Keyoxide: aspe:keyoxide.org:KI5WYVI3WGWSIGMOKOOOGF4JAE (think PGP key but modern and easier to use)

  • 2 Posts
  • 121 Comments
Joined 1 year ago
cake
Cake day: June 18th, 2023

help-circle
  • Careful, Google is currently forcing apps to migrate from SafetyNet to PlayProtect!
    SafetyNet is used by tons of security theater apps like banking 2FA. It is an API of play services.
    PlayProtect is basically the same but you have to talk to it though google play. This is a blatant move by google to make exactly what OP is suggesting impossible, and means that if you do this, you may soon see many apps break that you are forced to use.


  • Yes, those could be detected.
    Ill see how large that portion is on my system in a bit, but I would expect it to come out as the minority.

    Non-detectible ones I can think of rn:

    • Tab muting manager
    • VPN manager
    • link redirect skippers
    • stats printers, like a tab counter
    • dynamic shortcuts, like opening the archived version of the current page on archive.org
    • old reddit redirect
    • cookie managers

    Many more of the ones you listed won’t be detectable on most websites.

    userscript managers (grease/tamper/violentmonkey etc.)

    A userscript manager is by definition detectible only on pages you define or install a userscript for. Even then, modern userscript managers like tampermonkey are running scripts in a separate scope that is completely sandboxed from the actual websites js context, you can’t even pass an object or function to the website and access it there, it will fail.
    Youtube has actively fought some userscripts and failed, which they probably wouldn’t have if those userscripts were detectible.

    User theme managers should be similar, but I can’t comment on them as I don’t use any.

    page translators

    Translators are only detectible when enabled.

    addons serving in-browser ads

    Why would you have an addon that serves ads?

    site-specific UI improvements (RES, SponsorBlock, youtube/SNS tweaks)

    Are site-specific, i.e. not detectible anywhere else

    privacy blockers (CanvasBlocker/JShelter/etc.)

    Please don’t use those anymore, use only uBo. Same for uMatrix.
    uBo is pretty good about not being detected, for obvious reasons.




  • TPM isn’t all that reliable. You will have people upgrading their pc, or windows update updating their bios, or any number of other reasons reset their tpm keys, and currently nothing will happen. In effect people would see Signal completely break and loose all their data, often seemingly for no reason.

    Talking to windows or through it to the TPM also seems sketchy.

    In the current state of Windows, the sensible choice is to leave hardware-based encryption to the OS in the form of disk encryption, unfortunate as it is. The great number of people who loose data or have to recover their backup disk encryption key from their Microsoft account tells how easily that system is disturbed (And that Microsoft has the decryption keys for your encrypted date).




  • Syncthing is excellent for phone sync.
    What I did was have it running on a system in the network of the nas, mount the nas on that system, and place the backups folder in the nas.

    If you have a system that reliably runs, or can get syncthing running on the nas, I recommend doing that.
    Synology has docker iirc, there aught to be a syncthing container.
    Else, slapping a pi zero into the nas’ network should do the trick and be fully independent of what the nas is.









  • SSB is still around, but also not what I was looking for. I just wanted a frameless window (and no other pwa functionality).
    Fullscreen I disabled using my window manager. Under Linux you can commonly use alt+F3 to bring up the “right click on titlebar” menu, then disable fullscreen there. Generally ever window manager can disable fullscreen for windows, in a more or less accessible way (cough ms windows dll calls cough).

    As mentioned below, This is recovery. I could ban kiosk mode to a separate profile, but unless you invent a time machine this won’t undo having opened kiosk mode in an in-use profile.


  • Yes, this is more of a recovery operation. Whatever the fix may be, modifying the browser itself to open a window without decorations would be easier.

    There are some usecases in which you really don’t want to restart your browser.
    The easiest way to update your kernel is to restart your pc, yet there is a market for live-patch kernels.
    If someone accidentally infects their instance with kiosk, it may occasionally be preferable for them to follow a complex procedure to recover the instance, rather than doing the “simple” thing of restarting it.

    Restarting may solve many problems, but there is a more difficult but less invasive solution almost every time.
    Much like reinstalling may solve even more problems, but you can see that doing a reinstallation is not usually the right course of action.


  • Kiosk mode doesn’t just force fullscreen, it disables right click, the tab and title bar, …
    Basically the browser is close to unusable until kiosk mode is ended, which I currently only know how to do via restarting Firefox.
    And F11 is also disabled by kiosk mode. Interestingly, on the windows that were started before kiosk mode, it puts them into proper kiosk mode (after which F11 stops working of course).




  • I guess adb backup was before my time. I did use adb to transfer my apps when I last restored a twrp backup. In perhaps a similar manner to what that did, going by the name. But I did use adb root for that.

    Otherwise, I use it to set a lot of otherwise inaccessible settings, like making the back gesture a lot thinner than intended because my touchscreen can handle it, or forcing 120Hz everywhere. I can also set my dpi there without anoying apps.

    And ofc I use it to uninstall system apps I don’t need.

    After initial setup I do all of that in a root bash session in termux admittedly, but if I hadn’t rooted my device I would still want to do most of that using an adb shell, as most of it doesn’t require root (besides maybe the restoring backups part).

    I also use shell environment to semi-automatically transfer media files for certain processes, though I’ll probably move that over to syncrhing at some point.

    The main remaining advantage is the ability to automate things on my phone from my pc, I don’t see a lot of those as replacable unless my rom installs kde connect as a system app and they add an immense amount of functionality