[-] chappedafloat@lemmy.wtf 12 points 1 month ago

It's normal but people don't like it. Just ask the people you know if they are ok with all the mass surveillance, they don't like it. But it's just too difficult for them to do anything about it. They don't like this "small beginner steps" approach to privacy. They want complete privacy without effort or nothing at all and they don't want to pay for it. It's laughable and sad but that's my experience talking about privacy with people. But the point here i guess is that mass surveillance has been forced on us all. They create a new wonderful technology with lots of use case but then they also add in some mass surveillance on it as well as a bonus.

[-] chappedafloat@lemmy.wtf 7 points 1 month ago

whonix docs is very good to learn about this stuff

[-] chappedafloat@lemmy.wtf 2 points 1 month ago

Do you think it's better to use a VPN if you aren't using TOR Browser?

[-] chappedafloat@lemmy.wtf 2 points 1 month ago

You can copy the part of the url watch?v=4sfIBRTcRpU and use it in the frontend you prefer.

[-] chappedafloat@lemmy.wtf 1 points 1 month ago

Good suggestion about analyzing network packets. I don't know anything about how to do that except there are tools like wireshark which can help but I still have no knowledge on doing that. And I think you would need to make a script to monitor it for you because it would probably only (talking theoretically now) phone home very quickly on rare occasions, it wouldn't be continous. So your script would have to be able to detect these short and rare anomalies. I don't know anything about how to do any of this though but I will add it to my todo list down the road.

Another problem is you might need to get the NSA's attention first and make yourself a target. You also need to make sure there is no other way for them to spy on you, so they are left with only using intel me as their last resort.

So because I don't know anything about analyzing network packets I can't say if you're right but it does seem convincing. And it would be great for security in general as well, not only for investigating intel ME. I will definitely learn more about this later.

[-] chappedafloat@lemmy.wtf 2 points 1 month ago

I think a big part of it comes down to what threats are there in theory and what threats are there actually. The problem is that the theoretical threats are possible, they're not unrealistic and that's why it doesn't feel good to not be protected against the theoretical threats but we maybe need to try and accept they are too unlikely to be active threats. Trying to protect from theoretical threats is kind of like trying to protect your house from having an airplane fall down from the sky into your house. Or maybe this is just my trying to cope.

And how do we know what threats are theoretical vs active threats? Just have to keep learning and learning, it takes a long time. Talking in privacy and security communities can help speed up the learning.

44
submitted 1 month ago by chappedafloat@lemmy.wtf to c/privacy@lemmy.ml

Convincing people to use apps such as Signal is hard work and most can't be convinced. But with those you manage to convince, do you feel happy to talk to them on Signal?

The problem is these people use Signal on Android/IOS which can't be trusted and IOS has recently been in the news for having a backdoor. And it has also been revealed that american feds are able to read everyone's push notifications and they do this as mass surveillance.

So not only do you have to convince people to use Signal which is an incredibly difficult challenge. You also have to convince them to go into settings to disable message and sender being included in the push notifications. And then there's the big question is the Android and IOS operating systems are doing mass surveillance anyway. And many people find it taking a lot of effort to type on the phone so they install Signal on the computer which is a mac or Windows OS.

So I don't think I feel comfortable sending messages in Signal but it's better than Whatsapp.

These were some thoughts to get the discussion started and set the context.

[-] chappedafloat@lemmy.wtf 4 points 1 month ago

Why not is the question and that comes down to guessing. Sheep do what they are told so don't need to guess much there. Those who are not sheep have to go through a long journey to gradually keep increasing their privacy and unlearn the sheep habits we've been conditioned to have.

The end goal is to throw away your phone because you can do everything on your computer instead including buying a phone number, using voip and take and make calls. Phones are unnecessary spy devices used by sheep.

[-] chappedafloat@lemmy.wtf 21 points 2 months ago

NSA is infamous for illegal and unconstitutional mass surveillance.

57
submitted 2 months ago by chappedafloat@lemmy.wtf to c/privacy@lemmy.ml

When it comes to Intel Management Engine, I actually think it's not a threat if you neutralize it. I mean to just set the HAP bit on it. Because if that isn't enough then that means all computers in the world which use Intel CPU can be accessed by NSA but if NSA had this much power then it seems obvious that they aren't using it and why wouldn't they use it?

There's a github project to neutralize/disbale Intel ME: https://github.com/corna/me_cleaner Disable is overwriting intel ME as much as possible with zeros, leaving only a little remaining to be able to boot the computer. The newer the intel chips are, the less likely it is to be able to disable it. But all chip sets can be neutralized which means to set the HAP bit which is an official feature. In theory we can't actually trust the HAP bit to really disable intel ME permanently. It's more like asking Intel to do what they have promised because it's proprietary. But I think it really does permanently disable it because otherwise NSA would be abusing this power.

That's why I think the newer laptop models are better because it's probably not necessary to disable, it's enough to just neutralize withthe HAP bit. And with a newer modern laptop they can have open source Embedded Controller firmware which is better than proprietary Embedded Controller firmware.

I'm interested to hear what you think as well.

[-] chappedafloat@lemmy.wtf 2 points 2 months ago

They are very cheap, only $1 for 10 aliases and then then $0.1/month for any additional aliases. But can't pay with monero.

[-] chappedafloat@lemmy.wtf 3 points 2 months ago

Can I open an account with TOR browser and pay with monero without having to give any info like a secondary email or phone number?

[-] chappedafloat@lemmy.wtf 1 points 2 months ago* (last edited 2 months ago)

do they allow you to create anonymous accounts by paying with monero? And connected via TOR browser?

[-] chappedafloat@lemmy.wtf 2 points 2 months ago

what kind of risks are there with buying a second hand phone? I don't know so much about how phones work. But for example with a laptop they could in theory implant all kinds of hidden spyware and backdoors in the firmware and it would be impossible to find it and remove it. The only protection against that is that we believe it's so unlikely someone random would do that. So that is just an example what I'm talking about when I ask about what the risks would be when buying a second hand phone?

view more: next ›

chappedafloat

joined 2 months ago