freedom phone. If you want a real privacy experience install Lineage with microG. Not this bullshit.

Apple at least tries. They rolled out post-quantum encryption for iMessage and E2EE for iCloud (cucked by the UK), their dilemma is they want to offer services with full features while still having strong privacy and security. Privacy and usability are at opposite ends of a spectrum: having more of one leads to having less of the other. Apple tries to have both which just isn't possible. For instance good luck having mobile contactless payments, paid software purchasing (for android think Tasker), or mobile LTE IMS (needed for RCS, VoLTE, Wi-Fi calling) especially outside of the US on any 3rd-party OS. Your two real options for things like that are Apple and Google. Or of course not use them.

>>105989799
>In terms of privacy iOS is semi-fucked, each device requires activation and phoning home with serial number before you can do fucking anything.
Why does this matter if you are using a new account for nothing except downloading apps?

>>105989799
>In terms of privacy iOS is semi-fucked
ROYALLY fucked

>>105989829
If all you do is download apps then sure. Activation step does not even involve any account unless activation lock is enabled. Just be aware that your device can be remotely bricked by Apple or anyone with access to your account at any time, but with mandatory 2FA it's less of a risk nowadays unless Apple is part of your threat model. And it's not only OS-level brick but radio-level brick, the radio hardware refuses to operate without a signed activation token from Apple. See here for more info: https://theapplewiki.com/wiki/Activation

>>105989840
>ROYALLY fucked
If the government is your threat model then GrapheneOS on a Pixel bought anonymously for cash is your only option. Literally anything else can be traced. Don't forget Intel and AMD chips have a backdoor in them (Intel ME & AMD PSP). ARM ones don't (to my knowledge) but it doesn't matter if you don't control the OS. Government controls desktops and laptops via CPU backdoors and everything else via OS or firmware backdoors. For all we know the Pixel baseband could have a backdoor in its firmware, but since it's isolated turning on airplane mode will kill it anyway (claimed to work like this on Pixel hardware by Micay)

>>105989950
>Don't forget Intel and AMD chips have a backdoor in them (Intel ME & AMD PSP).
schizophrenia. And to stop you writing off this post as a state actor I will mention there are ways around IntelME like using a pre 08 CPU, Libreboot or those overpriced laptops by Purism and Starlabs. If IntelME is part of your threat model causing you to only use ARM chips you are a larper.

Are old and cheap smartphones actually better for privacy? Because the development of smartphones looks like this: The newer a device is, the more it has privacy invasive technologies integrated. Currently they are shoving AI into everything and all new Android devices are surveilled by Gemini. Client Side scanning will become the norm in the next months. Older and cheap smartphones on the other hand, don't have these "features". I am using for example a device with Android Go and it has no Gemini (it has Google Assistant instead). So my argument is: Devices with limited hardware are actually better from a privacy perspective, because they don't have the newest privacy invading technologies.

>>105989950
>ARM ones don't (to my knowledge)
ARM TrustZone is believed to be another Intel ME tier glowfaggotry, otherwise correct. Hopefully the (((tech overlords))) will allow us to have USABLE open hardware with things like RISC-V, OpenSSD, Open source GPU Firmware etc., but it's highly unlikely.

>>105990014
I'll still call you a glowfag

>>105990016
Retarded take. If you are using something without security updates just assume all your data is being leaked.
>Client Side scanning will become the norm in the next months.
If you really believe this the only advice I can give you is stop using phones and maybe the internet too.

>>105990016
>Are old and cheap smartphones actually better for privacy?
Meh, it depends, these shitphones use 2G (easily crackable by anyone) or 4G (your provider WILL log everything from cellular location, call logs, voice during calls, SMS etc). If your ONLY complaint is the (((tech giants))), then sure it's "fine", but you have to consider your provider too.

>>105990030
>I'll still call you a glowfag
15 years later and I am still waiting for someone to find a single piece of evidence it exists or anyone has ever been caught by it. If the Americans really had backdoored 15 year old chips the Chinese would have found out and launched a smear campaign by now.

>>105990085
>fedposting on 4chan
You have to be over 18 to post here, please go back to your discord server.

>>105990102
What would have to happen before you concede IntelME isn't a problem? Will you still consider chips from 2010 backdoored in another 50 years?

>>105988175 (OP)
i've got a better solution

>>105990145
>IntelME isn't a problem

>>105990014
Yes, you can get around it. Most people don't. Buying chips over a decade old is a retarded non-starter. System76 makes librebooted & ME-disabled machines. It's not a part of my threat model so I don't care that much. In fact if you set aside the government spying part it's actually pretty based, MINIX 3 is a far more based and well-designed OS than Linux.

