-
@cyberflamingo @stmanfr @Snowden @SecureDrop Honnestly, no consideration at all… I will explain why.Permalink On twitter.com
Mood -1 🙁
-
@cyberflamingo @stmanfr @Snowden @SecureDrop In theory, such hardware identification via serial number is possible. But in practice not. For example collecting SN of the mother is possible, and sending such number on hidden channel on TCP flux too. But both in same time are unlikely.Permalink On twitter.com
Mood -1 🙁
-
@cyberflamingo @stmanfr @Snowden @SecureDrop And to do that, it requires software or something like that to collect & carry the shit. @stmanfr supposed here there is backdoor everywhere in every hardware piece designed specially for this task… This is unlikely the case in practice.On twitter.com
Mood -3 🙁
-
@cyberflamingo @stmanfr @Snowden @SecureDrop A complement on this topic. Carrying SN on hidden hardware field is hard. Very hard. On IP or ethernet for example, you have only few bits to carry saying a 48 bits mac address. We are speaking about correlation over 10ish IP packets by a ubiquitous adversary, spread over […]Permalink On twitter.com
Mood -1 🙁
-
@cyberflamingo @stmanfr @Snowden @SecureDrop multiple different routes because of TCP fragmentation and routing troubles. We are speaking about problem of pass through active or passive hardware components on the network (switch, router, firewall, ISP backbone…) with each hop able to wipe the hidden SN if the […]Permalink On twitter.com
Mood -4 🙁
-
@cyberflamingo @stmanfr @Snowden @SecureDrop carrying of those useless bits are not done internaly on such intermediate nodes. Or difficulties to decide if you want to propagate the already present hidden SN on a frame or to remplace it with the SN of the node in front of you to track it.Permalink On twitter.com
Mood -1 🙁
-
@cyberflamingo @stmanfr @Snowden @SecureDrop We ask for decades for a paper or explaination from @stmanfr about how to achieve some complex behavior/decision/correllation without falling on his constant and persistant conspiracy theory "but they can do this because all hardware are backdoored with the behavior they want".Permalink On twitter.com
Mood -3 🙁
-
@cyberflamingo @stmanfr @Snowden @SecureDrop In practice such behavior are likely impossible to achieve, any intermediate equipment will wipe any hidden data on useless fields.Permalink On twitter.com
Mood -2 🙁
-
@cyberflamingo @stmanfr @Snowden @SecureDrop I have no problem with the fact you can assume this is the case in a specific threat model. But in this case, just don't use IT at all!Permalink On twitter.com
Mood -5 🙁
-
@cyberflamingo @stmanfr @Snowden @SecureDrop In such threat model, either the backdoor is "by design" in all hardware buyable in market, and I call that "conspiracy theory". We have no clue this is the case in practice. Or such backdoor was voluntarily planted on purpose on *your* hardware, and so you are the target.Permalink On twitter.com
Mood -6 🙁
-
@cyberflamingo @stmanfr @Snowden @SecureDrop And so you have more physical problems than technological ones.Permalink On twitter.com
Mood -2 🙁
-
@cyberflamingo @stmanfr @Snowden @SecureDrop Now, considering the SecureDrop criticism. Same, "in theory" those are points. Not good ones in fact because of the later (conspiracy theory or wrongly addressed threat model). And those are not a problem in practice. Or at least not a problem you want to address.Permalink On twitter.com
Mood -15 🙁
-
@cyberflamingo @stmanfr @Snowden @SecureDrop Sure, you can buy a burnable computer with cash at 1000 miles of your usual location, with tons of cleaning custom hardware to carry data from your air gapped computer to the data drop point. But it will take ages (and @stmanfr perfectly say that) to do that!Permalink On twitter.com
Mood +2 🙂
-
@cyberflamingo @stmanfr @Snowden @SecureDrop And when you are a whistleblower, not specifically trained to IT/infosec/opsec, with only few time to drop the data (remember Snowden, only few hours in the hotel before the Hong-Kong lock-down), you are not in the position to use such idealistic solution.Permalink On twitter.com
Mood 0
-
@cyberflamingo @stmanfr @Snowden @SecureDrop Nobody ever says Tor/SecureDrop is a insurance for your privacy and nobody in the world would be able a day to tell you are the whistleblower. We only say this is a well working solution in a time-constraint situation with no IT skills really available.Permalink On twitter.com
Mood 0
-
@cyberflamingo @stmanfr @Snowden @SecureDrop Accessing & reading the Tails manual or 1-2 how-to written by the EFF or other NGO take only few hours if not minutes. And it's largely enough to protect yourself from any decent threat model.Permalink On twitter.com
Mood -1 🙁
-
@cyberflamingo @stmanfr @Snowden @SecureDrop Even Snowden, directly targeted by the most important spying agency of the world use his everyday computer to contact Greenwald and to send all his papers.Permalink On twitter.com
Mood +2 🙂
-
@cyberflamingo @stmanfr @Snowden @SecureDrop In general your own case won't even be known by the NSA or other agencies. They just don't care at all about you and your whistleblowing. And nobody will never use such state agency designed backdoor to uncover your identity. Even assuming such backdoor exists in practice.Permalink On twitter.com
Mood -2 🙁
-
@cyberflamingo @stmanfr @Snowden @SecureDrop And lastly, @stmanfr, despite he is saying, has never ever contribute or work for @NSAObserver. And I know what I say, i'm one member of the original team 🤣 github.com/orgs/nsa-observer/peoplePermalink On twitter.com
Mood 0