About Me
-I am Jake Winters, also known by my pseudonym "Inference", a security researcher
- based in United Kingdom.
+
I am Jake Winters, also known by my pseudonym "Inference", a security
+ researcher based in United Kingdom.
I am the founder, lead developer, and administrator, of Inferencium.
- All opinions are my own, and are not necessarily shared with projects or people I am
- affiliated with.
I write about my research and experience in cybersecurity and also physical security. - Most of my postings are security-related, but I occasionally post about other aspects of - my life.
-I am an open source advocate for the preservation and modifiability of source code. I
- believe source code should be considered human knowledge as much as past knowledge and
- teachings were; it is how modern humanity survives and runs.
- Source code being modifiable allows it to be adapted for use by anyone, whether to add
- features, harden it for increased security and/or privacy, or provide accessibility for
- disabled users.
- I am also a modular design advocate for the ability to securely and robustly make
- changes to hardware and software without the entire system being affected.
I run the public Systems Hardening XMPP channel dedicated to systems security and
- privacy hardening at sys-hardening@muc.xmpp.inferencium.net, and its
- respective off-topic channel at
+ All opinions are my own, and are not necessarily shared with projects or people
+ I am affiliated with.
I write about my research and experience in cybersecurity and also physical + security. Most of my postings are security-related, but I occasionally post + about other aspects of my life.
+I am an open source advocate for the preservation and modifiability of source
+ code. I believe source code should be considered human knowledge as much as past
+ knowledge and teachings were; it is how modern humanity survives and runs.
+ Source code being modifiable allows it to be adapted for use by anyone, whether
+ to add features, harden it for increased security and/or privacy, or provide
+ accessibility for disabled users.
+ I am also a modular design advocate for the ability to securely and robustly
+ make changes to hardware and software without the entire system being
+ affected.
I run the public Systems Hardening XMPP channel dedicated to systems security
+ and privacy hardening at sys-hardening@muc.xmpp.inferencium.net,
+ and its respective off-topic channel at
sys-hardening-ot@muc.xmpp.inferencium.net.
If you wish to contact me for any reason, you can use my contact methods.
@@ -108,15 +109,17 @@Licensing
I care about upstreaming and sharing code, strongly preferring licenses which - have high license compatibility in order to permit sharing code with as many other projects - as possible; for this reason, permissive licenses are my preferred choice, while avoiding - copyleft licenses and other licenses which place restrictions on how my code may be used, - and prevent me from including important proprietary code, such as firmware, which can patch - security vulnerabilities, privacy issues, and stability issues. All of my code is and - will be permissively licensed unless specific circumstances make it impractical or - infeasible to do so. My goal is to share code which has the least amount of restrictions as - possible, to allow wider propagation of my code and allow more use cases and possibilities, - as well as ensuring proprietary code, whenever required, is permitted to be included.
+ have high license compatibility in order to permit sharing code with as many + other projects as possible; for this reason, permissive licenses are my + preferred choice, while avoiding copyleft licenses and other licenses which + place restrictions on how my code may be used, and prevent me from including + important proprietary code, such as firmware, which can patch security + vulnerabilities, privacy issues, and stability issues. All of my code is and + will be permissively licensed unless specific circumstances make it impractical + or infeasible to do so. My goal is to share code which has the least amount of + restrictions as possible, to allow wider propagation of my code and allow more + use cases and possibilities, as well as ensuring proprietary code, whenever + required, is permitted to be included.My preferred licenses and rationale for using them are below; any licenses not listed are chosen on a case-by-case basis.
ISO 5962:2021
@@ -129,50 +132,48 @@
SPDX-License-Identifier: BSD-3-Clause
Type: Permissive
BSD 3-Clause License - is a highly permissive - license which allows content licensed under it to be - used in any way, whether in source or binary form, and - allows sublicensing under a different license, with the - only restrictions being the original copyright notice - must be kept in order to attribute the original creator - of the licensed content, and the name of the project - and/or its contributors may not be used to endorse or - promote products derived from the original project.
