From e690a544981d316a3d044e9ef52418426aebabae Mon Sep 17 00:00:00 2001 From: inference Date: Tue, 6 Feb 2024 01:21:39 +0000 Subject: [PATCH] Reformat section "Recommendations" to conform to code style Add subsections for each recommendation type, fix section IDs and corresponding heading links, and change line lengths to conform to code style. --- about.xhtml | 673 +++++++++++++++++++++++++++------------------------- 1 file changed, 356 insertions(+), 317 deletions(-) diff --git a/about.xhtml b/about.xhtml index 727dc8e..af4e77b 100644 --- a/about.xhtml +++ b/about.xhtml @@ -1,7 +1,7 @@ - + @@ -367,322 +367,361 @@

Recommendations

-

Hardware

-

Smartphone

-
- - - - - - - - - - - - - -
TypeHardwareDescriptionSource model
- (License)
Smartphone - Front and rear view of a Google Pixel 8 Pro in Obsidian colour
- Google Pixel - 		-
Security/Privacy
-

Google Pixel devices are the best Android - devices available on the market for - security and privacy.

-

They allow locking the bootloader with a - custom Android Verified Boot (AVB) key - in order to preserve security and privacy - features when installing a custom operating - system, such as - verified boot - which verifies that the OS has not been - corrupted or tampered with, and - rollback protection - which prevents an adversary from rolling - back the OS or firmware version to a - previous version with known security - vulnerabilities.

-

They also include a - hardware security module - (Titan M2, improving on the previous - generation - Titan M) - which is extremely resistant to both remote - and physical attacks due to being completely - isolated from the rest of the system, - including the operating system. Titan M2 - ensures that the device cannot be remotely - compromised by requiring the side buttons of - the device to be physically pressed for some - sensitive operations. Titan M2 also takes - the role of - Android StrongBox Keymaster, - a - hardware-backed Keystore - containing sensitive user keys which are - unavailable to the OS or apps running on it - without authorisation from Titan M2 itself. - Insider attack resistance - ensures that Titan M2 firmware can be - flashed only if the user PIN/password is - already known, making it impossible to - backdoor the device without already knowing - these secrets.

-

Google Pixel device kernels are compiled - with - forward-edge control-flow integrity - and - backward-edge control-flow integrity - to prevent code reuse attacks against the - kernel. MAC address randomisation is - implemented well, along with minimal probe requests and randomised initial sequence numbers.

-

Google releases - guaranteed monthly security updates, - ensuring Google Pixel devices are up-to-date - and quickly protected against security - vulnerabilities.

-

Pixel 6-series and 7-series devices are a - large improvement over the already very - secure and private previous generation Pixel - devices. They replace ARM-based Titan M with - RISC-V-based Titan M2, reducing trust by - removing ARM from the equation. Titan M2 is - more resiliant to attacks than Titan M, and - is - AVA_VAN.5 certified, - the highest level of vulnerability - assessment. Google's in-house Tensor - System-on-Chip includes Tensor Security - Core, further improving device security.

-

Pixel 8-series includes Armv9's - Memory Tagging Extension, - which dramatically increases device security - by eliminating up to 95% of all security - issues caused by memory-unsafety.

-
Support
-

Pixel 5a is supported for a - minimum of 3 years from launch.

-

Pixel 6-series, Pixel 7-series, Pixel - Fold, and Pixel Tablet are supported for a - minimum of 5 years from launch.

-

Pixel 8-series is supported for a - minimum of 7 years from launch.

- 		-
-
-

Software

-

Desktop

-
- - - - - - - - - - - - - - - - - - - -
TypeSoftwareDescriptionSource model
- (License)
Operating system - Gentoo Linux logo
- Gentoo Linux - 		-

Gentoo Linux - is a highly modular, source-based, Linux-based - operating system which allows vast customisation to - tailor the operating system to suit your specific - needs. There are many advantages to such an - operating system, with the most notable being the - ability to optimise the software for security, - privacy, performance, or power usage; however, there - are effectively unlimited other use cases, or a - combination of multiple use cases.

-

I have focused on security hardening and privacy - hardening, placing performance below those aspects, - although my system is still very performant. Some of - the hardening I apply includes - stack protection, - signed integer overflow trapping, - and GrapheneOS' - hardened_malloc - memory allocator.

-

You can find my Gentoo Linux configurations in my - configuration respository.

- 		- Open-source
- (GPL-2.0-only) -
Web browser - Chromium logo
- Chromium - 		-

Chromium - is a highly secure web browser which is often ahead - of other web browsers in security aspects. It has a - dedicated security team and a very impressive - security brag sheet. - Chromium's security features include a strong - multi-layer sandbox, - strong - site isolation, - Binding Integrity - memory hardening, and - control-flow integrity (CFI).

