Time for the $5 wrench…
Or just beat the shit out of them and get the info you need (or more likely want).
Relevant xkcd: https://www.explainxkcd.com/wiki/index.php/File:security.png
that did actually happen to a guy, over the password to his bitcoin account
https://abcnews.go.com/US/nyc-crypto-kidnapping-torture-case/story?id=122280419
Holly shit!
Wow, forgot about this one.
Yes, that is how you’d use a wrench in that context
check the IP logs
Its all encrypted? This guy uses VPNs and Tor?
Presuming that Mossad can be topped with a subscription to ProtonVPN or a Tor browser is adorable. Hell, presuming nobody in the intelligence services is familiar with Linux is even more adorable. “We’ve got everyone at the NSA fooled because we’re Arch users”. Yeah, sure buddy. What do you think these professional computer nerds are doing in their own free time?
Where do you even think encrypted applications come from?
most of these security agencies effectiveness is just in the myth’s they’ve built around themselves of actually being effective.
mossad in particular, just has a complete disregard for killing innocents and a really good propaganda wing to suppress all their fuckups.
most killers are not right in the head, they act on pure emotion, they post “i am going kill X” online to their social media of choice the night before going to kill X…it’s dumb as shit. that’s how low the bar is on utilizing violence
fact is lone wolf threats are practically unstoppable, especially if they have a modicum of competency
this is also why it’s said killing gets easier/“first ones the hardest” etc. even if your not some sociopath (which, most people as a whole arent)…once you know and understand just how easy it is to kill people and get away with it…lot of the worlds problems start to look like they have very easy solutions…
I mean, tell it to Jeffery Epstein. The man was pulling strings halfway around the world with his endless supply of blackmail and bribery.
Also lots of killers seek psychiatric help voluntarily (and are often sadly ignored). For a sane, moderately competent person it’s easy to plan the perfect murder or terror attack – it’s a different thing to carry it through because a sane person also has mental guardrails.
Mossad is effective because Israelis are ruthlessly trained to dehumanize anyone who’s an obstacle to their goals.
From security agencies, presumably…
Got me? No!
Security agencies create encryption for their own usage. This means they want it to be mathematically as strong as possible, to protect their secrets from enemy security agencies. Why would they backdoor their own protection system?
They’ll just go through the side door instead.
The Snowden docs proved that the NSA was intentionally weakening some encryption standards to make them amenable for cracking.
Then there’s also the constant pressure from the FBI to make it law that encryption technologies must have backdoors. These are both public record.
I don’t think they’ll be prodigies or anything but they probably know literally one or two tricks or weaknesses that they heavily depend upon.
So you can never really feel secure (that’s not to say take no caution).
Yeah, this isn’t like using OpenBSD! /s
I tend to just operate on the principle of: I know my setup probably wouldn’t hold up for a second if some sort of organized three-letter government body decided to focus on me, but my threat model is more the kind of general internet-sweeping surveillance fuckery that goes on. I’m not doing anything especially dodgy on the internet and I think messing around with privacy stuff is fun, so my security level is faintly absurd for what it is. I’m sure someone could crack it if they were determined enough, but I assume the amount of effort required relative to what you’d find would just make it pointless anyway.
Ah yes, a Linux teenagers power fantasy. Hardened Gentoo and Selinux beats deblobbing btw, noob.
Selinux
Hey, let’s not get crazy. I still want to use it for practical things, too. /s
You can’t impress me with a bog standard Gentoo. If you want to show power, build a fortress. At least put some tripwire you mostly trip yourself on (program that keeps an encrypted hash database of your system files to find intrusion changes, needs an update with every update of course or it alerts only your negligence).
Tripwire should encrypt everything and store key in RAM. Shutdown after 30s, if not emergency overwrite string is entered stored coded on real life paper in a vault with a 9 digits alphanumeric lock. 😏
Fuck yeah, that’ll show them!
“His fucking kernel is deblobbed too?”
As a noob, I genuinely can’t tell if this is real jargon or not
It’s referring to binary blobs. A windows exe might be a binary blob.
These are distributed compiled. Even if the project is open sources, the binary blob might have been generated by a compromised compiler.This is one of the reasons the XZ Utils compromisation went unnoticed for so long. One of the compressed files used for testing contained malicious code that would be included in the build artefacts (IE, the final compiled binary) under very narrow and specific circumstances.
So “deblobbed” means absolutely everything in the OS was built & compiled on their computer from original source code
Thanks! I wonder if I will ever reach that level of privacy paranoia. At the rate that I’m going, maybe 5 years.
Thanks. But I don’t understand why any of that ensures that the compiler isn’t compromised? Do you mean they have presumably vetted the compiler themselves first? This is something that would be incredibly time consuming to do, assuming we are talking about gcc or something equivalent, which, I mean if you’re compiling an OS…
The concepts they’re referring to have more to do with Ken Thompson’s Trusting Trust essay. Laurie Wired recently came out with an episode about it. It’s a rather intractable problem in computing, and unfortunately, even with the best practices to overcome it, you can never be 100% sure that your system is completely free of compromise.
Funny, I just watched it :D great recommendation
That’s true.
But the idea is that there are no precompiled binaries that are implicitly trusted.
So you CAN vet all of the code and artefacts, and if something doesn’t seem right you can trace it back to the code and understand exactly why, instead of seeing a black-box binary and coming to the conclusion “it’s doing something it shouldn’t, but I don’t know what or why”.