+ is a highly permissive license which allows content + licensed under it to be used in any way, whether in + source or binary form, and allows sublicensing under a + different license, with the only restrictions being the + original copyright notice must be kept in order to + attribute the original creator of the licensed content, + and the name of the project and/or its contributors may + not be used to endorse or promote products derived from + the original project.GNU General Public License v2.0
SPDX-License-Identifier: GPL-2.0-only
Type: Copyleft
GNU General Public License v2.0
- is a strong
- copyleft license which restricts use of content licensed
- under it by requiring all source code of the content to
- be publicly available, making binary-only form and
- inclusion of proprietary code impossible, requiring all
- derivatives to be licensed under the same license
- (allowing sublicensing under only newer GPL licenses if
- GPL-2.0-or-later is specified in the SPDX-
- License-Identifier), and requiring the original
- copyright notice to be kept in order to attribute the
- original creator of the licensed content.
+ is a strong copyleft license which restricts use of
+ content licensed under it by requiring all source code
+ of the content to be publicly available, making
+ binary-only form and inclusion of proprietary code
+ impossible, requiring all derivatives to be licensed
+ under the same license (allowing sublicensing under only
+ newer GPL licenses if GPL-2.0-or-later is
+ specified in the SPDX license identifier), and requiring
+ the original copyright notice to be kept in order to
+ attribute the original creator of the licensed
+ content.
Due to the restrictive and invasive nature of this
license, it is avoided unless such restrictions would be
- beneficial to my code; whenever this is the
- case, the GNU General Public License v2.0 will be used,
- rather than the more restrictive
+ beneficial to my code; whenever this is the case, the
+ GNU General Public License v2.0 will be used, rather
+ than the more restrictive
GNU General Public License v3.0,
- and relicensing
- derivatives under the GNU General Public License v3.0
- will be disallowed.
Non-code
Creative Commons Attribution 4.0 International
SPDX-License-Identifier: CC-BY-4.0
Type: Permissive
Creative Commons Attribution 4.0 International - is a - highly permissive license which allows content licensed - under it to be used in any way, in any medium, with the - only restriction being the original copyright notice - must be kept in order to attribute the original creator - of the licensed content.
+ is a highly permissive license which allows content + licensed under it to be used in any way, in any medium, + with the only restriction being the original copyright + notice must be kept in order to attribute the original + creator of the licensed content.Do I Distinguish Between Open-source and Free Software?
No. If code is not released under an open-source license and places restrictions on how the code may be used, it is either @@ -186,18 +187,18 @@
This list contains the policies and practices of my services.
My policies and practices are heavily security- and privacy-focused, with improvements made on an ongoing basis as new technologies, protocols, and - software etc become available.
+ software become available.Websites
-
-
- Unnecessary logging avoided (only logs required for - security and debugging purposes) +
- Unnecessary logging avoided (only logs required for security + and debugging purposes)
- All server logs purged every 14 days
- User IP addresses used only for security and debugging purposes (purged along with logs)
- All connections made via TLS 1.3 (TLS 1.2 and older are unsupported) to ensure the most secure AEAD ciphers are used, - along with forward secrecy (each connection uses a - different key to previous connections) + along with forward secrecy (each connection uses a different key + to previous connections)
- All connections made via high-security AEAD ciphers,
preferring AES-256-GCM for devices with AES
hardware-acceleration, and ChaCha20-Poly1305 for devices without
@@ -236,279 +237,385 @@
(License - SPDX)
- - - -Smartphone -
-
- Google PixelGoogle Pixel devices are the best Android devices - available on the market for - security and privacy.
-They allow locking the bootloader with a - custom Android Verified Boot (AVB) key - in order to - preserve security and privacy features when installing a - custom operating system, such as - verified boot - which verifies that the OS has not - been corrupted or tampered with, and - rollback protection - which prevents an adversary - from rolling back the OS or firmware version to a - previous version with known security vulnerabilities.
