voidtool everything
what? did they do something questionable?
Computers and the internet gave you freedom. Trusted Computing would take your freedom.
Learn why: https://vimeo.com/5168045
voidtool everything
what? did they do something questionable?
thanks Patrick for fighting for us!
I guess you can do that on Linux as well by disabling kvm passthrough of the GPU to the VMs.
I think it is disabled by default, and you would need to enable it for a specific VM. as I know, the GPU can rarely be shared to multiple VMs
I think QubesOS only does mitigations, not microupdates.
it may be possible to do it on Qubes too. I think the microcode updates are not OS-specific, but I’m not certain about this
do you mean this part?
However, some of the vulnerabilities of this class cannot be effectively mitigated without updated CPU microcode.
(https://osresearch.net/Heads-threat-model/)
linux can do microcode updates. I think what they wanted to mean is that the general mitigations (the retpolines and the page table isolation they mention near it) are what is not enough
which frontend allows that?
as I know piped and invidious have their own account system, and by following their attempts to regain access to youtube content I would think that if they allowed login with a google account, that would place the account in danger of getting blocked for good
to be targeted through an old ThinkPad.
I’m not convinced that this needs targeting. At the same time, you can’t know if any of the former owners was an important person, or in the environment of one, just as you can’t know what shit did they install entirely carelessly.
These old bricks don’t get microcode updates for the CPU which means you will be vulnerable to many Spectre and Meltdown attacks. QubesOS can mitigate it to some degree such as by disabling hyperthreading, but QubesOS can’t mitigate it completely, only microcode updates can and these old bricks don’t receive them.
as I know linux is capable of loading its own, updated cpu microcode at boot time. I’m not sure if it’s being done by default, but this article probably means that it isn’t
but the main thing is that built-in microcode version is probably not that bad of a problem if you take care of it
keep in mind that phone number privacy does not mean that they don’t get your phone number, but that the official app does not reveal it.
but then, they have probably found you either by phone number or from a group
solution: use their tor hidden service instead. It’s for exactly that
as more and more official things can/need to be done online, it will only get to be a bigger risk. I don’t think it’s low even today.
But an adversary could easily use a bad usb when they have physical access to the computer and glitter nail polish doesn’t detect that. I guess that this is why nail polish isn’t sufficient on its own and why we need also either trenchboor or Heads.
it would be interesting to know how much does usbguard protect against this. of course you also need to do something to limit booting from usb, but how effective is usbguard in practice?
what is the risk of sticks that tries to compromise the machine through kernel driver vulnerabilities?
is it possible that it compromises some other firmware on the machine (like the EC in laptops)?
or that it takes advantage of some hardware design failure?
Personally I’ve only heard about Heads so far, but I think this is an interesting topic. Could you give us a short explanation about why is SRTM not enough, and what is a better way?
Except if someone with the means wants to exert control over the survivors asap. there’s a class which was being busy building bunkers in the last decade or more
makes little difference with fingerprinting
why do you think so?
maybe neither. and the benefits depend on its kind. a public vpn can easily be contra-productive when the provider is dishonest, but even when its honest and secure, a VPN that you run for yourself at home has different effects
we’re doomed then
its still better in a sense. usb storage devices all have an internal “mini computer” that run their own code and have access to the USB bus of the connected computer, with the ability to even present themselves as a keyboard, a network adapter or a lot of other things. that’s not a good idea to plug in to the hospital computer after it was given to the patient, and it is also not the best idea to just plug these in at home.
optical media on the other hand does not store code that is executed by the drive.
the problem is that pendrives have a firmware, and too much capabilities, even when not accounting for errors in hardware and code that participates in making it work. some of them (maybe most?) is even writable with the right tools, and the computer’s user doesn’t even need to know that it’s happening.
the most famous web browser that allows any website access to your USB devices with just 1 or 2 clicks makes this even worse.
with digital media recording has become a lot harder, thanks to Digital Restrictions Management
So I don’t understand why people are taking issue with them cooperating with LE
some believe they (proton) are invincible and can do whatever they want. maybe because they think that’s what swiss privacy and swiss laws mean
not really. services make the mobile site unusable. example: