- Inferencium-
-
- - - - - -
Inferencium website.
-All content is licensed under BSD-3-Clause-Clear license*.
-
-*Exceptions:
-
All files are checked for security issues; however, it is always the user's responsibility to
-audit the code before installing and/or executing it.
-
-Inferencium takes no responsibility for any security issues which may arise due to usage of this
-repository.
Development branch. All pre-alpha development and alpha testing happens here.
-
-
Beta branch. All beta testing happens here.
-Stable branch. Complete and stable versions are stored here.
-
diff --git a/about.html b/about.html
deleted file mode 100644
index 9a27dfd..0000000
--- a/about.html
+++ /dev/null
@@ -1,413 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
I am Jake Winters, also known by my pseudonym "Inference", a cybersecurity researcher based in
- United Kingdom.
- I am the founder, lead developer, and administrator, of Inferencium.
- All opinions are my own, and are not necessarily shared with projects or people I am
- affiliated with.
-
-
I write about my research and experience in cybersecurity and also physical security. - Most of my postings are security-related, but I occasionally post about other aspects of my - life.
-I am an open source advocate for the preservation and modifiability of source code. I
- believe source code should be considered human knowledge as much as past knowledge and
- teachings were; it is how modern humanity survives and runs.
- Source code being modifiable allows it to be adapted for use by anyone, whether to add
- features, harden it for increased security and/or privacy, or provide accessibility for
- disabled users.
- I am also a modular design advocate for the ability to securely and robustly make changes to
- hardware and software without the entire system being affected.
If you want to contact me for any reason, you can use my - contact methods.
-| Type | -Hardware | -Description | -Source model - - (License - SPDX) |
-
| Smartphone | - - - Google Pixel |
- Google Pixel devices are the best Android devices available on the market for
- security and privacy. - - They allow locking the bootloader with a - custom Android Verified Boot (AVB) key in order to preserve security and privacy - features when installing a custom operating system, such as - verified boot which verifies that the OS has not been corrupted or tampered with, - and - rollback protection which prevents an adversary from rolling back the OS or - firmware version to a previous version with known security vulnerabilities. - - They also include a - hardware security module (Titan M2, improving on the previous generation - Titan M) which is extremely resistant to both remote and physical attacks due to - being completely isolated from the rest of the system, including the operating system. - Titan M2 ensures that the device cannot be remotely compromised by requiring the side - buttons of the device to be physically pressed for some sensitive operations. Titan M2 - also takes the role of - Android StrongBox Keymaster, - a hardware-backed Keystore containing sensitive user keys which are unavailable to - the OS or apps running on it without authorisation from Titan M2 itself. - Insider attack resistance ensures that Titan M2 firmware can be flashed only if the - user PIN/password is already known, making it impossible to backdoor the device without - already knowing these secrets. - - Google Pixel device kernels are compiled with - forward-edge control-flow integrity and - backward-edge control-flow integrity to prevent code reuse attacks against the - kernel. MAC address randomisation is - implemented well, along with minimal probe requests and randomised initial sequence - numbers. - - Google releases - guaranteed monthly security updates, ensuring Google Pixel devices are up-to-date - and quickly protected against security vulnerabilities. - - Pixel 6-series and 7-series devices are a large improvement over the already very - secure and private previous generation Pixel devices. They replace ARM-based Titan M - with RISC-V-based Titan M2, reducing trust by removing ARM from the equation. Titan M2 - is more resiliant to attacks than Titan M, and is - AVA_VAN.5 certified, the highest level of vulnerability assessment. Google's - in-house Tensor SoC includes Tensor Security Core, further improving device security. - - Pixel 6-series and 7-series devices are supported for a - minimum of 5 years from launch, an increase from previous generations' - support lifecycles of 3 years. |
-
| Type | -Software | -Description | -Source model - - (License - SPDX) |
-
| Operating system | - - - Gentoo Linux |
- Gentoo Linux is a highly modular, source-based Linux-based operating system which
- allows vast customisation to tailor the operating system to suit your specific needs.
