We see this kind of thread all the time. Is Tor compromised? Does the Linux kernel have a backdoor? Is Firefox botnet? Is Systemd botnet? All the threads seem to want to influence people to not believe in open source, and stay within the reach of various huge personal-data-selling corps and various intelligence agencies. "Stay on Windows, stay on Mac, keep using Gmail, privacy is dead, you cannot meaningfully oppose this, you cannot escape".
Here are the current stats: Tor: Acceptably safe, if you follow the intended guidelines. Linux kernel: No backdoor. Firefox: No "botnet", i e it doesn't have any hidden tracking features [1]. Systemd: No "botnet". No hidden features [2].
1. Telemetry can be disabled. If you believe they can be magically turned on again, then link a source for it. 2. Default DNS fallback is Google DNS, but this "will most likely never be needed" and can be manually changed.
Not expecting a lot from the shillers. It's easier to just make unfounded FUD shitposts
Adam Morgan
>Is X compromised?
yes, this why wayland is now a thing
Juan Nguyen
Bumping
Christopher Powell
Is OP compromised?
Brandon Foster
No one has pointed out the "OBVIOUS flaws" in the software yet. That's odd!
Christopher Bailey
It's funny considering that every shitposter seems to know that X is a botnet, but no one is willing to prove it.
Blake Anderson
Brainlet here, if the government owns tor nodes is it still good to use if you follow guidelines?
Bentley Jackson
Bumping for this. Can the exit node get any info on you?
Carson Kelly
An exit node can get info on what data it is retrieving and its previous node
so realistically they would need to have access to multiple nodes in your path to get information on you, but there are some analytic methods to get additional information about tor users that are too complicated for a brainlet like me to understand
look it up on arxiv
Ian Morales
yes. the government would have to own the majority of nodes for there to be a real problem. even then it still wouldn't be that useful as https is so prevelant, and hidden services are encrypted. tor are actively searching for bad nodes, though, so there's very little risk of any correlation. sniffing and exploiting gets you kicked off of the network.
Ryder Rivera
How could an exit node operator get caught sniffling and exploiting?
>the government would have to own the majority of nodes for there to be a real problem >implying they don't
Gavin Reed
>even then it still wouldn't be that useful as https is so prevelant moot point when cloudflare exists cloudflare completely breaks SSL
Standard SSL handshake: User -> website's key -> website User cloudflare's key -> cloudflare -> website's key -> website User
Jason Parker
And they say Americans aren't a race. I literally cannot tell anyone in that picture apart.
Austin Harris
Firefox spyware can be disabled...but Mozilla will add more and change your settings after every update.
Austin Powell
what about freenet?
Justin Lewis
Is this a conspiracy theory about conspiracy theories?
Adam Rivera
Windows telemetry turns on after updates.
Eli Robinson
Why would linux kernel have a backdoor
It's open source
Henry Bennett
>All the threads seem to want to influence people to not believe in open source, and stay within the reach of various huge personal-data-selling corps and various intelligence agencies. Are you saying this is a coördinated effort?
Isaiah Cook
>using cloudfare-based clearnet sites >using clearnet sites in the first place
Charles Gomez
bump
Matthew Davis
user, you're on a clearnet site.
Owen Myers
Needle in a haystack.
Luis Thomas
>the Linux kernel A bit of a redundant thing to say. What else would Linux be but a kernel?
Evan Butler
>Linux kernel: No backdoor.[1] Almost always contains proprietary blobs that can't be confirmed for anything really. Easily removable though.
systemd is one of those really big piles of poor code which should be considered compromised. Don't care if it's intentional or not. I can't say with any certainty that a serious exploit exists in ISC's dhclient - but I can tell you that it is an absolute certainty that several will be found in systemd the next 12 months. The quality control or lack there of in that project guarantees it.
As for backdoors in general: it's quite possible to make a minor subtle changes which have huge security implications (remember debians ssl "patch"?). It's always hard to tell if it's by design or not. If someone spots a "glitch" in a open source project then it's easy to say "oops we made a mistake there" and pretend you didn't know all along.
Aaron Gutierrez
I like this picture.
Isn't it fascinating how Christians always make the best programmers?
Kayden Robinson
black-pilled
John Thomas
Pretty much. Personally I'm thinking it's a gubment disinformation campaign to keep everyone here from questioning actually questionable things.
Daniel Torres
190 IQ cybersec genius here. Always keep in mind: >1. Think in probabilities, not absolutes (i.e. what are the degrees of "compromised" and how likey are they?) > 2. Have a threat model. i.e., 1024 bit keys are "compromised" but at astronomical cost. Many other attacks are very expensive. Others, not. > 3. Defense in depth If a single plausible "compromise" would have serious consequences, just don't do it. If there is a fallback (i.e. VPN for tracking, virtualized containers), use it. SPOF is sin.
Shit-flinging and agonizing about whether individual pieces of software are "compromised" is the lowest form of cybersec thinking.
Nathaniel James
Unless those monitoring systems are compromised.
Carter Long
Systemd may not be compromised (yet) but it is bloat and in my experience, terrible to use in comparison to say runit.
