Edit: Changed “the government” to “governments”

I mean, people say use end to end encryption, VPN, Tor, Open Source Operating System, but I think one thing missed is the hardware is not really open source, and theres no practical open source alternative for hardware. There’s Intel ME, AMD PSP, so there’s probably one in phones. How can people be so confident these encryption is gonna stop intelligence agencies?

  • Nurse_Robot@lemmy.world
    4·
    17 days ago

    We will never have a way of knowing for sure. There are stories of government agencies famously requesting backdoor access to Apple devices, seemingly because they can’t get in otherwise, and Apple refusing, however they end up getting access on their own eventually. But who knows how much of that is even true? Government agencies are historically manipulative when it comes to public narrative, so anything made public by them should be taken with a hefty grain of salt

  • Swordgeek@lemmy.ca
    3·
    16 days ago

    We don’t.

    We really really don’t.

    Consider the attack that Israel carried out this fall by detonating walkie-talkies and pagers. This wasn’t just some illicit code in the firmware or hardware, they managed to hijack the supply chain and hide literal bombs in commercially-produced handheld devices!

    Bottom line: If you do not directly control the production chain from chip design and fab to end-user software, you can never be sure.

    40 years ago, the legendary Ken Thompsonand Dennis Ritchie accepted the Turing Award for creating Unix. Thompson’s acceptance speech Reflections on Trusting Trust pointed out this same fundamental security flaw.

    I encourage everyone to read the article, and spread it as widely as possible. It is terrifying and accurate, nearly half a century later.

  • slazer2au@lemmy.worldEnglish
    2·
    16 days ago

    It’s not just back doors. All governments will have a group of people who’s job is to find security vulnerabilities in OS and use them to attack other nations.

    If Wanacry rings a bell the you might be aware that the Eternal Blue exploit was the infection vector which was originally designed by the NSA and leaked by a hacking group. Only after the leak did the NSA tell Microsoft how it worked and it was patched.

    • ERROR: Earth.exe has crashed@lemmy.dbzer0.comOPEnglish
      1·
      16 days ago

      AFAIK, his leaks showed that corporations are collaborating, and software could have backdoors. I don’t think they ever showed docs that reveal non-targeted hardware based surveillance. The common understanding post-snowden was, use Open Source OS and use Encryption and you’re safe, unless you are specifically targeted.

      My question is asking about hardware-based mass surveillance.

  • Sylvartas@lemmy.dbzer0.comEnglish
    1·
    16 days ago

    https://en.wikipedia.org/wiki/Intel_Management_Engine

    https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor

    If I was a government intelligence agency I’d probably sell my soul to get access to these…

    I get that they have legitimate use cases for corporations, but why are there virtually no consumer grade CPUs without that stuff ? Surely they would be less expensive and no one would miss the features on their home computers.

    • Ephera@lemmy.mlEnglish
      0·
      16 days ago

      I’m not aware of us knowing that they provide backdoors vulnerabilities to the NSA. If US companies have data, then they’re legally obliged to make it available to the NSA (PATRIOT and CLOUD Act). The NSA may also separately develop backdoors (e.g. EternalBlue). But that the NSA coerces US companies to actively attack their customers, is news to me.