HackerTrans
TopNewTrendsCommentsPastAskShowJobs

PrimaryAlibi

no profile record

Submissions

Ask HN: Is discrete TPM worth it? with QubesOS/aem/heads/Intel-me disabled

2 points·by PrimaryAlibi·el año pasado·1 comments

Ask HN: Can you avoid being personally identified (and tracked) by recaptcha?

2 points·by PrimaryAlibi·hace 2 años·2 comments

Ask HN: Why do laptop chargers have data wires?

17 points·by PrimaryAlibi·hace 2 años·53 comments

Ask HN: Too theoretical for hackers to flash your firmware excluding boot ROM?

3 points·by PrimaryAlibi·hace 2 años·13 comments

[untitled]

10 points·by PrimaryAlibi·hace 2 años·0 comments

Which hardware parts in a laptop should/can you verify before buying?

2 points·by PrimaryAlibi·hace 2 años·0 comments

Counter argument against QubesOS more secure by being a type 1 hypervisor

2 points·by PrimaryAlibi·hace 2 años·1 comments

How to verify boot firmware integrity if you prioritize neutralizing Intel ME?

25 points·by PrimaryAlibi·hace 2 años·30 comments

How much do you trust your Linux distro devs?

6 points·by PrimaryAlibi·hace 2 años·8 comments

Does mass surveillance make you feel isolated?

4 points·by PrimaryAlibi·hace 2 años·3 comments

Is there a solution to the trust problem when installing apps?

6 points·by PrimaryAlibi·hace 2 años·4 comments

comments

PrimaryAlibi
·hace 2 años·discuss
It's fact that it's possible, the question is just if Google is doing it. I know some apps that have been proven to track mouse movement to identify users and prevent botting. They want to identify users because it's against ToS to have multiple accounts and also to prevent banned users from making new accounts. Tracking mouse movement is extremely accurate way to uniquely identify users. Google would have no problems doing this if they wanted to, the question is just if they are doing that. I think it would be coping to say they aren't but that's my opinion based on my perspective on big tech and google.
PrimaryAlibi
·hace 2 años·discuss
Everyone reading this should start to contact websites/companies who use cloudflare and tell them in simple and few words that it's a problem and link them to a video or article that explains more, maybe even to this HN topic. We are not many, maybe 1-2% of their users/customers I keep reading people saying but I have in the past been able to get big tech companies to change to a friendlier tech. You would be surprised how effective it is to contact them about it. Maybe they have a tech support who already has same opinion as you but they can't make any change until a customer makes a complaint about it, then they happily see it as their opporunity to finally make a change.
PrimaryAlibi
·hace 2 años·discuss
That's same for almost all surveillance/tracking tech. It's always trivial for criminals/abusers to bypass. The surveillance is just about controlling the sheep.
PrimaryAlibi
·hace 2 años·discuss
To become a freelancer you first need to be a professional with a lot of work experience. Then you can start doing some freelance on the side and make it grow. It's very difficult to start your career as freelance.

To find part time job you first need to be able to find a job at all.

Basically no matter what, it all begins with getting work experience, probably full time, then after that you can start looking for part time or freelance.
PrimaryAlibi
·hace 2 años·discuss
So the charger won't work without the data wire and it could destroy the laptop. It's so crazy because I've seen in these tech communities people saying it's recommended to cut the data wires and everyone is upvoting it. I guess that's another popular misconception going around that it's generally fine to cut a data wire.
PrimaryAlibi
·hace 2 años·discuss
But my questions aren't extremely general, i even asked very specifically if you are supposed to attach an external programmer to the component like keyboard or cam etc but you can't even answer that. You can't even give one example. Are you saying there is nothing at all in common with different device models like camera model b and camera model c? You don't physically manipulate with them in any way? Don't attach anything or what? Or do you shine a light on one model and breath on another? When you can't even make one example that makes it hard to believe you. You are just constantly deflecting and refusing to explain. It just seems like you are spreading FUD when you say it can be done but wont explain how. I'm not even asking for full step by step instruction, just a simple overview of what kind of process it is in general.
PrimaryAlibi
·hace 2 años·discuss
These are the type of vague answers i said i didn't want because they are not helpful. How do i know if you really know what you are talking about? No explanations or links to sources. "depends on the device" is almost not an answer at all.

