The NSA aren't magic unbeatable adversaries though. I would say Precursor will be pretty tough for the NSA to find a way to backdoor.https://www.crowdsupply.com/sutajio-kosagi/precursor/updates/crowdfunding-begins …
-
-
Replying to @marcan42 @ortegaalfredo
(as a TL;DR, the hardware is user-verifiable, and the FPGA-based approach makes it infeasible to build universal backdoors into the main IC)
1 reply 0 retweets 1 like -
Replying to @marcan42
It's an adversary with unknown capabilities and 10B yearly budget. You can replace NSA with any other infinite-resource adversary. I.E. Signal is not invulnerable to exploits.
1 reply 0 retweets 2 likes -
Replying to @ortegaalfredo @marcan42
if you're a ‘person of interest’ for any of a number of agencies, you're screwed. even if you're not in the Internet. but in most cases, this is just a search for a good tool against a resource & time-bounded adversary.
1 reply 0 retweets 3 likes -
(btw. the _disclosed_ US intel budget for 2020 was USD 8.58e10 [6.27e10 'national intel' + 2.31e10 military intel)
1 reply 0 retweets 1 like -
Replying to @NetNezva @ortegaalfredo
Infinite cash can't magically build bitstream decompilation and automated backdoor injection capabilities into an FPGA. It's designed to be trustable based on how technology is fundamentally limited by reality. Read the docs.
1 reply 0 retweets 1 like -
Of course if the code has a bug they can exploit it, but it's designed to be a small system with a very small surface area to exploit, and verifiable code. You are many, many orders of magnitude more likely to be secure on Precursor than on a random Android phone.
2 replies 0 retweets 1 like -
Alfredo Ortega Retweeted Alfredo Ortega
That kind of specialized hardware stops many attacks against Signal but not all because Signal itself has a big attack surface. Particularly it wouldn't have stopped things like this.https://twitter.com/ortegaalfredo/status/995017143002509313 …
Alfredo Ortega added,
2 replies 0 retweets 2 likes -
I realized precursor can't run Android nor Signal. Well I guess that's a way to secure software. It's basically the OpenBSD approach, it works.
1 reply 0 retweets 0 likes -
Replying to @ortegaalfredo @NetNezva
It can certainly run the Signal protocol, which is what matters.
1 reply 0 retweets 1 like
But yes, if the question is "are you screwed against the NSA if you run an Android phone", the answer is yes. (You're also screwed against every other government, including non intelligence agencies, because they'll just buy NSO's stuff)
7:55 AM - 8 Jan 2021
0 replies
0 retweets
3 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.