trackd

joined 1 year ago
[–] trackd@lemm.ee -1 points 1 year ago* (last edited 1 year ago) (1 children)

As long as the phone maker and the phone service company play nice

I mean both of those things are usually something you can choose yourself?
I'm aware choices are limited with coverage and availability etc, which is also why i prefixed my statement with should.

For example here in Finland we have this thing called The Mobile ID. Which is commercial high security identification method, that works on the SIM.

That seems like a weird implementation, why would you bundle that with your SIM card?
Seems like a huge headache with stolen/lost phones, wonder how they handle revokation..
Probably only work for online services that can validate that it hasnt been marked stolen?

And wouldn't it make alot harder to swap providers if your entire identity is tied to the card?

we have a similar thing but it's a separate physical card you can use for identification, and with that card you can also issue mobile identification.

This entire discussion seems super offtopic though, but you seem really passionate about the Finnish Mobile ID solution.

Also physical external sim allows physical update of the crypto processor.

Are you really arguing that physical security vulnerabilities are easier to solve than a security software update?

It's not out of the realm of possibilities that Phone vulnerabilities would affect the SIM card as well?

Presumably the phone does need to read the private key to authenticate?

With a software solution you could store the keys on Titan X chip/Apple T2/Samsung Knox(?)

which the OS knows to protect and keep separate...

But again, nothing about the mobile ID SIM solution contradicts anything i said?

eSIM allows for more flexibility overall, the market and availability might not be there everywhere but that is not an issue with the technology but rather it's adoption (or lack thereof), atleast for all the countries not named Finland.

[–] trackd@lemm.ee 5 points 1 year ago (4 children)

Alot of countries support e-SIM, this is the most comprehensive list i could find Find wireless carriers and worldwide service providers that offer eSIM service (apple.com)

But I'm quite sure that it's not up-to-date because in my country i think most providers support e-SIM, but apple only lists 1.

So that wouldn't really make it an US-exclusive.

i don't agree that it keeps users locked in. convenience wise it should be alot easier with e-SIM, technically you should just be able to open up an app and install a new e-SIM and voila your on a new provider.

[–] trackd@lemm.ee 5 points 1 year ago

Yep, i did miss that but have updated my comment

[–] trackd@lemm.ee 6 points 1 year ago (2 children)

Its permissions for fullscreen notifications, i dont think many apps send ads that way. They can just show them fullscreen when your using the app.

[–] trackd@lemm.ee 19 points 1 year ago* (last edited 1 year ago) (2 children)

~~Probably all apps that has some voip calling functionality.~~

~~Whatsapp, messenger, viber (is that still a thing?) and similar~~

Edit, just saw

Unless they provide call or alarm functionality

So they should be safe

Possibly some security related apps to auth for banking and stuff, not sure how they work behind the scenes.

Same goes for some 2FA apps i guess?

[–] trackd@lemm.ee 9 points 1 year ago

Guessing they were just using something like highlightjs

[–] trackd@lemm.ee 3 points 1 year ago (1 children)

Found this issue

I would probably just setup temporary containers or something instead.

[–] trackd@lemm.ee 24 points 1 year ago (1 children)

As for your firefox issues, thats pretty trivial to fix by adding some CSS in usercontent.css/userchrome.css

See here for some examples: MrOtherGuy/firefox-csshacks