1. On the language you use. Personally I like the way you express yourself and am relieved that some people show higher cognitive functions. I'd prefer you not to dumb down what you say.
2. On detailed instructions on technically altering devices etc. 1) Agreed that the general Internet, as it's panned out, is somewhat useless in this regard. Take a look at Google or Stackoverflow to see, from time to time, anything useful swamped by the other. 2) Personally I avoid video and audio only content, to a large degree. I prefer written content, images and interactives. If you go for audio I suggest a transcript too.
3. Reducing exploitation of mankind goes a lot wider than operations like NSO. It's important, there's signs of cognitive decline in many countries, which may result from such exploitation.
For #1, I also agree - in order to effectively resist against criminals of the highest caliber hiding their rather ordinary motives behind technical buzzwords meant to confuse non-audience members and to make themselves sound smart, you also need to be as articulate - if not more so - to meaningfully resist, but with the antidote of razor sharp clarity in order to pull down those false curtains.
In the contemporary state of the internet - full of mind numbing pseudo-content that artificially induces ADHD and conveniently distracts the general public from discussing legitimate issues, such as the NSO Group's Pegasus - reading coherent long-form written pieces created wth a slow yet steady pace is amazingly soothing in this uncertain day and age.
As a Spanish speaker, it is a bit hard to read your posts but at some sense it is what I was looking for, If I can improve my English vocabulary while reading something that interest me I will take the extra effort. Personally I am relatively young and since about 2 years when I started to learn about programming and technology world and how every thing seems to be intercepted and used by governments and other entities I started to fell anxiety. I sleep badly since my research starts. Some times only want to learn enough in some way to prevent them from gaining power, but people usually said things like: "I got nothing to hide". That is what more empower them, the lazyness and the blind faith people put on systems they do not understand, they want to rest after work and enjoy their time. I understand that, but all that priviledge depends on how you stand their feet. The most of us got nothing to hide, we are nothing, but they are what they are because they can do what we, nothing, leave them to do, then will be too late to cry. Some day we all will got something to hide. I can not imagine the pressure you had bein enduring, and still keep going. I will read you an keep learning as much as I can. I do not want a world where sheeps bleats that the dog is doing his work well, and they have nothing to hide from the pastor. Thank you for your work sorry for my English writting capabilities.
Long time "listener", first time subscriber. I'm glad to see you're writing in more longform. I've actually blocked twitter out of my system at the DNS level, since it has turned into a distributed drama delivery system. I'm far more interested in deep and thoughtful observations than soundbytes.
However, there is one question which has bothered me for years, and I'm happy to finally have a chance to ask it to you directly. I've followed your actions (and those of Binney, Manning, Drake, and a growing list of others) for years, and I am encouraged that so many people are pushing back against the Military Industrial Complex. I very much want to see it reformed, and I'd like the American system to work in a way that actually supports people and principle.
Therefore, I must ask quite bluntly: why have we not yet seen any documents which would allow an individual standing to bring a lawsuit against the NSA?
I like the way you write. I don't see any need for you to change it. I trust you not to use unnecessarily pompous language and I can't say I've encountered it in your writing at all. The last thing I want to read is yet another generic article that can be easily skimmed through. I would greatly prefer something that requires me to slow down and pay attention to the details, and that's what I've come to expect from you.
When it comes to audio, it would be nice to also have a transcript we can read.
Some practical advice would be very much appreciated. I would like to read your take on subjects like buying hardware for Qubes and recommended usage of GrapheneOS (I believe the lead developer has stated that GrapheneOS's airplane mode really does disable the modem, but I lack the technical knowledge to confirm it).
What he writes does make a certain logical sense, but it's been my experience that in the GrapheneOS Matrix channel and the channel run by this Whonix dev, concerns about NSA backdoors in the products of big tech companies are often dismissed as "FUD". In the light of what you brought to public consciousness through your whistleblowing efforts, this baffles me.
Lastly, I would like to congratulate you on becoming a father. It's very belated, I know, but I wanted to say it nonetheless.
I'd have to agree with you - I sort of raise an eyebrow at most of what was originally written in Madaidan's security/privacy advice & the constantly dismissive "FUD" attitude in the GrapheneOS Matrix room. The information is "correct", but nothing outside of the page recommending Signal is usable or actionable to anyone who doesn't have a literal copy of Madaidan's background knowledge ... I'll leave it at that for now.
