> I can understand it may be the right approach from a day-to-day IT management perspective, but I'm not so sure it's the most viable path towards better security long-term.
Yeah, this is why I had the caveat:
> At least imho, given my time constraints/budget.
The "best" long term path is to have larger security budgets that allow for the objective you and the other folks who dislike my response want. The problem, frankly, is we just aren't there yet.
For instance, our budget for maintaining security is ~5% of the IT budget. A large portion of that goes to perimeter defense appliances (firewalls, barracuda antispam/antivirus filters, etc.) as well as making sure ublock, anti-malware, etc are installed on every machine. The other major chunk ends up in securing WAN-facing services that can be exploited remotely. The last major chunk is user training to get them to stop doing things like pay bills for services we never purchased, clicking on strange links, running strange attachments, etc.
After that, we have no resources to do more than run apt-get update && apt-get upgrade -y for protecting the attack surface once an account is breached. We've got a few things we had to re-compile ourselves manually and break with that process so we moved them out of the package manager for the OS. Our actual applications we build internally also likely have exploitable vulnerabilities if attacked from a local account. Those items never have the budget to be maintained and we certainly wouldn't survive someone taking over a local shell account.
I suspect given this is (roughly) the situation every place I've worked at, its simply too common to be an issue.
No VPN can reliably anonymize you against government agents so I think the con is a non-issue. VPNs are only really useful when the local network is hostile and/or you want some degree of privacy from the sites you visit.
Anyone with sigint capability is going to figure out who you are with a VPN. (i.e. Government agents)
Buy parts and run your own firewall/dns setup to drop anything odd.
Its honestly the only way to be "sure" if worry about a manufacturer doing that sort of thing. It won't be perfect but the odds of someone targeting you for hardware spyware is prettttttttty low. And most manufacturers of comp enthusiast parts know its suicide to do it mass-market like that.
> Isn't that just saying "I don't believe in multiuser systems and/or their security models"...? If so, what specifically do you have against them?
[Core Services] + SSH is generally something you can harden effectively against attacks.
[2903429034902323094230 binaries] is something you generally struggle to maintain security patches/etc on.
The simple fact is, there is just too much attack surface on a vanilla Linux box once you have an account that you can reliably do EVERYTHING you need to do to secure it 24/7/365.
> True, in theory, though in practice, i know plenty of capable people but almost none of them bothers to read the openssh source (or even a subset, like recent changes) before updating or recompiling.
For purposes of security paranoia, if you can perform a security audit on open source code it is just as good as any other code you've written.
Idk about other people but I find anything I don't find security holes in myself "as good" as anything I've written. I've got the same set of assumptions/blinders/competence either way.
> And, transmitting an URL usually has no use beyond accessing it. They are doing what the user expects, it's just lacking some communication and power-user tools to override the default behavior.
Let us just say there are certain things that can cause legal complications merely accessing it and not reporting it is technically still a crime.
To be fair, doing so would require a bunch of cache invalidations and they've always barely had enough money to limp on to the next investor. It would also likely be abused.
Its quite possible many features simply would raise their costs by .X% and therefore were impossible for that reason.
Yeah but tbh, its still not e2e encrypted. It just means WhatsApp is ignorant.
So they are in the clear legally, but morally, its still dubious to do that given its effectively disclosing what is often a substantial portion of the conversation.
I use the San Jose facility for my Linodes. I haven't had a problem since the rolling power outages years ago where Hurricane Electric's backup power failed to kick in.
It terms of a hostile 3rd party and not an automated system? 5 times.
Snoopy relatives of women I have dated a couple times, a couple times by PIs paid to track me down, and a stalker once.
So...yeah. It's a real problem and none of these people had a legitimate cause to do so. Even beyond FB, etc. I don't post my face online because of shit like that.
Other people have stopped posting pics of me as well, a couple people have been called based on my name being tagged to things on social media.
Honestly, I am more worried about the fact HN seems oblivious to the fact Twitter was being used as a targeted propaganda system by a foreign government than I am of censorship in the US.
Just have people opt in for NSFW content on their accounts. Leave them opted out by default (or public).
There is no reason it shouldn't be a human controlled flag.