Edit: Changed “the government” to “governments”

I mean, people say use end to end encryption, VPN, Tor, Open Source Operating System, but I think one thing missed is the hardware is not really open source, and theres no practical open source alternative for hardware. There’s Intel ME, AMD PSP, so there’s probably one in phones. How can people be so confident these encryption is gonna stop intelligence agencies?

  • Venator@lemmy.nz
    2·
    1 day ago

    modern AMD and Intel CPUs have the ability to run remote code signed by their manufacturer and snoop into memory.

    If US companies have data, then they’re legally obliged to make it available to the NSA (PATRIOT and CLOUD Act).

    The key used to sign the remote code could be considered data that they’re legally obliged to make available to the NSA? 🤷😅

    That said, the lengths they had to go to for stuxnet kinda implies it’s still not super easy to do, but I guess maybe they were using older cpus that don’t have the signed code vulnerability? 🤷