End of Privacy and Security

[shrekexists]

https://9to5mac.com/2023/08/29/investigatory-powers-act-apple-response/

According to the United Kingdom nobody is entitled to security and privacy unless they can get into it and they want to force all companies to do this globally. They want everyone's tech to have unpatched security flaws so they can basically do what we do to get into a switch or ps5 on phones and personal computers. They also don't want encryption at all on services like imessage or signal, to them it should appear encrypted but actually be backdoored and basically plain-text to them so they can man-in the-middle phones and routers to read personal messages if not just stream the messages directly to gchq from the services server. I suggest those that can start recording their devices connections and consider using virtualization for all web browsing given the number of chrome and firefox exploits now that will go unpatched in the future.

 

[Deleted member 194275]

Apple, Google, Valve, Meta and so on only raise the privacy banner when they are shitting their pants afraid of regulation. So in the end nobody is offering privacy and anonymity, it's just companies and governments fighting for data (and data here means power).

My political view goes towards more regulation, but that's just me.

 

[shrekexists]

Apple, Google, Valve, Meta and so on only raise the privacy banner when they are shitting their pants afraid of regulation. So in the end nobody is offering privacy and anonymity, it's just companies and governments fighting for data (and data here means power).

My political view goes towards more regulation, but that's just me.

I don't know if you understand the article. The implications are no more imessage, facetime, whatsapp, or signal like programs and no more security features being added to hardware. Consider Intel CET that makes 3 types of memory attacks significantly harder so without this law we could have unhackable personal computers eventually. The way it seems is they would also prevent security updates until they have another exploitable flaw that gains full privileges. You could also be committing a crime against humanity by reporting security flaws now instead of just immediately making them public as privacy is a universal right of humans.

 

[lolcatzuru]

" BuT IF YoU hAVe NOThiNG tO HiDE ThEN iT DOeNt MaTtER

 

[Xzi]

End of privacy in the US was when Snowden risked everything to be a whistleblower and the general public collectively shrugged.

 

[ShadowOne333]

I'm partial on this.
On one side, it could mean Nintendo getting their asses fucked wide open and leaving their devices basically homebrew available, but on the other end it means having no privacy at all and having gov monitoring everything.

...well fuck my privacy I want mah fru gamez

 

[shrekexists]

End of privacy in the US was when Snowden risked everything to be a whistleblower and the general public collectively shrugged.

That didn't end privacy you can easily just not use services part of prism for your email and browser sync and Apple also encrypts imessages and facetime so the NSA can't access them without a root exploit.

I'm partial on this.
On one side, it could mean Nintendo getting their asses fucked wide open and leaving their devices basically homebrew available, but on the other end it means having no privacy at all and having gov monitoring everything.

...well fuck my privacy I want mah fru gamez

It also means when you play games online there could be exploits that take over your device and steal your account or device cert because the UK didn't want a backdoor closed. It isn't possible to keep a exploit usable only by government someone else eventually will find it.

 

[mituzora]

I don't care for apple too much, and their security has clearly been a joke before, but that being said, this is a very concerning move on the UK's part. Ultimately, I don't think it will lead to what the UK wants, and will likely just end up with a bunch of companies ceasing product and services from the UK.

Also, not allowing people to patch their security holes because they may be being used as a backdoor? that's greasy AF! Same thing with attempting to end E2EE. I don't care how much of a hinderance it is to investigation. Encryption is the ONLY reason why the modern internet exists as it does today, and it just makes me think the UK wants to go to the wild west of the Internet where security wasn't a thing. There's a reason why information security became such a huge field, and it's an incredibly bad idea to go back to that past.

 

[Xzi]

That didn't end privacy you can easily just not use services part of prism for your email and browser sync and Apple also encrypts imessages and facetime so the NSA can't access them without a root exploit.

Apple gives the NSA whatever data they request from them, and hands data off to their advertising partners too. Corporations will never prioritize your privacy when there's money to be made from violating it, especially publicly-traded corporations trying to provide infinite growth for their shareholders.

 

[mituzora]

I'm partial on this.
On one side, it could mean Nintendo getting their asses fucked wide open and leaving their devices basically homebrew available, but on the other end it means having no privacy at all and having gov monitoring everything.

...well fuck my privacy I want mah fru gamez

I'd rather not use nintendo because they refuse to work with homebrew than to give up privacy and security and go back to the dark days of the Internet. At least there's something like the Steam Deck which doesn't give a fuck on what I run on it.

Apple gives the NSA whatever data they request from them, and hands data off to their advertising partners too. Corporations will never prioritize your privacy when there's money to be made from violating it, especially publicly-traded corporations.

