European Union And OS level Backdoors

Hey,

do you have any more informations about this ?

So from what i did understand it is about implementing a hash
calculator into programs that are used for communication. e.g.
Threema, signal, Whatsapp etc. they also mentioned open source
software. So i guess for me that’s ok if it is open source and only
sends a hash to a database. Also i think it is not a really good idea
if you have heard about the birthday problem (hash collision). Not to
mention the machine learning things which would definitly be an
privacy issue. e.g. false positives.

But where did you read about an OS level backdoor ?

The leaked PDF is gone by now. EDRi made a mistake or they had to take
it down. I asked them…I haven’t got an answer yet.

But basically they propose (as before) to monitor the communication at
the source. Meaning on your device. If they get that through then the
five eyes will be definetely behind it.

Technically there would have to force manufactures to implement a piece
of software which intercepts any message a user wants to send. Before
the message gets send to recepient it gets send to a server and/or
agent from the authority for evaluation. If that is deemed as okay then
and only then the message gets send to the recepient. They were nice
graphics in the document.

Basically that would mean that OSes like Linux would be outlawed or
they have to be updated so that they work on top of OSes like the ones
we have on smartphones, where there is a protected layer where the user
has no access to.

This is also a good example for downloading all articles. This one I
did not…there you have it…now it’s gone…

1 Like

Hey,

do you have any more informations about this ?

So from what i did understand it is about implementing a hash
calculator into programs that are used for communication. e.g.
Threema, signal, Whatsapp etc. they also mentioned open source
software. So i guess for me that’s ok if it is open source and only
sends a hash to a database. Also i think it is not a really good
idea
if you have heard about the birthday problem (hash collision). Not
to
mention the machine learning things which would definitly be an
privacy issue. e.g. false positives.

But where did you read about an OS level backdoor ?

https://edri.org/our-work/is-surveilling-children-really-protecting-them-our-concerns-on-the-interim-csam-regulation/

The leaked PDF is gone by now. EDRi made a mistake or they had to
take
it down. I asked them…I haven’t got an answer yet.

But basically they propose (as before) to monitor the communication
at
the source. Meaning on your device. If they get that through then the
five eyes will be definetely behind it.

Technically there would have to force manufactures to implement a
piece
of software which intercepts any message a user wants to send. Before
the message gets send to recepient it gets send to a server and/or
agent from the authority for evaluation. If that is deemed as okay
then
and only then the message gets send to the recepient. They were nice
graphics in the document.

Basically that would mean that OSes like Linux would be outlawed or
they have to be updated so that they work on top of OSes like the
ones
we have on smartphones, where there is a protected layer where the
user
has no access to.

This is also a good example for downloading all articles. This one I
did not…there you have it…now it’s gone…

The link is there at the bottom of the article. I just got the response
from EDRi. Here the link:

1 Like

I have bad news for you: GNU/Linux OSes (and all other OSes, too) have been running on top of a protected layer where the user has no access to, since 2008. It’s caled Intel ME:

The relatively good news is that one can at least partially remove and neutralize Intel ME:

Some laptops are sold with neutralized Intel ME, for example the one certified for Qubes OS:

I have bad news for you: GNU/Linux OSes (and all other OSes, too)
have been running on top of a protected layer where the user has no
access to, since 2008. It’s caled Intel ME:

https://libreboot.org/faq.html#intel

The relatively good news is that one can at least partially remove
and neutralize Intel ME:

https://github.com/corna/me_cleaner

Some laptops are sold with neutralized Intel ME, for example the one
certified for Qubes OS:

https://www.qubes-os.org/news/2019/07/18/insurgo-privacybeast-qubes-certification/

Intel’s ME shit…can be neutralized as you said, or simply don’t use
Intel, but can you neutralize iOS’ protected layer or Google’s? Can
you?

Check out the link I provide, and do a bit research in regard to
backdoors or monitoring at the source. This isn’t new. The US
inteligence community is trying to push that for years.

EFF’s Deeplink:

is quiet informative. It should be clear that we (citizen) are
confronted with a global attack on privacy…but hey…that’s all
conspiracy theory…fear mongering…

1 Like

Uhh nice.

I have 4 librebooted devices :slight_smile:

sadly qubes os wont work on libreboot. But no backdoor?

I don’t know the last libreboot images i know where from 2016 which is a little bit old isn’t it?

No, if you read further in my link, you will see that AMD has the same problem called AMD Platform Security Processor (PSP) since 2013.

https://libreboot.org/faq.html#amd

Concerning the problem of backdoors pushed by the US intelligence, yes, I know about it. AFAIK, all we can do is to spread information and donate to EDRi and EFF…

no one said it is a conspiracy theory. i just wondered why there should be a backdoor in the device itself its simpler to have a (law forced) backdoor in programs.

anyway thanks for the information and as fsflover said, Amd, Intel,Arm all of them have backdoors.

Ah and yes maybe you should search for Replicant OS. For neutralized protect google layer ?!?

