<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: armadyl</title><link>https://news.ycombinator.com/user?id=armadyl</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Thu, 02 Jul 2026 21:38:03 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=armadyl" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[New comment by armadyl in "Android Developer Verification: Threat masquerading as protection"]]></title><description><![CDATA[
<p>> But no one said we have to copy that flawed concept. macOS and Linux already have a good solution, requiring your full unlock password in a privileged dialog to authorize changes.<p>You use operating systems that have significantly worse security than GOS, iOS and even stock Android as your examples?<p>Also you literally are the owner with GrapheneOS, lacking security is not "full ownership." You can create your own build of GOS, you can modify it ahead of time, you can literally see all of the source code it's running.<p>Claiming GOS isn't true ownership is like complaining that you can't change your car's wheel alignment while driving it and saying it means you don't truly own your car.</p>
]]></description><pubDate>Thu, 02 Jul 2026 20:39:36 +0000</pubDate><link>https://news.ycombinator.com/item?id=48767074</link><dc:creator>armadyl</dc:creator><comments>https://news.ycombinator.com/item?id=48767074</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48767074</guid></item><item><title><![CDATA[New comment by armadyl in "Android Developer Verification: Threat masquerading as protection"]]></title><description><![CDATA[
<p>You’re right, they just fall for installing updates or CLI tools which install compromised dependencies and run wild on a rooted system before getting caught 24 hours later.</p>
]]></description><pubDate>Thu, 02 Jul 2026 15:39:20 +0000</pubDate><link>https://news.ycombinator.com/item?id=48763238</link><dc:creator>armadyl</dc:creator><comments>https://news.ycombinator.com/item?id=48763238</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48763238</guid></item><item><title><![CDATA[New comment by armadyl in "Android Developer Verification: Threat masquerading as protection"]]></title><description><![CDATA[
<p>You are free to make your own build of GrapheneOS with root access and have extremely reduced security. Just don’t expect support on the forums and waste everyone’s time when something happens.</p>
]]></description><pubDate>Thu, 02 Jul 2026 12:19:31 +0000</pubDate><link>https://news.ycombinator.com/item?id=48760312</link><dc:creator>armadyl</dc:creator><comments>https://news.ycombinator.com/item?id=48760312</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48760312</guid></item><item><title><![CDATA[New comment by armadyl in "Android Developer Verification: Threat masquerading as protection"]]></title><description><![CDATA[
<p>All of which have beyond horrific security. GrapheneOS is the only acceptable alternative from mainstream Android.</p>
]]></description><pubDate>Thu, 02 Jul 2026 12:10:11 +0000</pubDate><link>https://news.ycombinator.com/item?id=48760198</link><dc:creator>armadyl</dc:creator><comments>https://news.ycombinator.com/item?id=48760198</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48760198</guid></item><item><title><![CDATA[New comment by armadyl in "macOS Container Machines"]]></title><description><![CDATA[
<p>It's not really about supply chain security it's about the hardware itself. PC manufacturers in general just can't keep up since they don't have full control/integration over the hardware stack like Apple does. Also CPU, secure element etc security is limited but Qualcomm is catching up pretty quickly I believe if they aren't there already. We won't talk about Intel and AMD. But that's beyond my knowledge so I can't say anything too specific that's just what I have from general knowledge I'm sure someone will jump in with additional info if needed.<p>I don't think Apple is particularly any more secure against the US government than Intel is with supply chain vulnerabilities but I have nothing to back that up with aside from vibes.</p>
]]></description><pubDate>Wed, 10 Jun 2026 03:05:27 +0000</pubDate><link>https://news.ycombinator.com/item?id=48470900</link><dc:creator>armadyl</dc:creator><comments>https://news.ycombinator.com/item?id=48470900</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48470900</guid></item><item><title><![CDATA[New comment by armadyl in "macOS Container Machines"]]></title><description><![CDATA[
