Oddbean new post about | logout
HODL | 2 months ago (raw) | root | parent | reply | flag +1 
 What is the clear pill on Pegasus? Could you summarize it for me?
Tobo | 2 months ago (raw) | root | parent | reply | flag +3 
 The clearpill I took away is: 

Most 'highly sophisticated and unrealistic' attack vectors will be weaponized by companies & made usable to highly incompetent government employees with the click of a button. No computer is absolutely secure, especially not complex ones, as zero-days are found, exploited & sold to private firms or stockpiled by 3-letter agencies without you nor the manufacturer ever learning about them.

Anything to add? @NVK
AVERAGE_GARY | 2 months ago (raw) | root | parent | reply | flag +2 
 The State is commoditizing exploits and has been for a long time. They have special contract vehicles for buying the tech from private sector to be tailor made for specific use cases. The State will also purchase entire "companies" to be honeypots for bad actors to target. Or to obfuscate their involvement.
Tobo | 2 months ago (raw) | root | parent | reply | flag +1 
 As seen with ANOM

DON'T USE SOMETHING THAT MARKETS ITSELF OPENLY TO CRIMINALS
AVERAGE_GARY | 2 months ago (raw) | root | parent | reply | flag 
 If you can't self host it, you can't know it's not a honeypot.
roostertail | 2 months ago (raw) | root | parent | reply | flag 
 Is GrapheneOS legit? How about their auditor server?
AVERAGE_GARY | 2 months ago (raw) | root | parent | reply | flag 
 Good question.
Tobo | 2 months ago (raw) | root | parent | reply | flag 
 The clearpill I took away is: 

Most 'highly sophisticated and unrealistic' attack vectors will be weaponized by companies & made usable to highly incompetent government employees with the click of a button. No computer is absolutely secure, especially not complex ones, as zero-days are found, exploited & sold to private firms or stockpiled by 3-letter agencies without you nor the manufacturer ever learning about them.

Anything to add? @NVK