For targeted surveillance, it is known that the CIA/NSA will intercept mailed deliveries of computers and other hardware in order to covertly insert malicious computer chips inside of targeted victim's computers before sending the package back to its intended destination. (Also, remember the Clipper chip?) This is the technology landscape and climate that precipitated interdiction services being provided for the Insurgo PrivacyBeast X230 or the NitroPad.
Also, I'm not really sure how many people are going to follow that advice given from that site for securing a Linux distribution and ultimately getting it to work with Secure Boot.
I don't think too many everyday people are going to want to build such a thing from scratch with Gentoo, Void, or Alpine Linux... though if we are going to talk about such things with such great depth, it's probably more appropriate in a private discussion or consultation, where most technical matters are sorted out. If I followed the Madaidan guide to Linux hardening, then I'd probably get frustrated enough during the process to throw out any digital device into the ocean that I still have at home - which is littering.
Even though I am not an actual security expert, personally I'd rather take my chances with a Linux machine (with all of its inherent "security" failings) installed with Secure Boot turned off than to use Windows taking up half of my available RAM for no good reason at idle (other than most likely phoning home to Microsoft).
I certainly don't believe that using Linux makes me invincible - all I know is that Linux won't be exploited in the same way that Windows will be (not to belabor the obvious), which is currently good enough for my purposes right now. I'm not trying to guard against targeted attacks from TLAs or some IC agency. In fact, Item #42 in the NSA ANT catalog in 2008 (on Wikipedia) states: "SWAP: Technology that can reflash the BIOS of multiprocessor systems that run FreeBSD, Linux, Solaris, or Windows." Clearly any TLA can target Linux machines, if it needs to.
Despite this, I would prefer to never use Windows ever again (except for Windows exclusive programs and other such scenarios) because I'm not waiting to become collateral to another wide nation-state related cyberattack that can easily be entirely avoided by avoiding Windows (such as Stuxnet, Duqu, Flame, or Wannacry).
So, it would be very helpful to have some sort of guidelines for securing desktops/laptops - the closest analogue to GrapheneOS on smartphones will be greatly appreciated. As stated on Twitter, the low details change over time, but the high level principles tend to stay more or less the same.
"If you like, I might also be able to bring in some real experts to chat about some of the more complex problems in more depth. Let me know in the comments if audio content like that is of interest."
1. If you are concerned about improving accessibility to people then I would recommend that you reach out to someone like The Hated One (https://www.youtube.com/c/TheHatedOne/featured) who makes videos on privacy intended for larger audiences. (Some of his videos have pretty clickbaity titles, but the content is well-sourced and easily understandable for those of us less technically inclined)
2. I'm always happy to hear more audio content. Seeing you on Joe Rogan made a great impression and it was nice to hear you go more into depth with your thoughts as opposed to media interviews for 5 minute stories.
After reading some other feedback I agree that the main content should be written. Especially when it comes to tutorials you just cannot get the same level of understanding and accessibility with audio or video as you can with a written guide and a couple pictures!
Technology is continuing to change at an exponential rate. I think practical, actionable information on security and privacy is critical for people to be able to continue to function with any degree of autonomy. Search engines will always find or cache information that has or will become outdated. Perhaps with that caveat it might be possible for you to provide guidance in a format that is easy to update and find so that the latest information will be available.
Interesting discussion, my view is that the problem of the insecurity industry must necessarily be tackled together with that of surveillance, not least the commercial one. Here we already have a big problem, because even if it could be solved in a regulatory way (for example banning profiling and micro targeting) from a systemic point of view it would have an important financial impact: I fear that there is an ecosystem of companies and related investment funds out there, of such size that it is.. too big to fail
This is sort of coming out of left field, but I thought of this after slightly wincing at the thought of taking apart a modern smartphone (i.e., one created withing the past year) apart in order to de-solder the microphones. Personally, I think there is a "conspiracy" out there to fabricate modern devices in such a way that makes them so difficult to reasonably open up for modifications - let alone just to replace a dead non-removable battery.
Of course, by "conspiracy", I mean the ones described by the post from June 29th: "open and notorious — not theories, but practices expressed through law and policy, technology, and finance." The current non-repairability trends in tech meet this perfect trinity of conditions: there are currently no meaningful laws or policy governing repairability (but there are efforts being made to remedy this); technology companies try to trick customers into believing the fads of non-replaceable batteries and glued-shut designs are signs of the inevitable future of alleged "progress"; and fiance can only win if customers always resort to buying a newer more non-repairable device instead of trying to fix their older but otherwise acceptable devices.
Within the last 5 years (if not more), smartphones are becoming increasingly ever more tedious to even open up, deterring most from doing so, except the bravest ones advocating for right to repair and creating user-generated tutorials on how to swap out an expended lithium ion battery. Nearly all of the largest companies have stopped making batteries replaceable in the most popular smartphones, phone bezels are shrinking as if the smartphone styles are subliminally promoting anorexia, and you are definitely ahead of the curve if you are even aware of the hypothetical possibility that a smartphone can be opened up.
I am well aware that the privacy/security circles and right to repair have their own reasons for wanting to be able to open up their respective devices, but I cannot help but think that eventually the intersection between both worlds is inevitably going to become a lot larger than anticipated.
In summary, I do not think the video creators of Metal Gear Solid 2: Sons of Liberty could have expected the following lines to be a portent of what was to come when Emma asks Raiden, "Do you know how a computer operates? Do you really know the basic principles on how data is exchanged?"
Disclaimer (and potential "spoilers" ahead): not to spread FUD, but there is a lot more that could be said about removing microphones in smartphones. However, I would be negligent to leave out this fact: if you already distrust the cameras and mics enough to remove them, then you might as well take out the accelerometer and gyroscope. Academic research shows that these latter components could hypothetically spy on you - though I am not sure if there are meaningful actions to take regarding these, so I should and will leave those finer details to the real experts.
In addition to making the "surveillance" capabilities of the devices "impregnable" to the average Joe/Jane - Planned obsolescence guarantees continuing profit ...
A few points:
1. On the language you use. Personally I like the way you express yourself and am relieved that some people show higher cognitive functions. I'd prefer you not to dumb down what you say.
2. On detailed instructions on technically altering devices etc. 1) Agreed that the general Internet, as it's panned out, is somewhat useless in this regard. Take a look at Google or Stackoverflow to see, from time to time, anything useful swamped by the other. 2) Personally I avoid video and audio only content, to a large degree. I prefer written content, images and interactives. If you go for audio I suggest a transcript too.
3. Reducing exploitation of mankind goes a lot wider than operations like NSO. It's important, there's signs of cognitive decline in many countries, which may result from such exploitation.
Sincerely appreciate the kind words, Mike. Thanks for writing. On #2, we're much alike.
For #1, I also agree - in order to effectively resist against criminals of the highest caliber hiding their rather ordinary motives behind technical buzzwords meant to confuse non-audience members and to make themselves sound smart, you also need to be as articulate - if not more so - to meaningfully resist, but with the antidote of razor sharp clarity in order to pull down those false curtains.
In the contemporary state of the internet - full of mind numbing pseudo-content that artificially induces ADHD and conveniently distracts the general public from discussing legitimate issues, such as the NSO Group's Pegasus - reading coherent long-form written pieces created wth a slow yet steady pace is amazingly soothing in this uncertain day and age.
Love the idea of audio content from experts.
Agree.
As a Spanish speaker, it is a bit hard to read your posts but at some sense it is what I was looking for, If I can improve my English vocabulary while reading something that interest me I will take the extra effort. Personally I am relatively young and since about 2 years when I started to learn about programming and technology world and how every thing seems to be intercepted and used by governments and other entities I started to fell anxiety. I sleep badly since my research starts. Some times only want to learn enough in some way to prevent them from gaining power, but people usually said things like: "I got nothing to hide". That is what more empower them, the lazyness and the blind faith people put on systems they do not understand, they want to rest after work and enjoy their time. I understand that, but all that priviledge depends on how you stand their feet. The most of us got nothing to hide, we are nothing, but they are what they are because they can do what we, nothing, leave them to do, then will be too late to cry. Some day we all will got something to hide. I can not imagine the pressure you had bein enduring, and still keep going. I will read you an keep learning as much as I can. I do not want a world where sheeps bleats that the dog is doing his work well, and they have nothing to hide from the pastor. Thank you for your work sorry for my English writting capabilities.
Your English is MUCH better than my Spanish - anyone who can speak more than one language is to be appreciated :)
I personally don't think you bloviate that much
Ed,
Long time "listener", first time subscriber. I'm glad to see you're writing in more longform. I've actually blocked twitter out of my system at the DNS level, since it has turned into a distributed drama delivery system. I'm far more interested in deep and thoughtful observations than soundbytes.
However, there is one question which has bothered me for years, and I'm happy to finally have a chance to ask it to you directly. I've followed your actions (and those of Binney, Manning, Drake, and a growing list of others) for years, and I am encouraged that so many people are pushing back against the Military Industrial Complex. I very much want to see it reformed, and I'd like the American system to work in a way that actually supports people and principle.
Therefore, I must ask quite bluntly: why have we not yet seen any documents which would allow an individual standing to bring a lawsuit against the NSA?
Cheers,
aestetix
I like the way you write. I don't see any need for you to change it. I trust you not to use unnecessarily pompous language and I can't say I've encountered it in your writing at all. The last thing I want to read is yet another generic article that can be easily skimmed through. I would greatly prefer something that requires me to slow down and pay attention to the details, and that's what I've come to expect from you.
When it comes to audio, it would be nice to also have a transcript we can read.
Some practical advice would be very much appreciated. I would like to read your take on subjects like buying hardware for Qubes and recommended usage of GrapheneOS (I believe the lead developer has stated that GrapheneOS's airplane mode really does disable the modem, but I lack the technical knowledge to confirm it).
I would particularly like to know what you think about this pseudonymous Whonix developer's security and privacy advice: https://madaidans-insecurities.github.io/index.html
What he writes does make a certain logical sense, but it's been my experience that in the GrapheneOS Matrix channel and the channel run by this Whonix dev, concerns about NSA backdoors in the products of big tech companies are often dismissed as "FUD". In the light of what you brought to public consciousness through your whistleblowing efforts, this baffles me.
Lastly, I would like to congratulate you on becoming a father. It's very belated, I know, but I wanted to say it nonetheless.
I'd have to agree with you - I sort of raise an eyebrow at most of what was originally written in Madaidan's security/privacy advice & the constantly dismissive "FUD" attitude in the GrapheneOS Matrix room. The information is "correct", but nothing outside of the page recommending Signal is usable or actionable to anyone who doesn't have a literal copy of Madaidan's background knowledge ... I'll leave it at that for now.
For targeted surveillance, it is known that the CIA/NSA will intercept mailed deliveries of computers and other hardware in order to covertly insert malicious computer chips inside of targeted victim's computers before sending the package back to its intended destination. (Also, remember the Clipper chip?) This is the technology landscape and climate that precipitated interdiction services being provided for the Insurgo PrivacyBeast X230 or the NitroPad.
Also, I'm not really sure how many people are going to follow that advice given from that site for securing a Linux distribution and ultimately getting it to work with Secure Boot.
I don't think too many everyday people are going to want to build such a thing from scratch with Gentoo, Void, or Alpine Linux... though if we are going to talk about such things with such great depth, it's probably more appropriate in a private discussion or consultation, where most technical matters are sorted out. If I followed the Madaidan guide to Linux hardening, then I'd probably get frustrated enough during the process to throw out any digital device into the ocean that I still have at home - which is littering.
Even though I am not an actual security expert, personally I'd rather take my chances with a Linux machine (with all of its inherent "security" failings) installed with Secure Boot turned off than to use Windows taking up half of my available RAM for no good reason at idle (other than most likely phoning home to Microsoft).
I certainly don't believe that using Linux makes me invincible - all I know is that Linux won't be exploited in the same way that Windows will be (not to belabor the obvious), which is currently good enough for my purposes right now. I'm not trying to guard against targeted attacks from TLAs or some IC agency. In fact, Item #42 in the NSA ANT catalog in 2008 (on Wikipedia) states: "SWAP: Technology that can reflash the BIOS of multiprocessor systems that run FreeBSD, Linux, Solaris, or Windows." Clearly any TLA can target Linux machines, if it needs to.
Despite this, I would prefer to never use Windows ever again (except for Windows exclusive programs and other such scenarios) because I'm not waiting to become collateral to another wide nation-state related cyberattack that can easily be entirely avoided by avoiding Windows (such as Stuxnet, Duqu, Flame, or Wannacry).
So, it would be very helpful to have some sort of guidelines for securing desktops/laptops - the closest analogue to GrapheneOS on smartphones will be greatly appreciated. As stated on Twitter, the low details change over time, but the high level principles tend to stay more or less the same.
"If you like, I might also be able to bring in some real experts to chat about some of the more complex problems in more depth. Let me know in the comments if audio content like that is of interest."
