by now you've probably heard of Lenovo's Superfish debacle, the software which installes a self-signed root certificate on all its computers. that gives it the potential, which it exploits fully, to "issue" the certificates for all your banks, email providers, social networks, etc., and read all the "encrypted" traffic between you and those entities.

we know we're dealing with untrusted networks, but at some point you have to trust the hardware/software contraption you're using. I've thought it over quite a bit lately, and have come to the conclusion that it's all but impossible. even if I buy a gazillion transistors and build my own computer from scratch, some evil entity, using micro-miniaturization techniques, could have placed sophisticated circuitry inside each of those to monitor and store data until it can upload it wirelessly when in proximity to a device capable of "speaking" to them. that's pretty far-fetched, sure, but it wouldn't surprise me at all to find out there are hidden cameras and microphones inside mass-produced devices, let alone keyboard-sniffing hardware and software, that aren't available to the operating system.

basically, we're screwed as far as security and privacy are concerned. I think now that the best strategy is to have so little to steal that we're not worth bothering with, and that includes our lives. make it all public so that the evil controlling entities don't have a monopoly on it.

Back to blog or home page

last updated 2015-03-05 16:15:57. served from tektonic.jcomeau.com