<p>Conversely, a Linux system with no verified boot can be easily tampered with without the user detecting it by people lower than the government such as casual hackers. So in a world where your government is going crazy, you're opting for an operating system that can be penetrated with relative ease (e.g. with persistent root malware) both by a non-government hacker on top of a state backed one.</p>
]]></description><pubDate>Wed, 10 Jun 2026 02:07:21 +0000</pubDate><link>https://news.ycombinator.com/item?id=48470445</link><dc:creator>armadyl</dc:creator><comments>https://news.ycombinator.com/item?id=48470445</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48470445</guid></item><item><title><![CDATA[New comment by armadyl in "macOS Container Machines"]]></title><description><![CDATA[
<p>This is incorrect macOS is fundamentally more secure than desktop Linux operating systems and it isn't particularly close.<p>No amount of Linux hardening will get a system even close to an M-chip Mac. Software insecurities aside, desktop Linux OS systems have almost none of the hardware-backed security benefits that Macs do.</p>
]]></description><pubDate>Wed, 10 Jun 2026 01:56:47 +0000</pubDate><link>https://news.ycombinator.com/item?id=48470349</link><dc:creator>armadyl</dc:creator><comments>https://news.ycombinator.com/item?id=48470349</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48470349</guid></item><item><title><![CDATA[New comment by armadyl in "macOS Container Machines"]]></title><description><![CDATA[
<p>The person you replied to is right, the "security" of Linux might as well be nonexistent compared to macOS and especially iOS/Android. Even the developers of Secureblue (<a href="https://secureblue.dev/" rel="nofollow">https://secureblue.dev/</a>) state that despite their hardening and mitigations Linux still lags far behind macOS (and possibly Windows) security-wise. The only Linux derivative that has proper security is Android, and even better GrapheneOS.<p><a href="https://privsec.dev/posts/linux/linux-insecurities/" rel="nofollow">https://privsec.dev/posts/linux/linux-insecurities/</a><p><a href="https://madaidans-insecurities.github.io/linux.html" rel="nofollow">https://madaidans-insecurities.github.io/linux.html</a><p>I also commented here on Linux phones, the same can apply to Linux as a desktop OS: <a href="https://news.ycombinator.com/item?id=46997397">https://news.ycombinator.com/item?id=46997397</a><p>Also on top of that Linux/Windows laptops also lack the hardware-backed security that Macs and to an extent some Chromebooks have.</p>
]]></description><pubDate>Wed, 10 Jun 2026 01:56:07 +0000</pubDate><link>https://news.ycombinator.com/item?id=48470341</link><dc:creator>armadyl</dc:creator><comments>https://news.ycombinator.com/item?id=48470341</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48470341</guid></item><item><title><![CDATA[New comment by armadyl in "The creative software industry has declared war on Adobe"]]></title><description><![CDATA[
<p>None exist, it's literally all slop.</p>
]]></description><pubDate>Sun, 19 Apr 2026 15:56:29 +0000</pubDate><link>https://news.ycombinator.com/item?id=47825234</link><dc:creator>armadyl</dc:creator><comments>https://news.ycombinator.com/item?id=47825234</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47825234</guid></item><item><title><![CDATA[New comment by armadyl in "Show HN: PanicLock – Close your MacBook lid disable TouchID –> password unlock"]]></title><description><![CDATA[
<p>How beneficial is this versus just being theater? The example used in this is the government accessing the reporters laptop via biometrics.<p>But in this case, and especially under this admin legal or not this app won't stop them, unless I'm misunderstanding the macOS security model. Even with FDE enabled, sending it to the lock screen with biometrics disabled will not do anything to stop them from being able to access the contents of the hard drive via forensic methods with relative ease.<p>I think that at best this will only stop the casual person (i.e. a family member or roommate/random snooper)? In which case there would be no point to switch away from biometrics.<p>You're far better off just keeping more private information on the iPhone and isolating that data from a Mac, since that has far more resistance to intrusion in AFU mode than a Mac.</p>
