Giver of skulls

Verified icon

  • 0 Posts
  • 14 Comments
Joined 102 years ago
Cake day: June 6th, 1923
  • Skull giver@popplesburger.hilciferous.nltoAndroid@lemmy.worldGrapheneOS makers take a knife to this 'Google-free' phone coming to the US (Updated)English
    1·
    5 days ago

    Most Android phones from brands smaller than Samsung and Google fail the first requirement. Most Android phones are years behind the most basic iPhone in terms of security, mostly because of manufacturers cheaping out and a race to the bottom even in phones more expensive than a second hand car.

    Graphene’s thread model is “a (corrupt) cop can’t see my location history and every account I’ve ever logged into by plugging my phone into a USB device” and most brands fail horribly at it. Only Pixels with GrapheneOS are safe as of the latest article about it, with iPhones and Pixels coming in second.

    LineageOS is even worse, unless you manage to lock the bootloader without bricking your phone post install. Any time you lose sight of your phone for any moment (i.e. at an airport) you should reflash your entire OS if you care about basic privacy. I don’t know why relocking the bootloader seems to be such a challenge for device manufacturers, but it’s proving to be a rather niche requirement despite being the most basic security feature you could implement.

    Most people don’t really care about security and offline privacy of their devices, that’s why most people don’t need GrapheneOS. However, that doesn’t mean that GrapheneOS is wrong to point out the shitty status quo of Android phones. The sad state of affairs right now is that if you care about offline privacy, you need to fiddle with a Pixel to install GrapheneOS or buy an iPhone and put it into lockdown mode (which Android still lacks).

  • Skull giver@popplesburger.hilciferous.nltoMildly Infuriating@lemmy.worldcaptchas like these that don't tell you which part of the text you're supposed to inputEnglish
    1·
    7 days ago

    It’s not just Brazil. China and Huawei’s Singapore datacenter are common bots for me too, but I have less of a problem blocking those off for most services, as I only have a few applications running where server-to-server traffic makes sense. There are a few Indian CGNAT exit points that sometimes show up as well, but their traffic is low enough that it doesn’t stand out. When spam traffic is coming from local (European) sources, it’s almost always from server IP blocks. Not a lot of domestic ISPs in my spam logs from most countries.

    For some reason, Brazillian consumer ISPs just seems infested with certain strains of malware. It’s probably a brand of cheap IP cameras or routers that keeps getting infected, I remember Mirai hitting Brazil pretty badly. But I also get the feeling that Brazilian ISPs care even less about their networks’ security than the ones I’m used to with how much infected customers find their way to my servers. I would’ve expected similarly populous countries like the USA and India to hit my servers at a similar rate, but Brazil seems to stand out for some reason.

    I don’t tend to block countries directly (they have too many IP ranges for me to bother, to be honest), not that I have anything that they’d be interested in anyway. I do get waves of Brazilian IP addresses trying to submitp spam to my mail server, though. I haven’t seen those coming from other countries yet. I know it’s not Brazilians themselves sending those, but that doesn’t make the spam any less annoying. For larger websites, I can see why they block IP ranges so aggressively.

    I don’t think of ISPs in terms of nationality per se. I block per ISP, not per country, with the exception of China whose great firewall should probably “protect” their citizens from my websites anyway, and there I’m probably missing a whole bunch of ASNs anyway. It’s up to ISPs to maintain the reputation of their networks and to stop their infected customers from bothering everyone else, and if they don’t do it, I block their networks. In fact most filters that throw up blockades and CAPTCHAs and fail2ban blocks are doing this entirely automatically, if countries get blocked out it’s usually for legal reasons rather than anti bot protection.

    If you get a lot of these blocks, it’s possible you’re in the same subnet as someone with a hacked device or shitty VPN app and got hit as collateral damage. I got that for a while after switching to an ISP that had just bought a block of IP addresses from a Ukrainian ISP. It’s just an unfortunate side effect of the modern Internet that you must either figure out how to get a new IP or hope the malware on your IP neighbours gets cleaned up. I don’t have enough time and energy to protect the innocent from the guilty when it comes to my small, insignificant websites, and I shouldn’t be needing to take such aggressive action against these IP ranges in the first place.

    In a similar vein, I get a lot of 403 errors when browsing websites like Reddit because news websites still block off GDPR countries. I know how annoying it can be.