A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 57 users / day
- 383 users / week
- 1.5K users / month
- 5.7K users / 6 months
- 1 subscriber
- 2.97K Posts
- 74.6K Comments
- Modlog
This is a masterclass in how to write a slanted story.
It’s definitely interesting that MI6 spied on the PLA through an Apple smartwatch. Did that happen because it was an Apple smartwatch? Or did they just break into it the same way they would break into a Microsoft, Samsung, or Jetstream device?
I don’t actually know the answer to that question, but the way the story is phrased makes me think that if it was the first one, we definitely would have heard about it explicitly.
I had the ability to wake up and eat a pile of wood chips this morning, but I didn’t. Has Apple actually done any of these things? Or are you just trying to make them sound shitty by implication, for reasons of your own?
US tech is backdoored just as hard as chinese stuff. None of the companies involved need to know when and for what the government uses backdoors, so they generally don’t.
I don’t really know, any more than you do, but I assume that this is true yes. There’s a whole fascinating story to be written about it. This story isn’t it. Among other things, blaming Apple for that situation when they’ve explicitly told the US government to get fucked in re its surveillance requests when they had no reason to, is obviously misleading to the reader and unfair to Apple.
(Actually I’d take issue with “just as hard as Chinese stuff,” since Tiktok is more explicitly malicious than pretty much any other category of compromised software, which is saying quite a lot. But in general I agree with you.)
Tiktok is indeed more malicious than any other app I can think of, but it isn’t a backdoor.
According to this guy, that’s exactly what it is – he claimed that at least on the Android version, it’s got functionality to download arbitrary new binaries and start running them when instructed to by its central servers. That’s alongside other worrying things like always-on location tracking and storage, code injection to any web site you visit through their browser, and perusal of all your contacts and messages.
I remember seeing the same thing claimed in more authoritative analyses of the thing, but for some reason I can’t find them now, so we have to take it with a grain of salt I guess. But in my mind (based on my memory of reading things like the link above) it’s extremely maliciously designed.
Downloading and running binaries isn’t anything to worry about. Many apps do that to circumvent the update delays that apple and google put in place.
Browsers also download and run code from any website you visit. The security measures make sure that this code can’t just do anything, just like on android.
Source?
Accurate, yes.
Lol can I send you an Android binary to run which has the ability to use your camera and microphone and read your text messages, files, and contacts? Like Tiktok does. Don’t worry, it can’t just do anything.
So the argument isn’t that downloading a running a new binary will somehow give Tiktok new capabilities within the security model that weren’t there for the previous code. The argument is that (a) the security measures in place are way too weak and (b) the ability for any individual device to download and run new custom functionality on-demand enables someone to add new functionality to any individual device, outside the main channel of updates for everyone’s devices. What do you think the word “backdoor” means, if not that?
Ripped right from wikipedia: “A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product […].”
Given you can’t be arsed to google that on your own, I don’t see s point in arguing.
Hm… I do kind of get what you’re saying now. I just don’t agree with this limited way of applying the term. I do know what a backdoor is, yes.
So: If you have a remote shell program like sshd, it can do what it does. There might be malicious code inside, there might not. But if we said specifically that it had a “backdoor,” that would mean that it can also accept arbitrary login requests (bypassing the normal authentication) for someone to log in and run arbitrary commands. That’s a backdoor. The code’s still running within the context of the terminal program, but what makes it a backdoor is that it’s doing it on demand from some remote user. Yes?
If you had a social media program like Tiktok, it can do what it does. There might be malicious code inside, there might not. But if we said it had a “backdoor,” that would mean that it can also execute arbitrary code (bypassing the normal authentication of downloaded apps) for someone to run arbitrary code. That’s a backdoor. The code’s still running within the security context of the app, but what makes it a backdoor is that it’s doing it on demand from some remote user.
There’s another related definition where “backdoor” means a secret way of escalating privileges, but that up above is the context where I’m using it, which is also consistent with Wikipedia’s definition. You’re free to not agree with my definitions, I don’t wanna argue any more than you do and I’m happy if you want to use the word however you want. But that’s how I see it.