- There are many advantages to such an operating system, with the most notable being the
- ability to optimise the software for security, privacy, performance, or power usage;
- however, there are effectively unlimited other use cases, or a combination of multiple
- use cases. - - I have focused on security hardening and privacy hardening, placing performance below - those aspects, although my system is still very performant. Some of the hardening I - apply includes - stack protection, - signed integer overflow wrapping, and GrapheneOS' - hardened_malloc memory allocator. - - You can find my personal Gentoo Linux configurations in my personal - configuration respository. |
- Open source - - (GPL-2.0-only) |
-
| Web browser | - - - Chromium |
- Chromium is a highly secure web browser which is often ahead of other web browsers - in security aspects. It has a dedicated security team and a very impressive - security brag sheet. - Chromium's security features include a strong - multi-layer sandbox, - strong site isolation, - Binding Integrity memory hardening, and - control-flow integrity (CFI). | -Open source - - (BSD-3-Clause) |
-
| Type | -Software | -Description | -Source model - - (License - SPDX) |
-
| Operating system | - - - GrapheneOS |
- GrapheneOS is a security-hardened, privacy-hardened, secure-by-default
- Android-based operating system which implements extensive, systemic security and privacy
- hardening to the Android Open Source Project used as its base codebase. Its hardening
- includes closing gaps for apps to access sensitive system information, a secure app
- spawning feature which avoids sharing address space layout and other secrets AOSP's
- default Zygote app spawning model would share,
- hardened kernel, hardened memory allocator
- (hardened_malloc) to protect against common memory corruption vulnerabilties,
- hardened Bionic standard C library,
- stricter SELinux policies, and local and remote hardware-backed attestation
- (Auditor) to ensure the OS has not been corrupted or tampered with. - - GrapheneOS only supports - high security and well-supported devices which receive full support from their - manufacturers, including firmware updates, long support lifecycles, secure hardware, and - overall high security practices. - - For an extensive list of features GrapheneOS provides, visit its - official features list which provides extensive documentation. |
- Open source - - (MIT) |
-
| Web browser | - - - Vanadium |
- Vanadium is a security-hardened, privacy-hardened Chromium-based web browser which
- utilises GrapheneOS' operating system hardening to implement stronger defenses to the
- already very secure Chromium web browser. Its hardening alongside Chromium's base
- security features includes
- disabling JavaScript just-in-time (JIT) compilation by default,
- stubbing out the battery status API to prevent abuse of it, and
- always-on Incognito mode as an option. - - Vanadium's source code, including its Chromium patchset, can be found in its - official repository. |
- Open source - - (GPL-2.0-only) |
-
| Messenger | - - - Molly |
- Molly is a security-hardened, privacy-hardened
- Signal client which hardens Signal by using a variety of
- unique features, allowing
- locking the database when not in use, and
- utilising Android StrongBox to protect user keys using the device's hardware
- security module. - - Molly is available in - 2 flavours: -
- |
- Open source - - (GPL-3.0-only) |
-
| Messenger | - - - Conversations |
- Conversations is a well-designed Android - XMPP client which serves as the de facto XMPP reference client and has great - usability. | -Open source - - (GPL-3.0-only) |
-
- I have phased out usage of obsolete, insecure PGP for all contact methods.
-- I have phased out usage of email, including TLS-encrypted email.
-Whenever possible, use the following contact methods; they allow verification to mitigate man-in-the-middle
- attacks, have high security, and reasonable privacy.
-
-
Use the
- keys for each contact method to verify my devices.
- Note: Verification does not verify a person, only their devices, and can be defeated via coercion or other
- force.
Signal
-
- +447549902964
-
XMPP
-
- inference@inferencium.net
- (Key)
-
-
-
-
-
If metadata leakage is an issue for you, you can use the following contact methods.
-
- Note: These services do not have verification functionality and will be treated as less secure; unless
- you really need to use these services, use a preferred method instead.
Briar
-
- Unavailable
Session
-
- Unavailable
Updated: 2022-11-15 (UTC+00:00)
-
-
- Unavailable
-
- Updated: 2022-11-15 (UTC+00:00)
-
- Unavailable
-
- Updated: 2022-11-14 (UTC+00:00)
-
- +447549902964
-
- Updated: 2022-12-05 (UTC+00:00)
-Whenever possible, open the links to pin the fingerprint directly from this webpage. If - that is not possible, manually verify the fingerprints.
-
- 1bd03c6a 5e011655 2fafd697 da4fce70 63de5a83 a264a34a fcce78fe 6b06820c
-
-
- bf2aa069 2bb90210 aee7e17c e3d90127 cfe3502a 6450f8ab e76dbbb0 e5864b7a
-
- Note: Verification does not verify a person, only their devices, and can be defeated via coercion or other - force.
- XMPPUpdated: 2023-01-13 (UTC+00:00)
-Whenever possible, open the links to pin the fingerprints directly from this webpage. If - that is not possible, manually verify the fingerprints.
-
- 1bd03c6a 5e011655 2fafd697 da4fce70 63de5a83 a264a34a fcce78fe 6b06820c
-
-
- bf2aa069 2bb90210 aee7e17c e3d90127 cfe3502a 6450f8ab e76dbbb0 e5864b7a
-
- Updated: 2023-01-13 (UTC+00:00)
-
- SHA256:9Pl0nZ2UJacgm+IeEtLSZ4FOESgP1eKCtRflfPfdX9M
-
-
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINs8UH2hVmNSg0qKig/9ZQt07IuOHsorRfw1doEgMuJ8
-
-