This video demonstrates how to install apps on a Google Pixel running GrapheneOS, detailing a setup refined over three years. The presenter emphasizes starting users should use the standard Play Store before transitioning to a more complex app installation system for enhanced privacy and control. The process involves using multiple app sources, setting up user profiles for separation, and maintaining security through methods like Orbot and anonymous Google accounts.

Key Points

Setup Disclaimer

The presenter advises beginners to initially use the standard Play Store for easy app access and to adapt more smoothly before attempting the outlined complex setup.

User Profiles

After installing GrapheneOS, users operate under an owner profile and can create additional profiles to separate app usage, enhancing privacy.

Using Orbot

Orbot, a free proxy service, is installed to route all traffic over the Tor network, ensuring user anonymity when accessing the Play Store and d

It is a somewhat common question to me: how do we write C in curl to make it safe and secure for billions of installations? Some precautions we take and decisions we make. There is no silver bullet, just guidelines. As I think you can see for yourself below they are also neither strange nor surprising.

The ‘c’ in curl does not and never did stand for the C programming language, it stands for client. ...

This is a excellent read, and If you work on a multi-person project, I highly recommend going through it.

Do you have a go bag?

Where do you keep it?

What is inside of it?

Build Your Own Darknet

Discover the simplest way to re-enter independent computing with our framework. Placing control directly at your fingertips.

Features of Clan

• Full-Stack System Deployment: Utilize Clan’s toolkit alongside Nix's reliability to build and manage systems effortlessly.
• Overlay Networks: Secure, private communication channels between devices.
• Virtual Machine Integration: Seamless operation of VM applications within the main operating system.
• Robust Backup Management: Long-term, self-hosted data preservation.
• Intuitive Secret Management: Simplified encryption and password management processes.

https://clan.lol/

https://git.clan.lol/clan/clan-core/

During our previous research on Android File-Based encryption, we studied the boot chain of some Samsung devices based on Mediatek system on chips. Our objective was to exploit a known boot ROM vulnerability to bypass the secure boot and ultimately retrieve the required ingredients to brute force the user credentials. Once we became familiar with this boot chain, we decided to take a closer look at a component coming later in the process: the Little Kernel bootloader (LK, also called BL3-3)....

By: Maxime Rossi Bellom & Raphael Neveu Additional Contributors: Damiano Melotti & Gabrielle Viala

Full Abstract and Presentation Materials: blackhat.com/us-24/briefings/schedule/#attacking-samsung-galaxy-a-boot-chain-and-beyond-38526

The security architecture of modern operating systems is intricate and layered. To effectively challenge these defenses, attackers must extensively audit the security policies of the operating system across various dimensions. In July 2023, the speaker redirected their focus from Android and IoT vulnerabilities to those within macOS. This transition was motivated by an intent to adapt methodologies typically employed by Android security researchers for use in macOS environments, which subsequently led to the identification of numerous vulnerabilities.

In this presentation, the speaker will introduce a generic method for escaping macOS application sandboxes.

Additionally, the speaker will discuss a permission granting mechanism on macOS

Moreover, macOS 14.0 introduced new TCC protections, preventing non-sandboxed apps from accessing the private container folders of sandboxed apps. Previously, executing a malicious non-sandboxed app could leak sensitive data from sandboxed apps like W

Location-based dating (LBD) apps enable users to meet new people nearby and online by browsing others' profiles, which often contain very personal and sensitive data. We systematically analyze 15 LBD apps on the prevalence of privacy risks that can result in abuse by adversarial users who want to stalk, harass, or harm others. Through a systematic manual analysis of these apps, we assess which personal and sensitive data is shared with other users, both as (intended) data exposure and as inadvertent yet powerful leaks in API traffic that is otherwise hidden from a user, violating their mental model of what they share on LBD apps.

As one finding of our research, 6 apps allow for pinpointing a victim's exact location, enabling physical threats to users' personal safety. All these data exposures and leaks—supported by easy account creation—enable targeted or large-scale, long-term, and stealthy profiling and tracking of LBD app users. While privacy policies acknowledge personal data proc

I love evelynburg.github.io

This is comparison of various payment methods. In my opinion the most important aspects are: (1) privacy, (2) fungibility and resilience to censorship and expropriation, (3) day-to-day convenience and acceptance.

Hacking backdoor backdoors by taking over abandoned C&C domains

Writeup - https://labs.watchtowr.com/more-governments-backdoors-in-your-backdoors/)

Youtube review - Low Level https://youtu.be/ST1frnx-5Nw

Ideal for archiving important data, such as password vault keys, in case of death information, swiss bank accounts, etc. The key can be distributed amongst trusted parties, so no single person can access, but if they cooperate it could be resurrected.

paperback is a paper-based backup scheme that is secure and easy-to-use. Backups are encrypted, and the secret key is split into numerous "key shards" which can be stored separately (by different individuals), removing the need for any individual to memorise a secret passphrase.

A hardware secure token that requires a fingerprint to unlock adds another factor to your secure authentication.

• Something you have
• Something you are

Even if the key falls out of your control, the fingerprint reader would render it useless

yubico

I'm a big fan of yubikeys, they have the bio series with built in fingerprint reader, and now the multi-protocol edition is not only webauthn fido2, it acts as a smartcard/PIV (i.e. ssh keys) Tech Details

The one annoying thing is the multi-protocol version isn't generally available, the fido2 edition is available

feitian

also provides fingerprint fido2 keys, but I'm not familiar with their security reputation https://shop.ftsafe.us/collections/fido-security-key-biometric

others

Any other biometric key options?

BusKill - A clip on device that when disconnected from a computer will trigger a fail safe event on the computer, such as locking the computer, shutting down, or any script you care for. Totally open source, both hardware and software.

If your a digital nomad or use a computer in public, this might be of interest.

https://www.buskill.in/ https://github.com/BusKill

You can even build it yourself

https://docs.buskill.in/buskill-app/en/stable/hardware_dev/bom.html

If you want to purchase a prebuilt model, they do accept crypto!