chappedafloat

joined 2 days ago
sorted by: new top controversial old
How big threat do you think Intel ME is in reality, not in theory? in c/privacy@lemmy.ml
[–] chappedafloat@lemmy.wtf 1 points 1 hour ago

I don't have experience with that yet. Are you talking about a PI hole? Can you give a little idea on how to make such firewall rules? Because I want to have a laptop with many VMs or Qubes and each VM has different firewall rules. An email qube would only allow connection to the email server. Maybe one of the safe browsing VMs would only allow connections to the websites I typically visit. The unsafe VM maybe to everything except for known bad IPs/domains.

And NSA and other potential adversaries most likely have access to at least one domain that isn't blocked by firewall.

How big threat do you think Intel ME is in reality, not in theory? in c/privacy@lemmy.ml
[–] chappedafloat@lemmy.wtf 19 points 2 days ago

NSA is infamous for illegal and unconstitutional mass surveillance.

56
How big threat do you think Intel ME is in reality, not in theory? (lemmy.wtf)
 

When it comes to Intel Management Engine, I actually think it's not a threat if you neutralize it. I mean to just set the HAP bit on it. Because if that isn't enough then that means all computers in the world which use Intel CPU can be accessed by NSA but if NSA had this much power then it seems obvious that they aren't using it and why wouldn't they use it?

There's a github project to neutralize/disbale Intel ME: https://github.com/corna/me_cleaner Disable is overwriting intel ME as much as possible with zeros, leaving only a little remaining to be able to boot the computer. The newer the intel chips are, the less likely it is to be able to disable it. But all chip sets can be neutralized which means to set the HAP bit which is an official feature. In theory we can't actually trust the HAP bit to really disable intel ME permanently. It's more like asking Intel to do what they have promised because it's proprietary. But I think it really does permanently disable it because otherwise NSA would be abusing this power.

That's why I think the newer laptop models are better because it's probably not necessary to disable, it's enough to just neutralize withthe HAP bit. And with a newer modern laptop they can have open source Embedded Controller firmware which is better than proprietary Embedded Controller firmware.

I'm interested to hear what you think as well.

Recommendation for Email-Provider in c/privacy@lemmy.ml
[–] chappedafloat@lemmy.wtf 1 points 2 days ago

Can I open an account with TOR browser and pay with monero without having to give any info like a secondary email or phone number?

Recommendation for Email-Provider in c/privacy@lemmy.ml
[–] chappedafloat@lemmy.wtf -1 points 2 days ago

I dont think it matters if an email service is a honeypot because if you want E2EE communication then use Signal, not email. And if you are sending emails to other email providers then there's probably not E2EE and it's unecessary to be a honeypot because the metadata can be collected anyway very easily. Almost all data passes through Google/Microsoft/Amazon/Cloudflare.

GrapheneOS, Pixel 8 Pro £709 or Pixel 9 Pro £1,099? in c/privacy@lemmy.ml
[–] chappedafloat@lemmy.wtf 2 points 2 days ago (1 children)

what kind of risks are there with buying a second hand phone? I don't know so much about how phones work. But for example with a laptop they could in theory implant all kinds of hidden spyware and backdoors in the firmware and it would be impossible to find it and remove it. The only protection against that is that we believe it's so unlikely someone random would do that. So that is just an example what I'm talking about when I ask about what the risks would be when buying a second hand phone?