overview for liminal

A user created a thread in this lemmy community remarking that the Tor Browser has a personally identifiable fingerprint under normal settings (the "Standard" and "Safer" modes make you fingerprintable), with several commenters doing the same test and reporting the same. The user who created this post also said that on the privacy guides forum posts about this topic are being deleted.

The poster could try to provide proof. Has at least one of these posts been archived (on archive.is or archive.org)?

Does anyone build GrapheneOS "from scratch"? in c/privacy@lemmy.ml

[–] liminal@lemmy.ml 1 points 1 month ago* (last edited 1 month ago)

I'm assuming GrapheneOS isn't backdoored. If a new release were backdoored, I would have a non-zero chance to catch it while reviewing commit diffs, but the chance of catching it would be zero if I instead used auto-update and let the devs push whatever signed binary they wanted.

Does anyone build GrapheneOS "from scratch"? in c/privacy@lemmy.ml

[–] liminal@lemmy.ml 6 points 1 month ago* (last edited 1 month ago) (2 children)

The fact that devs sign the builds doesn't protect you from a Jia Tan type of actor. Jia Tan had social-engineered they way to a maintainer and then dropped their backdoor in the .tar releases. If you had compiled from the tree you couldn't be affected. It's possible to fail to review malicious commits even in this case, but it is still more transparent than pre-packaged releases. And there's no point to reproducible builds if no one actually reproduces them.

44

Does anyone build GrapheneOS "from scratch"? (lemmy.ml)

submitted 1 month ago* (last edited 1 month ago) by liminal@lemmy.ml to c/privacy@lemmy.ml

12 comments fedilink

I'm wondering what would be necessary to build GrapheneOS releases yourself, and regularly update your phone from your own servers, with your builds. The server for apps.grapheneos.org should also be replaced. Has anyone done this?

The documentation for GrapheneOS has a section about how to reproduce builds:

https://grapheneos.org/build#reproducible-builds

But it would be more involved than that.

1

Wintrust DLL when building from source (lemmy.ml)

submitted 2 months ago by liminal@lemmy.ml to c/GenP@lemmy.dbzer0.com

0 comments fedilink

Hello, I've built GenP from source and was able to obtain the dependencies (UPX, AutoIt) from official sources for security reasons. The wintrust DLL is a dependency I could not obtain myself.

The file needs to be unmodified and original. I've googled the hashes (wintrust.dll - 1b3bf770d4f59ca883391321a21923ae) and could not find mentions of this version. My Windows 11 installation comes with its own version (in System32) but the file size is quite different and it's obviously a much newer version.

Thanks!

Tuvix Tricorder - An RSS Button For The Web in c/selfhosted@lemmy.world

[–] liminal@lemmy.ml 3 points 3 months ago

Just the button: https://github.com/aureliendavid/rsspreview

0

Your mobile device NEEDS firewall profiles (lemmy.ml)

submitted 1 year ago* (last edited 1 year ago) by liminal@lemmy.ml to c/privacy@lemmy.ml

1 comments fedilink

Does the school you go to need to know that you have the Signal app installed on your phone, checking with the Signal servers in the background for new messages? Even if you chose to use a VPN to tunnel your traffic entirely, is there no other option but for your employer to witness you connected to a foreign VPN server? If you connected to a point at your home, even that could be interpreted that you have something hide.

You could have two phones with different sets of apps in your pocket (one for “business” and one for everything else), but you if you don’t want that you have to ask:

Is there a firewall for Android that can block your usual traffic from leaving the device, by turning on a specific profile based on something like the Wi-Fi name? There are quite a few traffic blockers, such as RethinkDNS, Netguard, or personalDNSfilter, but they assume you want to block the same set of traffic regardless of time and place.