Q&A: How Do We Know We Can Trust FOSS?
HTML-код
- Опубликовано: 15 июл 2024
- Q&A184: How can we trust FOSS? Are there any apps you shouldn't trust with FOSS? What are our privacy & security thoughts on biohacking? How do we approach uncertainy in threat modeling? How do ISPS collect data? Join our next Q&A on Patreon: www.patreon.com/collection/41...
Welcome to the Surveillance Report - featuring Techlore & The New Oil to keep you updated on the newest security & privacy news.
❤️ Support us on Patreon: / surveillancepod
💛 Support us on Liberapay: liberapay.com/surveillancereport
🪙 Monero: 46iGe5D49rpgH4dde32rmyWifMjw5sHy7V2mD9sXGDJgSWmAwQvuAuoD9KcLFKYFsLGLpzXQs1eABRShm1RZRnSy6HgbhQD
00:00 Introduction
00:29 Trusting FOSS
03:48 Not Trusting FOSS
05:49 Thoughts on Biohacking
08:20 Futureproofing Threat Models
12:43 HTTPS, DNS, and ISP Data Collection
Main Sites
Surveillance Report: www.surveillancereport.tech/
Odysee: odysee.com/@surveillancereport:2
PeerTube: apertatube.net/c/surveillance...
Techlore Website: techlore.tech
The New Oil Website: thenewoil.org/
#privacy #security #news 
Наука
![The moment we stopped understanding AI [AlexNet]](http://i.ytimg.com/vi/UZDiGooFs54/mqdefault.jpg)
![The moment we stopped understanding AI [AlexNet]](/img/tr.png)
If you don’t trust open-source, you certainly can’t trust proprietary software. It’s not a trust issue but functionality; I’m going to use to the software that gets the job done in the manner I want.
Exactly, FOSS is THE way to go IF your organization has dedicated experienced IT staff. If not then just add Saas and software licenses to your overhead.
I just saw a video about FUTO keyboard and immediately came to your channel to see if you're talking about it. Thank you!
For Trusting FOSS: I also look at the long term feasibility and reliability (aka size) of the project to decide if I want to invest my time and energy and workflow with a new tool.
If they write trust me bro in there documentation
6:21 Do you know what was used for the software used for Tesla cars?
12:43 Yt is filtering my comment in that regard, so lemme try to use safer words and write more simply. At some levels, there could be potential for issues like timing, packet sizes, connection correlation etc, specially if you're important or are trying to see or say something important.
Even when you change your dns resolver, your isp can still see the ip addresses of the websites you're visiting right?
That's something I've been wondering about. The ISP still needs to know where to send your packets to, so they must have the destination IP address, right? If they have the IP address, what's stopping them from doing reverse DNS lookup? If I understand that right, then changing your DNS resolver (even with encrypted DNS) would have very limited privacy benefits. A VPN or Tor are the only ways I know of to reliably to hide the IPs (and therefore domains) of severs you connect to from your ISP. Keeping in mind that VPNs are a transfer of trust.
@@mrblah02251 Yea i feel like changing the dns resolver gives people a false sense of security from their isp. I think people should still 100% change it, any sort of mitigation is better than nothing. but yea, vpn/tor is the way only way to hide traffic from ur isp it seems.
@@mrblah02251this + the server you are connecting to will give you their certificate that you will have to use to establish an encrypted HTTPS connection. That certificate contains the domain name in clear text. So even if the IP didn't uniquely identify the site and you were using encrypted DNS, your ISP could still just read the certificate if you're not using a VPN or Tor.
There are attempts to fix that with Encrypted Client Hello but this is not yet widely in use.
Additional note: using an unencrypted 3rd party DNS server will only give you very little privacy benefits over using your ISP's. Your ISP can still read those requests and even hijack them at will without you even being able to find out.
They can see the IPs, yes, also they can see the domain name in the unencrypted client hello in a TLS handshake, ECH aims to fix this in future though.
@@aims__8785 huh would you look at that. My detailed response got deleted. Gotta love RUclips
Every time malicious code gets found into open source it's always the same story: "Damn, that's crazy, is open source even worth it? Is it safe? I'm just saying maybe it was a mistake"
If it weren't for open source we wouldn't have found most of the most recent vulnerabilities for years to come.
If you don't trust open source then good luck trusting closed source.
When people try to virtue signal to open source not being trust worthy it's either for internet points/money, like video click baits (and you can easily spot those out because they never take a fucking stance on anything, even if it costs their life) or the more common reason: they feel uncomfortable when there's a vulnerability, because it affects them directly and they think open source owes them security 100% of the time, for some reason. Which ironically they do provide, there's always a quick fix for vulnerabilities when they surface in open source.
The reality is that closed source software probably has way more vulnerabilities than anything open source could ever produce and nobody talks about it, because the only people probably knowing about those vulnerabilities are people who care: the owners or the bad actors, and neither of them have any incentive to talk about there being a vulnerability.
If you really think open source is that bad, then stick with Microsoft and co, if I remember correctly they only recently fixed a bug in Windows Update that went on for the whole lifetime of Windows 10 up until recently. Which, by the way, you could argue they pushed that on purpose to make sure your browser always resets to Edge on each windows update.
This is not aimed at you directly of course, at least you have an opinion that you voice on how you treat open source, but every time I hear these other stories about how open source is so vulnerable while fence sitting, I feel like I'm witnessing mass brain farts going on scale.
Holy shit.
I think it's similar to when people think bottled water is safer to drink because sometimes there's a government warning to not drink tap water for some time(like if the supply system gets temporarly infected) where people see the warnings and think something is dangerous while the other side doesn't care enough to give a warning in the first place making them think it's safe
What's Scala project digital currency?
Just run CachyOS
Nice episode guys. I don't know why many comments are negative. Loved the serenity prayer from the 12-step-program.
Tbh the new surveillance reports are way better than old videos since they are shorter and precise. Good work
I have a Spinal Cord Stimulator installed that turns down my pain... Is this Bio Hacking? It has Bluetooth and charges through induction through my skin!
If someone hacks it then yeah