BIOS password does help if they need to be able to boot from usb drive to flash firmware. Or do you know another way? Again, not talking about boot rom.
PrimaryAlibi
·hace 2 años·discuss
How would it be done externally? Is it done same way as flashing the boot rom? You just need to know where the chip is for the other components? No 0-days needed? Or do you need a 0-day to do this? Is that why you think only foreign intelligence agencies are the ones who can do this? Also assume that the bios is password protected and it's configured in bios to not boot from a USB drive.
PrimaryAlibi
·hace 2 años·discuss
I asked about 0-day because I dont think anyone would use that on me. So if I know that it can only be done with a 0-day then I would practically be secure.

The first paragraph you made doesn't sound so convincing though with mostly "probably" and no source or explanation other than intel has put a lot of effort into protecting the boot rom and EC. If you or someone could elaborate further that would be great.
PrimaryAlibi
·hace 2 años·discuss
good answer, I will read more about uefi bootkits and blacklotus. It also reminds me that recently bootkitty uefi bootkit was in news. i saw a video about it a couple days ago.

Is it just from userspace you flash these firmware (other than boot rom)? Or can you flash externally as well if you have physical access?

This also means that just like you avoid a lot of malware by going to linux instead of windows which is what all hackers build their malware for, you can probably also avoid a lot of these firmware bootkits by flashing coreboot instead of having UEFI.
PrimaryAlibi
·hace 2 años·discuss
I think most people already know that air pollution is bad for health. The question is how big part in all these deaths did the air pollution have. Are those face masks people use to "protect" themselves from covid effective at protecting from air pollution? I don't even know if asking these questions is worth it when there is so much censorship.
PrimaryAlibi
·hace 2 años·discuss
I have been making youtube videos for a long time on many different accounts. I don't know what else to say except try to choose topics that youtube won't give you trouble over so avoid things like privacy, crypto, politics. Then you just keep making videos and one day you win the lottery when the algorithm finally shines the light on you.
PrimaryAlibi
·hace 2 años·discuss
I think you have the same problem either way. NSA (most likely) recently was caught for putting backdoor in IOS. It doesn't matter how big the brand is.

Unfortunately it comes down to just needing to learn how to verify the hardware. If you only trust then you have lost.
PrimaryAlibi
·hace 2 años·discuss
Yeah I didn't know it was possible because some laptops have the TPM in a seperate chipset than the one that has intel me. I thought they only set the hap bit to neutralize but I learned here that they can also disable it on laptops that have TPM on a 2nd chipset.
PrimaryAlibi
·hace 2 años·discuss
Maybe I misunderstand you what you mean with a clone of the computer. Do you mean take my entire computer and replace it with a completely different computer that is the same model? Because if that is what you mean then they can't clone the tamper evident container because then it wouldn't be tamper evident. Glitter nail polish for example couldn't be cloned because the pattern would be different on the second computer which is the clone.

Or do you mean to do everything on my computer without having access to any hardware/firmware? You would just simply boot up the computer and somehow hack it? How?
PrimaryAlibi
·hace 2 años·discuss
I don't think there is any best place but if there was then it would be on an .onion site because without anonymity there will be censorship and people can go to prison. I wouldn't be surprised if UK soon begins searching for people who have supported Telegram CEO and then sending them to prison just like they are calling twitter users terrorists who retweet ongoing protests. Even Elon Musk is a terrorist according to UK. You better make sure your posts commenting on Telegram's CEO arrest can't be traced back to you.
PrimaryAlibi
·hace 2 años·discuss
Do you mean to use VNC to access your data? Because that sounds very difficult to secure and also do maintenance when you are never onsite. The host computer that has your data would have same problems as what this topic is about but now you can't even check for tamper evidence because you are not onsite.

Or do you mean to encrypt your data and upload to the cloud? Then download the data when you need to use it? And how are you managing all the passwords and encryption keys? I think you would need to keep quite a bit of sensitive data on that travel computer so you would need tamper evidence on it as well.

Or I think I must be completely missing out on something here what you are saying. Maybe you can elaborate a bit? It sounds interesting.
PrimaryAlibi
·hace 2 años·discuss
I made a mistake when I wrote the post mixing up disable and neutralized but I hoped everyone would understand I'm talking about disabling it.
PrimaryAlibi
·hace 2 años·discuss
They first have to get through the glitter nail polish protection without evidence. That's the point of the glitter nail polish, tamper evidence.
PrimaryAlibi
·hace 2 años·discuss
If we have a container that is tamper evident then they can't do all those computer modifications you mentioned without we finding out the computer has been tampered with.