Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

But if your phone OS / cellular firmware is compromised then e2e or even at-rest encryption won't matter. Anything you can see on your phone can be seen.

I think a more rational alternative is to consider that everything except your unexpressed thoughts and emotions is already logged. At some point, this will become true (if it ain't already), so....then you at least will be ahead of that curve.

So if everything you do is monitored, how do you achieve privacy in such a world? That is the question, I think.

In fact, it's similar to how a corporation or nation needs to think about protecting their own secrets. They have to assume compromise (of people, systems, etc)...how do you confuse and compartmentalize what you want to protect?



Don't let perfect be the enemy of good. The likelihood and prevalence of deeply low level monitoring is orders of magnitude less than the likelihood of using modern apps and saas where is virtually guaranteed. It's an additive game and you can dramatically reduce invasions, even if you can't eliminate them.


See https://news.ycombinator.com/item?id=35698547

Even at the hardware level we have real examples of exfiltration.


While perhaps true in many cases, this example was untrue: https://blog.brixit.nl/nitrokey-dissapoints-me/


Nitrokey article improvement: https://twitter.com/grapheneos/status/1651601840520278018

> Per our request, NitroKey has fixed one of the main issues in nitrokey.com/news/2023/smar…. XTRA downloads are done by xtra-daemon in the OS, not firmware. It also does use HTTPS by default, but the OS can override the default URLs via gps.conf and some OSes do override to HTTP URLs ... NitroKey is correct that xtra-daemon has support for sending information on the device including device model, serial number, etc. They're also correct that the user is never asked about it. It's less of an issue than SUPL which sends nearby cell towers, phone number and IMSI.


> likelihood lower

Not if we take the lore around mass survey into account (Snowden etc)


My guess is that US surveillance and intelligence agencies operate like many other large government beaurocracies: with high levels of administrative incompetence, mismanagement of resources, unscrupulous decisions in the service of individual risk -avoidance/status-seeking, etc.

I suspect Snowden does them a service by making us all feel like we're under a big, scary, watchful eye.

In actuality, they probably do collect unholy amounts of data, perhaps even illegally... But they probably don't know how to process it effectively and if they do, they probably struggle to turn those insights into action.

It's easy for them to collect Facebook friends and Google searches, not Signal messages and DuckDuckGo queries made in an incognito window. It's easy because they can demand tech companies "hand it over" without actually hiring and assigning the skilled and creative people they'd need to figure out how to overcome the modest obstacles privacy-conscious people erect.

If you're a decision maker in one of these orgs, you'll be recognized and praised for cheaply trawling for privacy illiterate pedophiles and easy-to-identify, state-affiliated Twitter bots.

OTOH, you might not get promoted for spending hundreds of millions of dollars breaking into end-to-end encrypted convos only to find out that 99.95% of the data is benign and the .05% that's substantively suspicious requires a warrant and an FBI surveillance team to gather enough evidence to actually go to trial.

tl;dr: cheap measures to protect your privacy probably go much further than you'd think, because while they can be overcome individually, they're not worth overcoming at scale.


The idea that you can assume privacy because whatever country or corporation surveys is incompetent or bureaucratic sounds reasonable, but what's the probability of that? It's not 100%.

If privacy is important, assume compromise and work around it, sounds like the more secure strategy.


> It's easy for them to collect Facebook friends and Google searches, not Signal messages and DuckDuckGo queries made in an incognito window.

It's entirely unclear that it's difficult for them to collect duckduckgo searches (Why assume they wouldn't collect the info from duckduckgo?). Specific signal messages might be harder, but even signal collects and stores sensitive info (like a list of your contacts) forever in the cloud and in ways that could be easy for the government to get their hands on. Cell phones are basically designed to leak your info like a sieve and allow google/apple to do whatever they want (or are ordered to do) at any time without notice to users anyway, so anything done on them is probably capable of being observed and/or recorded.

You're right that most of the time it's probably not worth the effort to go after everyone for everything, but as long as they're collecting and keeping the data they can always decide to spend a little more effort if you become a problem for them.

I agree, people should take whatever steps you can to protect themselves whenever you can, since it can only help, but man, "Take care to never become inconvenient to those in power and hope they are incompetent when they finally come for you" is sure no comfort.


1. It's completely possible to treat your phone as an insecure device. Maybe I'm naive, but I think it's possible to run a daily Linux system with a reasonable assumption of privacy.

2. When you act as if you are being monitored and judged for your words/actions, you begin to self govern them to be more acceptable to the presumed omnipresent agent. Sometimes the fear of being surveilled is as powerful as actual surveillance.


> 1. It's completely possible to treat your phone as an insecure device. Maybe I'm naive, but I think it's possible to run a daily Linux system with a reasonable assumption of privacy.

Your computer is running several operating systems under ring 0 that Linux has no idea about, same goes with many components and peripherals. Those operating systems have direct memory access.


But not if we assume compromise.

How would you hide in plain sight? That is the question.

Bruce Lee said: be water. But maybe you need to: Be Hamlet


Stab the guy behind the curtain ?


Hahah, that's an unexpected connection that's funny!

No, I was thinking more, be a dissembler.


Talk to skulls.


So if everything you do is monitored, how do you achieve privacy in such a world?

I might put a physical paper notebook in a reporters pocket then meet with them and buy them a coffee or tea. Or I might give them a USB drive with a self-decrypting file and instructions for how to use it securely.

Or if I am feeling silly I might borrow a few hundred digital billboards and just broadcast the data to everyone and let the public sort it out. FoghornBlowing?


This, given these NSA programs have had 10 years to evolve and expand, and that the NSA can easily get access to effectively the entire planets’ mobile devices by showing up to just two American companies’ HQs with guns and gag orders, it seems almost a certainty that they’ll have OS-level access. So I’d highly doubt any standard mobile device is NSA-safe.

In terms of dimensionality, I actually do not think it would physically be possible for the NSA to warehouse all the raw data they could Hoover (haha get it) up, so that might be a bit comforting. And certainly whatever data they do Hoover up will mostly never be directly seen by a human due to physical constraints on eyeball time available to spy vs produce content. That yields one answer to your question which is to just not attract enough attention they decide to turn on full logging and comb through your life


AI can probably drastically reduce the time it requires to go through a massive trove of data.


> So if everything you do is monitored, how do you achieve privacy in such a world? That is the question, I think.

Proposals that suggests users get better at managing their own security are doomed. Most people don't understand the absolute insecurity of their door locks, let alone the state of their digital devices.

One possible answer is noise. There should be "digital noise generators" that create fake digital fingerprints for you everywhere. The goal isn't to make the landscape more pristine, it's to make it so "dirty" that it has no value to anyone anymore.


You are talking about targeted surveillance rather than mass surveillance. That is not the purpose of this guide and similar others. There are advanced guides for people in that threat model.


That's a good point, but I think the trend over time is, what was a targeted tool, is now mass.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: