HackerTrans
TopNewTrendsCommentsPastAskShowJobs

felsokning

no profile record

comments

felsokning
·9 months ago·discuss
I think you're conflating two precepts. Just because you can write an exploit, it doesn't - inherently - mean that you have the skills/knowledge/tools of where to look for all signs of exploit having occurred on your device(s).

From the inference of that logic, every developer should be able to use gdb or Windbg to ascertain where they shot themselves in the foot - but we know that this specific set of skills isn't inherently required to be a developer.

So, the same logic would be true here: Just because you can write a hand full of exploits, it doesn't inherently mean that you have the tools/know-how to be able to ascertain if any of all of the available exploits in the wild (or in private, re: tools for Trenchat) have been used on your phone.

Edit: gbd != gdb
felsokning
·2 years ago·discuss
> why people pay for 3rd party VPNs? It's far more secure to create your own wireguard/openvpn/whatever with a cheap VPS

Your comment seems to infer that you're unable to empathize with people who might think/understand differently than you. It also seems to negate that you avail of other services/non-self-controlled processes without worrying about the threat models, there.

Just hand-waiving with a "Why don't people just do 'x'?" is ironic - in the sense of "Why do you do your own medical care?" or "Why don't you grow your own food and slaughter your own animals?" or "Why don't you manufacture your own phone, it's operating system - oh, and the cellular tower closest to you?".

Threat models exist, _everywhere_, and it's impossible for someone to build all of the pieces, themselves, to prevent all threat models at every possible avenue/point.

In other words, at a non-arbitrary point, doing _everything_ yourself is untenable and that's precisely why services in society exist, today (that and ease of access, use, required foreknowledge, and - most notably - cost).
felsokning
·2 years ago·discuss
> for TLS traffic you need to also install onavo.

I'd be interested to know if it shipped as part of the Facebook SDK, as well.
felsokning
·2 years ago·discuss
From the inference of the commenter, I think they were referring to an app on a mobile device and not the device itself.

It also sounds like their issue was at the ISP provider level, as well, which takes the business out of the loop of being the data controller/owner (of the collected data) at that point.

Note: I'm not saying that your comment doesn't have merit, I just don't think that the points that you made apply - specifically - in this case?