- | Type |
- Hardware |
- Description |
- Source model
+
+
+
+
+
+
+
+
+
+ | Type |
+ Hardware |
+ Description |
+ Source model
+
+ (License - SPDX) |
+
+
+ | Smartphone |
+ 
+
+ Google Pixel |
+ Google Pixel devices are the best Android devices
+ available on the market for
+ security and privacy.
+
+ They allow locking the bootloader with a
+ custom Android Verified Boot (AVB) key in order to
+ preserve security and privacy features when installing a
+ custom operating system, such as verified boot which verifies that the OS has not
+ been corrupted or tampered with, and
+ rollback protection which prevents an adversary
+ from rolling back the OS or firmware version to a
+ previous version with known security vulnerabilities.
+
+ They also include a
+ hardware security module (Titan M2, improving on
+ the previous generation Titan M) which is extremely resistant to both
+ remote and physical attacks due to being completely
+ isolated from the rest of the system, including the
+ operating system. Titan M2 ensures that the device
+ cannot be remotely compromised by requiring the side
+ buttons of the device to be physically pressed for some
+ sensitive operations. Titan M2 also takes the role of
+ Android StrongBox Keymaster,
+ a hardware-backed Keystore containing sensitive user
+ keys which are unavailable to the OS or apps running on
+ it without authorisation from Titan M2 itself.
+ Insider attack resistance ensures that Titan M2
+ firmware can be flashed only if the user PIN/password is
+ already known, making it impossible to backdoor the
+ device without already knowing these secrets.
+
+ Google Pixel device kernels are compiled with
+ forward-edge control-flow integrity and
+ backward-edge control-flow integrity to prevent
+ code reuse attacks against the kernel. MAC address
+ randomisation is
+ implemented well, along with minimal probe requests and
+ randomised initial sequence numbers.
+
+ Google releases
+ guaranteed monthly security updates, ensuring
+ Google Pixel devices are up-to-date and quickly
+ protected against security vulnerabilities.
+
+ Pixel 6-series and 7-series devices are a large
+ improvement over the already very secure and private
+ previous generation Pixel devices. They replace
+ ARM-based Titan M with RISC-V-based Titan M2, reducing
+ trust by removing ARM from the equation. Titan M2 is
+ more resiliant to attacks than Titan M, and is
+ AVA_VAN.5 certified, the highest level of
+ vulnerability assessment. Google's in-house Tensor SoC
+ includes Tensor Security Core, further improving device
+ security.
+
+ Pixel 6-series and 7-series devices are supported for a
+ minimum of 5 years from launch, an increase from
+ previous generations'
+ support lifecycles of 3 years. |
+
+
+
+
+
+
+
+
+
+
+
+ | Type |
+ Software |
+ Description |
+ Source model
+
+ (License - SPDX) |
+
+
+ | Operating system |
+ 
+
+ Gentoo Linux |
+ Gentoo Linux is a highly modular, source-based
+ Linux-based operating system which allows vast
+ customisation to tailor the operating system to suit
+ your specific needs. There are many advantages to such
+ an operating system, with the most notable being the
+ ability to optimise the software for security, privacy,
+ performance, or power usage; however, there are
+ effectively unlimited other use cases, or a combination
+ of multiple use cases.
+
+ I have focused on security hardening and privacy
+ hardening, placing performance below those aspects,
+ although my system is still very performant. Some of the
+ hardening I apply includes
+ stack protection,
+ signed integer overflow wrapping, and GrapheneOS'
+ hardened_malloc memory allocator.
+
+ You can find my personal Gentoo Linux configurations in
+ my personal
+ configuration respository. |
+ Open source
+
+ (GPL-2.0-only) |
+
+
+ | Web browser |
+ 
+
+ Chromium |
+ Chromium is a highly secure web browser which is
+ often ahead of other web browsers in security aspects.
+ It has a dedicated security team and a very impressive
+ security brag sheet.
+ Chromium's security features include a strong
+ multi-layer sandbox,
+ strong site isolation,
+ Binding Integrity memory hardening, and
+ control-flow integrity (CFI). |
+ Open source
+
+ (BSD-3-Clause) |
+
+
+
- (License - SPDX) |
-
-
- | Smartphone |
- 
+
+
+
+
+ | Type |
+ Software |
+ Description |
+ Source model
+
+ (License - SPDX) |
+
+
+ | Operating system |
+ 
+
+ GrapheneOS |
+ GrapheneOS is a security-hardened,
+ privacy-hardened, secure-by-default Android-based
+ operating system which implements extensive, systemic
+ security and privacy hardening to the Android Open
+ Source Project used as its base codebase. Its hardening
+ includes closing gaps for apps to access sensitive
+ system information, a secure app spawning feature which
+ avoids sharing address space layout and other secrets
+ AOSP's default Zygote app spawning model would share,
+ hardened kernel, hardened memory allocator
+ (hardened_malloc) to protect against common memory
+ corruption vulnerabilties,
+ hardened Bionic standard C library,
+ stricter SELinux policies, and local and remote
+ hardware-backed attestation
+ (Auditor) to ensure the OS has not been corrupted or
+ tampered with.
+
+ GrapheneOS only supports
+ high security and well-supported devices which
+ receive full support from their manufacturers, including
+ firmware updates, long support lifecycles, secure
+ hardware, and overall high security practices.
+
+ For an extensive list of features GrapheneOS provides,
+ visit its
+ official features list which provides extensive
+ documentation. |
+ Open source
+
+ (MIT) |
+
+
+ | Web browser |
+ 
+
+ Vanadium |
+ Vanadium is a security-hardened, privacy-hardened
+ Chromium-based web browser which utilises GrapheneOS'
+ operating system hardening to implement stronger
+ defenses to the already very secure Chromium web
+ browser. Its hardening alongside Chromium's base
+ security features includes
+ disabling JavaScript just-in-time (JIT) compilation by
+ default,
+ stubbing out the battery status API to prevent abuse of
+ it, and
+ always-on Incognito mode as an option.
+
+ Vanadium's source code, including its Chromium patchset,
+ can be found in its
+ official repository. |
+ Open source
+
+ (GPL-2.0-only) |
+
+
+ | Messenger |
+ 
+
+ Molly |
+ Molly is a security-hardened, privacy-hardened
+ Signal client which hardens Signal by using a
+ variety of
+ unique features, allowing
+ locking the database when not in use, and
+ utilising Android StrongBox to protect user keys
+ using the device's hardware security module.
+
+ Molly is available in
+ 2 flavours:
+
+ - Molly, which includes the same
+ proprietary Google code as Signal to
+ support more features.
+
+ - Molly-FOSS, which removes the
+ proprietary Google code to provide an
+ entirely open-source client.
+
+ |
+ Open source
+
+ (GPL-3.0-only) |
+
+
+ | Messenger |
+ 
+
+ Conversations |
+ Conversations is a well-designed Android
+ XMPP client which serves as the de facto XMPP
+ reference client and has great usability. |
+ Open source
+
+ (GPL-3.0-only) |
+
+
+
- Google Pixel |
- Google Pixel devices are the best Android devices available on the market for
- security and privacy.
- They allow locking the bootloader with a
- custom Android Verified Boot (AVB) key in order to preserve security and privacy
- features when installing a custom operating system, such as
- verified boot which verifies that the OS has not been corrupted or tampered with,
- and
- rollback protection which prevents an adversary from rolling back the OS or
- firmware version to a previous version with known security vulnerabilities.
-
- They also include a
- hardware security module (Titan M2, improving on the previous generation
- Titan M) which is extremely resistant to both remote and physical attacks due to
- being completely isolated from the rest of the system, including the operating system.
- Titan M2 ensures that the device cannot be remotely compromised by requiring the side
- buttons of the device to be physically pressed for some sensitive operations. Titan M2
- also takes the role of
- Android StrongBox Keymaster,
- a hardware-backed Keystore containing sensitive user keys which are unavailable to
- the OS or apps running on it without authorisation from Titan M2 itself.
- Insider attack resistance ensures that Titan M2 firmware can be flashed only if the
- user PIN/password is already known, making it impossible to backdoor the device without
- already knowing these secrets.
-
- Google Pixel device kernels are compiled with
- forward-edge control-flow integrity and
- backward-edge control-flow integrity to prevent code reuse attacks against the
- kernel. MAC address randomisation is
- implemented well, along with minimal probe requests and randomised initial sequence
- numbers.
-
- Google releases
- guaranteed monthly security updates, ensuring Google Pixel devices are up-to-date
- and quickly protected against security vulnerabilities.
-
- Pixel 6-series and 7-series devices are a large improvement over the already very
- secure and private previous generation Pixel devices. They replace ARM-based Titan M
- with RISC-V-based Titan M2, reducing trust by removing ARM from the equation. Titan M2
- is more resiliant to attacks than Titan M, and is
- AVA_VAN.5 certified, the highest level of vulnerability assessment. Google's
- in-house Tensor SoC includes Tensor Security Core, further improving device security.
-
- Pixel 6-series and 7-series devices are supported for a
- minimum of 5 years from launch, an increase from previous generations'
- support lifecycles of 3 years. |
-
- 
