So, you know commercial spyware? No I’m not referring to ads or things like pegasus. Talking about those weird providers that market to schools, employers and shitty partners

What measures could be taken to mitigate these threats? When physical can be assumes but the attacker isn’t skilled, just using one of said tools? How would this vary between phones and laptops for example?

Thoughts?

No I’m not in danger, just get curious about this subject once in a while

  • monovergent 🏁@lemmy.ml
    2·
    7 hours ago

    As someone who deals with Windows software and mobile apps of dubious provenance at a BYOD workplace:

    • Get a separate device with sufficient horsepower to handle whatever work, school, etc. throws at it. Used ThinkPads and unlocked Google Pixels are a good bet.
    • Pick a small and light laptop if you also need to have your primary one on hand. Preferably, both can use the same USB-C charger.
    • Use that device for work-related things and nothing else. Assume it is compromised.
    • Connect to a separate access point if you need to use it at home.

    If a phone or tablet (preferably with GrapheneOS) will suffice, go for it:

    • Recent Android and iOS versions have much stronger sandboxing than PCs and laptops in general. Spyware can still do a lot on mobile devices, but not nearly as comprehensively as on PCs and laptops.
    • i.e. Commercial spyware can easily plant rootkits and kernel-level trackers on a laptop, but this would be much harder on an up-to-date mobile device.
    • For Android devices that support it, limit work and MDM apps to a secondary profile and close that profile when not actively using the phone.
    • Turn off cellular, wifi, bluetooth, and location when not actively in use.

    If the offender is your partner, practice good digital hygiene, never let them touch your devices, and good luck.