-They also include a - hardware security module - (Titan M2, improving on - the previous generation - Titan M) - which is extremely resistant to both - remote and physical attacks due to being completely - isolated from the rest of the system, including the - operating system. Titan M2 ensures that the device - cannot be remotely compromised by requiring the side - buttons of the device to be physically pressed for some - sensitive operations. Titan M2 also takes the role of - Android StrongBox Keymaster, - a - hardware-backed Keystore - containing sensitive user - keys which are unavailable to the OS or apps running on - it without authorisation from Titan M2 itself. - Insider attack resistance - ensures that Titan M2 - firmware can be flashed only if the user PIN/password is - already known, making it impossible to backdoor the - device without already knowing these secrets.
-Google Pixel device kernels are compiled with - forward-edge control-flow integrity - and - backward-edge control-flow integrity - to prevent - code reuse attacks against the kernel. MAC address - randomisation is - implemented well, along with minimal probe requests and randomised initial sequence numbers.
-Google releases - guaranteed monthly security updates, - ensuring - Google Pixel devices are up-to-date and quickly - protected against security vulnerabilities.
-Pixel 6-series and 7-series devices are a large - improvement over the already very secure and private - previous generation Pixel devices. They replace - ARM-based Titan M with RISC-V-based Titan M2, reducing - trust by removing ARM from the equation. Titan M2 is - more resiliant to attacks than Titan M, and is - AVA_VAN.5 certified, - the highest level of - vulnerability assessment. Google's in-house Tensor SoC - includes Tensor Security Core, further improving device - security.
-
- Pixel 8-series includes Arm v9's - Memory Tagging Extension, - which dramatically increases device security by - eliminating up to 95% of all security issues - caused by memory-unsafety.Pixel 6-series and 7-series devices are supported for a - minimum of 5 years from launch, - an increase from previous generations' - minimum support lifecycles of 3 years.
- Pixel 8-series is supported for a - minimum of 7 years from launch, - putting it on the same support level as Apple; - Google have even surpassed Apple in this regard, - as Apple does not commit to a support timeframe - for their devices.Software
-Desktop
----
-- -Type -Software -Description -Source model -
-
- (License - SPDX)- -Operating system -
-
- Gentoo LinuxGentoo Linux - is a highly modular, source-based, - Linux-based operating system which allows vast - customisation to tailor the operating system to suit - your specific needs. There are many advantages to such - an operating system, with the most notable being the - ability to optimise the software for security, privacy, - performance, or power usage; however, there are - effectively unlimited other use cases, or a combination - of multiple use cases.
-I have focused on security hardening and privacy - hardening, placing performance below those aspects, - although my system is still very performant. Some of the - hardening I apply includes - stack protection, - signed integer overflow wrapping, - and GrapheneOS' - hardened_malloc - memory allocator.
- You can find my Gentoo Linux configurations in - my - configuration respository.Open source -
-
- (GPL-2.0-only)- -Web browser -
-
- ChromiumChromium - is a highly secure web browser which is - often ahead of other web browsers in security aspects. - It has a dedicated security team and a very impressive - security brag sheet. - Chromium's security features include a strong - multi-layer sandbox, - strong - site isolation, - Binding Integrity - memory hardening, and - control-flow integrity (CFI).
Open source -
-
- (BSD-3-Clause)Smartphone
--+ Google Pixel + +-
-- -Type -Software -Description -Source model -
-
- (License - SPDX)- -Operating system -
-
- GrapheneOSGrapheneOS - is a security-hardened, - privacy-hardened, secure-by-default, Android-based - operating system which implements extensive, systemic - security and privacy hardening to the Android Open - Source Project used as its base codebase. Its hardening - includes closing gaps for apps to access sensitive - system information, a secure app spawning feature which - avoids sharing address space layout and other secrets - AOSP's default Zygote app spawning model would share, - hardened kernel, - hardened memory allocator - (hardened_malloc) - to protect against common memory - corruption vulnerabilties, - hardened Bionic standard C library, - stricter SELinux policies, - and local and remote - hardware-backed attestation - (Auditor) - to ensure the OS has not been corrupted or - tampered with.
