Only you know about it, so only you can do it. Please do.
But there is no sense to hezitate about spies in the hardware and all those things were published regularly about hardware on russian sites.
Please try to imagine my perspective. Not speaking Russian, no sources, just one anonymous person making the claim.
And you would not trust to monopolistic corporations who took all the power into their hands.
Sure, I appreciated more competition in hardware market.
And you wrote about wireshark what we wanted to say... One approved public scanner for everyone. Isn't strange?
I guess there are multiple tools for that purpose, perhaps not that popular?
Also take into consideration that the hardware hidden chip may encrypt or steganograph the sent data turning them into numbers of packets all the non-text parts, different tls and other options. So even wireshark can be fooled if it is an honest software which we doubt.
Possible.
We deal with 0000 and 1111s in the form of electrical signals. Electricity can be run in a millions or billions of sideways not registered by the OS software because their level is lower.
Possible.
Network card just creats a separate channel in a hidden electrical frequency. As you may know network cards recognize the defined ranges of frequencies where they TAKE THOSE STREAMS OF 0000 and 1111s as electrical signal or to be more correct flashing of electrical signals. But imagine how easy it is to create a hidden frequency and even apply steganography to it, which is not even needed. And no other network card can read this frequency but the provider's HARDWARE CAN READ IT PERFECTLY. That's why your second PC's network card with wireshark will never see any information transmitted on that frequency and wireshark will fail under any condition even it's an honest software.
I am getting your basic point.
Do we have qualifications to study the entire frequency range of the entire electrical stream of the card?
I sure don't.
We do not have access to corporations' secret papers. And we must not be naive that soldiers of the new world order give us clean hardware.
Yes.
What we should do is to eliminate electricity completely...
Then we cannot communicate anymore? :)
It's interesting that tor/tails team never discuss or raise the questions about hardware spies as if they do not exist at all. Each new months we here a regular fairytale about found and fixed software holes. AND NOT A WORD ABOUT FIXING HARDWARE TRACKING!
Whonix doesn't say much about hardware backdoors either.
There is a little bit here:
I agree, that hardware backdoors are like the elephant in the room in the computer security community as well as in the Tor/Tails/Whonix/Anonymity community.
Also stylometry is the elephant in the room in the Tor/Tails/Whonix/Anonymity community. The thing is… Also see below.
Patrik, you are a nice guy but wasting time.
Only under your assumption. Your threat model is “let’s make it work against the most powerful adversary who introduced hardware backdoors”.
Whonix doesn’t claim being able to defeat such powerful adversaries yet:
Sure, it would be nice if we could do that, but that’s a long way. Better don’t hold your breath for that moment.
Even if Whonix only helps in weaker threat models such as to stop stalkers, then this has value. As long as Whonix helps anyone besides me, it is meaningful work.
The thing is… You gotta start somewhere. Developing hardware is very difficult. Making proof and verifiable of being backdoor free is even more difficult. In relation to that, developing Whonix is much simpler, see:
So there are people who develop privacy preserving software. And Tor/Tails/Whonix are among them.
Accusing people who actually do something for not doing something else is in my opinion not very helpful.
It’s like in politics. Some people use their time to advocate peace. Others advocate better economic systems that can sustain without war. The people advocating better economic systems accusing peace activist for not working on better economic systems and vice versa makes no point. You cannot do everything at the same time. That is our division of labor system. So if you want to accuse someone, then please accuse the ones, who’re not engaged in any activity to improve the world, who have the ability and time to do so.
And in computer security, I think it makes little sense accusing the people who work on privacy preserving software for not working on verifiable backdoor free hardware. This doesn’t mean we shouldn’t have better documentation for hardware backdoors. Feel free to contribute them. If there is some day verifiable backdoor free hardware, I will be very happy to recommend on whonix.org using that verifiable backdoor free hardware over today’s hardware.
There are a very few people who work on Free Software / Open Source and/or even verifiable backdoor free hardware. I am sure they urgently need support. Be it developers, financial support, advocates or else. Perhaps it’s really the most neglected and most important piece of computer security.
So if one has the choice to either contribute to Whonix or on verifiable backdoor free hardware, please rather contribute to the latter.
But then again, I am sure someone somewhere sometime will show up and tell the people working on verifiable backdoor free hardware, that they are wasting their time, since they are not working on secure verifiable backdoor free kernel or operating system. So when they finished verifiable backdoor free hardware, there will be no secure software to run on top. And someone else will complain, why work on hardware security, if you could be a political activist to advocate preventing people from getting in position to develop hardware backdoors in the first place? Things like advocating transparency, prevention of monopolies and other things could do the trick in a sustainable way by fixing the root of the issue rather than working on the symptoms (hardware backdoors).
When we get some day hopefully verifiable backdoor free hardware, then the research and development of privacy preserving software will be progressed a lot. We then simply switch to verifiable backdoor free hardware. So for now, I rather do something within my ability, than doing nothing. And Whonix is just one project of mine. I am also a political activist.
So 1guest, my rhetoric question for you, what is it that you do to strive for a better world. For one, why not help the people working on verifiable backdoor free software with fundraising or something else.