(no title)
inventor7777 | 10 days ago
I'm not denying that a lot of data is likely surreptitiously collected, but I'm talking microphone/camera in particular.
inventor7777 | 10 days ago
I'm not denying that a lot of data is likely surreptitiously collected, but I'm talking microphone/camera in particular.
sciencejerk|10 days ago
Most traffic is encrypted with HTTPS unless you can root every single device you own
we have microphone use indicators on mobile, and I would imagine it would be pretty clear if an app was uploading audio with even very basic monitoring tools.
Complicated smartphone OS, firmware, drivers might have bugs allow overrides of visual indicators.
Companies have also been known to secretly eavesdrop and not tell users before (Apple + Siri https://www.courthousenews.com/judge-approves-95-million-app...)
gruez|10 days ago
>Complicated smartphone OS, firmware, drivers might have bugs allow overrides of visual indicators.
This line of thinking gets dangerously close to unfalsifiable territory.
If apps are eavesdropping on us, where's the network data? It's encrypted.
But you can disable https pinning by jailbreaking/rooting? The spying logic automatically disables if it detects it's jailbroken/rooted.
Where's the jailbreak/root detection logic? It's buried in 9 layers of obfuscation so you can't find it.
What about microphone indicator? They found a 0day in both Android and iOS, or the two are complicit as well.
But we don't see any backdoors in AOSP? It's built into the hardware/baseband itself.
>Companies have also been known to secretly eavesdrop and not tell users before (Apple + Siri https://www.courthousenews.com/judge-approves-95-million-app...)
"secretly eavesdrop" implies they were intentionally doing it, when even the plaintiffs admit it wasn't intentional.
inventor7777|9 days ago
However I was more thinking of simple things, such as disabling anything that SHOULD be communicating with the Internet and seeing if any constant traffic persists.
Now of course, some very small (e.g plaintext) traffic might be almost undetectable, however that would suggest that most of the data would not be able to be transmitted due to size.
anonym29|10 days ago
Do you know for sure whether PSP or CSME has ever done DMA, or fingerprinted stack/heap allocation patterns and timing, or inspected the contents of your disk (after FDE was done being decrypted, of course), to evaluate whether common packet capture software is installed, or even whether it's currently running?
Detecting spyware is one thing. Detecting surreptitious nation-state spyware that behaves differently when it's being observed is a different challenge entirely.
inventor7777|9 days ago
Our routers are Asus, and so I'm able to install tcpdump and log traffic directly without the source device itself knowing anything. This makes it really easy to monitor the traffic of any device, albeit not knowing exactly what it is being sent.
But it is true that I really can't know much more than what tcpdump shows.
jesterson|10 days ago
gkbrk|10 days ago
- stuff they saw online recently — ads or otherwise, which put the keywords in their mind
- or stuff they were already interested in recently
Not hard to imagine targeting algorithms picking up on either of these
nottorp|10 days ago
Do you still get ads for the exact thing you just bought for a week after buying it? :)
unknown|10 days ago
[deleted]