Threat modeling phone numbers, SIMs, IMEI, and internet connectivity
Mac
you should run an insecure app in a vm, ideally but sandbox-exec is nice as well - eg to run zoom – https://gist.github.com/cielavenir/02f322e322a2a3555dbf2b38f2fedd59
echo “127.0.0.1 ocsp.apple.com” | sudo tee -a /etc/hosts
Driver
My daily driver Config
https://support.apple.com/en-us/HT201222 on mullvad browser autostart
VPN
“Our macOS app installs a Network Extension, which is a fully sandboxed process with no kernel-level access to your system.” - Obscura
“AFAIK all traffic is now adequately routed thru the network extensions meaning, firewalls should be able now be comprehensive”
Securitybrahh
My Current Setup
Priorities:
- Freedom
- Security
- Usability
- Reasonable Privacy
- not LARP
- Robustness aka redundancy
Strictly following that order.
if you are not secure, thinking about privacy is a waste. For eg. if you switch off all comms from windows to microsoft, or mac to apple – You won’t get any security updates hence lol. The correct approach is to switch on that specific comms when there is a critical update. For apple, just have this page on mullvad browser home and start it up at boot.
Android
Android
GrapheneOS
sim lock?
bluetooth, camera, NFC, location – default off
Use contact and storage scopes
battery saver at 20%
https://www.anonstrategies.com/p/boxes
Shelter – device admin?? – is this the best work profile manager, ¿
Keep notifs to the minimum, disable apps when not in active use.
FLOSS apps via obtainium
Add apkmirror tracking for Google Play apps to know updates
Seperate Google Play Store profile for apps, install through that, need to then install apk in main profile (apkmirror) – so the signature is verified, no issues.