Subnostr

nostr:npub15fkerqqyp9mlh7n8xd6d5k9s27etuvaarvnp2vqed83dw9c603pqs5j9gr call me optimistic but I actually don't think the hardware situation is that bad YET. Intel ME has been looked at for a long time with suspicion but nobody has been able to catch it operating like spyware or even looking like it's running at all during system operation. I think it's easier to avoid the dragnet than most technically capable people assume. This is partially due to the fact that whenever they do catch somebody it is usually from some blitheringly retarded opsec failure.

On the other hand, if you're on windows, everything you do is being sent off to a server. We've known this for 10 years now.

d 2y ago

But the vulnerabilities definitely exist, whether they're being actively exploited much or not. And it's going to be *very* hard to inspect an on-die black box like that. Few people have the tools to even attempt it, and I can think of a bunch of ways offhand to make it more difficult to detect that it's doing shady stuff.

I'm not super concerned about it myself, but if I was a terrorist or something I would take the threat seriously. It's bad enough that the hardware companies don't prioritize user security, but the fact that they outright hide and lie about functionality (on multiple levels) in their hardware is very disturbing.

I agree that the government is not super competent in general, but we can't ignore the possibility that in some cases they're simply lying about how they built their case. Parallel construction happens all the time and we know all these big companies cooperate with the government. Some of them surely have teams of spooks actively working within them, whether the companies actually know about it or not. How many of these "hardware exploits" are true accidents, and how many are sneaky exploits some NSA dorks dreamed up and slipped into the spec?

Reply to this note

Please Login to reply.

Discussion

Fe₂🦀₃⋅H₂🦀 2y ago

nostr:npub15fkerqqyp9mlh7n8xd6d5k9s27etuvaarvnp2vqed83dw9c603pqs5j9gr yeah it's a whole world out there. I'm not trusting of governments in the slightest and I'm sure they have some very nasty capabilities.

If you are fucking with the government I think it's absolutely a thing you should account for. But if you're asking me "what's the probability that there is actually a signal flare on every Intel chip watching for naughty words" I would say on the whole it's not extremely likely right now.

CPU exploits are different. I'm fairly sure many of those are intentional but actually exploiting them generally has to be done by some kind of additional malware.