Sadly, yes; people like Apple do sell your data, and it's infurating, but this will also end other providers that legitimately don't do that. Imagine not being able to update SSH/SSL because the UK wants to use the heartbleed bug to snoop on your browsing behavior. It's not just Google, Apple or Microsoft that would suffer from this, but the modern internet as a whole. This could lead to the death of eCommerce if it goes too far.

 

[shrekexists]

Apple gives the NSA whatever data they request from them, and hands data off to their advertising partners too. Corporations will never prioritize your privacy when there's money to be made from violating it, especially publicly-traded corporations.

Big corporations usually don't sell data because it's worth more if they hoard it. Apple doesn't have any data on anyone to give unless they go out of their way to provide it like with iCloud backups which could be most of your phones and computers data. Prism and related programs only applies to servers those companies run which is why encryption stops the NSA. It's also possible they just relay messages and don't even have encrypted data to hand over.

 

[wiiu20603]

If it means that much to you, start encrypting and decrypting your communication client-side, rather than letting some big company handle it for you.

Nobody actually cares about privacy. If they did, we would be generating key pairs and encrypting messages ourselves.

Also, iMessage is not secure. No Apple products are. Remember with Tim Apple said he was going to scan all phones for CP? That was public admission that Apple can and will violate your privacy whenever they want.

The core issue here is that everybody under the age of 30 is too stupid to learn how to use Linux. Zoomers love the mindless simplicity of Big Tech's shitty products, but they complain about getting fucked over.

The moment you downloaded a closed source app onto your closed source phone, you lost the privacy wars.

 

[mituzora]

Big corporations usually don't sell data because it's worth more if they hoard it. Apple doesn't have any data on anyone to give unless they go out of their way to provide it like with iCloud backups which could be most of your phones and computers data.

Nah, that's not true; They definitely sell your data amongst themselves. For example, I was watching a show on Netflix, and then the next day on Youtube, it started recommending clips from said show, completely out of the blue, without me even attempting look for clips. all on completely different machines, without sync, or shared cookies.

If it means that much to you, start encrypting and decrypting your communication client-side, rather than letting some big company handle it for you.

Nobody actually cares about privacy. If they did, we would be generating key pairs and encrypting messages ourselves.

Also, iMessage is not secure. No Apple products are. Remember with Tim Apple said he was going to scan all phones for CP? That was public admission that Apple can and will violate your privacy whenever they want.

The core issue here is that everybody under the age of 30 is too stupid to learn how to use Linux. Zoomers love the mindless simplicity of Big Tech's shitty products, but they complain about getting fucked over.

The moment you downloaded a closed source app onto your closed source phone, you lost the privacy wars.

I agree with most of this, however, regardless, a government shouldn't be attempting to force ANYONE to circumvent security for their own sake. You don't think this wouldn't affect Linux users down the road? I don't like Apple, and their security is a joke, but I really don't like a government telling me what I can and can't do with my own data. This isn't just about blocking services such as iMessage, but ending E2EE and other encryption as a whole

 

[shrekexists]

If it means that much to you, start encrypting and decrypting your communication client-side, rather than letting some big company handle it for you.

Nobody actually cares about privacy. If they did, we would be generating key pairs and encrypting messages ourselves.

Also, iMessage is not secure. No Apple products are. Remember with Tim Apple said he was going to scan all phones for CP? That was public admission that Apple can and will violate your privacy whenever they want.

The core issue here is that everybody under the age of 30 is too stupid to learn how to use Linux. Zoomers love the mindless simplicity of Big Tech's shitty products, but they complain about getting fucked over.

The moment you downloaded a closed source app onto your closed source phone, you lost the privacy wars.

Linux won't help you if the browser companies themselves aren't patching flaws and kernel flaws in Linux also apply to Android and ChromeOS so the gchq would be interested in them being secret. There wasn't much news about Linux 6.5 being a lot more secure with shadow stacks for example and most users of the kernel would be better off on 6.5 if they have hardware shadow stack support.

Post automatically merged: Aug 29, 2023

Nah, that's not true; They definitely sell your data amongst themselves. For example, I was watching a show on Netflix, and then the next day on Youtube, it started recommending clips from said show, completely out of the blue, without me even attempting look for clips. all on completely different machines, without sync, or shared cookies.