-GrapheneOS only supports - high security and well-supported devices - which - receive full support from their manufacturers, including - firmware updates, long support lifecycles, secure - hardware, and overall high security practices.
-For an extensive list of features GrapheneOS provides, - visit its - official features list - which provides extensive documentation.
Open source -
-
- (MIT)- -Web browser -
-
- VanadiumVanadium is a security-hardened, privacy-hardened - Chromium-based web browser which utilises GrapheneOS' - operating system hardening to implement stronger - defenses to the already very secure Chromium web - browser. Its hardening alongside Chromium's base - security features includes - disabling JavaScript just-in-time (JIT) compilation by default, - stubbing out the battery status API to prevent abuse of it, - and - always-on Incognito mode as an option.
-Vanadium's source code, including its Chromium patchset, - can be found in its - official repository.
Open source -
-
- (GPL-2.0-only)- -Messenger -
-
- MollyMolly - is a security-hardened, privacy-hardened - Signal - client which hardens Signal by using a - variety of - unique features, - allowing - locking the database when not in use, - and - utilising Android StrongBox - to protect user keys - using the device's hardware security module.
-Molly is available in - 2 flavours: -
-
-
- Molly, which includes the same - proprietary Google code as Signal to - support more features. +
- Molly-FOSS, which removes the - proprietary Google code to provide an - entirely open-source client. - -
Smartphone ++ -
-Open source -
-
- (GPL-3.0-only)- -Messenger -
-
- ConversationsConversations - is a well-designed Android - XMPP - client which serves as the de facto XMPP - reference client and has great usability.
Open source -
-
- (GPL-3.0-only)+ + + + +Google Pixel devices are + the best Android devices + available on the market + for + security and privacy.
+They allow locking the + bootloader with a + custom Android Verified Boot (AVB) key + in order to preserve security + and privacy features when + installing a custom operating + system, such as + verified boot + which verifies that the OS has + not been corrupted or tampered + with, and + rollback protection + which prevents an adversary from + rolling back the OS or firmware + version to a previous version + with known security vulnerabilities.
+They also include a + hardware security module + (Titan M2, improving on the + previous generation + Titan M) + which is extremely resistant to + both remote and physical attacks + due to being completely isolated + from the rest of the system, + including the operating system. + Titan M2 ensures that the device + cannot be remotely compromised + by requiring the side buttons of + the device to be physically + pressed for some sensitive + operations. Titan M2 also takes + the role of + Android StrongBox Keymaster, + a + hardware-backed Keystore + containing sensitive user keys + which are unavailable to the OS + or apps running on it without + authorisation from Titan M2 itself. + Insider attack resistance + ensures that Titan M2 firmware + can be flashed only if the user + PIN/password is already known, + making it impossible to backdoor + the device without already + knowing these secrets.
+Google Pixel device kernels + are compiled with + forward-edge control-flow integrity + and + backward-edge control-flow integrity + to prevent code reuse attacks + against the kernel. MAC address + randomisation is + implemented well, along with minimal probe requests and randomised initial sequence numbers.
+Google releases + guaranteed monthly security updates, + ensuring Google Pixel devices + are up-to-date and quickly + protected against security + vulnerabilities.
+Pixel 6-series and 7-series + devices are a large improvement + over the already very secure and + private previous generation + Pixel devices. They replace + ARM-based Titan M with + RISC-V-based Titan M2, reducing + trust by removing ARM from the + equation. Titan M2 is more + resiliant to attacks than Titan + M, and is + AVA_VAN.5 certified, + the highest level of + vulnerability assessment. + Google's in-house Tensor + System-on-Chip includes Tensor + Security Core, further improving + device security.
+
+ Pixel 8-series includes Armv9's + Memory Tagging Extension, + which dramatically increases + device security by eliminating + up to 95% of all security issues + caused by memory-unsafety.Pixel 6-series and 7-series + devices are supported for a + minimum of 5 years from launch, + an increase from previous + generations' + minimum support lifecycles of 3 years.
