Note that creating a US region AppleID now hard requires a phone number that can receive SMS to create it, in addition to an email address.
An AppleID is required to install any apps on an iPad or iPhone.
I think creating a Ukranian region Apple ID does not require a phone number and can install all global apps. Many popular apps (but fortunately not Signal) are published only in specific App Store regions (such as US).
Note also that signing in to the App Store will now silently enable iCloud. It has to be disabled explicitly again.
This guide recommends to use Signal which does require the phone number anyway. Which makes the paranoic start with “GSM is inherently unsafe” that much more ironic
You can always create a new Apple ID > sign out from your current Apple ID in the App Store > login with the new one > download whichever app you want > sign out and sign in to your original Apple it
This transmits the device serial number both times, linking the accounts together for Apple, FBI, DHS, ICE, CIA, et al.
(A reminder that Apple turns over user data to the US federal government WITHOUT A WARRANT over thirty thousand times per year per their own transparency report.)
> AFAIK you can't install US bank apps on devices with non-US App Store.
I was just replying to this comment to state you can install apps and then sign out. Another alternative (which would be painful) would be to get a jailbroken iDevice, extract the banking app IPA and then sideload it
The poinr was to create AppleID you need a phone number. You can log off or have two accounts, but to create the US one you need to surrender this info.
> Before the A12, Apple devices do not have these critical technologies:
> Page Protection Layer (PPL) “requires that the platform execute only signed and trusted code.”
> Pointer Authentication Codes (PAC) are “used to protect against exploitation of memory corruption bugs.”
> “Bulletproof” Just-In-Time (JIT) compilation “is the process by which JavaScript is compiled to native code which forces the separation of memory mappings used to isolate write and execute functions.”
> See Apple’s high-level breakdown of SoC Security.
> The technical details of these low-level technologies are out of scope from this publication, but there are many resources to learn about them, like here and here.
> The thing that you need to know is that without these critical security technologies, Apple devices are vulnerable to easy-to-perform physical and remote exploits.
Definitely not “easy-to perform” and bulletproof JIT is possible on all ARMv8 devices
PAC is not broken, any more than bounds checking is broken on intel hardware. PAC has a weakness, you still need to be able to exploit that weakness, before you get to the point of being able to make use of it. in addition PACMAN requires that you have vastly more control of execution than the prior cache attacks that could be trivially exploited.
So claiming that PAC is broken is nonsense.
As far as the baseband, what are you talking about? What do you want to be able to do to “verify” the already signed update images?
If you really tinfoil hat level believe that the baseband of your device has been compromised, why do you think any query to that fully compromised device wouldn’t simply return a copy of the original baseband image?
Why does Apple need to provide a way to test and report the integrity of baseband firmware? I'm not saying it wouldn't be a good thing; I suppose it would be. But people believe very weird things about iPhone/iPad basebands.
> On recent iPhones, Bluetooth, Near Field Communication (NFC), and Ultra-wideband (UWB) keep running after power off, and all three wireless chips have direct access to the secure element. As a practical example what this means to security, we demonstrate the possibility to load malware onto a Bluetooth chip that is executed while the iPhone is off.
The paper lays this out: there are baseband features that use the Secure Element, and talk to it over I2C, because it stores secrets for things like (I guess?) car keys. That doesn't mean those chips can DMA things into and out of the Secure Element.
For clarity: the Secure Element is the payment chip in the phone; it's not the SEP, the "Secure Enclave". The Enclave's memory is, in addition, hardware-encrypted.
The cellular baseband on an iPhone is an HSIC peripheral.
It's still worthwhile to deny malware from foothold on iPhone radios, e.g. an official process to verify baseband integrity and if necessary, restore official firmware without waiting for the next baseband security update.
I agree, more transparency is good. Baseband transparency would be a good thing.
But even more important is a sound architecture. Lots of people believe that 3rd-party firmware running on iPhones can read and write any memory on the phone (and also that "DMA" means "god mode", like it did in 1997). The fact is that Apple (and Google, for its flagship phones) spend a fortune on internal and external design and implementation expertise that all starts from the premise of "code we didn't write is suspicious as fuck" and works back from there to a secure design.
There Will Be Bugs! I just hope people recognize that they haven't outguessed Apple and Google simply by noticing that third-party firmware developers ship blobs instead of source repos. It's a hugely interesting space for security development and research, and I wince when I feel like it's getting oversimplified.