I agree with most of this, however, regardless, a government shouldn't be attempting to force ANYONE to circumvent security for their own sake. You don't think this wouldn't affect Linux users down the road? I don't like Apple, and their security is a joke, but I really don't like a government telling me what I can and can't do with my own data. This isn't just about blocking services such as iMessage, but ending E2EE and other encryption as a whole

Netflix could of sold the data to Google but Google itself doesn't sell data it would help companies like Apple if they did. You need a alt email and a vpn so your data isn't tied together. If it still happens use a different credit card Google doesn't know about but hopefully they aren't that bad with it. Also make sure you aren't using third party cookies at all if both are from a browser. There's also a possibility they use the browser fingerprint for this but YouTube seems to only use the provided storage on browsers and IP for determining what shows up. Virtualization makes everyone have the same fingerprint provided they use the same virtual machine and operating system and set the hardware the same.

 

[RAHelllord]

This is nothing new, the UK is basically just trying to save some money by forcing companies to patch vulnerabilities slower so they don't have pay as much for zero day exploits from Israeli hackers.
Also important to keep in mind that the UK is quickly becoming irrelevant thanks to the tories running the place into the ground and that practically every other government can subpoena any given local company to hand over all data. Most of the important stuff is never going to get encrypted in the first place.

 

[shrekexists]

This is nothing new, the UK is basically just trying to save some money by forcing companies to patch vulnerabilities slower so they don't have pay as much for zero day exploits from Israeli hackers.
Also important to keep in mind that the UK is quickly becoming irrelevant thanks to the tories running the place into the ground and that practically every other government can subpoena any given local company to hand over all data. Most of the important stuff is never going to get encrypted in the first place.

I'm surprised nobody retaliated against those groups yet you have to be a pretty shitty person to use skills like that to send Trojans instead of public jailbreaking exploits. Most people would not take kindly at all to their friends and family being sent Trojans by Israel. I know NSO got banned by the USA for sending Trojans to united states officials. It's really creepy those flaws even exist because in theory 100% of all phones could be hacked right now and apparently even the NSA takes a bit to find them. It's very clear these types of malware is used for evil mostly like preventing humans rights not just fighting terrorism.
https://en.wikipedia.org/wiki/Pegasus_(spyware)

"In December 2018, a New York Times investigation concluded that Pegasus software played a role in the Khashoggi's murder, with a friend of Khashoggi stating in a filing that Saudi authorities had used the Israeli-made software to spy on the dissident.[132] NSO CEO Shalev Hulio stated that the company had not been involved in the "terrible murder", but declined to comment on reports that he had personally traveled to the Saudi capital Riyadh for a $55 million Pegasus sale.[133]"

"In December 2021, it was reported that Pegasus spyware was found in the preceding months on the iPhones of at least nine U.S. State Department employees, all of whom were either stationed in Uganda or worked on matters related to Uganda.[166] Later the same month, AP reported that a total of 11 U.S. State Department employees stationed in Uganda had their iPhones hacked with Pegasus.[167] The US government blacklisted the NSO Group to stop what it called "transnational repression".[168]"

"In April 2022, Citizen Lab released a report stating that 10 Downing Street staff had been targeted by Pegasus, and that the United Arab Emirates was suspected of originating the attacks in 2020 and 2021.[163]"

I can't forgive spyware companies who only care about money. This is just from one of these Trojans and the list goes on.

 

[Deleted member 571007]

Linux won't help you if the browser companies themselves aren't patching flaws and kernel flaws in Linux also apply to Android and ChromeOS so the gchq would be interested in them being secret.

Most Linux distros aren't created or maintained by the companies you speak of. A lot of them were created by community driven efforts, or small localized teams. The Linux community as a collective would fix those issues, because that's what the Linux community does. Most distros are a collaborative project, not some commercial product from a corporation. (although some of those do exist, just gotta avoid them)

Anyways, you can literally build your ISO from source if you don't want to use a distro and patch these flaws yourself. The very fact that you can, means someone else probably will too. So you're just objectively wrong there.

And the concern about browsers? People will just make their own alternatives. I'm currently using a custom browser with my own brand of encryption- So pretending like you're out of options here is just laughable.

 

[shrekexists]

Most Linux distros aren't created or maintained by the companies you speak of. A lot of them were created by community driven efforts, or small localized teams. The Linux community as a collective would fix those issues, because that's what the Linux community does. Most distros are a collaborative project, not some commercial product from a corporation. (although some of those do exist, just gotta avoid them)

Anyways, you can literally build your ISO from source if you don't want to use a distro and patch these flaws yourself. The very fact that you can, means someone else probably will too. So you're just objectively wrong there.

And the concern about browsers? People will just make their own alternatives. I'm currently using a custom browser with my own brand of encryption- So pretending like you're out of options here is just laughable.

