Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Chromebooks for Risky Situations?

Jacob Appelbaum jacob at appelbaum.net
Thu Feb 7 12:10:40 PST 2013


Griffin Boyce:
> On Wed, Feb 6, 2013 at 5:16 PM, Jacob Appelbaum <jacob at appelbaum.net>wrote:
> 
>> A persistent backdoor on your Chromebook is not actually impossible.
>>
> 
>   As Nate (?) pointed out, hardware backdoors wouldn't be all that
> difficult to implement, especially for someone who travels a lot. A ten
> minute delay in releasing checked luggage, and the secure boot could be lot
> less secure.
> 

I'm not talking about a hardware backdoor. What happens when you install
a Chrome extension that does bad stuff? Their hardware security model
doesn't really come into play with such a vector.

Yeah, a hardware backdoor is also a problem but I was speaking
specifically about how ChromeOS doesn't actually reduce things to a
hardware tampering attack.

> 
>> Most of arguments I've heard here boil down to privileged wealthy people
>> complaining that learning and mutual aid or solidarity is simply too
>> hard. The worst is when people who train people in risky situations make
>> those kinds of statements.
>>
> 
>   As someone who is neither privileged nor wealthy, and who enjoys teaching
> people tech, I'm gonna chime in.
> 
>   It's untrue and assumes a LOT about motivation for both users and people
> training them. Chrome is not right for everyone. I don't use a chromebook
> and don't recommend it for most people. It's a vast improvement over
> Windows, particularly for people who wind up with backdoored bootleg
> XP-like operating systems.
> 

Free Software was my point, I couldn't really care less about Chrome.

>   Jake, you absolutely cannot equivocate your situation with most at-risk
> people for several reasons. You're at a high risk, moreso than most at-risk
> users. You're also highly intelligent and self-educated (and have the
> resources to educate yourself). You exist in a milieu where there are many
> who can give guidance on technology and security. You also have the
> economic advantage of being able to jettison software if you suspect it's
> been tampered with.  There are many different types of privilege at play,
> and not everyone is in the same situation.  It's important (IMO) to
> customize recommendations rather than make broad statements.
> 

Actually, I can and I just did so for a very good set of reasons. The
2703(d) order for my gmail account is exactly the same legal tool that
will and was likely used against others on this mailing list. The
exception is the attention and not the technique!

>   Would it be great if we could move everyone using malware-riddled Windows
> setups to Ubuntu, Debian, or BSD? Absolutely. If I could convince everyone
> I know to switch to Ubuntu, that would be fucking amazing.  But I've tried
> to convince numerous people to make the switch, and only a few were willing
> to try the USB stick. I think two have committed to dual-booting. And
> that's just the reality.

The reason that they won't is because people either lack the support (in
terms of software, human time, hardware drivers, etc) or they simply
don't understand *or* care about the reasons we've discussed endlessly
on this list.

All the best,
Jake

> 
> ~Griffin
> 
> 
> 
> --
> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 




More information about the liberationtech mailing list