Facebook is collecting data on you even if you don't participate in Facebook.BedokAmerican wrote:If you're on Facebook or similar sites, get off. If you're sharing information about yourself and/or providing it to FB, Google, etc. for others to see (or even not see), that could be a problem. Often these social networking sites sell information to entities willing to buy it. One of those entities would be the government.
Not to defend Apple too terribly much since they freak a lot of things up, at least iMessage and Facetime appears secure. They're both built on top of relatively open protocols and have been reversed engineered enough to confirm that private keys are stored for each on the local device (If you use a Mac with either service, you can confirm this by looking in your local Keychain). Apple acts as a KDC for your public certs. When I first iMessage you, Apple will send me the public cert for each device you've logged into iMessage with. The only way these messages could then be intercepted would be for apple to surreptitiously include an additional public cert for another destination which isn't intended. If you cared enough, you could test to confirm Apple is only presenting appropriate public certs for you from devices you control.x9200 wrote:Unlikely only e-mails, likely all unencrypted, non-binary traffic (plus the same but compressed).
I don't think there is anything better than client based encryption. Also, I would have limited trust to the software OS giants like Micro$oft or Apple. If the software is not an open source I could imagine it gives some freedom to sent out various data from your machine along with bug reports or other seemingly harmless information.
My understanding is that Intel and AMD may be forced to insert microcode into the uP that allows snooping (and hence the reason Intel allowed uP microcode updates). This would be much lower level than a kernel issue.x9200 wrote:I meant something a bit more sinister. I guess it is doable to have a low level software logger (kernel or daemon level) that can gather information on what the user does. It can for example log the keyboard strokes (so no way any client-client encryption can help) or even read directly from the "screen" (fb, video memory etc) and write it somewhere to the harddrive. Now, from time to time this software may purposely crash something (it happens in any mature, more complex OS) and propose to send a bug report. It should be possible to include this logged info (or better some meta tags only) into the debugging report and send over some user data. This might also happend during software update process and perhaps some other.
This is why those truly paranoid don't let the data out, or run software update mechanisms which need to send such data upstream. And if they did, they'd catch it happening immediately. Nothings perfectly safe, but the truly paranoid have thought of this.x9200 wrote:I meant something a bit more sinister. I guess it is doable to have a low level software logger (kernel or daemon level) that can gather information on what the user does. It can for example log the keyboard strokes (so no way any client-client encryption can help) or even read directly from the "screen" (fb, video memory etc) and write it somewhere to the harddrive. Now, from time to time this software may purposely crash something (it happens in any mature, more complex OS) and propose to send a bug report. It should be possible to include this logged info (or better some meta tags only) into the debugging report and send over some user data. This might also happend during software update process and perhaps some other.
Users browsing this forum: No registered users and 8 guests