Yes please
RE: "Improving accessibility"
1. If you are concerned about improving accessibility to people then I would recommend that you reach out to someone like The Hated One (https://www.youtube.com/c/TheHatedOne/featured) who makes videos on privacy intended for larger audiences. (Some of his videos have pretty clickbaity titles, but the content is well-sourced and easily understandable for those of us less technically inclined)
2. I'm always happy to hear more audio content. Seeing you on Joe Rogan made a great impression and it was nice to hear you go more into depth with your thoughts as opposed to media interviews for 5 minute stories.
After reading some other feedback I agree that the main content should be written. Especially when it comes to tutorials you just cannot get the same level of understanding and accessibility with audio or video as you can with a written guide and a couple pictures!
Thank you. Look forward to reading and learning and improving.
+1 for audio content/podcast
I personally enjoy your elocution.
Technology is continuing to change at an exponential rate. I think practical, actionable information on security and privacy is critical for people to be able to continue to function with any degree of autonomy. Search engines will always find or cache information that has or will become outdated. Perhaps with that caveat it might be possible for you to provide guidance in a format that is easy to update and find so that the latest information will be available.
I tend to think it may perhaps be more of a problem that information is disappearing ...
Interesting discussion, my view is that the problem of the insecurity industry must necessarily be tackled together with that of surveillance, not least the commercial one. Here we already have a big problem, because even if it could be solved in a regulatory way (for example banning profiling and micro targeting) from a systemic point of view it would have an important financial impact: I fear that there is an ecosystem of companies and related investment funds out there, of such size that it is.. too big to fail
How does that go - if it's too big to fail. it is too big to exist ...
Thank you for the clarification. I am glad to hear that you are being careful about the solutions you advocate.
1. With regards to the writing style it's tough for anyone who is not a native speaker of English.
2. I am really pleased you're back writing. I have bought several copies of your books and give them to friends etc.
Thank you Ed for all you do !
This is sort of coming out of left field, but I thought of this after slightly wincing at the thought of taking apart a modern smartphone (i.e., one created withing the past year) apart in order to de-solder the microphones. Personally, I think there is a "conspiracy" out there to fabricate modern devices in such a way that makes them so difficult to reasonably open up for modifications - let alone just to replace a dead non-removable battery.
Of course, by "conspiracy", I mean the ones described by the post from June 29th: "open and notorious — not theories, but practices expressed through law and policy, technology, and finance." The current non-repairability trends in tech meet this perfect trinity of conditions: there are currently no meaningful laws or policy governing repairability (but there are efforts being made to remedy this); technology companies try to trick customers into believing the fads of non-replaceable batteries and glued-shut designs are signs of the inevitable future of alleged "progress"; and fiance can only win if customers always resort to buying a newer more non-repairable device instead of trying to fix their older but otherwise acceptable devices.
Within the last 5 years (if not more), smartphones are becoming increasingly ever more tedious to even open up, deterring most from doing so, except the bravest ones advocating for right to repair and creating user-generated tutorials on how to swap out an expended lithium ion battery. Nearly all of the largest companies have stopped making batteries replaceable in the most popular smartphones, phone bezels are shrinking as if the smartphone styles are subliminally promoting anorexia, and you are definitely ahead of the curve if you are even aware of the hypothetical possibility that a smartphone can be opened up.
I am well aware that the privacy/security circles and right to repair have their own reasons for wanting to be able to open up their respective devices, but I cannot help but think that eventually the intersection between both worlds is inevitably going to become a lot larger than anticipated.
In summary, I do not think the video creators of Metal Gear Solid 2: Sons of Liberty could have expected the following lines to be a portent of what was to come when Emma asks Raiden, "Do you know how a computer operates? Do you really know the basic principles on how data is exchanged?"
Disclaimer (and potential "spoilers" ahead): not to spread FUD, but there is a lot more that could be said about removing microphones in smartphones. However, I would be negligent to leave out this fact: if you already distrust the cameras and mics enough to remove them, then you might as well take out the accelerometer and gyroscope. Academic research shows that these latter components could hypothetically spy on you - though I am not sure if there are meaningful actions to take regarding these, so I should and will leave those finer details to the real experts.
In addition to making the "surveillance" capabilities of the devices "impregnable" to the average Joe/Jane - Planned obsolescence guarantees continuing profit ...