nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqtj85y66ltw6deckl7kk8qw8akpd3y6ktd4gf2vw2ej75e9gfwftq9e9chj Recent ARM Macs are the only desktop/laptop devices with comparable hardware security able to properly defend against these kinds of attacks. That's also not really the case anymore if you replace macOS with something else since the hardware-based security needs to be properly leveraged by the OS. Most desktop/laptop hardware is wide open to physical data extraction and don't even get proper ongoing firmware patches for remote vulnerabilities let alone defending against this attack vector.
Feeling good about the most secure setup on mobile with GrapheneOS as it follows the Free Open Source model, but using MacOS is a hard pill to swallow.
Don't wan't to support the closed garden approach, but a Linux desktop is challenging to be configured for max security if even possible.
Apple has significant advantage on the hardware and security by default.
Still rocking Asahi Fedora Remix with encrypted root on an M1 Macbook Pro, but wonder if I should give in to use MacOS for travel.
But at the same time, They are surveillance houses that track what applications you are installing, when you run them, where you run them and these operations bypass whatever VPN you have.
I am aware of these rumours, but can only believe when I see it. My VPN runs on the router level and will check with Pi Hole if there is unrequested communication towards Apple.
For now I am not even logged in with an Apple ID, can use brew and nix without it.
Wasn't a rumor, but maybe outdated info in hindsight.
https://thehackernews.com/2021/01/apple-removes-macos-feature-that.html
I would like to see a secure Linux emerge that only supports the best hardware which would be arm based and probably Mac. Probably won't happen though, realistically.
Coreboot only mitigates the management engine but arm and Mac are better since they don't even have firmware that can interrupt the main CPU to begin with
Sounds like GrapheneOS on PC, would love to see it!
What are your thoughts on QubesOS? Been using it for a few years and it feels quite secure, but it can be tedious at times to do everything inside VMs.
It is likely the best for online security and privacy, but doesn't solve the issue with verified boot and the usage of secure elements.
Qubes OS is better with compartmentalization, but has a big tradeoff in useability and surely performance compared to MacOS on Apple silicon.
