[linux-elitists] Surveillance

Eugen Leitl eugen at leitl.org
Sun Sep 8 05:51:00 PDT 2013


On Sat, Sep 07, 2013 at 10:27:27PM -0700, Greg KH wrote:
> On Sun, Sep 08, 2013 at 05:09:32PM +1200, Mark van Walraven wrote:
> > On Sat, Sep 07, 2013 at 09:14:31PM -0700, Greg KH wrote:
> > > But what else needs to be worked on?  What gaps do people feel we have
> > > that are cauing problems that we can solve with technological measures,
> > > not just legal ones?
> > 
> > How can I trust my hardware and the firmware therein?
> 
> Shortest answer
> 	You can't.

Trust is a continuum. Some systems are more trustable than
others. While we don't have fully trusted hardware yet,
we're getting close. Certain developers are using modified
hardware which doesn't contain any proprietary blobs.
In principle you can load an soft CPU from a library into
an FPGA (backdoorable in principle and at least one
backdoor is known, but harder to get stuff in).

There's also work on provable software (e.g. seL4), though
not yet unfortunately anything with an open source license.

You can use capabilities-based systems and thin hypervisors
on open hardware to compartmentalize potential compromises,
to have something which is still usable yet reasonably secure.

Won't help if the spooks want to nail your ass, but it will help
if they don't know you're at all out there.
 
> Short answer:
> 	You never could.
> 
> Longer answer:
> 	To think that you ever could do this is to not realize the
> 	complexities in modern devices.  Heck, you still couldn't do
> 	this in devices made 25 years ago that were connected to
> 	networks.  Actually, it goes much farther back than just 25
> 	years if you remember how networks worked way back when.
> 
> Only real solution, don't use an electronic device.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://zgp.org/pipermail/linux-elitists/attachments/20130908/f4f29c49/attachment.sig>


More information about the linux-elitists mailing list