I think people don't understand what this means either. the nation-state "agencies" that can and will get into your network/devices can do so because they would employ tactics like kidnapping and blackmailing a local telco field technician. or if it's your own government, they can show up with some police and tell them to do whatever and most will comply without even receiving a proper court order.
so unless you're worth all that trouble, you're really just trying to avoid being "low hanging fruit" compromised by some batch script probing known (and usually very old) vulnerabilities
I like the "gray man" concept, but can't predict when you end up on the radar or why. As a young graduate student, I once wrote an article that rebuffed the government's "Total Information Awareness" trial balloon and suddenly found myself embroiled in much unexpected controversy, including some big name journalists e-mailing me and asking questions. You just never know when you stumble into something that you're not supposed to know about and what might happen.
While having your own foundry is undoubtedly a good thing from the perspective of supply chain resiliency, if hacking is what you're worried about there are probably easier ways to mitigate (e.g. a bit more rigor in QC).
Roughly everybody you've ever met, 100% of the time.
There's a reason the NSA can get Intel CPUs without IME and you can't. Given the incentives and competence of the people involved, it's probably an intentional vulnerability that you can't escape because you don't fab your own chips. There's strong circumstantial evidence that Huawei got banned from selling their products in the US for doing the same thing. And the Crypto AG backdoor (in hardware but probably not in silicon) was probably central to a lot of 20th-century international relations, though that wasn't publicly known until much later.
And this is before we get into penny-ante malicious hardware like laser printer toner cartridges, carrier-locked cellphones, and HDMI copy protection.
No amount of QC is going to remove malicious hardware; at best, it can tell you it's there.
Either way this isnt a foundry covertly inserting a back door. It is a foundry openly inserting a back door and turning it into a feature.
A small country that imports these chips and wanted to protect its national security by providing "me disabled" chips wouldnt need a whole foundry of its own to turn it off or to verify that there isnt a "hidden" ME. The cost of this would probably run into low millions not billions.
Not exactly what you're asking, but multiple CVEs have been found in Intel's Management Engine (ME) which have been used in spyware.
It might not be an intentional backdoor, but it very much seems designed with out-of-band access in mind, with the AMT remote management features and the fact that the network controller has DMA (this enables packet interception).
Nah, if I manufactured my own silicon, I'd be infinitely more hackable than I am right now - just like if I wrote my own crypto code. 99.9999% of people are going to be more secure if they just rely on publicly accessible cryptography (and silicon). Otherwise you're just going to be making stupid mistakes that real cryptographers and security folks found and wrote defenses against three decades ago.
If you could make your own silicon, you could create a guild or a federation to audit it, and then your trust circle would be smaller and therefore safer.
>Otherwise you're just going to be making stupid mistakes that real cryptographers and security folks found and wrote defenses against three decades ago.
Yeah, thats the point, learn those same techniques, get it in the guild, and watch each others backs.
Rather than just 'trusting' some faceless war profiteers from the midst of an out of control military-industrial complex.
Do the bombs dropping in war zones avoid apolitical people? If not, when is the appropriate time to get sufficiently political to avoid having a bomb dropped on one's head?
"Keeping your head down" means not doing anything that would cause a government (especially your own) to want to disappear you.
If you vocally oppose your tyrannical government, you won't avoid a bomb on your head. In the best case you'll get a bullet through your head. Worst case, you spend a lifetime in a prison.
Very few individuals can influence whether or not bombs drop. The best way to avoid having bombs dropped on your head is moving to a place where fewer bombs are dropped.
>someone who just wants to get by in life and is content
"It’s the reductionist approach to life: if you keep it small, you’ll keep it under control. If you don’t make any noise, the bogeyman won’t find you. But it’s all an illusion, because they die too, those people who roll up their spirits into tiny little balls so as to be safe. Safe?! From what? Life is always on the edge of death; narrow streets lead to the same place as wide avenues, and a little candle burns itself out just like a flaming torch does."
That's stupid. It's not all an illusion. The scale definitely matters. If you are buying stocks you can make a profit as a little guy that if the big guys tried to do it they would quickly become the "market maker" and the strategy would not scale up. It's the same with criminal activity or insurgency--small mosquitoes are ignored while the major threats get swatted hard.
True enough. I'm content as long as I don't hear the news anywhere. Recently had my dad over and he can't go 5 minutes without the news on in the background. Really hard to be content then.
Downvoted, but so much evil is caused by people due to their distorted yet sincerely believed moral virtues. Not due to an absence of morality but because of it. Whatever you have in your mind as the image of quintessential evil is probably caused by those people's sincerely held moral system, a moral system they believed in as strongly as you do yours. So people who just live their lives and do not grasp on external change are fine by me.
Unless you believe in the extinction of bad people the burden of restoring normality is for everyone else. Those who are not part of the solution are not part of the problem, they are the problem. You cant have the problem without them and you cant have them without having the problems.
so unless you're worth all that trouble, you're really just trying to avoid being "low hanging fruit" compromised by some batch script probing known (and usually very old) vulnerabilities