:slight_smile:

Thanks for the informations :slight_smile:

This is correct. However, Qubes OS will work on Coreboot. I am writing it from my Librem 15 with neutralized Intel ME and with Coreboot. Not perfect, but “reasonably secure” as they say :slight_smile:

I don’t think so. What do you expect them to update? The latest CPUs cannot be supported, so there is nothing to update except maybe some bugs.

Although Replicant is libre software, there is no hardware on which it works welll (e.g. you won’t have Wifi, Bluetooth, etc.). I prefer Librem 5 phone, which has a goal to get certified by the Respects Your Freedom certifiation program of the FSF and is already tentatively recommended by them:

Nice. The new System 76 Oryx Pro also comes with coreboot.

hm. ok ^^

I used a samsung galaxy s2 with Replicant os and yes usability is something else.

But we should stop here as it has nothing to do with the topic :slight_smile:

Sorry, as far as I know libreboot does not update microcode and therefore there is no protection against Spectre, Meltdown and the likes. (I forgot the details already)
I really wouldn’t know where to rank a librebooted laptop when compared to one of the latest models AMD has to offer. I just want to point out that owning an old librebooted laptop can maybe create a false sense of security.

I did use a librebooted laptop myself years ago but moved on to coreboot when this project practically had been abandoned.

I never liked the cult around certain people but I do like certain projects and the community very much.

No one mentioned this nice project so far:


This laptop is working very well with Qubes 4.0 & 4.1 and can sometimes be found at a bargain price.
1 Like

no one said it is a conspiracy theory. i just wondered why there
should be a backdoor in the device itself its simpler to have a (law
forced) backdoor in programs.

anyway thanks for the information and as fsflover said, Amd,
Intel,Arm all of them have backdoors.

So to my knowledge only Intel’s ME has a remote management feature.
AMD’s PSP can be manipulated and exploited through arbitrary code, but
not remotely; only if the attacker got you to load malicious code or
has physical access to your laptop/computer. If you have other
information please share it.

36C3 - Uncover, Understand, Own - Regaining Control Over Your AMD CPU:

CCC’s collection of AMD processor analyses presentations:

So, yes I feal a better while using AMD processors.

1 Like

I don’t think it is technically possible to force a backdoor on Qubes OS users. At the very least, it is an open source project, that anyone can download sources, apply modifications and build themselves.
Anyway, we’ll fight back any request to backdoor Qubes with any means available to us. In case of all the options exhausted, we’d rather stop maintaining the project, than to ship backdoored product.

9 Likes

I don’t think it is technically possible to force a backdoor on Qubes
OS users. At the very least, it is an open source project, that
anyone can download sources, apply modifications and build
themselves.
Anyway, we’ll fight back any request to backdoor Qubes with any means
available to us. In case of all the options exhausted, we’d rather
stop maintaining the project, than to ship backdoored product.

That’s the spirit…

no one said it is a conspiracy theory. i just wondered why there
should be a backdoor in the device itself its simpler to have a
(law
forced) backdoor in programs.

anyway thanks for the information and as fsflover said, Amd,
Intel,Arm all of them have backdoors.

So to my knowledge only Intel’s ME has a remote management feature.
AMD’s PSP can be manipulated and exploited through arbitrary code,
but
not remotely; only if the attacker got you to load malicious code or
has physical access to your laptop/computer. If you have other
information please share it.

36C3 - Uncover, Understand, Own - Regaining Control Over Your AMD
CPU:
https://www.youtube.com/watch?v=bKH5nGLgi08

CCC’s collection of AMD processor analyses presentations:
https://www.youtube.com/c/mediacccde/search?query=AMD

So, yes I feal a better while using AMD processors.

I forgot the links to the code for those who want to check for
themselves:

2 Likes

I don’t want to worry you but since AMD provides DASH tools which are
“for secure out-of-band and remote management”, and which operate
“independent of the power state of the machine or the state of the OS”,
I’m not sure you should feel any better.

There’s a huge amount of nonsense talked about these features, and what
the motivation for them is. The primary market for processors/machines
remains business, and a huge push in IT management in business is for
remote out-of-band control. That’s it.
Not to say that i want those features on my machines, but there’s no
need to look for conspiracy when hard cash provides an answer.

1 Like

I don’t want to worry you but since AMD provides DASH tools which are
“for secure out-of-band and remote management”, and which operate
“independent of the power state of the machine or the state of the
OS”,
I’m not sure you should feel any better.

I heart about DASH, but to my knowledge there has to be client software
installed on the target machine. But I’m not so familiar with DASH, do
you have more info about it?

There’s a huge amount of nonsense talked about these features, and
what
the motivation for them is. The primary market for
processors/machines
remains business, and a huge push in IT management in business is for
remote out-of-band control. That’s it.

True enough, yes I know.

Not to say that i want those features on my machines, but there’s
no
need to look for conspiracy when hard cash provides an answer.

I know but that’s usually what one gets told when pointing such things
out…

Thank you

Yes but chances to meet people that think hardware backdoors are conspiracy in a Qubes OS forum is very rare. i guess :slight_smile: