diff --git a/about.html b/about.html index 2d28c5c..e55a8b1 100644 --- a/about.html +++ b/about.html @@ -5,7 +5,7 @@ - + @@ -33,25 +33,23 @@

About Me

I am Inference, a cybersecurity researcher based in United Kingdom.
- I am the founder, lead developer, and administrator, of Inferencium, a - security-focused, privacy-focused, brand of software.
- All opinions are my own, and are not necessarily shared with projects or - people I am affiliated with.
+ I am the founder, lead developer, and administrator, of Inferencium, a security-focused, + privacy-focused, brand of software.
+ All opinions are my own, and are not necessarily shared with projects or people I am + affiliated with.

-

I write about my research and experience in cybersecurity and also physical - security. Most of my postings are security-related, but I occasionally post - about other aspects of my life.

+

I write about my research and experience in cybersecurity and also physical security. + Most of my postings are security-related, but I occasionally post about other aspects of my + life.


-

I am an open source advocate for the preservation and modifiability of - source code. I believe source code should be considered human knowledge as - much as past knowledge and teachings were; it is how modern humanity - survives and runs.
- Source code being modifiable allows it to be adapted - for use by anyone, whether to add features, harden it for increased security - and/or privacy, or provide accessibility for disabled users.
- I am also a modular design advocate for the ability to securely and - robustly make changes to hardware and software without the entire system - being affected.

+

I am an open source advocate for the preservation and modifiability of source code. I + believe source code should be considered human knowledge as much as past knowledge and + teachings were; it is how modern humanity survives and runs.
+ Source code being modifiable allows it to be adapted for use by anyone, whether to add + features, harden it for increased security and/or privacy, or provide accessibility for + disabled users.
+ I am also a modular design advocate for the ability to securely and robustly make changes to + hardware and software without the entire system being affected.


If you want to contact me for any reason, you can use my Smartphone -
+

Google Pixel 6 - Google Pixel devices are the best Android devices available on - the market for - Google Pixel devices are the best Android devices available on the market for + security and privacy.

They allow locking the bootloader with a - custom Android Verified Boot (AVB) key in order to preserve security and privacy features when installing a custom - operating system, such as - verified boot which verifies that the OS has not been corrupted or tampered with, and - rollback protection which prevents an adversary from rolling back the OS or firmware version to a - previous version with known security vulnerabilities.
+ custom Android Verified Boot (AVB) key in order to preserve security and privacy + features when installing a custom operating system, such as + verified boot which verifies that the OS has not been corrupted or tampered with, + and + rollback protection which prevents an adversary from rolling back the OS or + firmware version to a previous version with known security vulnerabilities.

They also include a - hardware security module (Titan M2, improving on the previous generation - Titan M) which is extremely resistant to both remote and physical attacks due to being - completely isolated from the rest of the system, including the operating system. - Titan M2 ensures that the device cannot be remotely compromised by requiring the - side buttons of the device to be physically pressed for some sensitive operations. - Titan M2 also takes the role of - Titan M) which is extremely resistant to both remote and physical attacks due to + being completely isolated from the rest of the system, including the operating system. + Titan M2 ensures that the device cannot be remotely compromised by requiring the side + buttons of the device to be physically pressed for some sensitive operations. Titan M2 + also takes the role of + Android StrongBox Keymaster, a hardware-backed Keystore containing sensitive user keys which are unavailable to the OS or apps running on it without authorisation from Titan M2 itself. - Insider attack resistance ensures that Titan M2 firmware can be flashed only if the user PIN/password - is already known, making it impossible to backdoor the device without already knowing - these secrets.
+ Insider attack resistance ensures that Titan M2 firmware can be flashed only if the + user PIN/password is already known, making it impossible to backdoor the device without + already knowing these secrets.

Google Pixel device kernels are compiled with - forward-edge control-flow integrity and - backward-edge control-flow integrity to prevent code reuse attacks against - the kernel. MAC address randomisation is - implemented well, along with minimal probe requests and randomised initial sequence numbers.
+ backward-edge control-flow integrity to prevent code reuse attacks against the + kernel. MAC address randomisation is + implemented well, along with minimal probe requests and randomised initial sequence + numbers.

Google releases guaranteed monthly security updates, ensuring Google Pixel devices are - up-to-date and quickly protected against security vulnerabilities.
+ >guaranteed monthly security updates, ensuring Google Pixel devices are up-to-date + and quickly protected against security vulnerabilities.

Pixel 6-series devices are a large improvement over the already very secure and private - previous generation Pixel devices. They replace ARM-based Titan M with RISC-V-based Titan M2, - reducing trust by removing ARM from the equation. Titan M2 is more resiliant to attacks than - Titan M, and is - AVA_VAN.5 certified, the highest level of vulnerability assessment. Google's in-house Tensor SoC includes Tensor Security Core, further improving device security.

Pixel 6-series devices are supported for a - minimum of 5 years from launch, an increase from - previous generations' - minimum of 5 years from launch, an increase from previous generations' + support lifecycles of 3 years. @@ -156,16 +169,17 @@ Operating system -
+

Gentoo Linux Gentoo Linux is a highly modular, source-based Linux-based operating system - which allows vast customisation to tailor the operating system to suit your specific - needs. There are many advantages to such an operating system, with the most notable - being the ability to optimise the software for security, privacy, performance, - or power usage; however, there are effectively unlimited other use cases, or a - combination of multiple use cases.
+ >Gentoo Linux is a highly modular, source-based Linux-based operating system which + allows vast customisation to tailor the operating system to suit your specific needs. + There are many advantages to such an operating system, with the most notable being the + ability to optimise the software for security, privacy, performance, or power usage; + however, there are effectively unlimited other use cases, or a combination of multiple + use cases.

I have focused on security hardening and privacy hardening, placing performance below those aspects, although my system is still very performant. Some of the hardening I @@ -177,7 +191,7 @@ hardened_malloc memory allocator.

- You can find my personal Gentoo Linux configuration in my personal + You can find my personal Gentoo Linux configurations in my personal configuration respository. Open source
@@ -186,23 +200,26 @@ Web browser -
+

Chromium Chromium is a highly secure web browser which is often ahead of other - web browsers in security aspects. It has a dedicated security team and a - very impressive + >Chromium is a highly secure web browser which is often ahead of other web browsers + in security aspects. It has a dedicated security team and a very impressive security brag sheet. Chromium's security features include a strong multi-layer sandbox, - strong site isolation, - Binding Integrity memory hardening, and - control-flow integrity (CFI). Open source

@@ -221,17 +238,17 @@ Operating system -
+

GrapheneOS GrapheneOS is a security-hardened, privacy-hardened, secure-by-default - Android-based operating system which implements extensive, systemic security - and privacy hardening to the Android Open Source Project used as its base - codebase. Its hardening includes closing gaps for apps to access sensitive - system information, a secure app spawning feature which avoids sharing address - space layout and other secrets AOSP's default Zygote app spawning model would - share, + Android-based operating system which implements extensive, systemic security and privacy + hardening to the Android Open Source Project used as its base codebase. Its hardening + includes closing gaps for apps to access sensitive system information, a secure app + spawning feature which avoids sharing address space layout and other secrets AOSP's + default Zygote app spawning model would share, hardened kernel, hardened memory allocator ( GrapheneOS only supports high security and well-supported devices which receive - full support from their manufacturers, including firmware updates, long support - lifecycles, secure hardware, and overall high security practices.
+ >high security and well-supported devices which receive full support from their + manufacturers, including firmware updates, long support lifecycles, secure hardware, and + overall high security practices.

For an extensive list of features GrapheneOS provides, visit its Web browser -
+

Vanadium - Vanadium is a security-hardened, privacy-hardened Chromium-based web browser - which utilises GrapheneOS' operating system hardening to implement stronger - defenses to the already very secure Chromium web browser. Its hardening alongside - Chromium's base security features includes - Vanadium is a security-hardened, privacy-hardened Chromium-based web browser which + utilises GrapheneOS' operating system hardening to implement stronger defenses to the + already very secure Chromium web browser. Its hardening alongside Chromium's base + security features includes + disabling JavaScript just-in-time (JIT) compilation by default, - stubbing out the battery status API to prevent abuse of it, and - always-on Incognito mode as an option.

Vanadium's source code, including its Chromium patchset, can be found in its @@ -281,7 +302,8 @@ Messenger -
+

Molly Signal client which hardens Signal by using a variety of unique features, allowing - locking the database when not in use, and - utilising Android StrongBox to protect user keys using the device's - hardware security module.
+ utilising Android StrongBox to protect user keys using the device's hardware + security module.

Molly is available in - 2 flavours: