[linux-elitists] Surveillance

Eugen Leitl eugen at leitl.org
Sat Sep 7 10:47:08 PDT 2013


On Sat, Sep 07, 2013 at 12:38:05PM -0500, Jeremy Hankins wrote:

> I understood Don's point to be less about the security or lack thereof
> of a particular distro, and more a sanity check: are linux distros in
> practice as secure as we'd like to think, or are we just complacent?
> I.e., do we really have a reason to crow as compared to commercial OSes?

Yes, and no. Yes, because any corporation can be coerced into backdooring
your system. Theoretically, it's harder with a community distro, and it
would be actually much harder if they followed a documented opsec policy
in maintaining their signing secrets.

No, because the track record of crypto breakage is not good, and if
TLAs target you specifically then teh Linux! it does nothing.

I'm currently retitrating by paranoia level, in order to be able to
borderline trust my systems. It looks like keeping the spooks out
is a really hard problem, and there isn't all that much prior work
online to help you. Pointers welcome.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://zgp.org/pipermail/linux-elitists/attachments/20130907/3c96b4c8/attachment.sig>


More information about the linux-elitists mailing list