Banking Applications Compatibility with GrapheneOS

Maintained Compatibility List for International Banking Apps This list includes banking apps that have been tested, submitted, reviewed, and verified as compatible. LIST | SUBMIT | UPDATE | POSSIBLE WORKAROUND SOLUTIONS Introduction Welcome to the crowd-sourced dataset for GrapheneOS users on currently supported devices. New visitors are encouraged to read the official usage guide on banking apps for comprehensive details about how these apps function on GrapheneOS. IMPORTANT Please read GrapheneOS’s important announcement, officially released on Dec 1, 2023:...

January 26, 2022 · 13 min · 2730 words · akc3n, Tommy, spring-onion

Docker and OCI Hardening

Containers aren’t that new fancy thing anymore, but they were a big deal. And they still are. They are a concrete solution to the following problem: - Hey, your software doesn’t work… - Sorry, it works on my computer! Can’t help you. Whether we like them or not, containers are here to stay. Their expressiveness and semantics allow for an abstraction of the OS dependencies that a software has, the latter being often dynamically linked against certain libraries....

March 30, 2022 · 19 min · 3924 words · Wonderfall

F-Droid Security Issues

F-Droid is a popular alternative app repository for Android, especially known for its main repository dedicated to free and open-source software. F-Droid is often recommended among security and privacy enthusiasts, but how does it stack up against Play Store in practice? This write-up will attempt to emphasize major security issues with F-Droid that you should consider. Before we start, a few things to keep in mind: The main goal of this write-up was to inform users so they can make responsible choices, not to trash someone else’s work....

January 2, 2022 · 27 min · 5672 words · PrivSec.dev Contributors

ProtonVPN IP Leakage on Linux and Workaround

Before We Start… I sent Proton an email regarding this issue in late August 2022 and was told they are working on fixing it, though it will take some time as it requires some architectural changes in how the killswitch works. The Leak Ideally, when implementing a killswitch, a VPN client should drop all connections on non-VPN interfaces except when the connection is to the VPN provider’s servers. This is necessary to prevent accidental leaks, at least by unprivileged applications....

October 8, 2022 · 3 min · 560 words · Tommy

Slightly Improving Mailcow Security

Mailcow is a fairly popular self-hosted mail server. If you use it, there are a few ways you can improve its security by following these steps. Postfix Configuration Consider disabling weak ciphers and TLS versions below 1.2 in data/conf/postfix/extra.cf: tls_high_cipherlist = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256 tls_preempt_cipherlist = yes smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 smtp_tls_ciphers = high smtp_tls_mandatory_ciphers = high smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 smtpd_tls_ciphers = high smtpd_tls_mandatory_ciphers = high NGINX Configuration These security configurations can be added/modified in data/conf/nginx/includes/site-defaults....

July 18, 2022 · 2 min · 364 words · Tommy

Using IVPN on Qubes OS

IVPN is a fairly popular and generally trustworthy VPN provider. In this post, I will walk you through how to use the official IVPN client in a ProxyVM on Qubes OS. We will deviate from the official guide by using systemd path to handle DNAT. This will provide the same robustness as their approach to modify /opt/ivpn/etc/firewall.sh, while avoiding the risk that the modifications will be overwritten by a future app update....

May 16, 2024 · 3 min · 604 words · Tommy

Using Lokinet on Qubes OS

Lokinet is an Internet overlay network utilizing onion routing to provide anonymity for its users, similar to Tor network. This post will go over how to set it up on Qubes OS. Before we start… This post should not be considered an endorsement of Lokinet in any shape or form. Lokinet is currently not in a good state — it has not had a public release since 2022, and most free public exit nodes have gone offline....

July 27, 2022 · 3 min · 477 words · Tommy

Using Mullvad VPN on Qubes OS

Mullvad is a fairly popular and generally trustworthy VPN provider. In this post, I will walk you through how to use the official Mullvad client in a ProxyVM on Qubes OS. This method is a lot more convenient than the official guide from Mullvad (which recommends that you manually load in OpenVPN or Wireguard profiles) and will let you seamlessly switch between different location and network setups just as you would on a normal Linux installation....

September 3, 2022 · 3 min · 583 words · Tommy