>>105990030
>ARM TrustZone
From what I understand this is just secure virtualization tech, but designed to run "alongside" the main OS instead of being controlled by it. Think Apple secure enclave or Google Titan but on the same chip as the main OS. The software running on it is still controlled by the OS distribution package, e.g. in Android this is another mini OS called Trusty. But the main OS can't really control it after it's launched, other than the intended IPC between it. It's used for DRM among other things. https://source.android.com/docs/security/features/trusty

>>105990145
https://desuarchive.org/g/thread/60250680
We had this debate before.
Cheap bait.

>>105990206
>Cheap bait.
I am actually raging at fags whining security is impossible because of IntelME instead of just buying hardware it can be disabled on and moving on if it is part of their threat model. The guy I replied to said to use ARM instead of an Intel chip instead and that is absolutely just schizophrenic rambling.

>>105989950
>If the government is your threat model

I wouldn't use any smartphone at all. Especially no phones where you can't take out the battery.

>>105990356
>use ARM instead of an Intel chip
Not what I said at all. I said Intel/AMD chips have backdoors, ARM don't. Didn't say which one to use generically, but I said GrapheneOS on Pixel is your only choice on mobile (not due to ARM chip but due to overall hardware+software security combination). Using ARM on desktop is retarded unless you sell your soul and fork out $1500+ for a decent-spec Mac. Windows ARM is a fucking joke. Linux is usable but good luck finding ARM hardware other than using Asahi or fucking Raspberry Pi.

The threat models and privacy/security landscapes of desktop and mobile are completely different. One is a stationary fucking tower that doesn't move, or at most a laptop you sometimes take with you, the other is a device that people literally never let out of arm's reach. Think about how much time per day on average your phone is not on your desk / in your pocket / in your hands / whatever. For some people that's literally zero.

I'm surprised you're so concerned of PRISM (which just shares internet/service traffic and data) yet so dismissive of hardware CPU backdoors. In reality neither of them matter in the grand scheme of things if you are using an Intel ME/AMD PSP disabled CPU or only using AppleID to download apps. Anyone in a sufficient position of power can extract any info they want from you using the wrench method.

>>105990500
As far as I'm aware airplane mode actually works on everything except iPhone and Samsung devices that prevent it from working for their stupid smarttag device networks.

>>105990559
I wouldn't risk it, if my life depends on it.

>>105990500
>I wouldn't use any smartphone at all.
If you don't need mobile communications don't use any phone. But if you need mobile communications, be advised that SMS and GSM calls have no encryption beyond the cell tower and can be trivially intercepted by the carrier or anyone in a position of power to coerce them (i.e. government). Either use Signal (requires a phone number) or XMPP with end-to-end-encryption (no phone number and truly decentralized). Conversations is a good Android XMPP client, it's on F-Droid.

>>105990559
I think on iOS you can turn it off by force-disabling BT & Wi-Fi after turning on airplane mode. But the main point of airplane mode is killing the cell radio, which it does properly AFAIK. But I agree with >>105990606 best solution is some kind of Faraday cage/bag to completely kill radio signals when not in use.

>>105990182
>>ARM TrustZone
>From what I understand this is just secure virtualization tech
It's literal glowie tech that runs signed code from ARM in parallel to your OS. It's not controlled in any way by your OS distribution any more than Intel ME firmware.
Trusty is an OS for doing DRM shit that runs in a "trusted environment" created by TrustZone, but it's not the actual firmware running in TrustZone.

ARM is as compromised as Intel or AMD.

>>105990536
ARM is backdoored as much as Intel/AMD is.

GrapheneOS on Pixel is additionally backdoored in the Titan chip.

>>105988175 (OP)
Recommend me some good, underground privacy people. Doesn't matter if they are on Mastodon, youtube, peertube, blog etc.

I just want some new privacy perspectives. Recently I have found out about Tech-Bore and nihilists blog. Recommend me more. Thanks!

>>105990709
>It's literal glowie tech that runs signed code from ARM in parallel to your OS
>>105990736
>ARM is backdoored as much as Intel/AMD is.

You're delusional. TrustZone is an *optional* isolation extension that is started voluntarily by the OS (in contrast to Intel ME and AMD PSP which are always running). The code running on it is *uploaded by the main OS* during the boot process then locked after bootup is complete. The "firmware" is the EL3 secure monitor whose singular task is to manage world switching and is restricted the same as any other firmware, via IOMMU. The trusted world does not get 99% of the peripherals including networking since they are assigned to the non-trusted world.

