Edit: Changed “the government” to “governments”

I mean, people say use end to end encryption, VPN, Tor, Open Source Operating System, but I think one thing missed is the hardware is not really open source, and theres no practical open source alternative for hardware. There’s Intel ME, AMD PSP, so there’s probably one in phones. How can people be so confident these encryption is gonna stop intelligence agencies?

  • Swordgeek@lemmy.ca
    link
    fedilink
    arrow-up
    26
    ·
    5 days ago

    We don’t.

    We really really don’t.

    Consider the attack that Israel carried out this fall by detonating walkie-talkies and pagers. This wasn’t just some illicit code in the firmware or hardware, they managed to hijack the supply chain and hide literal bombs in commercially-produced handheld devices!

    Bottom line: If you do not directly control the production chain from chip design and fab to end-user software, you can never be sure.

    40 years ago, the legendary Ken Thompsonand Dennis Ritchie accepted the Turing Award for creating Unix. Thompson’s acceptance speech Reflections on Trusting Trust pointed out this same fundamental security flaw.

    I encourage everyone to read the article, and spread it as widely as possible. It is terrifying and accurate, nearly half a century later.