N.E.P.T.R

They have the best ARM CPUs in any consumer product and very good software/hardware security. I hate Apple because their shit is overpriced and locked-down but that doesnt mean its garbage.

Same problem pretty sure.

It is a denial of service attack. He discloses all vulnerabilities ahead of time. The only reason he released the previous one so quickly is because the Matrix team said it “wasnt a real vulnerability”.

Understood.

It seems that forward secrecy is still in development from the blog you showed.

I still wouldnt use session for the reasons stated in this Soatok’s (a cryptographer) blogs. Even if they fix(ed) these problems, I have no trust for their security implementations. Why use session instead of something like Briar?

https://soatok.blog/2025/01/14/dont-use-session-signal-fork/ https://soatok.blog/2025/01/20/session-round-2/

People keep finding significant vulnerabilities in its cryptography and the Matrix team tries to deflect or create strawmans for why it isnt actually a vuln. Soatok found a vulnerability in 2024 by just browsing the source code for tiny bit of time, and again just two weeks ago after looking for a couple hours. In both cases, Matrix then responded to his vuln report with hostility, saying it wasnt actually a vulnerability. He is sitting on another vulnerability.

Having a cleartext mode is a security downgrade and no secure messenger should support cleartext. It only barely got functional forward secrecy recently. VoIP in most Matrix clients (and servers) still use Jitsi backend which isn’t E2EE, even with the release of the newer (secure) Element call protocol. Matrix leaks tons of metadata, such as usernames, room names, emoji reactions, generate URL embedded previews. Rooms arent encrypted by default. It is also a UX nightmare and often times you cant decrypt your messages.

Matrix is not secure. You’d be better off with XMPP and OMEMO which has its own problems and isn’t secure either. Sill better than Matrix.

Session is a security downgrade. It doesnt support forward secrecy which is hella important.

They disregard the risk from the vendor because you are already using their hardware. The hardware has firmware already included which is proprietary, the hardware itself is proprietary, and hardware effectively runs as root anyways. You should already trust your hardware or you shouldn’t be using it. Linux-libre is a purity test, that is it. It is security theater which actually, definitely, really makes you vulnerable without doing anything meaningful. The only time it makes any sense is if you only use open source hardware.

deleted by creator

There was drama last year because the (or one?) moderator of fosstodon is a fascist.

I would go with (semi)rolling, either openSUSE Tumbleweed/Slowroll or Fedora. I prioritize fast updating distros because they are better for security (many vulnerabilities go unnoticed because the full scope isnt understood and they are deemed normal bugs), and (unlike Windows) updates on Linux are a good thing, bring new features, crash/bug fixes, and optimizations.

Fedora is very popular, has wide software support, and is very stable. openSUSE is also still pretty popular, (even its rolling edition) is quite stable as well, has good software support, and YaST allows you to do graphical administration on your system. Both take security seriously and use SELinux for security policies.

If you care about security, use Brace for automatic system hardening. It has been developed for years by the former DivestOS dev Tavi, supporting many distros.

Zen is basically Firefox with different UI. It is a security/privacy downgrade from Librewolf. You can configure Zen to have the same security/privacy settings by putting about:config in the URL bar change some of the toggles.

Use either the Arkenfox (also available in the interactive live viewer online) or Phoenix user.js as a template. Basically: disable WebGL, set WebRTC to disable nonproxied udp, disable JavaScript JIT, enable privacy.resistFingerprinting (optionally enable privacy.resistFingerprinting.letterboxing for screen fingerprint protection) and some other things.

Phoenix has some configs for Zen iirc which you can just patch. It is less strict than Librewolf when it comes to fingerprint protections (softening some of RFP’s protections).

If you want to test that the fingerprint protections are working, use this test site by Arkenfox called TorZillaPrint.