MarionWheeler

joined 1 year ago
[–] [email protected] 5 points 1 year ago

AtlasOS is not designed with security in mind. It's only after everyone criticized them that they added back stuff such as Windows Update and UAC.

[–] [email protected] -1 points 1 year ago* (last edited 1 year ago)

While I can see what the author was going for, I still don't think it's worth it to give yet another third party app admin access in order to make managing settings slightly easier.

That’s not how it works, actually. Its more sophisticated.

How does it work then?

And no, it is more robust than that. This tool doesn’t lead to breakage. IT admins use this tool.

A sysadmin would usually use group policies to manage settings and install apps automatically, especially since they would likely be using Windows Pro or Enterprise in a work environment.

[–] [email protected] 1 points 1 year ago (2 children)

This is…not the best idea, imo. If I had to guess, I would say that it is attempting to disable diagnostic data by setting a registry key — only on Windows Home or Pro, that’s ineffective and doesn’t have any extra benefit compared to just disabling optional telemetry in the settings app. It also seems to pointlessly duplicate things the user already has control of (why does there need to be a toggle for Hyper V and Windows Subsystem Linux?) Last I checked they were pretty simple enough to turn on and off in the base system. Same goes for stuff such as Location Tracking and Activity History, which I’m fairly sure are literally already in the privacy settings.

Attempting to do large scale “debloating” will inevitably lead to system breakage and things not working. Start Menu shortcuts? They’re one click away from being uninstalled. OEM Bloat such as random third party antiviruses? You should be doing a clean install to get rid of those. Apps such as Cortana? winget uninstall. You also don’t need a third party program to manage your app updates, that’s literally what winget upgrade --all is for.

[–] [email protected] 5 points 1 year ago

Even better, there’s been a case where Microsoft Support has used it themselves.

[–] [email protected] 2 points 1 year ago

IP Address isn’t extremely precise, and I always run on the latest version of whatever browser I’m on, be it Safari or Edge.

[–] [email protected] 12 points 1 year ago

I’m happy to see the fediverse growing nicely!

[–] [email protected] 3 points 1 year ago

You could try OnlyOffice, I believe it has better compatibility with .docx files in comparison to LibreOffice.

[–] [email protected] 6 points 1 year ago

I think it's a bit of a mixed bag. Their ecosystem may be good and all but they deliberately don't interoperate very well with others. Example: if I plug my iPhone into my windows laptop, it will only expose the gallery, unlike with Android where it will allow me to transfer non image files. I have to download another app (iTunes, and now the Apple Devices App which is currently in preview) in order to be able to transfer files via cable (KDE Connect or Localsend are also good options for this). Then there's their sticking with their own cable when everyone else is going to USB C, and their refusal to implement proper messaging with Android users/integrate with RCS - granted, RCS has its own set of issues, but still. And of course there's their refusal to allow sideloading, which has led to governments being able to censor apps from the app store. It doesn't help that App Store review isn't the best at catching security issues, as scam apps slip through from time to time. The EU seems to be trying to fix this with their new regulations, but it's now speculated that Apple will be petty and region lock sideloading.

Their hardware is nice and performant, but unfortunately they're against upgradeability as well as right to repair. I don't watch him much, but I think Louis Rossmann's youtube channel is recommended for learning about this.

I don't have strong opinions on their hardware/software design and aesthetics, it works for me, but I can see why others don't like how opinionated they are. I don't like how Android phones have been getting bigger, but it's not the end of the world for me should I switch to a Pixel.

Privacy and security wise they overmarket too much but they do have some advantages:

  • No OEM bloat/telemetry. With Samsung phones for example, you'll have to put up with Samsung telemetry and Google's data collection. With Apple, you only have Apple nonsense to put up with.
  • iOS devices tend to get updates for longer, and they backport critical patches to older devices. While Android is more modular (allowing Google to update certain parts of the system through google play services), and the situation is improving (newer Google Pixels get 5 years of security updates now), iOS still has a slight edge.
  • For Macbooks, I'll just quote the Asashi Linux documentation:

It would be remiss not to briefly cover where these machines stand in terms of user control and trustability. Apple Silicon machines are designed first and foremost to provide a secure environment for typical end-users running macOS as signed by Apple; they prioritize user security against third-party attackers, but also attempt to limit Apple's own control over the machines in order to reduce their responsibility when faced with government requests, to some extent. In addition, the design preserves security even when a third-party OS is installed.

...

From a security perspective, these machines may possibly qualify as the most secure general purpose computers available to the public which support third-party OSes, in terms of resistance to attack by non-owners. This is, of course, predicated on some level of trust in Apple, but some level of trust in the manufacturer is required for any system (there is no way to prove the non-existence of hardware backdoors on any machine, so this is not as much of a sticking point as it might initially seem).

  • Lockdown Mode, which apparently has somewhat protected against zero click exploits.

  • For iOS Safari (no clue on Mac), they allow adblocking without having to grant the extension privileged access to the page. This includes cosmetic filtering. (Somewhat hit and miss on Youtube tho). Malicious extensions and filter list exploits are a problem, and while Google is attempting to fix this somewhat with Manifest V3, it's not perfect. From my experience with Ublock Origin Lite in Edge, you don't currently get cosmetic filtering without granting privileged access, which defeats the point. Otherwise, it appears to be as effective as DNS blocking.

  • The App Privacy Report makes it super easy (provided you're not connected to a VPN) to see what domains an app connects to. I can check the entry for my offline password manager for example, and see that it isn't pinging anything other than inappcheck.itunes.apple.com. I think this is used to query the in app purchase status.