+
+ Pixel 8-series is supported for + a + minimum of 7 years from launch, + putting it on the same support + level as Apple; Google have even + surpassed Apple in this regard, + as Apple does not commit to a + support timeframe for their + devices.Software
+Desktop
++++
++ +Type +Software +Description +Source model +
+
+ (License - SPDX)+ +Operating system ++ +
+
+ Gentoo Linux ++ +Gentoo Linux + is a highly modular, + source-based, Linux-based + operating system which allows + vast customisation to tailor the + operating system to suit your + specific needs. There are many + advantages to such an operating + system, with the most notable + being the ability to optimise + the software for security, + privacy, performance, or power + usage; however, there are + effectively unlimited other use + cases, or a combination of + multiple use cases.
+I have focused on security + hardening and privacy hardening, + placing performance below those + aspects, although my system is + still very performant. Some of + the hardening I apply includes + stack protection, + signed integer overflow trapping, + and GrapheneOS' + hardened_malloc + memory allocator.
+ You can find my Gentoo Linux + configurations in my + configuration respository. ++ Open source +
+
+ (GPL-2.0-only) ++ +Web browser ++ +
+
+ Chromium ++ +Chromium + is a highly secure web browser + which is often ahead of other + web browsers in security + aspects. It has a dedicated + security team and a very + impressive + security brag sheet. + Chromium's security features + include a strong + multi-layer sandbox, + strong + site isolation, + Binding Integrity + memory hardening, and + control-flow integrity (CFI).
+ Open source +
+
+ (BSD-3-Clause) +Smartphone
+++
++ +Type +Software +Description +Source model +
+
+ (License - SPDX)+ +Operating system ++ +
+
+ GrapheneOS ++ +GrapheneOS + is a security-hardened, + privacy-hardened, + secure-by-default, Android-based + operating system which + implements extensive, systemic + security and privacy hardening + to the Android Open Source + Project used as its base + codebase. Its hardening includes + closing gaps for apps to access + sensitive system information, a + secure app spawning feature + which avoids sharing address + space layout and other secrets + AOSP's default Zygote app + spawning model would share, + hardened kernel, + hardened memory allocator + (hardened_malloc) + to protect against common memory + corruption vulnerabilties, + hardened Bionic standard C library, + stricter SELinux policies, + and local and remote + hardware-backed attestation + (Auditor) + to ensure the OS has not been + corrupted or tampered with.
+GrapheneOS only supports + high security and well-supported devices + which receive full support from + their manufacturers, including + firmware updates, long support + lifecycles, secure hardware, and + overall high security + practices.
+For an extensive list of + features GrapheneOS provides, + visit its + official features list + which provides extensive + documentation.
++ Open source +
+
+ (MIT) ++ +Web browser ++ +
+
+ Vanadium ++ +Vanadium is a + security-hardened, + privacy-hardened Chromium-based + web browser which utilises + GrapheneOS' operating system + hardening to implement stronger + defenses to the already very + secure Chromium web browser. Its + hardening alongside Chromium's + base security features includes + disabling JavaScript just-in-time (JIT) compilation by default, + stubbing out the battery status API to prevent abuse of it, + and + always-on Incognito mode as an option.
+Vanadium's source code, + including its Chromium patchset, + can be found in its + official repository.
+ Open source +
+
+ (GPL-2.0-only) ++ +Messenger ++ +
+
+ Molly ++ +Molly + is a security-hardened, + privacy-hardened + Signal + client which hardens Signal by + using a variety of + unique features, + allowing + locking the database when not in use, + and + utilising Android StrongBox + to protect user keys + using the device's hardware + security module.
+Molly is available in + 2 flavours: +
-
+
- Molly, which + includes the + same proprietary + Google code as + Signal to + support more + features. +
- Molly-FOSS, + which removes + the proprietary + Google code to + provide an + entirely + open-source + client. +
+ Open source +
+
+ (GPL-3.0-only) ++ +Messenger ++ +
+
+ Conversations ++ +Conversations + is a well-designed Android + XMPP + client which serves as the de + facto XMPP reference client and + has great usability.
++ Open source +
+
+ (GPL-3.0-only) +