 - Open-source
- (BSD-3-Clause) -
-
-

Smartphone

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TypeSoftwareDescriptionSource model
- (License)
Operating system - GrapheneOS logo
- GrapheneOS - 		-

GrapheneOS - is a security-hardened, privacy-hardened, - secure-by-default, Android-based operating system - which implements extensive, systemic security and - privacy hardening to the Android Open Source Project - used as its base codebase. Its hardening includes - closing gaps for apps to access sensitive system - information, a secure app spawning feature which - avoids sharing address space layout and other - secrets AOSP's default Zygote app spawning model - would share, - hardened kernel, - hardened memory allocator - (hardened_malloc) - to protect against common memory corruption - vulnerabilities, - hardened Bionic standard C library, - stricter SELinux policies, - and local and remote hardware-backed attestation - (Auditor) - to ensure the OS has not been corrupted or tampered - with.

-

GrapheneOS only supports - high security and well-supported devices - which receive full support from their manufacturers, - including firmware updates, long support lifecycles, - secure hardware, and overall high security - practices.

-

For an extensive list of features GrapheneOS - provides, visit its - official features list - which provides extensive documentation.

- 		- Open-source
- (MIT) -
Web browser - Vanadium logo
- Vanadium - 		-

Vanadium is a security-hardened, privacy-hardened - Chromium-based web browser which utilises - GrapheneOS' operating system hardening to implement - stronger defenses to the already very secure - Chromium web browser. Its hardening alongside - Chromium's base security features includes - disabling JavaScript just-in-time (JIT) compilation by default, - stubbing out the battery status API to prevent abuse of it, - and - always-on Incognito mode as an option.

-

Vanadium's source code, including its Chromium - patch-set, can be found in its - official repository.

 - Open-source
- (GPL-2.0-only) -
Messenger - Molly logo
- Molly - 		-

Molly - is a security-hardened, privacy-hardened - Signal - client which hardens Signal by using a variety of - unique features, - allowing - locking the database when not in use, - and - utilising Android StrongBox - to protect user keys using the device's hardware - security module.

-

Molly is available in - 2 flavours: -

    -
  • Molly, which includes the same - proprietary Google code as Signal to - support more features.
    • -
  • Molly-FOSS, which removes the - proprietary Google code to provide - an entirely open-source client.
    • -
-

- 		- Open-source
- (GPL-3.0-only) -
- Conversations logo
- Conversations - 		-

Conversations - is a well-designed Android - XMPP - client which serves as the de facto XMPP reference - client and has great usability.

- 		- Open-source
- (GPL-3.0-only) -
-
-
-
-

Music

-

For a curated list of music I enjoy, visit my - music page.

+
+

Hardware

+
+

Smartphone

+
+ + + + + + + + + + + + + + + + + +
TypeHardwareDescriptionSource model
+ (License)
Smartphone + Front and rear view of a Google Pixel 8 Pro in Obsidian colour
+ Google Pixel + 		+
Security/Privacy
+

Google Pixel devices are the best + Android devices available on the market + for + security and privacy.

+

They allow locking the bootloader + with a + custom Android Verified Boot (AVB) key + in order to preserve security and + privacy features when installing a + custom operating system, such as + verified boot + which verifies that the OS has not been + corrupted or tampered with, and + rollback protection + which prevents an adversary from rolling + back the OS or firmware version to a + previous version with known security + vulnerabilities.

+

They also include a + hardware security module + (Titan M2, improving on the previous + generation + Titan M) + which is extremely resistant to both + remote and physical attacks due to being + completely isolated from the rest of the + system, including the operating system. + Titan M2 ensures that the device cannot + be remotely compromised by requiring the + side buttons of the device to be + physically pressed for some sensitive + operations. Titan M2 also takes the role + of + Android StrongBox Keymaster, + a + hardware-backed Keystore + containing sensitive user keys which are + unavailable to the OS or apps running on + it without authorisation from Titan M2 + itself. + Insider attack resistance + ensures that Titan M2 firmware can be + flashed only if the user PIN/password is + already known, making it impossible to + backdoor the device without already + knowing these secrets.

+

Google Pixel device kernels are + compiled with + forward-edge control-flow integrity + and + backward-edge control-flow integrity + to prevent code reuse attacks against + the kernel. MAC address randomisation is + implemented well, along with minimal probe requests and randomised initial sequence numbers.

+

Google releases + guaranteed monthly security updates, + ensuring Google Pixel devices are + up-to-date and quickly protected against + security vulnerabilities.

+

Pixel 6-series and 7-series devices + are a large improvement over the already + very secure and private previous + generation Pixel devices. They replace + ARM-based Titan M with RISC-V-based + Titan M2, reducing trust by removing ARM + from the equation. Titan M2 is more + resiliant to attacks than Titan M, and + is + AVA_VAN.5 certified, + the highest level of vulnerability + assessment. Google's in-house Tensor + System-on-Chip includes Tensor Security + Core, further improving device + security.

