SR 73: I Wrote Too Much
These are my thoughts for Surveillance Report #73.
By the way, Why the frick does Henry have a smug look on his face?
I don't like Henry from Techlore (as I've made no attempt at hiding this and have clearly stated this before), but it's definitely not for the stupid made-up reasons why the GrapheneOS brigade hates Techlore).
It's probably more among the lines of why I don't like Felica Day — I just didn't find her funny? I don't think Day has done anything objectively wrong (that I'm aware of), but I just wasn't impressed with Day — unlike Alan Tudyk. (But I mean, is this even a fair comparison? This legendary actor has voiced the literal chicken from Moana but at least people don't look at him as if he's a mentally ill person, so I think it's very hard feat to top.)
Also, Nate from The New Oil is much more based, because The New Oil accepts ZCash (which I like, even if it's not as good as Monero) and Ethereum (which I would normally be neutral towards, if it weren't for the NTF fad rush happening since roughly March 2021).
Thoughts
Before I start, when Nate said he didn't have coffee, I remembered:
I don't drink tea. Caffeine was invented by the CIA. — Wilson Wilson, Utopia S1E1
Google FLOC
- “Topics”, huh? More like: “Hot Topic”! (The clothing store brand.)
- This is why I hate Henry: have you ever tried using Chromium on Windows? No, because you use MacOS. In 2018, unofficial Chromium releases on Windows had no capability to auto-update. Things have probably changed (hopefully), but even then you're ultimately still relying on “some random person/group of people” to have your back and not install some malicious backdoor.
* Due to this, I think Brave is currently a better alternative for most people that “just works” and doesn't require you to turn off too many toggles to make it very privacy friendly with respect to the “time invested vs.” ratio.
- I'm probably a hypocrite and the same could be could be equivocated when it comes to Ungoogled Chromium, but at least there's a way to install Ungoogled Chromium on AUR-compatible Pacman distros. Yes, you have to use
ungoogled-chromiumsource package and install Chrome Extensions by switching back to the official Arch package ofchromium, but it's the best thing right now to recommend to others that just “works” and doesn't have weird quirks (like being unable to use WebAuthn for hardware security keys) until Hexavalent comes out in 2023... (C'mon, making the cross-platform desktop version of Vandium can't take that long... can it?)- I just hate how it takes at least 6 hours to compile Ungoogled Chromium from source when using the AUR.
- At least Bromite updated this month... it's fallen a bit behind on Chromium releases. The current Chromium is
97.*-something-something, while Bromite is stuck on96.*-something-something.- Maybe I should sign up for The Hated One's opinion on Bromite, because he swears by Bromite...
- Opera and Vivaldi are proprietary browser trash.
- At least Librewolf has a half-measure, via an unofficial plugin, on Windows to let you know when there's a Librewolf update.
- I'm probably a hypocrite and the same could be could be equivocated when it comes to Ungoogled Chromium, but at least there's a way to install Ungoogled Chromium on AUR-compatible Pacman distros. Yes, you have to use
Safari
Safari is trash — can't say I recommend it to even MacOS users because many 0-day vulnerabilities for the Apple ecosystem rely on the immutable systemic fact that Safari is always present on a MacOS computer as a reliable attack vector (says me, the stupid person on the Internet with no formal cybersecurity experience or training — but I'd rather be safe than sorry, because I feel the same way about Internet Explorer I mean Chromium-based Edge Browser on Windows).
WhatsApp (FB, and Messenger): Please Die
Please, just die and commit suicide.
(Yes, it is much more ethical and moral to tell a corporation to commit suicide than to use WhatsApp. Make no mistake and become a Michelle Carter simp. I'll be here to take down the Dark Army and Deus Group until Google, Facebook, Amazon, Apple, and Twitter all commit voluntary suicide. This is much more moral than pretending that corporations are people in the U.S. legal system... which I'll only get behind once corporations are finally tried and convicted of rape and murder, which they do all the time. As Darlene says in S4E10 of Mr. Robot, our laws were so bent, twisted, and distorted until the law benefited the top 1% of the top 1%, instead of serving We the People. Sounds familiar? Oh, yes — the state of American IC agencies, as detailed in Permanent Record by Edward Snowden.)
That goes for anyone who's voluntarily blue-pilled and still working for Facebook, genuinely believing it is a morally good company.
Also people who still FB Messenger.
Also: thanks Nate, this explains why I could never use Secret Conversations on desktop browsers when logged into Facebook. This is why I like you much better than Henry.
If I ever start creating 0-day Metaverse exploits, then I would certainly report them to Zerodium and not Micro Trend — that's the tweet. That's it. Maximizing profits when selling 0-day exploits for privacy violating platforms (such as FB, Messenger, WhatsApp, and Instagram) that should not exist beyond 2022 should be considered mostly moral and ethical in today's world. Hacking the Metaverse beyond Heaven, Hell, God, and Satan is how you convince your friends and family to stop using Facebook's kingdom of bullshit.
TracFone
Well, I never did use TracFone for prepaid SIM cards, but I'll avoid them now (even for burner physical SIM cards).
ID.me
ID.me is basically a ploy to get everyone's faces in a centralized government database so that the government can frame you for any made-up crime, if the government begins to dislike hate you for whatever reason it's in the mood for.
Apple is already conducting predictive programming conditioning the masses with its FaceID. (Not like I want to trust Apple's “secure enclave” anymore — things like Pegasus invalidate any hardware security measures Apple has implemented in the iPhone X or newer for me to take seriously.)
Now the IRS can send Network agents to kill you if you don't pay your taxes on time with ID.me! Where are all the MAGA alt-tech users protesting against on Big Tech when you need them? Oh, right — they're all crisis actors being pulled by whiterose's media puppets.
Just kidding, watch the actual video and read the sources to find the fact-based truth. But really, we should resist all efforts from the government to become the Network, or else we won't have beautiful works of TV to watch anymore, like Utopia or Mr. Robot.
I swear I'll have to jump into a parallel world and kill my counterpart like in Us if we lose in this world...
By the way, remember when Grant is framed for the school shooting in S1E3 of Utopia?
This is what Orwell could have never saw coming. Black Mirror is already here IRL, and it's going to be a lot less exciting, uglier, and more mundane than a nihilistic Netflix anthology TV show.
Breaking update for ID.me
- Matryoshka doll-style management — a.k.a., plausible deniability, is supposed to stay in IC tradecraft, not public contractors for the IRS! Did these people forget they're working in the public sector, or what?
- Like the Treasury Department needs funding... much less the IRS. The audacity of U.S. departments, which don't deserve any more funding than they already do, to ask for more is the incorrect versions of Oliver Twist that need to be purged from this timeline.
- ID.me can't even program its own facial recognition systems! And it even uses Amazon's Rekognition.
- I wouldn't mind becoming subsumed by the Network or becoming a degenerate Dark Army agent so that I could partake in reenacting the GEC-Marconi scientist deaths string but with NIST officials for creating a widely promoted cryptographic protocol now known to be backdoored by the NSA (thanks to Snowden). Making “dinner reservations” with impunity under NOC sounds like fun...
- This is why we trust GrapheneOS and Andrew Huang's Precursor more than the U.S. government or Big Tech companies.
- An 8- or 12-character password is way too small to be secure in 2022... (which reminds me — my local library should not be using small PINs as account passwords in 2022!)
Suicide Hotlines?
I really think we should rethink suicide hotlines in 2022, especially if the service can be profit off of these data.
Hand Vein AI for Catching Pedophiles
Pedophilia isn't cool, but also this literally sounds like a honeypot that isn't even hidden well.
I'll have to think twice before giving a talk or visiting the University of Dundee and Lanchaster...
- Oh, and blood vessel surveillance can identify non-decaying bodies. Even though I know this is most likely false, I emotionally doubt Apple is resisting from saving digital “holograms” of my finger blood vessels in the cloud through TouchID...
Google Gets Sued
Google tracks you, even after disabling every single privacy toggle.
I'm sure Google's lawyers will lie through their teeth.
U.S. Zero Trust Memo
- SolarWinds? Colonial Pipeline? That feels like years ago...
- Hardware-based security keys for 2FA? FBI and other non-secret branches of the U.S. government have been doing this for years.
- No passwords? Sounds like the government is becoming simps for Microsoft Windows 11... or is it Macrohard? (so wow, much mature.)
- Encrypted DNS? Unusual. Only technical people should be playing around with that. (VPNs usually take care of that for you — the company ones, not the ones for personal use.)
Facebook and Google vs. Ad-Tracking Dark Patterns
Just delete these entire platforms, because they harm people on average for more than 90% of the time.
NHS Recording Mental Health Patients
Watch Dogs: Legion is becoming true. Also, the hospital security camera arc in the Outlast comic rings true here.
Tor Project vs. Russian Courts
Honestly, my best guess for Russia's blocking of Tor is Snowden.
(Not coming to a theater — let alone mainstream news media — anytime soon.)
German School Using Matrix, Dumped WhatsApp
I can't believe WhatsApp was even used.
Matrix make a lot of sense.
I'm jealous too. Everyone in the U.S. only knows Slack and damn Discord... absolute trash.
ProtonMail “Thing”
ProtonMail stores some sign-up info for an unspecified amount of time.
At least you can trust Nate and Henry, because they will not be loyal Kaczynskian socialized leftist customers and defend Proton if it turns out ProtonMail was a honeypot this whole time — instead, throwing it to the curb to stomp on its head if Proton commits a Top 10 Anime Betrayals.
I think users should get JMP.chat numbers if the metadata generated by a new long-term phone number acquisition is unacceptable to completely worked out (and not speculative) threat models.
I don't think you should waste your time explaining threat models to help vampires that scream that “everything is compromised”. I think those people should be told to go live in the EM wave free areas of northern California if they want no “compromises” — in the same vein of answering the question of “How do I make Windows better?” by telling users to delete \system32 or something like that.
Random Tangent
There's a weird horrible article that is no longer online, but exists on archive.today and the Wayback Machine.
I think the owner of Njalla was raging against Proton on Twitter in October 2021 because it used censorship-motivated maneuvers to take down this site. Sure, this site probably is full of low quality writing, but that doesn't mean you censor its general access to free speech — if Peter Sunde Kolmisoppi's claims are to be believed.
So, I had been watching Mental Outlaw's videos back then, but I hated how Kenny maximized Tor Browser while reading the “ProtonMail is a CIA honeypot” trash article — which you're not supposed to do. Kenny also rooted his OnePlus 7T, probably didn't verify any of the checksums of his downloads of either the LineageOS image or the custom recovery ZIP archive, and used unofficial custom recoveries. Luke Smith also rooted his LineageOS phone, which is apparently the Pixel 3a XL (after he did a used car video). Derek from DistroTube straight up uses Samsung's out-of-the-box skin OneUI. I think this shows that just because these people know how to use dwm and/or Gentoo, it doesn't mean they know a thing about mobile security. For LineageOS, stick to the official images or the microG for LineageOS images. Use TWRP for the custom recovery and only use Lineage Recover if there is no TWRP recovery available for your device. Always verify the checksums. If you're using GrapheneOS, then go all the way to get the full experience via the CLI installation, complete with the OpenBSD signify verification at the beginning and the Auditor step at the end (especially if you have an additional device for the initialization). Kenny should not be using the excuse of “you don't get the most bang for your buck” to avoid the currently supported Google Pixels to entirely eschew GrapheneOS. You don't buy Google Pixels for the most band for your buck. (I would say OnePlus, but even that company has lived long enough to become the next villain. Even Fairphone is falling victim to that curse.)
CalyxOS
I hope CalyxOS can keep updates steady, now that it made it to Android 12.
(I don't hear the GrapheneOS Matrix room demagogues shout at LineageOS for being at least 6 months behind AOSP, despite being able to update the Android security patches.)
BRATA Android Malware
Sound rather douchey. This plunders your phone's data, then wipes it? I don't think even the NSA would do that.
MoonBounce UEFI Bootkit
This UFEI bootkit on UFEI bootloaders (as opposed to rootkits on the OS-level) is rather terrifying. It seems like general malware in the wild is now catching up to the NSA's capabilities at least in 2009 — so that took about 12-13 years since the NSA catalog was first published. The only way to fix an infected UFEI motherboard is to replace the entire motherboard... but even then, I'm speculating that the NSA's TAO probably has the ability for bootkits to go super Saiyan and persist beyond motherboard replacements in 2022...
APT 41 is from China, apparently.
Maybe Elliot was right to destroy all of his hardware with a drill after every engagement in Mr. Robot during 2015.
Perhaps Snowden is onto something by using trash computer parts in order to not get pwned by the NSA and CIA...