]]></description><pubDate>Sat, 18 Apr 2026 02:59:27 +0000</pubDate><link>https://news.ycombinator.com/item?id=47812784</link><dc:creator>armadyl</dc:creator><comments>https://news.ycombinator.com/item?id=47812784</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47812784</guid></item><item><title><![CDATA[New comment by armadyl in "Show HN: PanicLock – Close your MacBook lid disable TouchID –> password unlock"]]></title><description><![CDATA[
<p>If you're in a situation where this is a pressing issue, it's not a good solution as it's trivial to detect if it's a fake environment, especially if they get suspicious and run external forensics on it.<p>iirc the GrapheneOS team won't implement this feature for that reason</p>
]]></description><pubDate>Sat, 18 Apr 2026 02:50:01 +0000</pubDate><link>https://news.ycombinator.com/item?id=47812739</link><dc:creator>armadyl</dc:creator><comments>https://news.ycombinator.com/item?id=47812739</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47812739</guid></item><item><title><![CDATA[New comment by armadyl in "Google broke its promise to me – now ICE has my data"]]></title><description><![CDATA[
<p>> it's just moving the risk from your cell provider to Google<p>Yeah and imo Google has better account access controls than any other mobile provider, especially if you enroll in the Advanced Protection Program.<p>The main downside of GV that I didn't have with jmp.chat is that numbers are almost guaranteed to be detected as VOIP which sucks but whatever.</p>
]]></description><pubDate>Thu, 16 Apr 2026 13:40:20 +0000</pubDate><link>https://news.ycombinator.com/item?id=47792805</link><dc:creator>armadyl</dc:creator><comments>https://news.ycombinator.com/item?id=47792805</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47792805</guid></item><item><title><![CDATA[New comment by armadyl in "Google broke its promise to me – now ICE has my data"]]></title><description><![CDATA[
<p>Well that's subjective. But Proton's response to that is also valid imo (which is also subjective):<p><a href="https://www.reddit.com/r/privacy/comments/1nd07w0/comment/ndg6ip6/" rel="nofollow">https://www.reddit.com/r/privacy/comments/1nd07w0/comment/nd...</a></p>
]]></description><pubDate>Wed, 15 Apr 2026 23:57:01 +0000</pubDate><link>https://news.ycombinator.com/item?id=47786948</link><dc:creator>armadyl</dc:creator><comments>https://news.ycombinator.com/item?id=47786948</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47786948</guid></item><item><title><![CDATA[New comment by armadyl in "Google broke its promise to me – now ICE has my data"]]></title><description><![CDATA[
<p>> Protonmail is widely believed to be compromised and some evidence supporting this has come forth in two separate incidents in the last year.<p>There has been no evidence of this, stop spreading misinformation. They're clear on what they can and can't hand over and what you can do to reduce the information that they can hand over like billing info. For some inexplicable reason people expect a corporation to disregard legal government warrants and subpoenas. Thinking any company would do this is next level delusion. Even if you self-hosted, you wouldn't be able to escape this because it would just end up with you in jail.<p>The only protection against that is end to end encryption. And to this day Proton has handed over zero data that falls under their E2EE umbrella.<p>At best, even if you assumed that they were collecting incoming/outgoing emails before encryption it would be nonsensical to think that this wasn't happening to other providers, it's just the nature of email. Nobody who cares about absolute privacy should be using it as a means of critical communication regardless.<p>The notion that Proton capitulates and somehow hands over your emails or other encrypted data is false and completely unsubstantiated. Unlike Google on the other hand, who will hand over your entire inbox unencrypted with zero issue to DHS/the FBI merely for writing a letter to an attorney:<p><a href="https://www.washingtonpost.com/investigations/2026/02/03/homeland-security-administrative-subpoena/" rel="nofollow">https://www.washingtonpost.com/investigations/2026/02/03/hom...</a><p><a href="https://archive.is/kmWHG" rel="nofollow">https://archive.is/kmWHG</a></p>