I don't do any of these things but I'd like to add that glinet routers are awesome, come with wireguard/tor support for client or server mode right out of the box, and are great for granting access to all devices(e.g watch, phone, laptop, tablet) simultaneously when using internet behind portals like hotel WiFi
Yup, one of their routers lives in my travel kit along with cables and such. Tiny thing, runs off usb power which means it can be powered off a battery if needed.
Not parent, but I've been using GL-AR750S-Ext for 3+ years, and it's rock-solid. It has OpenVPN/Wireguard, powered by a simply USB, etc. It now travels with me everywhere I got.
I’ve got one of those, and it was such a pita I didn’t even bring it for the trip I’m on now. It was always freezing up, requiring a re-boot, captive portals were a nightmare to get through, etc. I installed Wireguard on every one of my family’s devices instead.
However! Now I’ve learned that there’s no DNS support for Mac, and all kinds of other problems which basically make Wireguard unusable. Might go back to that darn router. I dunno…
I’m just using the Wireguard app with my home tunnel.
EDIT: after further inspection, DNS does seem to be working. I may be wrong, and Wireguard actually works fine on Mac.
EDIT2: No, something is wrong with this setup. Random sites won't load, and on other sites, images and videos won't load. DNS seems fine though, and the tunnel works fine on everything but Mac.
I'm not sure if you're trying to route your traffic back through your home network to use it as a VPN, I've not tried that... but otherwise I've had good success with ZeroTier. They seem to have a solid head start with their clients UX ahead of Wireguard.
I recently used Windows 10 Internet connection sharing to do this with my bulky laptop since my ancient MacBook Air is starting to struggle with the captive portals.
This sounds interesting. How are you configuring it to sit between a hotel wifi and your device? My networking knowledge isn't too broad, but this sounds like something I want to setup.
The router basically connects to the hotel wifi and all the requests go through the router. So, while the hotel wifi only sees one device (my glnet router appears as a Samsung mobile), all the other devices connected to the router can identify each other.
I don’t remember what exactly you call this, bridge mode perhaps? Or AP repeater mode? I’m not too sure about the networking terms here
Edit: This comes in handy when you want to connect a device which is not capable of using the captive portal. That device can simply connect to your router. The router can connect to the Ethernet port or you can use its app/web interface to connect it to the WiFi network and proceed with the captive portal if needed
I’ve been interested in building a custom router that I could use to automatically deal with a captive portal at a cabin I rent a few weeks each year, but I don’t think I’m ever going to get to it. How annoying is it to deal with captive portals?
> How annoying is it to deal with captive portals?
Zero issues. You go to your router's page, select the wifi (captive portal or not), and that's it. When you try to connect to an external site the captive portal will pop up, you authorize, and that's it. Moving forward any devices connected to your GLi router will have internet access (without requiring the captive portal on each device).
I hate captive portals whenever I’m carrying a few pi zeros / esp32s to tinker with because I cannot directly connect them to the wifi.
Rather than building your own I would highly suggest looking into Gl.Inet routers because they come pre flashed with OpenWRT and support handling captive portals
> One reason why Tor is so valuable compared to any for-profit VPN provider is that you blend in with everyone else using Tor. Don’t stick out. Using “un-hackable phones” or hardware-modded devices sticks out. Using commodity hardware like an Apple iPad does not.
If an adversary can tell who is using "'un-hackable phones' or hardware-modded devices", wouldn't one also probably stick out to that adversary by using Tor?
> The majority of SIM cards require registration using government-issued ID.
While true, it costs $30 at walmart paid in cash with no id to get a simcard with 4g. there are 11 million illegal migrants in the US and it would be harmful to them to require a government id to get a cellphone.
Android being "just around the corner" of getting better on patches if you just pick the right manufacturer has been the story for what.. the last 5.. 10 years?
I have one of these. Stuck on Android 10 and at some point a patch broke the speaker during phone calls so that the volume is too low. It works fine at any other time as does speakerphone so it's not a hardware issue.
GrapheneOS only supports the google "pixel" line of phones (probably because they support the bootloader-locking by user, and ship with most stock android/AOSP support):
I'm running it on a pixel-4a (google-sunfish) and it works fine. You may want to pay close attention to the parts where it tells you how to lock/unlock the bootloader:
CalyxOS also supports older models like the pixel 3, albeit with lower standards for security: https://calyxos.org/install/
Additionally there's AOSP distros like LineageOS that support many devices, but with much lower security standards: https://wiki.lineageos.org/devices/
GrapheneOS is the best available option right now. I struggle with it when I want to do anything interesting. Its explicitly not made for devs. Its locked down for users.