You can audit Linux distributions right now and most of them have unpatched CVE and if you use ubuntu the main uk distro the entire universe repo has zero security patches. Linux is the way to go because like you said it can be read so I can say things like that for a fact. What would happen in a compromise is likely a hard fork away from Stallman and Linus. Red Hat and Google also contribute quite a lot to Linux along with Intel and AMD so while it's community corporations are part of it so it still needs to be audited like it was closed source. I'm pretty sure the USA military is involved in kernel maintenance too as in what Linus does but I hope they just protect people. I found it concerning shadow stacks was very downplayed when 6.5 came out when it's a major security update. 6.5 and above have full Intel CET support in kernel and userland depending on the distro so most security flaws just cause crashes instead of exploitation. The way the law is worded it seems they don't want Intel CET like features in operating systems like how Linux does it.

You should consider making sure your browser is fully compatible with Intel CET it's usually webasm and javascript just-in-time compilation that makes the hardware feature useless due to the required memory permissions so you could have your browser more secure than chrome and Firefox easily. For other people i recommend turning off just-in-time javascript and making sure they have a modern enough processor for shadow stacks. There is still a slight advantage of using clang for software shadow stacks if you can't upgrade but GCC only supports the better hardware version if you like most Linux users use that.

 

[mituzora]

Linux won't help you if the browser companies themselves aren't patching flaws and kernel flaws in Linux also apply to Android and ChromeOS so the gchq would be interested in them being secret. There wasn't much news about Linux 6.5 being a lot more secure with shadow stacks for example and most users of the kernel would be better off on 6.5 if they have hardware shadow stack support.

Post automatically merged: Aug 29, 2023

Netflix could of sold the data to Google but Google itself doesn't sell data it would help companies like Apple if they did. You need a alt email and a vpn so your data isn't tied together. If it still happens use a different credit card Google doesn't know about but hopefully they aren't that bad with it. Also make sure you aren't using third party cookies at all if both are from a browser. There's also a possibility they use the browser fingerprint for this but YouTube seems to only use the provided storage on browsers and IP for determining what shows up. Virtualization makes everyone have the same fingerprint provided they use the same virtual machine and operating system and set the hardware the same.

I appreciate the comment, however, I'm am well aware on how to separate my accounts from each other. The only link between the two is that I use my Facebook on my computer occasionally, and I had used the device that I used to access Netflix to access FB. The accounts have separate credit cards, separate e-mails, and while I didn't use a VPN (I refuse to use a VPN that I don't own the server, or know the owners of the server, so I won't use the typical pay-for VPN services) I did use the devices on separate networks. so it's likely that a cookie shared that information to my browser, but I use plugins to block third-party cookies on my computer.

However, that does not negate the fact that these larger companies do sell your data. sure, they may not sell it to direct competitors, but through several points of separation, I can definitely imagine that data gets sold to every large corporation that has interest in it, regardless of where it comes from. Sadly, it's a facet of life on the modern web.

Back to the point at-hand, no matter how you look at it, Apple or no Apple, actively pushing legislation to remove encryption and security patching is a really bad idea.

 

[shrekexists]

I appreciate the comment, however, I'm am well aware on how to separate my accounts from each other. The only link between the two is that I use my Facebook on my computer occasionally, and I had used the device that I used to access Netflix to access FB. The accounts have separate credit cards, separate e-mails, and while I didn't use a VPN (I refuse to use a VPN that I don't own the server, or know the owners of the server, so I won't use the typical pay-for VPN services) I did use the devices on separate networks. so it's likely that a cookie shared that information to my browser, but I use plugins to block third-party cookies on my computer.

However, that does not negate the fact that these larger companies do sell your data. sure, they may not sell it to direct competitors, but through several points of separation, I can definitely imagine that data gets sold to every large corporation that has interest in it, regardless of where it comes from. Sadly, it's a facet of life on the modern web.

Back to the point at-hand, no matter how you look at it, Apple or no Apple, actively pushing legislation to remove encryption and security patching is a really bad idea.

https://gbatemp.net/threads/cturt-r...-run-pirated-games-and-is-unpatchable.618927/ This wouldn't be possible with Intel CET and no just-in-time or even just a security patch to the games. It's a good example of how secure a updated browser without just-in-time compilation in a virtual machine actually is since that exploit couldn't leave the hypervisor.

Your credit cards likely sell your data but i'm not sure if anything else you interact with does. It isn't transaction data they sell and it's suppose to be anonymous. Offline stores do that too since they want to know if ads bring you in a store so it's possible it's more private to shop online. Most people on this site would probably have their data sold by credit card companies and Reddit if they have an account. I don't know if any of my data is sold at all but if the companies are truthful probably not.