| ▲ | akerl_ 17 hours ago | |||||||
> The disk is fully encrypted, and applications should be isolated from one another. For most apps on non-mobile devices, there isn't filesystem isolation between apps. Disk/device-level encryption solves for a totally different threat model; Apple/Microsoft/Google all ship encrypted storage for secrets (Keychain, Credential Manager, etc), because restricting key material access within the OS has merit. > I'm sure these bad ideas come from the busy work invented in corporate "security" circles, which invent complexity to keep people employed without any regard for an actual threat model. Basically everything in PGP/GPG predates the existence of "corporate security circles". | ||||||||
| ▲ | Avamander 10 hours ago | parent | next [-] | |||||||
> For most apps on non-mobile devices, there isn't filesystem isolation between apps. If there isn't there should be. At least my Flatpaks are isolated from each other. > Apple/Microsoft/Google all ship encrypted storage for secrets (Keychain, Credential Manager, etc), because restricting key material access within the OS has merit. The Linux equivalents are suspicious and stuck in the past to say the least. Depending on them is extra tedious on top of the tediousness of any PGP keyrings, god forbid a combination of the two. > Basically everything in PGP/GPG predates the existence of "corporate security circles". Then we know where this stuff came from. | ||||||||
| ||||||||
| ▲ | deknos 4 hours ago | parent | prev [-] | |||||||
and now certain people in corporate security only trust gpg, because they grew up with it :D | ||||||||