LupertEverettMar 25
[object Object]
have any of the infosec bois posted about how a fuckton of trivially weaponizable exploits dropped for a relatively recent previous iOS version and forced a bunch of users onto a version of iOS with age verification, or is the state of the discourse still just “Apple has the best security” and “it’s your fault for not upgrading to the latest version immediately”?
Mar 25 at 4:25amWeb
Show thread[object Object]Mar 25

infosec: you need to update to the latest version as soon as it’s available

the latest version: stacked privacy violation features, now required by law! LLM features that send your private data directly to the people looking to shoot you. slop-coded OS code with hideous vulnerabilities but it’s fine because we had a second LLM check it.

Show threadMoses IzumiMar 25
@zzt
I'm swedish, so I always strive to pronounce infosec as InfoSäck ("information sack")
Show thread[object Object]Mar 25
@moses_izumi if I ever do a privacyguides alternative (much needed) it’s getting named InfoSäck
Show threadMoses IzumiMar 25
@zzt
Haven't looked too deep into that site, but it'd be nice to have one where the OS section is less
>just install fedora/secureblue/qubes lol, I don't care about your Needs
and more about general hardening advice (potentially including Windows and MacOS).
Show threadMoses IzumiMar 27
@zzt
Not to mention their Android section declaring GrapheneOS to be the only worthwhile option (for better or worse).
Still curious to hear the rest of your thoughts on their site.
Show thread[object Object]Mar 27

@moses_izumi generally their analysis is thin and comes from a cyberlibertarian basis (which is a problem most privacy communities have), which means a lot of their advice is fairly deeply flawed

some examples I picked out last time I skimmed them:

- Proton has their top recommendation across several categories, but it is very easy to compromise your privacy using proton. there’s no analysis of that, nor of proton’s rotten technical and political stances that make the privacy risks worse.

1/

Show thread[object Object]Mar 27

@moses_izumi - Brave similarly has their top recommendation across several other categories, but beyond marketing Brave’s browser and services are not materially more private than most alternatives. there are good reasons to not use Brave: it incorporates a crypto scam and used to alter page data to replace ads with Brave’s own, and Brave is owned by a notorious homophobe. Brave’s reputation is so bad outside of privacy communities that some parts of the small web block it specifically.

2/

Show thread[object Object]Mar 27

@moses_izumi - they recommend NextDNS and similar services (Control D is a new one to me). these services operate by uniquely identifying your DNS queries, associating them with your personal information, and logging them. that is a gigantic privacy breach in itself. last I checked the only thing preventing NextDNS from leaking that information on request was company policy, which is a nothing guarantee that will evaporate under any duress or motivated compliance.

3/

Show thread[object Object]Mar 27

@moses_izumi all of this isn’t to say that all of their recommendations are bad, but cyberlibertarianisn is a contradictory ideology and that has led them to make some dangerous and contradictory recommendations. they are effectively kneecapped by libertarianism and false centrism as an ideological constraint, which prevents them from doing deeper analysis and prediction.

if your threat model includes the obvious for the current year, take Privacy Guides with a massive grain of salt.

end

Show threadMoses IzumiMar 27
@zzt
>shitting on Brave because the founder railed against gay marriage
Tired.
>shitting on Brave because it sucks cocks anyway
Inspired.