Safari with Adguard plus a few bookmarklets for convenience.
Well for one thing matrix clients on mobile are…not the best. Element X is looking promising, but it’s currently still in beta. Element misorders messages and crashes often, and most other clients are not as feature complete. Whereas in my experience Signal tends to just work. Plus for the average person it makes for a dead simple drop in replacement to WhatsApp or iMessage. Yes, the phone number requirement has led to issues with governments just blocking the sign up SMSes, but that is a tradeoff they make for convenience.
Matrix also leaks more metadata in comparison to Signal (this is just how decentralization works). Not to mention that the recent vulnerabilities seem to suggest (in my opinion at least) that matrix cryptography is not as battle tested as the Signal protocol.
Besides the observed implementation and specification errors, these vulnerabilities highlight a lack of a unified and formal approach to security guarantees in Matrix. Rather, the specification and its implementations seem to have grown “organically” with new sub-protocols adding new functionalities and thus inadvertently subverting the security guarantees of the core protocol. This suggests that, besides fixing the specific vulnerabilities reported here, the Matrix/Megolm specification will need to receive a formal security analysis to establish confidence in the design.
Real world example: The university I study at promoted matrix as a way for students to chat at the start of the semester, and pushed them to use Element. Practically no one uses it, but I’ve met a few people who do chat with Signal.
I don’t believe they can provide firmware updates once the chipset loses support, which is bad for security. (The same also applies for every other manufacturer, but Fairphone claims to update their phones for a longer time).
It’s unfortunate that Fairphone sucks in other ways (such as having limited firmware updates due to using an old SoC, as I understand it).
I hate how they blow fuses to permanently disable security features when the bootloader is unlocked.
I think it’s a bit of a mixed bag. Their ecosystem may be good and all but they deliberately don’t interoperate very well with others. Example: if I plug my iPhone into my windows laptop, it will only expose the gallery, unlike with Android where it will allow me to transfer non image files. I have to download another app (iTunes, and now the Apple Devices App which is currently in preview) in order to be able to transfer files via cable (KDE Connect or Localsend are also good options for this). Then there’s their sticking with their own cable when everyone else is going to USB C, and their refusal to implement proper messaging with Android users/integrate with RCS - granted, RCS has its own set of issues, but still. And of course there’s their refusal to allow sideloading, which has led to governments being able to censor apps from the app store. It doesn’t help that App Store review isn’t the best at catching security issues, as scam apps slip through from time to time. The EU seems to be trying to fix this with their new regulations, but it’s now speculated that Apple will be petty and region lock sideloading.
Their hardware is nice and performant, but unfortunately they’re against upgradeability as well as right to repair. I don’t watch him much, but I think Louis Rossmann’s youtube channel is recommended for learning about this.
I don’t have strong opinions on their hardware/software design and aesthetics, it works for me, but I can see why others don’t like how opinionated they are. I don’t like how Android phones have been getting bigger, but it’s not the end of the world for me should I switch to a Pixel.
Privacy and security wise they overmarket too much but they do have some advantages:
It would be remiss not to briefly cover where these machines stand in terms of user control and trustability. Apple Silicon machines are designed first and foremost to provide a secure environment for typical end-users running macOS as signed by Apple; they prioritize user security against third-party attackers, but also attempt to limit Apple’s own control over the machines in order to reduce their responsibility when faced with government requests, to some extent. In addition, the design preserves security even when a third-party OS is installed.
…
From a security perspective, these machines may possibly qualify as the most secure general purpose computers available to the public which support third-party OSes, in terms of resistance to attack by non-owners. This is, of course, predicated on some level of trust in Apple, but some level of trust in the manufacturer is required for any system (there is no way to prove the non-existence of hardware backdoors on any machine, so this is not as much of a sticking point as it might initially seem).
Lockdown Mode, which apparently has somewhat protected against zero click exploits.
For iOS Safari (no clue on Mac), they allow adblocking without having to grant the extension privileged access to the page. This includes cosmetic filtering. (Somewhat hit and miss on Youtube tho). Malicious extensions and filter list exploits are a problem, and while Google is attempting to fix this somewhat with Manifest V3, it’s not perfect. From my experience with Ublock Origin Lite in Edge, you don’t currently get cosmetic filtering without granting privileged access, which defeats the point. Otherwise, it appears to be as effective as DNS blocking.
The App Privacy Report makes it super easy (provided you’re not connected to a VPN) to see what domains an app connects to. I can check the entry for my offline password manager for example, and see that it isn’t pinging anything other than inappcheck.itunes.apple.com. I think this is used to query the in app purchase status.
For disadvantages:
Telemetry: even with everything opted out of, Apple still collects hardware data, local MAC Addresses (for their location services database, this is also noted in their documentation). Also, for some reason they insist on tying collected click heatmaps in the app store/books/stocks app directly to the Apple ID. (This is just off the top of my head, I may be missing something). I don’t personally consider this a deal breaker (Apple already knows what apps I download), but I can understand why they’ve been raked over the coals for it given how much they market privacy.
While iMessage is touted for being end to end encrypted, the defaults have it backing up unencrypted to the cloud, which defeats the point. There is Advanced Data Protection now, but both sides of a conversation would have to turn it on.