+

Pixel 8-series includes Armv9's + Memory Tagging Extension, + which dramatically increases device + security by eliminating up to 95% of all + security issues caused by + memory-unsafety.

+
Support
+

Pixel 5a is supported for a + minimum of 3 years from launch.

+

Pixel 6-series, Pixel 7-series, Pixel + Fold, and Pixel Tablet are supported for + a + minimum of 5 years from launch.

+

Pixel 8-series is supported for a + minimum of 7 years from launch.

+ 		+
+
+
+
+
+

Software

+
+

Desktop

+
+ + + + + + + + + + + + + + + + + + + + + + + +
TypeSoftwareDescriptionSource model
+ (License)
Operating system + Gentoo Linux logo
+ Gentoo Linux + 		+

Gentoo Linux + is a highly modular, source-based, Linux-based + operating system which allows vast customisation + to tailor the operating system to suit your + specific needs. There are many advantages to + such an operating system, with the most notable + being the ability to optimise the software for + security, privacy, performance, or power usage; + however, there are effectively unlimited other + use cases, or a combination of multiple use + cases.

+

I have focused on security hardening and + privacy hardening, placing performance below + those aspects, although my system is still very + performant. Some of the hardening I apply + includes + stack protection, + signed integer overflow trapping, + and GrapheneOS' + hardened_malloc + memory allocator.

+

You can find my Gentoo Linux configurations + in my + configuration respository.

+ 		+ Open-source
+ (GPL-2.0-only) +
Web browser + Chromium logo
+ Chromium + 		+

Chromium + is a highly secure web browser which is often ahead + of other web browsers in security aspects. It has a + dedicated security team and a very impressive + security brag sheet. + Chromium's security features include a strong + multi-layer sandbox, + strong + site isolation, + Binding Integrity + memory hardening, and + control-flow integrity (CFI).

 + Open-source
+ (BSD-3-Clause) +
+
+
+
+

Smartphone

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
TypeSoftwareDescriptionSource model
+ (License)
Operating system + GrapheneOS logo
+ GrapheneOS + 		+

GrapheneOS + is a security-hardened, privacy-hardened, + secure-by-default, Android-based operating + system which implements extensive, systemic + security and privacy hardening to the Android + Open Source Project used as its base codebase. + Its hardening includes closing gaps for apps to + access sensitive system information, a secure + app spawning feature which avoids sharing + address space layout and other secrets AOSP's + default Zygote app spawning model would share, + hardened kernel, + hardened memory allocator + (hardened_malloc) + to protect against common memory corruption + vulnerabilities, + hardened Bionic standard C library, + stricter SELinux policies, + and local and remote hardware-backed attestation + (Auditor) + to ensure the OS has not been corrupted or + tampered with.

+

GrapheneOS only supports + high security and well-supported devices + which receive full support from their + manufacturers, including firmware updates, long + support lifecycles, secure hardware, and overall + high security practices.

+

For an extensive list of features GrapheneOS + provides, visit its + official features list + which provides extensive documentation.

+ 		+ Open-source
+ (MIT) +
Web browser + Vanadium logo
+ Vanadium + 		+

Vanadium is a security-hardened, + privacy-hardened Chromium-based web browser + which utilises GrapheneOS' operating system + hardening to implement stronger defenses to the + already very secure Chromium web browser. Its + hardening alongside Chromium's base security + features includes + disabling JavaScript just-in-time (JIT) compilation by default, + stubbing out the battery status API to prevent abuse of it, + and + always-on Incognito mode as an option.

+

Vanadium's source code, including its Chromium + patch-set, can be found in its + official repository.

+ 		+ Open-source
+ (GPL-2.0-only) +
Messenger + Molly logo
+ Molly + 		+

Molly + is a security-hardened, privacy-hardened + Signal + client which hardens Signal by using a variety + of + unique features, + allowing + locking the database when not in use, + and + utilising Android StrongBox + to protect user keys using the device's hardware + security module.

+

Molly is available in + 2 flavours: +

    +
  • Molly, which includes the + same proprietary Google code as + Signal to support more + features.
    • +
  • Molly-FOSS, which removes + the proprietary Google code to + provide an entirely open-source + client.
    • +
+

+ 		+ Open-source
+ (GPL-3.0-only) +
+ Conversations logo
+ Conversations + 		+

Conversations + is a well-designed Android + XMPP + client which serves as the de facto XMPP + reference client and has great usability.

+ 		+ Open-source
+ (GPL-3.0-only) +
+
+
+
+
+

Music

+

For a curated list of music I enjoy, + visit my + music page.

+

Is it GNU/Linux or Just Linux?