- cross-posted to:
- linux@programming.dev
- cross-posted to:
- linux@programming.dev
Nothing has changed since then, except that folks are getting a wee bit more concerned about their privacy now that President Donald Trump is in charge of the US. You may have noticed that he and his regime love getting their hands on other people’s data.
Privacy isn’t the only issue. Can you trust Microsoft to deliver on its service promises under American political pressure? Ask the EU-based International Criminal Court (ICC) which after it issued arrest warrants for Israeli Prime Minister Benjamin Netanyahu for war crimes, Trump imposed sanctions on the ICC. Soon afterward, ICC’s chief prosecutor, Karim Khan, was reportedly locked out of his Microsoft email accounts. Coincidence? Some think not. Microsoft denies they had anything to do with this.
This reminds me of the time when Debian broke their OpenSSL and for two years, ssh keys generated on Debian were basically taken from a pool of only 32k different keys…
That time it was an honest mistake, but it would actually have been a very efficient attack too if it had been intentional. Imagine succeeding at getting your target to use private keys for ssh or ssl etc. from a tiny pool that makes something usually impossible to brute force suddenly trivial. And nobody noticed it for two years.
Well, in the case of closed-source software, you can be dead-sure it is already subverted. As are probably most networks.
In general, I think Linux’ many-eyes principle works quite well, just think in the case of the xz-utils backdoor which was caught before it reached large distributions.
I think the much larger risk hidden in plain sight is the amount of private and confidential data which is extracted and gathered from Windows and smart phone OSes. Doing that against the wish of the users makes it not better than malware.