What does a healthy opinion of F-Droid look like though? Lol
What does a healthy opinion of F-Droid look like though? Lol
Well, then its still 2FA. Something you are and something you have.
The website has to build in support for them. Youll start seeing it more over time.
To be fair, you cant use the passkeys unless you are logged into your password manager, which requires a password you “know”.
Yes, verified boot will have out-of-bands alerts for you by design. Without the online component, you will risk not being able to detect tampering.
If the hardware is tampered, it will not pass the attestation test, which is an online component. It will fail immediately and you will be alerted. Thats the part of verified boot that makes this so much harder for adversaries. They would have to compromise both systems. The attestation system is going to be heavily guarded.
Compromised hardware doesn’t know the signatures. Math.
If the hardware signatures don’t match, it wont boot without giving a warning. If the TPM/Secure Enclave is replaced/removed/modified, it will not boot without giving a warning.
Thats correct. Thats one of the many perks.
Its more about protecting your boot process from malware.
Why exactly am I re-reading your post? Im in complete agreement with you? Should I not be?
Updates to secure the operating systems are worth it. Apple has a fantastic track record of supporting the older phones. It shows they’ve really planned ahead and thought about the entire lifecycle of their device. They will also accept your old phone after its life is complete and responsibly recycle it.
It’s in the draft phase from what I can see.
Having Signal fill in gaps for what the OS should be protecting is just going to stretch Signal more than it already does. I would agree that if Signal can properly support that kind of protection on EVERY OS that its built for, go for it. But this should be an OS level protection that can be offered to Signal as an app, not the other way around.
If your device is turned on and you are logged in, your data is no longer at rest.
Signal data will be encrypted if your disk is also encrypted.
If your device’s storage is not encrypted, and you don’t have any type of verified boot process, then thats on you, not Signal.
Feel free to submit a pull request. We could use your help.
Nah, bots will be bots
As you wish. But maybe open up to some new perspectives.