|
There are multiple dimensions of threat. The first is from the police state angle. This is the one where the US Customs officials are demanding social media passwords from people with dark skin coming from certain countries, and is targeted at what ever the law enforcement or "homeland security" personnel are most worked up about. If you don't fall into the targeted categories, you will likely not notice it at all. I'm privileged in the US that I never get that treatment because I don't fall into that bucket. Similarly, if you don't fit whatever risk profile that say, the Chinese MSS are most concerned about, you won't see any issues either. As another example, if you are coming from a country that gives $8 billion dollars a year to Israel, your treatment will be very different than if you are of Palestinian descent. So a statement that a country has a really pleasant border crossing experience compared to "the police state that you are from" may be an egregious example of sampling error. Another dimension of threat is the targeted threat model. Examples of this include the French Secret Service leaving audio recording devices in the first class seats, so they could distribute economic espionage to French state-owned companies. Or of some country (NSA, MSS, BND) trying to get a toehold into some company's internal systems as preparation either for cyber defense, cyber attack, defending their country against the pernicious dissident movement, etc. There have been stories about laptops left in Chinese hotel rooms getting outfitted with keyboard bugs or other free hardware "upgrades". It's not clear how true those stories are, but again, since they are targeted attacks, just because you've never seen it happen doesn't mean much. Perhaps simply you never noticed the free hardware upgrade. Or the country has laws that prohibit using intelligence agencies from giving an advantage to that country's companies; or you are a citizen of that country and that automatically gives you significant protections over anyone else, for which anything is fair game because that country doesn't recognize privacy as a fundamental human right or views non-citizens located outside of the country as not having any constitutionally guaranteed rights. Or perhaps you simply don't work for a US defense contractor, or a large social media or search company, and so you were deemed too unimportant to bug. (Don't take it personally.) So the question of deciding what is the right level of paranoia is a tricky one, and I wouldn't be too quick to judge. Is wearing a seat belt in a car being too paranoid? After all, the vast majority of the time you don't need it. Does that mean you are a crackpot for insisting that you and your passengers wear a seat belt? Finally, note that the person who wrote the article is responsible for providing IT for kernel.org, Linus Torvalds and Greg K-H, and other kernel developers who have their git trees on the kernel.org system. How much security protections do you think we should be providing to make sure no one is trying to introduce a backdoor into the Linux kernel? |
somehow, a plane is so noisy that I cannot imagine this working :D