CVEs are often go mislabeled as normal bugs and dont get the attention needed. It also may take a bit for such vulnerabilities to make it downstream.

A simple privilege escalation attack on basically every system goes as follows: add a function into the bashrc file of a users that runs a script, have the script intercept the users sudo credentials and pass the command on normally as if it was just the regular sudo command. Now you have root. Nothing here requires priveleges beforehand. Anything, be it a script, appimage, malicious binary, etc can follow those steps and gain root access by compromising the wheel user. Even without compromising a user, it could simply add a Systemd user service that keylogs (keylogging is still possible on Wayland without security hardening)

A prerequisite of course is getting that file onto the user’s computer. There are a plethora of ways. Simplest way is to learn what applications the user installs, find the weakest link, and compromise them.

There are of course much more sophisticated and better ways, some of which are detailed in the supporting links I sent. Every Security expert and researcher I have talked to can recognize that Linux has an outdated security model. The best links to read would be the hardening guide and “linux isnt secure”.

I only mentioned physical port attacks in a much larger list of things Linux MUST improve on. I am not a grapheneOS shill, nor did any of the supporting articles I sent relate to GOS, so I don’t really understand your response. Read through the links I posted and learn more about the operating system you use. I am NOT saying linux is dogshit, I very much love linux. Why not just educate yourself on this topic instead of assuming things from a place of ignorance or constructing a strawman. I spend multiple hours per day reading and putting into practice Linux hardening techniques, I am not just working with a surface level understanding of Linux security.

Even open source is vulnerable. Two questions: do you examine all the commits on every app you use? Do you compile every update to the apps you use from source? Sandboxing is important because if an application is compromised it cant lead to privilege escalation or userspace spyware.

Linux is not security hardened. It does not properly sandbox applications (and there is nothing as secure as android’s sandboxing on linux). In fact, most linux package managers do not feature any sandboxing of applications, period. Linux does not implement verified boot. It does not harden against physical port attacks. It does not use a hardened memory allocator. Privilege escalation is simple because of how straightforward it is to compromise a wheel user (sudo user). Linux does not harden it kernel flags by default. Alpine (and most linux package managers) are not secure (aka does not pass the TUF threat model). Most linux distros dont feature a read-only root filesystem, which would help to improve security. Also, Systemd is a bloated init system and has a massive attack surface. GNU’s tooling is also bloated and freebsd’s would make a good alternative (like what is done by Chimera Linux)

Here are some readings on linux security:
Article by one of the Whonix Devs https://madaidans-insecurities.github.io/linux.html and also are hardening guide from them https://madaidans-insecurities.github.io/guides/linux-hardening.html
Wiki page of Whonix considering many linux distros for whether they make a good base for Whonix’s security distro: https://www.whonix.org/wiki/Dev/Operating_System#Alpine_Linux
Kicksecure’s wiki: https://www.kicksecure.com/wiki/Documentation

Here are some Security hardened distros (Note that none meet the threat model for a mobile phone OS as they dont feature verified boot):
https://www.kicksecure.com
https://github.com/secureblue/secureblue
https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/hardened.nix.

Special mention which isnt hardened but has great potential: https://chimera-linux.org/

Interesting. I have a vastly divergent opinion on linux for mobile, mostly that it is not secure. This is true for Desktop linux but is more important considering the threat model necessary for mobile device Security.

drugs with

I recommend using https://swappa.com to buy used phones since they have quality assurance and returns. Much safer than eBay because you could accidentally buy a phone that has its IMEI blacklisted, which shouldn’t happen with swappa.

Why not DivestOS on the OnePlus 6.

Firefox’s privacy.resistFingerprinting flag normalizes refresh rate (among many other metrics)

Vencord/Vesktop supports audio streaming on Linux and is just a generally better experience compared against the Discord official app. Free and open source.

That’s cus the shotgun has no texture asset and is using the default “unknown texture”. Check your texturepack

Why not Mull (security hardened fennec)?

Nah, Verizon VPN is better

Sry, I should have mentioned I meant Cromite on desktop.

Probably Aurora by UniversalBlue

So is most of my “nerd voice” bad response. It just isn’t for everyone, or very accessible to the majority of people. Only if you specialize in, or work a lot with, operating system security/privacy is it viable. I hope it becomes more accessible. Troubleshooting fuckin sucks.

Systemd/Linux is more accurate imo lol.

Should I like tell you that ur like wrong or sumthin? Cus I will lol /j

OK critique:
Ubuntu is relatively closed/restricted compared to some other Linux distros. Its reliance on Snaps is concerning because its a closed ecosystem (open source client, closed source backend, no option to add other source repos).

Bad critique:
Um🤚🤓, actually you should be using security hardened NixOS using your own custom kernel sysctl config 🥵, using GrapheneOS’s hardened-malloc and chrony.conf 🥸, and Tor Browser installed inside a kata-container and sandbox with Bubblejail🤯. All compiled from source, duh. 🥱

Self hosting has the advantage of keeping your encrypted vault local and under your control.

Cromite is a good brave alternative without crypto, built-in adblocking, secure defaults (better security hardening), and cross-platform (Linux, Windows, Android). Best experience is on Android. Cromite is an actively updated fork of Bromite, released by a former contributor of Bromite. Cromite also comes without any proprietary libraries on Android (unlike Brave, Mulch, or Vanadium).