Subnostr

I feel like you need to be extremely paranoid about hardware to really avoid compromise

modern chips have their own black box operating systems running and we don't really know what's in there and can't inspect it, right. it's "necessary" for these super complex chips to function, they say

you can physically remove the known wireless functionality from a board, but if the chip has a hidden wireless module on the die, they could have an antenna disguised as a trace and still use that to opportunistically contact known networks as you pass through them. shitty signal quality I'm sure but they don't need to extract data in bulk, they just need to send up a signal flare, so to speak. "come look at this guy"

keep the device in a faraday cage, and never bring another device in? that seems relatively safe

or just revert to 80s tier computing, which is honestly enough for many things

Fe₂🦀₃⋅H₂🦀 2y ago

nostr:npub15fkerqqyp9mlh7n8xd6d5k9s27etuvaarvnp2vqed83dw9c603pqs5j9gr call me optimistic but I actually don't think the hardware situation is that bad YET. Intel ME has been looked at for a long time with suspicion but nobody has been able to catch it operating like spyware or even looking like it's running at all during system operation. I think it's easier to avoid the dragnet than most technically capable people assume. This is partially due to the fact that whenever they do catch somebody it is usually from some blitheringly retarded opsec failure.

On the other hand, if you're on windows, everything you do is being sent off to a server. We've known this for 10 years now.

Reply to this note

Please Login to reply.

Discussion

d 2y ago

But the vulnerabilities definitely exist, whether they're being actively exploited much or not. And it's going to be *very* hard to inspect an on-die black box like that. Few people have the tools to even attempt it, and I can think of a bunch of ways offhand to make it more difficult to detect that it's doing shady stuff.

I'm not super concerned about it myself, but if I was a terrorist or something I would take the threat seriously. It's bad enough that the hardware companies don't prioritize user security, but the fact that they outright hide and lie about functionality (on multiple levels) in their hardware is very disturbing.

I agree that the government is not super competent in general, but we can't ignore the possibility that in some cases they're simply lying about how they built their case. Parallel construction happens all the time and we know all these big companies cooperate with the government. Some of them surely have teams of spooks actively working within them, whether the companies actually know about it or not. How many of these "hardware exploits" are true accidents, and how many are sneaky exploits some NSA dorks dreamed up and slipped into the spec?