]]></description><pubDate>Wed, 15 Apr 2026 23:46:06 +0000</pubDate><link>https://news.ycombinator.com/item?id=47786871</link><dc:creator>armadyl</dc:creator><comments>https://news.ycombinator.com/item?id=47786871</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47786871</guid></item><item><title><![CDATA[New comment by armadyl in "Google broke its promise to me – now ICE has my data"]]></title><description><![CDATA[
<p>I'm not sure what the OP does, but at least for me I find myself chained to Google Voice for SMS 2FA use because it's basically the only phone number provider that cannot be exploited with a sim swap attack (same deal with Google Fi). And while I don't necessarily trust Google, their account security is leagues ahead of anyone else imo.<p>I previously looked at jmp.chat but they didn't really inspire confidence on the security front.</p>
]]></description><pubDate>Wed, 15 Apr 2026 21:26:46 +0000</pubDate><link>https://news.ycombinator.com/item?id=47785471</link><dc:creator>armadyl</dc:creator><comments>https://news.ycombinator.com/item?id=47785471</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47785471</guid></item><item><title><![CDATA[New comment by armadyl in "Users lose $9.5M to fake Ledger wallet app on the Apple App Store"]]></title><description><![CDATA[
<p>"A plane crashed? See! FAA regulations are useless and the agency needs to be disbanded."</p>
]]></description><pubDate>Wed, 15 Apr 2026 21:00:20 +0000</pubDate><link>https://news.ycombinator.com/item?id=47785149</link><dc:creator>armadyl</dc:creator><comments>https://news.ycombinator.com/item?id=47785149</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47785149</guid></item><item><title><![CDATA[New comment by armadyl in "We have a 99% email reputation, but Gmail disagrees"]]></title><description><![CDATA[
<p>Stripe does this to me and it's starting to get annoying. They offer an unsubscribe option to remove you from current mailing lists but perpetually have you auto added to new mailing lists effectively making the unsubscribe option useless.</p>
]]></description><pubDate>Sun, 12 Apr 2026 16:21:02 +0000</pubDate><link>https://news.ycombinator.com/item?id=47741493</link><dc:creator>armadyl</dc:creator><comments>https://news.ycombinator.com/item?id=47741493</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47741493</guid></item><item><title><![CDATA[New comment by armadyl in "JSON formatter Chrome plugin now closed and injecting adware"]]></title><description><![CDATA[
<p>It was more of a security related change. MV3 overall objectively is far better for browser security than MV2. MV2 was essentially giving extensions a full on free RCE pathway. MV3 is what it should’ve been from the start imo.</p>
]]></description><pubDate>Sat, 11 Apr 2026 06:06:19 +0000</pubDate><link>https://news.ycombinator.com/item?id=47727895</link><dc:creator>armadyl</dc:creator><comments>https://news.ycombinator.com/item?id=47727895</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47727895</guid></item><item><title><![CDATA[New comment by armadyl in "LittleSnitch for Linux"]]></title><description><![CDATA[
<p>That domain is blocked by Hagezi's Ultimate list. Definitely remove that user's comment</p>
]]></description><pubDate>Thu, 09 Apr 2026 01:25:58 +0000</pubDate><link>https://news.ycombinator.com/item?id=47698290</link><dc:creator>armadyl</dc:creator><comments>https://news.ycombinator.com/item?id=47698290</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47698290</guid></item><item><title><![CDATA[New comment by armadyl in "Adobe modifies hosts file to detect whether Creative Cloud is installed"]]></title><description><![CDATA[
<p>> As a general principle, application developers should not have free rein to modify my system's configuration, and OS's should do their part to make it very difficult for developers.<p>Funny enough macOS, iOS, iPadOS and Android do this and they are constantly attacked for it.<p>I do think there needs to be more strict adherence by developers to standards like XDG but I don’t know how it could be enforced.</p>
]]></description><pubDate>Mon, 06 Apr 2026 21:14:47 +0000</pubDate><link>https://news.ycombinator.com/item?id=47667223</link><dc:creator>armadyl</dc:creator><comments>https://news.ycombinator.com/item?id=47667223</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47667223</guid></item></channel></rss>