Americans need to be wary of the CIA and NSA, not the CPC. It's that simple.
this post was submitted on 02 Jan 2025
75 points (98.7% liked)
technology
23559 readers
1 users here now
On the road to fully automated luxury gay space communism.
Spreading Linux propaganda since 2020
- Ways to run Microsoft/Adobe and more on Linux
- The Ultimate FOSS Guide For Android
- Great libre software on Windows
- Hey you, the lib still using Chrome. Read this post!
Rules:
- 1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
- 2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
- 3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
- 4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
- 5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
- 6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
- 7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.
founded 4 years ago
MODERATORS
It's incredible how much this flies over the heads of the average person I talk to about security shit.
All the stuff Snowden leaked about the US government owning everyone’s shit has been suppressed in favour of pro-US propaganda about China maybe doing the same thing, without any real publicly provided evidence.
yeah I'm guessing it's most of the anglosphere. five-eyes stay watchin.
Please don't tell me Xiaomi has this issue because I've got a mesh system from them
Oh it does. Diagnosis: Terminally Chinese, not under control of western intelligence for planting backdoors.
Xiaomi was one of nine companies designated as a CCMC on Jan. 14, 2021.
Xiaomi filed a lawsuit over its inclusion on Jan. 29, 2021, against DoD and its Secretary, the U.S. Department of the Treasury and its Secretary, and the U.S. president in the District Court (Xiaomi Corporation v. U.S. Department Of Defense et. al., Complaint; Civil Docket No. 21-cv-00280).
On March 12, 2021, Judge Contreras issued an order preliminarily enjoining the implementation and enforcement of the prohibitions against Xiaomi, which the U.S. government decided not to appeal.
Instead, the DoD indicated that it would settle the lawsuit and remove Xiaomi from the CCMC list.
D-Link routers have so many holes
I found a YouTube link in your comment. Here are links to the same video on alternative frontends that protect your privacy:
I'm not ready to buy into all of the hype, however, the scary thing about such a supply-chain hack is that it could potentially be deep in the firmware or even the hardware itself. I have a couple of TP-Link devices flashed with OpenWRT, but even that wouldn't necessarily be enough to stop a really dedicated bad actor. If TP-Link or some state actor working with them wanted to, they could certainly still have hidden hardware tweaks that would let them brick the device with a well-crafted packet or the like. Taking it over for some botnet or spying purpose would be harder but not out of the question. Bottom line, if you can't trust the hardware itself, you can't trust anything happening on the hardware either.
I think the problem here is that an entirely US based supply chain doesn't solve this problem, which is the justification being made for potentially banning these devices. We would require a massive overhaul of the electronics manufacturing process to eliminate all chance for these sorts of hypothetical backdoors.
Well, an entirely US supply-chain means that the US gets to potentially backdoor the devices, not China, and that sort of argument does well these days :)
And honestly the "telemetry" that most vendors already send back with our full knowledge is barely a step away from this anyway.
I'm not convinced either way. But do you know how much notoriety would come out of proving a massive malware campaign in a major, worldwide brand!? I have a hard time believing the talented, security-minded people checking these devices out have all missed something, every single time. It would take one proven example to tank the entire brand and then it's not even a viable malware distributor, much less profitable...
Bottom line, if you can't trust the hardware itself, you can't trust anything happening on the hardware either.
True, but where are you going to find trustworthy hardware? The US is at least as likely to backdoor hardware as China.
I've got a TP-Link router, and my main gripe is that it doesn't do NAT hairpinning, which limits the value of a VPN to my home network.
CNET has several TP-Link models on our lists of the best Wi-Fi routers and will monitor this story closely to see if we need to reevaluate those choices. While our evaluation of the hardware hasn't changed, we're pausing our recommendations of TP-Link routers until we learn more.
It's pretty lame for CNET to say "we've evaluated the hardware, it's good, but we won't recommend them while the US Government is investigating them." Obviously it'd be a different thing if they were all proven to be more insecure than other brands by cyber security experts...
yeah it's really more that they'e indicating to the government thst they'll toe the government line