The idea is that you are in control of the entire build process.But yes, it would be extremely time consuming to vet GCC, build it from source and (I guess) compare checksum/hashes against published binaries. Then vet all of the source code of everything you need to compile for Gentoo, then compile that and compare checksum/hashes etc.
Which is why it’s in a 4chan meme.But I imagine governments agency will have some deblobbed Linux installs with the technical capacity to vet all the code and artefacts
Ah yes… Government… Yeah they seem extremely,… very competent… For sure, for sure . But yeah , thanks see ya
Lol tell me your computer is blobbed without telling me your computer is blobbed!
I would love to be fully open source but what metal to use…?
Tower’s explanation of blobs is kind of strange and not really correct. In a general sense a binary blob is just a situation where you have open-source software that is combined with proprietary components.
Most relevant example to the meme is that the Linux kernel is open-source, but can sometimes contain drivers that are proprietary and don’t have source code available. Those proprietary drivers would be the blobs.
As a counter-example, the linux-libre kernel that devfuuu linked to, is a version of the Linux kernel that has had all the blobs removed.
Oh that makes so much more sense <3
The extent some people go to refuse their privacy being stepped on. These people like this are pathetic. /s
BRO JUST LET THEM DO WHATEVER THEY WANT YOU’LL BE FINE AS LONG AS
Y O U H A V E N O T H I N G T O H I D E
At least there are cameras tracking everyone’s movements now.
And local cash-accepting taxi companies have been replaced by two cooperative companies, so that loophole is almost closed.
😩
Frankly, I think the people with more to hide are more virtuous than I. Labor organizers, activists, etc. If you’re working to overthrow my country, awesome. Best of luck to you.
But it’s also fair to say most of us will not truly benefit from writing a custom boot loader and after a certain point this is just a hobby.
Ah, the call of the total information warrior - “If you have done nothing wrong, you have nothing to hide”: do they track your phone wherever you drive? Ever drive past a crime in progress unknowingly? Can you prove you were not participating in the crime? Even if it is the dead of night in the warehouse district on your way home from work?
For me it’s because you all never went far enough. It’s not about data privacy. It was always about data scarcity. You all wanted content creators to get paid while also using that same platform to keep your stuff private. Except the way content creators get paid is working for websites and corporations that steal your data and create profiles that information brokers can trade amongst themselves to build larger profiles where they don’t even need you to use any of their systems just to build your profile. But you like random bearded guy that makes cat comics. We should have always been hostile to anyone using the internet to create content in order to sell it.
if these folks were serious about their privacy - they would be running fucking Qubes
Are they in the room with us now?
I love this idea when in reality they probably have some Israeli 3rd party that they use that can just pop any system in under an hour regardless of any protection you think you have.
Can’t have ring -3 vulnerabilities if your CPU doesn’t have a ring -3
I’m like this post but I use GNU Guix System instead of Gentoo and GNU Boot instead of the old fully free Libreboot (and I have my own appartment lol).
Hello, Fellow Guix-SD user.
Literally just spends all day commenting hacker news posts
A government hackerman would be the same guy. Except working for the government.
“Hang on, you mean to tell me this fucker barely uses the internet or TV at all anymore and instead just reads books and watches old films on disc? Like real books, not ghost-written memoirs of our favorite elites?”
I don’t know, but I’m down with the clown… oh sorry, I thought you asked what was a Juggalo
We can get around Intel ME?
Some computers do not require having the ME firmware installed. Usually, these are computers supported by a 100% free BIOS replacement such as GNU Boot (see the compatible models on the website). Libreboot was fully free in the past but it’s not true anymore since it does now support computers needing the ME working (at least for computer initialization) but neutered so that most of it can’t operate. However, you can’t be sure whether a neutered ME is harmful or not since we don’t know what it can really do as the initialization source code is not known.
I could be wrong, but if I remember correctly, the Thinkpad x61 was the last version to ship without Intel ME, and I assumed the meme was a nod to that.
Removed by mod
It’s cute that anyone thinks situation 2 would be necessary and that encryption couldn’t be broken with the press of a button if someone seriously wanted your info.
Fantasy land.
Privacy is a human right, but our rights were eroded long ago.
Free drugs!
Free Wench hits, too.
What if i don’t remember my own password?
It says “until” so you’ll be having plenty of time to remember it.
I’il probably have internal bleeding before i remember them
Well in reality they will use waterboarding or some other technique that ensures suffering while not being life threatening. There’s actually a great movie called Unthinkable about this.
That still doesn’t mean you’re gonna remember it. I forget my master password all the time. Torture would just ensure I’d forget it even worse.
That’s the whole thing with torture. It demonstrably doesn’t work, but people who use it aren’t the people who’re concerned with scientific reality
It does work for people who value their wellbeing more than they value the information they remember. For remembering stuff there may be some medical injestions before torture.
I see, still i wouldn’t remember the password, i need to find my master passwd on a piece of paper somewhere i don’t know myself
Then it would really suck to be you at that point
there was another crypto kidnapping (also in russia) a few years ago, they tortured him and got all his apes. DeFi, kinda scary
give them the duress password gg
Gonna become the $2 waterboard rag method for insubordination
“If this password doesn’t work, I’m going to break your thumbs.”
“Uh…”
“Yeah, its not the real password. Lets break his thumbs and ask him again.”
a duress password typically wipes the device when entered.
so the data would be destroyed
And then they would just keep hitting him for his defiance
Feels more and more likely living in the land of freedum right now.
deleted by creator
