[eternityforest]

Computer security really isn't THAT much of a nightmare for an average user. How many people do you know that got hacked lately, for any reason other than not using 2FA, or installing random garbage?

If you don't own cryptocurrency(That is more critical because it can't be reversed), you're probably way more at risk for physical theft than cyber crime.

In fact I think we are more secure than ever before because browser sandboxing actually works worth a crap, unlike 10 or so years ago.

The more you strip out of a system, the more manual work you need to do, and the closer you get to just a fancy version of a pencil. Technically, every line of code is a security risk.

But a lot of things just... are barely worth it when ultra simplified, and you start spending more time than you save at a certain point.

This bug is pretty bad, and I could see distros getting rid of it, but only with plenty of thought and analysis and maybe a replacement. They clearly put it there for a reason. Lots of stuff seems to need it. And unless you use sandboxing or multiple accounts for different things.... if you have attackers running as your user, you are already screwed.

I will be keeping polkit.

[skeptical1]

You're part of the second group I mentioned: the one that won't be computing much longer.

> Computer security really isn't THAT much of a nightmare for an average user.

"Average user" and "common idiot" are one and the same. Common idiots never see danger coming until it's too late.

> How many people do you know that got hacked lately, for any reason other than not using 2FA, or installing random garbage?

It's not about what has happened, it's about what easily CAN happen, and therefore WILL.

By the way, 2fa being forced down everyone's throat is not for your benefit. Notice how they never will allow you to use a voip number for 2fa? How could TPTB track your every move via GPS if you use voip?

> If you don't own cryptocurrency(That is more critical because it can't be reversed), you're probably way more at risk for physical theft than cyber crime.

LOL. Crypto is a scam. Bitcoin is going to crash to zero, and you're going to lose everything. Next TPTB will introduce their own Officially Approved digital currency, which is specially designed so that your account can be locked or restricted or emptied with the click of a mouse button, and so that you cannot possibly ever avoid any taxes.

You've got some tough lessons to learn about how the world works.

Meanwhile my use of physical, hard currency will keep me free and at liberty forever.

> In fact I think we are more secure than ever before because browser sandboxing actually works worth a crap, unlike 10 or so years ago.

If by "secure" you mean "in Google's firm grasp", you are correct. If you really meant "in control over your own computer", no, you are not.

Try patching Chromium to remove all the spyware and malware as I have done, and note how you and your browser are now treated as Enemies of the State by the Big Corp controlled internet.

> The more you strip out of a system, the more manual work you need to do

Freedom isn't free, nor is security.

> But a lot of things just... are barely worth it when ultra simplified, and you start spending more time than you save at a certain point

How would you know? You've never even tried to escape from the Goolag.

My system beats the brakes off yours in virtually every metric, especially speed and security, and has been worth every hour spent working on it.

> if you have attackers running as your user, you are already screwed.

You mean like the attackers you willingly give root access to your machine by allowing them to regularly stream arbitrary binary code to "your" (their) computer, and regular user access via metrics and update checks and every other sort of outgoing network connection on their schedule and not yours, any one of which could trigger a buffer overflow and code injection event? Yes, you are screwed six ways from Sunday.

[eternityforest]

If the world ever gets bad enough that I have to hide from Google and TPTB, your customized system will probably be contraband. In which case, I wouldn't want something like that, because I... don't want to go to jail, and I am rather certain they could find out if they wanted to.

Probably by machine learning looking for houses with an absence of pings to certain servers and using old fashioned police work from there.

Keeping that scenario from ever happening is a political issue. Perhaps it is in part technical too, but ultimately, people should not have to live like fugitives. For the same reason they shouldn't have to wear a guy fawkes mask in public.

And if someone does need to, they probably don't consider themselves to be free.

I may have never tried to get away from Google, but we did grow up poor enough to not have the latest tech for quite a long time.

It would be nice if it was possible and convenient, but a lot of things are still way behind.

When you add up all the details... it's probably more of a luxury than being rich in the gilded age, and it's accessible even to people like me who don't even make minimum wage when you take into account all the Ubers and Lyfts and crap.

With simple technology, one mistake and it's all gone. It doesn't help you out at all. Remember how this stuff was done 15 years ago? Nobody ever would trust computers for anything important. We all used pens and paper every day.

Every person I know who cares about privacy seems to need tons more analog tech than I do.

Lose your phone? Too bad, there was no Google page with which to track it and remote control it. Lose your wallet? Hope someone turns it in. There was no Tile.

Cooking and need to set a timer? Better wash your hands first and be careful not to forget in the time it takes to do so, or you'll make a mess and transfer germs when you touch the timer.

It would be a LOT of work to set up replacements for all of this while preserving privacy.

These things are only a few minutes per day, but collectively they are a big lifestyle change.

Eventually, open source will catch up. But it is slowed down by the fact that the FOSS community.... likes to shit on such things and doesn't want them to exist at all, and prefers ongoing manual involvement, and shits on most zero conf stuff, because they're so absolutist about security and minimalism.