For disadvantages:

  • Telemetry: even with everything opted out of, Apple still collects hardware data, local MAC Addresses (for their location services database, this is also noted in their documentation). Also, for some reason they insist on tying collected click heatmaps in the app store/books/stocks app directly to the Apple ID. (This is just off the top of my head, I may be missing something). I don't personally consider this a deal breaker (Apple already knows what apps I download), but I can understand why they've been raked over the coals for it given how much they market privacy.

  • While iMessage is touted for being end to end encrypted, the defaults have it backing up unencrypted to the cloud, which defeats the point. There is Advanced Data Protection now, but both sides of a conversation would have to turn it on.

  • VPNs on iOS leak. This is different from Android where it can be argued that connectivity checks are a good thing and don't send personal data, but with iOS certain system apps appear to just straight up bypass it.

  • Without sideloading, it's basically impossible to use an iPhone without logging in.

  • Some stuff such as the gyroscope still doesn't require a permission to access.

  • Allowing carriers to do this.

Some other points I'd like to make:

[–] [email protected] 1 points 1 year ago

Sorry, my bad!

[–] [email protected] 0 points 1 year ago (2 children)

I think it's a bit of a mixed bag. Their ecosystem may be good and all but they deliberately don't interoperate very well with others. Example: if I plug my iPhone into my windows laptop, it will only expose the gallery, unlike with Android where it will allow me to transfer non image files. I have to download another app (iTunes, and now the Apple Devices App which is currently in preview) in order to be able to transfer files via cable (KDE Connect or Localsend are also good options for this). Then there's their sticking with their own cable when everyone else is going to USB C, and their refusal to implement proper messaging with Android users/integrate with RCS - granted, RCS has its own set of issues, but still. And of course there's their refusal to allow sideloading, which has led to governments being able to censor apps from the app store. It doesn't help that App Store review isn't the best at catching security issues, as scam apps slip through from time to time. The EU seems to be trying to fix this with their new regulations, but it's now speculated that Apple will be petty and region lock sideloading.

Their hardware is nice and performant, but unfortunately they're against upgradeability as well as right to repair. I don't watch him much, but I think Louis Rossmann's youtube channel is recommended for learning about this.

I don't have strong opinions on their hardware/software design and aesthetics, it works for me, but I can see why others don't like how opinionated they are. I don't like how Android phones have been getting bigger, but it's not the end of the world for me should I switch to a Pixel.

Privacy and security wise they overmarket too much but they do have some advantages:

  • No OEM bloat/telemetry. With Samsung phones for example, you'll have to put up with Samsung telemetry and Google's data collection. With Apple, you only have Apple nonsense to put up with.
  • iOS devices tend to get updates for longer, and they backport critical patches to older devices. While Android is more modular (allowing Google to update certain parts of the system through google play services), and the situation is improving (newer Google Pixels get 5 years of security updates now), iOS still has a slight edge.
  • For Macbooks, I'll just quote the Asashi Linux documentation:

It would be remiss not to briefly cover where these machines stand in terms of user control and trustability. Apple Silicon machines are designed first and foremost to provide a secure environment for typical end-users running macOS as signed by Apple; they prioritize user security against third-party attackers, but also attempt to limit Apple's own control over the machines in order to reduce their responsibility when faced with government requests, to some extent. In addition, the design preserves security even when a third-party OS is installed.

...

From a security perspective, these machines may possibly qualify as the most secure general purpose computers available to the public which support third-party OSes, in terms of resistance to attack by non-owners. This is, of course, predicated on some level of trust in Apple, but some level of trust in the manufacturer is required for any system (there is no way to prove the non-existence of hardware backdoors on any machine, so this is not as much of a sticking point as it might initially seem).

  • Lockdown Mode, which apparently has somewhat protected against zero click exploits.

  • For iOS Safari (no clue on Mac), they allow adblocking without having to grant the extension privileged access to the page. This includes cosmetic filtering. (Somewhat hit and miss on Youtube tho). Malicious extensions and filter list exploits are a problem, and while Google is attempting to fix this somewhat with Manifest V3, it's not perfect. From my experience with Ublock Origin Lite in Edge, you don't currently get cosmetic filtering without granting privileged access, which defeats the point. Otherwise, it appears to be as effective as DNS blocking.

  • The App Privacy Report makes it super easy (provided you're not connected to a VPN) to see what domains an app connects to. I can check the entry for my offline password manager for example, and see that it isn't pinging anything other than inappcheck.itunes.apple.com. I think this is used to query the in app purchase status.

For disadvantages:

  • Telemetry: even with everything opted out of, Apple still collects hardware data, local MAC Addresses (for their location services database, this is also noted in their documentation). Also, for some reason they insist on tying collected click heatmaps in the app store/books/stocks app directly to the Apple ID. (This is just off the top of my head, I may be missing something). I don't personally consider this a deal breaker (Apple already knows what apps I download), but I can understand why they've been raked over the coals for it given how much they market privacy.

  • While iMessage is touted for being end to end encrypted, the defaults have it backing up unencrypted to the cloud, which defeats the point. There is Advanced Data Protection now, but both sides of a conversation would have to turn it on.

  • VPNs on iOS leak. This is different from Android where it can be argued that connectivity checks are a good thing and don't send personal data, but with iOS certain system apps appear to just straight up bypass it.

  • Without sideloading, it's basically impossible to use an iPhone without logging in.

  • Some stuff such as the gyroscope still doesn't require a permission to access.

  • Allowing carriers to do this.

Some other points I'd like to make:

[–] [email protected] 1 points 1 year ago

I haven't tried the iOS 17 Beta myself, but some of the new privacy and security features (enhancing Safari's anti fingerprinting protection, blocking 2G in Lockdown mode) have me very interested.

view more: next ›