The existence of homomorphic encryption doesn't give me any more money to buy compute time on servers, nor does it make compute servers any cheaper. Those are completely orthogonal. So, it may make it so that people with money can do nasty things on servers undetected, but it absolutely does not make it so everyone on earth can.
And to top that off, the ratio in costs for regular vs. homomorphic computing, is far greater than the ratio of costs for using other's servers, which might be monitored for "safe" or "legal" code, vs. just buying and managing your own private servers.
So if the problem is simply to hide a computation, that is already "solved".
Homomorphic computing enables hiding in plain sight, but that's not necessary to simply hide.
Yeah I use this for very limited functionality like maps, whatsapp, uber eats. I am also mostly interacting with Google playstore for apps/apks etc. This does still leave the phone open for any day0s etc. but we will cross the bridge when we get there. I am not important enough for anyone to target me specifically and I also keep a low profile.
I was thinking about upgrading this year but I am now thinking of waiting another year since there are no immediate problems.
Which applications you use is almost irrelevant -- over the past several years, there has been a steady stream of "zero-click" exploits that allow an attacker to compromise phone with no user interaction. The remote code execution vulnerabilities discovered last year and this year in the modems used in Samsung devices require nothing more than knowing the victim's phone number.[1] And you don't need to be particularly important to be caught in a wide net, cast by criminals looking to build up a bot-net or harvest data from as many devices as possible.
All of this makes me think I should just switch to a flip phone. It's exhausting having to constantly drop hundreds of dollars every 3 years just to stay safe.
I have a Pixel 5 that does everything I want. Google will stop supporting it within the next year. It doesn't make sense to me that this device already needs to be recycled. Yes, I know about custom ROMs, but even those end support for perfectly OK phones (GrapheneOS for example no longer supports Pixel 3a).
I completely agree. My phone lost official LineageOS support last year but it still works fine and I cannot justify throwing it away to replace with a new expensive device full of features I don't give a damn about.
Probably I'm just stupid but I'm going to keep using it until it breaks.
I’m not missing anything. It’s LastPass who finally need to retract this article. I proved back in 2018 that server-side iterations are misimplemented and have no security effect. That’s why they increased the client-side value in the first place. See https://palant.info/2018/07/09/is-your-lastpass-data-really-...
> Connecting these services with a VPN is the very definition of shady.
I don't think OP mentioned using a VPN.
But even if they had: really, managing a cloud infrastructure via VPN is so far from shady that it's often recommended or required by many tech companies' security policies for people working from public wifi locations among other circumstances, as an added layer of protection against local eavesdropping and sometimes also for specific predictable networking routing within a cloud network perimeter.
I realize that OP is acting as a student/hobbyist, but there's no inherent reason why someone immersed in best-practice tech culture would necessarily be shady if they applied this VPN recommendation to their own personal tinkering. Many of the benefits of using one still apply.
It would, of course, be shady if Oracle intends to deny service to people in Turkey and the VPN use is to circumvent that restriction. But I don't believe that there is such a restriction on place.
> But even if they had: really, managing a cloud infrastructure via VPN is so far from shady that it's often recommended or required by many tech companies' security policies for people working from public wifi locations among other circumstances, as an added layer of protection against local eavesdropping and sometimes also for specific predictable networking routing within a cloud network perimeter.
We're talking about 2 different kind of VPN here, and you know it, please don't spread confusion on that topic. Nobody needs to connect to his own database service using some B2C service like North VPN to obfuscate where the actually queries come from.
> It would, of course, be shady if Oracle intends to deny service to people in Turkey and the VPN use is to circumvent that restriction. But I don't believe that there is such a restriction on place.
They probably don't, problem fixed. I'm not siding with Oracle, but Oracle owes absolutely nothing to a free tier user suspected of fraud.
> We're talking about 2 different kind of VPN here, and you know it, please don't spread confusion on that topic. Nobody needs to connect to his own database service using some B2C service like North VPN to obfuscate where the actually queries come from.
Honestly, a student/hobbyist from Turkey who is trying specifically to defend against a local eavesdropping or censorship threat, or to work around restrictive firewall configurations on public WiFi networks, might very well use exactly the same types of VPNs you're describing, for some of the same legitimate purposes as any professional would use their corporate VPN. After all, they don't have a corporate IT department to maintain their own private VPN. These types of companies probably have more friendly pricing for a student/hobbyist from Turkey than the VPN companies whose marketing material focused on corporate use cases instead of circumventing Netflix geo blocks.
You're right that it would not be the ideal type of VPN for database access control, but I can imagine it being an element of viable defense-in-depth strategies where one is in a country where most inbound local traffic other than your own would be malicious. Imagine coupling a restriction on source IP range with TLS + IAM credentials, or something like that. Requiring a presence on the specific chosen VPN company's netblock drastically shrinks the threat model vs allowing connection attempts from 0.0.0.0/0.
> I'm not siding with Oracle, but Oracle owes absolutely nothing to a free tier user suspected of fraud.
I agree that they don't owe anything to such a user, but equally we don't owe it to Oracle to refrain from criticizing these kinds of false positives in their fraud detection with no avenue for redress. Anyone who either experiences or hears about these kinds of outcomes is justified both in criticizing Oracle and in being less likely to recommend or choose Oracle for their or their employer's cloud computing needs.
In turn, Oracle owes it to themselves to at least consider that possible consequence, and to allow at least enough redress to keep the severity of this reputational impact within whatever range they deem acceptable.
Oracles owes absolutely nothing to someone using their free tier. Oracle doesn't care why would anybody use a public VPN and would certainly mark any person who does that as a fraudster.
Finally, here is their pitch for their free tier.
That ends that inane discussion with your misplaced moral arguments(also known as entitlement) quite clearly.
For reference, most of your link is about their time-limited Free Trial when OP is trying to use their Always Free offering - two separate things, and as noted at the top of your link, the Always Free offerings do not have a time limit.
Confusing these two offerings is entirely understandable. But coupling that confusion with insulting me, overlooking or condescendingly mischaracterizing most of my arguments, making unsubstantiated statements about what Oracle would do that are either overconfidently overgeneralized or coming from inside knowledge without proper disclosure, and claiming that your link somehow ends our discussion - now that, all of that taken together is what ends our discussion.
I don't intend to reply further to this sub-thread.
