-
@cyberflamingo @stmanfr @Snowden @SecureDrop Honnestly, no consideration at all… I will explain why.Permalink On twitter.com
Mood -1 🙁
-
@cyberflamingo @stmanfr @Snowden @SecureDrop In theory, such hardware identification via serial number is possible. But in practice not. For example collecting SN of the mother is possible, and sending such number on hidden channel on TCP flux too. But both in same time are unlikely.Permalink On twitter.com
Mood -1 🙁
-
@cyberflamingo @stmanfr @Snowden @SecureDrop And to do that, it requires software or something like that to collect & carry the shit. @stmanfr supposed here there is backdoor everywhere in every hardware piece designed specially for this task… This is unlikely the case in practice.Permalink On twitter.com
Mood -3 🙁
-
@cyberflamingo @stmanfr @Snowden @SecureDrop I have no problem with the fact you can assume this is the case in a specific threat model. But in this case, just don't use IT at all!Permalink On twitter.com
Mood -5 🙁
-
@cyberflamingo @stmanfr @Snowden @SecureDrop In such threat model, either the backdoor is "by design" in all hardware buyable in market, and I call that "conspiracy theory". We have no clue this is the case in practice. Or such backdoor was voluntarily planted on purpose on *your* hardware, and so you are the target.Permalink On twitter.com
Mood -6 🙁
-
@cyberflamingo @stmanfr @Snowden @SecureDrop And so you have more physical problems than technological ones.Permalink On twitter.com
Mood -2 🙁
-
@cyberflamingo @stmanfr @Snowden @SecureDrop Now, considering the SecureDrop criticism. Same, "in theory" those are points. Not good ones in fact because of the later (conspiracy theory or wrongly addressed threat model). And those are not a problem in practice. Or at least not a problem you want to address.Permalink On twitter.com
Mood -15 🙁
-
@cyberflamingo @stmanfr @Snowden @SecureDrop Sure, you can buy a burnable computer with cash at 1000 miles of your usual location, with tons of cleaning custom hardware to carry data from your air gapped computer to the data drop point. But it will take ages (and @stmanfr perfectly say that) to do that!Permalink On twitter.com
Mood +2 🙂
-
@cyberflamingo @stmanfr @Snowden @SecureDrop And when you are a whistleblower, not specifically trained to IT/infosec/opsec, with only few time to drop the data (remember Snowden, only few hours in the hotel before the Hong-Kong lock-down), you are not in the position to use such idealistic solution.Permalink On twitter.com
Mood 0
-
@cyberflamingo @stmanfr @Snowden @SecureDrop Nobody ever says Tor/SecureDrop is a insurance for your privacy and nobody in the world would be able a day to tell you are the whistleblower. We only say this is a well working solution in a time-constraint situation with no IT skills really available.Permalink On twitter.com
Mood 0
-
@cyberflamingo @stmanfr @Snowden @SecureDrop Accessing & reading the Tails manual or 1-2 how-to written by the EFF or other NGO take only few hours if not minutes. And it's largely enough to protect yourself from any decent threat model.Permalink On twitter.com
Mood -1 🙁
-
@cyberflamingo @stmanfr @Snowden @SecureDrop Even Snowden, directly targeted by the most important spying agency of the world use his everyday computer to contact Greenwald and to send all his papers.On twitter.com
Mood +2 🙂
-
@cyberflamingo @stmanfr @Snowden @SecureDrop In general your own case won't even be known by the NSA or other agencies. They just don't care at all about you and your whistleblowing. And nobody will never use such state agency designed backdoor to uncover your identity. Even assuming such backdoor exists in practice.Permalink On twitter.com
Mood -2 🙁
-
@cyberflamingo @stmanfr @Snowden @SecureDrop And lastly, @stmanfr, despite he is saying, has never ever contribute or work for @NSAObserver. And I know what I say, i'm one member of the original team 🤣 github.com/orgs/nsa-observer/peoplePermalink On twitter.com
Mood 0