That said, if you need a smartphone, its the best available phone OS today.
I don't think there's any Android hardware with enough oomph to do what QubesOS does (having multiple virtual machines for real separation). There's an option for a work profile which I use to separate my stuff but it's more like a different Linux user than a VM. And you can have only one, sadly.
Sorry if this is off-topic, but I read the article, it was interesting but geez that's a lot of effort, then I went to the root domain and click click click you know how it goes, I'm on the author's mastodon. There I found a link that lead me to the most interesting melodrama PR I have ever read, the ever ridiculous Daniel Micay having some sort of an "episode" in public. It was a thoroughly entertaining read and I recommend it highly:
This seems to be based on the assumption (and perhaps growing expectation) that codes of conduct apply outside of their projects, though the appeal should have been made more professionally directly to that.
It is absolutely off-topic and frankly this comment and the subsequent answers feel like some Calyx people trying to promote their OS at the expense of GrapheneOS.
I've only ever run Calyx since I switched from iOS. It's a great community. They're all really friendly and helpful on Matrix, especially Chirayu. If I'm not mistaken the same can't be said of the GrapheneOS community.
If anything I've observed a slight liberal bias in the matrix channel, certainly no "neo nazis" and whatever else Micay is prattling on about here.
At any rate, Calyx is great. I've been on it since Apple's CSAM announcement, about a year I suppose. I settled into my groove with mostly free apps and a little bit of Shelter for the non-free ones. I don't miss iOS at all.
I am certainly not at the level of needing or desiring this level of protection, but I point out / ask one question:
I understand iPhones (and maybe iPads) actually do not fully turn themselves off any more even when "powered off". Is it then possible that even before a device is sold to you, its history is known somewhere and you're not getting a "clean" absolutely untraceable unit?
Providing a phone number doesn't undermine the security of Signal at all.
I'd also hazard to say that Signal isn't proprietary either, yes, there are parts of the project that are pretty opaque and we can definitely get behind the issues with that, but it's far from proprietary IMO.
There are inter- relationships between privacy and security however. You can't maintain good privacy unless you have a secure platform, and what is the point of security if you cannot maintain privacy?
Eg. Signal fails privacy requirements with the telegraphing of your phone number when you join a public group. There is no need for a phone number to be available to people that you don't know personally. This can lead to all sorts of physical issues (abuse, doxxing, arrests...).
It would be better if a phone number was treated as a private piece of information (like SSN, home address) that is not sent out without your explicit interaction.
A phone number. You mean the thing that you hand out to strangers so that they can contact you? The thing that was designed from the start to be shared, and used to be listed in a big book that everyone had? The thing that you put on top of the paper that you hand out to dozens of companies when looking for a job?
What are you concerned about with your phone number? In what way does Signal (or anyone) having your phone number undermine your security?
Also, for a period of about a year, the code that was open sourced differed from the code actually running on the servers, adding "mobilecoin" features in secret. https://news.ycombinator.com/item?id=26715223
Here is the problem...is Open Source less secure because people find more software bugs, or is that accomplishing the whole purpose of open source technology? With the source code public, people find more bugs and it comes across as less secure, but they ultimately get fixed. A lot of those same bugs go unnoticed for years in proprietary software, and as a result its less secure. Yeah, proprietary software can be audited, but you only have like one or two guys doing the audit. They are going to miss something big. More eyes is better than few eyes.
As far as the phone number goes, the person above is more focused on anonymity than anything else. You having your phone number tied to it is a pretty big cause of concern if that is the goal you are after unless you use a throwaway number.
If the messaging app uses a username, then the overwhelming likelihood is that it keeps a serverside database of which usernames are communicating with which other usernames. That problem is the reason apps like Signal use phone numbers instead of usernames --- not because phone numbers are somehow super anonymous, but because it lets them not keep an exposed plaintext contact database on the server.
An AppleID is required to install any apps on an iPad or iPhone.
I think creating a Ukranian region Apple ID does not require a phone number and can install all global apps. Many popular apps (but fortunately not Signal) are published only in specific App Store regions (such as US).
Note also that signing in to the App Store will now silently enable iCloud. It has to be disabled explicitly again.