>backdoored in the Titan chip.
The Titan chip is the Pixel equivalent of Apple's secure enclave. Neither have main RAM/internet/peripheral access. They are both physically isolated from the main CPU and have their own isolated RAM region. It wouldn't make sense to connect them to the internet anyway - their literal task is to be as secure as possible even when the main CPU and TrustZone are compromised. They are responsible for data encryption and hardware-backed delays for passcode cooldowns, (Apple calls this lockboxes, Google/Android calls it Weaver keys) among other things. They're made to be resistant from physical attacks like glitching. It's quite literally the opposite of a backdoor - it's designed to be as secure as possible so even if you physically have the device and can access the chip you still can't get data out of the device.

The Indian chip is even largely open source: https://opentitan.org/book/sw/index.html

>>105991034
>nihilist
I kneel.
Maybe diggy, Schneier on Security, madaidan, Daniel Micay, the I2P devs on their IRC (check their I2P IRC archives), the lainchan autists

>>105991108
>being this knowledged about TrustZone
>https://opentitan.org/book/sw/index.html
>this spacing
HEY DANIEL MICAY! WELCOME TO 4CHAN MY NIGGER!

>>105991150
as if he has time to post here while working on GrapheneOS. I am way too busy for that.

Hahaha magic slide show collects all your information . Requires you to listen to pink Floyd.

>>105991199
?? Meds ??

>>105988175 (OP)
>don't have social media
>don't be a degenerate on Tor
>install adblock
Let me guess, you need more.

>>105991263
maybe a VM but nothing more

>>105989647
If I were you, I would give mullvad a try (or protonvpn free tier if you are poorfag). Not sure if regular VPNs will work though, so in case they don't, you will need a residential proxy. I use proxy-cheap for example (in case of any provider, make sure to buy static residential proxy).

>>105991108
>TrustZone is an *optional* isolation extension
>The code running on it is *uploaded by the main OS* during the boot process
Bullshit. It's loaded as part of bringup by the board firmware, and it keeps on running in the background the entire time the processor is running.
It's exactly as optional as Intel ME blobs, that is your board won't work without it, unless the board's manufacturer puts it in a magic mode - it's the same for disabling TrustZone as it is with the NSA bit for Intel ME.

>The Titan chip is the Pixel equivalent of Apple's secure enclave.
Literally backdoor running signed code with remote update capabilities. You're shilling for stripping choice away from users.

Go glow somewhere else.

>>105990182
>if you set aside the government spying part it's actually pretty based, MINIX 3 is a far more based and well-designed OS than Linux.
I am too stupid to understand what he means by this. Can someone explain?

>>105991434
>It's loaded as part of bringup by the board firmware
The secure monitor is, which is indeed a part of the firmware. But again it does nothing if you have no trusted OS running. It's entirely optional and standard desktop Linux on ARM makes no use of it.

>Literally backdoor running signed code with remote update capabilities.
How is it a backdoor? Just because it's signed? Would you rather it implement the passcode timeouts on the main CPU so a power glitch or vulnerability in Android can let attackers bypass the delay or device wipe, and crack your passcode in seconds? You're genuinely retarded if you think that a secondary chip running code updated by the main OS with no network/main RAM access is a backdoor. Are you also one of those braindamaged that think TPM is a backdoor?

>>105991444
The Intel ME runs an OS based off of MINIX 3, which is a highly reliable self-healing microkernel Unix-like OS. Everything runs in userspace and is restarted automatically - you can `kill -9` your network card driver and it will instantly restart with no packets lost. Torvalds was using an older (non-microkernel) version of it before he created Linux. Nowadays it's mostly dead unfortunately, since all the money and attention went to Linux after GNU chose it as their kernel.

Some reading:

https://en.wikipedia.org/wiki/Minix
https://minix3.org/
https://en.wikipedia.org/wiki/Tanenbaum%E2%80%93Torvalds_debate
https://www.cs.vu.nl/~ast/intel/

How much of Samsung Knox is marketing bullshit? I do think it is really fucking cool that the Secure folder automatically deletes itself if an efuse is blown and nothing else seems to have a feature like this but I don't know how useful that actually is since I would just factory reset my phone if any tamporing caused an efuse to blow.

>>105988366
How do you ensure you will be able to access all those files for the rest of your life?
What if all new tech will scan that shit and unless it's "verified" it wont open them and even report you?

>>105989288
It's made by a Hungarian. Weird to see.
Is it really usable?
I'm too braindead to manage complex stuff and it doesn't have the usual popups for permissions.

>>105989749
So the guy was wrong? Also I'm not a criminal so I'm not worried but I am curious I thought it was meant to be UNTRACEABLE and safe and all that ?

>>105991301
I was going to use NORD because it's apparently fast and I have a code to get 4 free months.