VPNs on iOS leak. This is different from Android where it can be argued that connectivity checks are a good thing and don’t send personal data, but with iOS certain system apps appear to just straight up bypass it.
Without sideloading, it’s basically impossible to use an iPhone without logging in.
Some stuff such as the gyroscope still doesn’t require a permission to access.
Some other points I’d like to make:
Being proprietary does not mean that something is an insecure, unverifiable black box. Security researchers scrutinize Apple all the time for vulnerabilities.
They don’t appear to be conducting CSAM scanning despite some FUD about it
I looked through my GDPR Apple Takeout some time ago, and iirc it was about 11 mb in size due to me opting out of everything, and didn’t contain majorly sensitive information.
I think it’s a bit of a mixed bag. Their ecosystem may be good and all but they deliberately don’t interoperate very well with others. Example: if I plug my iPhone into my windows laptop, it will only expose the gallery, unlike with Android where it will allow me to transfer non image files. I have to download another app (iTunes, and now the Apple Devices App which is currently in preview) in order to be able to transfer files via cable (KDE Connect or Localsend are also good options for this). Then there’s their sticking with their own cable when everyone else is going to USB C, and their refusal to implement proper messaging with Android users/integrate with RCS - granted, RCS has its own set of issues, but still. And of course there’s their refusal to allow sideloading, which has led to governments being able to censor apps from the app store. It doesn’t help that App Store review isn’t the best at catching security issues, as scam apps slip through from time to time. The EU seems to be trying to fix this with their new regulations, but it’s now speculated that Apple will be petty and region lock sideloading.
Their hardware is nice and performant, but unfortunately they’re against upgradeability as well as right to repair. I don’t watch him much, but I think Louis Rossmann’s youtube channel is recommended for learning about this.
I don’t have strong opinions on their hardware/software design and aesthetics, it works for me, but I can see why others don’t like how opinionated they are. I don’t like how Android phones have been getting bigger, but it’s not the end of the world for me should I switch to a Pixel.
Privacy and security wise they overmarket too much but they do have some advantages:
It would be remiss not to briefly cover where these machines stand in terms of user control and trustability. Apple Silicon machines are designed first and foremost to provide a secure environment for typical end-users running macOS as signed by Apple; they prioritize user security against third-party attackers, but also attempt to limit Apple’s own control over the machines in order to reduce their responsibility when faced with government requests, to some extent. In addition, the design preserves security even when a third-party OS is installed.
…
From a security perspective, these machines may possibly qualify as the most secure general purpose computers available to the public which support third-party OSes, in terms of resistance to attack by non-owners. This is, of course, predicated on some level of trust in Apple, but some level of trust in the manufacturer is required for any system (there is no way to prove the non-existence of hardware backdoors on any machine, so this is not as much of a sticking point as it might initially seem).
Lockdown Mode, which apparently has somewhat protected against zero click exploits.
For iOS Safari (no clue on Mac), they allow adblocking without having to grant the extension privileged access to the page. This includes cosmetic filtering. (Somewhat hit and miss on Youtube tho). Malicious extensions and filter list exploits are a problem, and while Google is attempting to fix this somewhat with Manifest V3, it’s not perfect. From my experience with Ublock Origin Lite in Edge, you don’t currently get cosmetic filtering without granting privileged access, which defeats the point. Otherwise, it appears to be as effective as DNS blocking.
The App Privacy Report makes it super easy (provided you’re not connected to a VPN) to see what domains an app connects to. I can check the entry for my offline password manager for example, and see that it isn’t pinging anything other than inappcheck.itunes.apple.com. I think this is used to query the in app purchase status.
For disadvantages:
Telemetry: even with everything opted out of, Apple still collects hardware data, local MAC Addresses (for their location services database, this is also noted in their documentation). Also, for some reason they insist on tying collected click heatmaps in the app store/books/stocks app directly to the Apple ID. (This is just off the top of my head, I may be missing something). I don’t personally consider this a deal breaker (Apple already knows what apps I download), but I can understand why they’ve been raked over the coals for it given how much they market privacy.
While iMessage is touted for being end to end encrypted, the defaults have it backing up unencrypted to the cloud, which defeats the point. There is Advanced Data Protection now, but both sides of a conversation would have to turn it on.
VPNs on iOS leak. This is different from Android where it can be argued that connectivity checks are a good thing and don’t send personal data, but with iOS certain system apps appear to just straight up bypass it.
Without sideloading, it’s basically impossible to use an iPhone without logging in.
Some stuff such as the gyroscope still doesn’t require a permission to access.
Some other points I’d like to make:
Being proprietary does not mean that something is an insecure, unverifiable black box. Security researchers scrutinize Apple all the time for vulnerabilities.
They don’t appear to be conducting CSAM scanning despite some FUD about it
I looked through my GDPR Apple Takeout some time ago, and iirc it was about 11 mb in size due to me opting out of everything, and didn’t contain majorly sensitive information.
Honestly, AO3 is pretty based for what it is, especially when you consider how the two main competitors (FFN and Wattpad) are ad driven with all the problems that entails. Tho come to think of it, now I’m getting worried about FFN getting enshittified…