[pdimitar]

Paranoid response alert:

This doesn't mean much, in my opinion. It might stop several thousand teams of garage hacker heroes but it's hard to argue it would stop NSA / GCHQ / anybody else on their level.

With all of the leaks (good chunk of them are just theories, admittedly) that claim that agencies can utilize hardware backdoors remotely, it's hard for me to imagine I am safe from snooping, ever. What good would a stronger SSL/TLS key do if the agencies can directly connect to my CPU? What good would a strong VPN and a network like Tor do if my NIC reports my traffic via a backdoor in its driver without a chance of me ever noticing?

I definitely agree some progress has been made. No two opinions about it.

I do question if these countermeasures achieve anything at all against the biggest and most formidable snoopers however. I feel like they are letting us argue over things they've cracked long ago and are letting us think we're safe.

Usually when public statements are made by them which try to smear/outlaw a technology, it's then I'd think the agencies are having a hard time. If they don't say anything, I'm presuming they got things well under control and where they want them to be.

Not the ideal theory but all of this reply was just my thoughts anyway. If I had any facts whatsoever, I'd most likely be in a prison, so there's that. We can mostly only theorize here.

[alanwatts]

Compromised endpoints is the elephant in the room in the crypto debate.

[pdimitar]

Indeed they are. And it's somewhat discouraging seeing people argue over the best encryption algorithm instead of trying to hunt down Intel's rootkits, for example. Again, I can't claim anything; I am just reading and hearing things. They might be total crap and I might be an idiot for thinking they might be true. But they're still worth considering IMO.

[kardos]

It's not at all discouraging to argue over the best encryption, it's plenty healthy to keep the research going so weak/defeated methods get deprecated and only the strongest remain in use.

But you're right that endpoint security is the next monumental task and the challenges are not entirely unknown [1]. How do you suggest we proceed to achieve trustworthy hardware?

[1] https://libreboot.org/faq/#intel

[pdimitar]

That's a very good question and a very tough one to answer. In my opinion we the humanity gave up the easy way to a secure and publicly audited hardware when Intel started growing. We lost the battle right there and then. To try and do the same they achieved in 10-15 years but be entirely transparent and auditable... seems impossible right now. :(

However, projects like Raspberry Pi are admirable and are efforts in the right direction (even though recently it has been questioned if it can be hacked the same way that Qualcomm-based Androids can). I recently heard about that 1000-core CPU as well. I wonder if that's entirely public? If it is, it might render the x86 / AMD64 model irrelevant so we shouldn't spend gigantic efforts in trying to catch up with 10-15 years of hard work from Intel.

So probably the general direction would be to make old and good hardware protocols famous by trying to "libre"-ify them and bring them up to speed to today's computational requirements (mind you, I still want to play my games on Ultra settings). Even if we start replacing things one by one, every iteration could decrease the attack sufrace. That'll force the malicious actors to take counter-measures; for example, I'd think trying to outlaw ARM (or economically attack its usage, which is the much more used way of doing things IMO) and only license Intel/AMD for certain applications would be a telling sign that somebody doesn't like what's happening.

I am not a hardware person (wish I was; I am not even electrical / electronical engineer!) but I am a privacy-conscious person, and quite paranoid too. I am sure there's a way but alas, I can't answer you in as constructive manner as I'd want to. I can only do a "boss speak" and be oblivious to the details. And at 36 with a well-built career I am beginning to doubt I'll ever try and become a hardcore hardware engineer in addition to my programming/sysadmin experience.

My apologies if I wasted your time reading this.

EDIT: btw, the linked article is scary....

[ogurechny]

A little remark: Raspberry Pi is a nice market for Broadcom, Premier Farnell and other big players involved in making it. It also has proprietary chip that needs closed source software to work (while Intel provides a lot of open source code).

I guess their project has been really successful if “privacy-conscious” and “paranoid” persons consider it “admirable” based on nothing but the internet hype.

[pdimitar]

You got me. I am not an expert. Your information is highly appreciated. This is not a sarcasm.

What would you recommend in terms of a really "libre" hardware?