Spyware in government provided laptop?

Rizzler

DeletedUser26 You mean computertrace?

missing-root

Strange situation. Yes UEFI is huge and there is plenty of room for Intel ME or AMD PSP.

Vendors build in quite some more remote management.

Look into coreboot and heads a bit. Have a read in their documention. One principle is to initialize hardware, hand it over to the payload, which does a few things and hands it to the OS.

The firmware then should not run anymore or as little as possible, as it has the most access to everything, more that the OS with full root access.

So yeah, dont trust that laptop. They have a mini-OS in there which can spy on you, they can also use it for "persistency" i.e. placing malware in your OS even after a reinstall.

An easy fix would be to use NixOS or Fedora Atomic Desktops or something, where they simply cannot just install programs.

But yeah that is a guess. Dont trust proprietary firmware. Chromebooks can be flashed often, System76, Novacustom, 3mdeb, Starlabs all have Laptops with coreboot support.

Andy

stupidcreature even if OP reflashes the BIOS with coreboot, installs Qubes and sits in a Faraday cage while using the device, it won't change the possibility of small trackers inside the machine itself.

Sidestep the spyware, malware, tracking in one easy step: Yo – and step out of your Faraday Cage….
Probably posted this before….

Tails+Tor is a portable operating system that protects against surveillance and censorship.
Your secure computer anywhere...
Shut down the computer and start on your Tails USB stick instead of starting on Windows, macOS, or Linux. Tails leaves no trace on the computer when shut down.
You can temporarily turn your own computer into a secure machine. You can also stay safe while using the computer of somebody else.

Amnesia - Tails always starts from the same clean state and everything you do disappears automatically when you shut down Tails.
Without Tails, almost everything you do can leave traces on the computer - Tor encrypts and anonymizes your connection by passing it through 3 relays. Relays are servers operated by different people and organizations around the world. A single relay never knows both where the encrypted connection is coming from and where it is going to:
https://tails.net/index.en.html

Endorsed by Edward Snowden, NSA whistleblower and many others.
It is recommended by the Guardian for contacting them on sensitive issues.
https://www.theguardian.com/securedrop

I have been using Tails+Tor for about as long as I can remember: 8+ years?
You can easily configure persistent storage. It comes with Tor browser of course :) and a suite of software apps.
It only utilises the computers RAM - Random-access memory where stored information is lost when power is removed at shut down.

DeletedUser26

Andy tails can’t do anything against stuff in the firmware. Like if the computer has computrace then it’ll still be tracked.

Andy

DeletedUser26 tails can’t do anything against stuff in the firmware. Like if the computer has computrace then it’ll still be tracked.

Andy It only utilises the computers RAM - Random-access memory where stored information is lost when power is removed at shut down.

Not sure if you understand volatile RAM - check out Wiki or elsewhere
The Tails USB is the computer :) The Tails USB becomes the computer.
Take it with you everywhere - just plug in and be ready to rock :)

Think you need to check this with Ed Snowden, the Guardian or Tails themselves.
Do you know the acid test :) ???

Andy

DeletedUser26 You’re not understanding that the USB isn’t, the computer

Andy Amnesia - Tails always starts from the same clean state and everything you do disappears automatically when you shut down Tails.

As I said

Andy Think you need to check this with Ed Snowden, the Guardian or Tails themselves.
Do you know the acid test :) ???

Andy

flighty_sloth if the hardware of the computer is compromised, your activity could still be tracked regardless of the OS, including tails live USB.

As I quoted Tails:

Andy Tor encrypts and anonymizes your connection by passing it through 3 relays. Relays are servers operated by different people and organizations around the world. A single relay never knows both where the encrypted connection is coming from and where it is going to:

How do you suggest getting past those 'onion layers' ???
Suggest you read Tails documentation and read up on Ed Snowden walking out of NSA with Laptop :)

de0u Are you familiar with EFI rootkits? Here is some information:

Yes :) Word search did not find Linux - lol - cheeky wink :)
But of course you forgot to mention "When the Windows kernel starts and calls the hooked ZwCreateSection function while running normally, CosmicStrand regains control of the execution, restores the original code, and runs more malicious code."
So you get the BSOD Blue Screen of Death while Linux let alone Tails+Tor continues as normal having booted with a Linux kernel :)

DeletedUser87 Afaik Ed Snowden has that same opinion about compromised firmware; otherwise I'd like a source to an interview from him or something.

I think I am correct in saying Ed Snowden endorses DM of GrapheneOS and Tails+Tor?
I am sure you guys don't need help from me to research the NSA whistleblower's story?
However if you don't use Tails+Tor you cannot search the dark or correctly the 'deep web' safely.
I repeat the word safely. You might then get to Ed's interview with the Intercept?
I do not advise anyone to go there - in fact I warn all not to go there without Tails+Tor or go to any other site that 5-eyes joke democracy flag their citizens for visiting :(
Be careful my friends :)

DeletedUser26

Andy You’re not understanding that the USB isn’t, the computer in fact it’s running on hardware that has its own firmware installed on it, so whatever operating system you’re using doesn’t matter if there’s tracking stuff built into the hardware itself.

On top of that it’s possible that the firmware is exploited or infected while you’re running tails.

flighty_sloth

Andy @DeletedUser26 is correct, if the hardware of the computer is compromised, your activity could still be tracked regardless of the OS, including tails live USB.

de0u

Andy Are you familiar with EFI rootkits? Here is some information: https://arstechnica.com/information-technology/2022/07/researchers-unpack-unkillable-uefi-rootkit-that-survives-os-reinstalls/

DeletedUser87

Andy I don't think we're on the same page here. There definitely is a chance of compromised firmware, which can do things the OS doesn't even know about (and technically can't know about). In fact, Apple's T2 chips run on a modified watchOS which they called "BridgeOS" and is a non-malicious implementation of such a rootkit-like firmware, as it takes control over various system functions like audio or the SEP. Similar functionality (to a much lesser degree) exists in quite a lot of consumer (and even business) products today. Afaik Ed Snowden has that same opinion about compromised firmware; otherwise I'd like a source to an interview from him or something.

de0u

Andy Tor encrypts and anonymizes your connection by passing it through 3 relays. Relays are servers operated by different people and organizations around the world. A single relay never knows both where the encrypted connection is coming from and where it is going to.

Andy How do you suggest getting past those 'onion layers' ???

If the firmware on the machine deliberately sends copies of your packets to its command and control server, then the fact that Tor is sending your packets through its relays will not help you at all.

de0u Are you familiar with EFI rootkits?

Andy Word search did not find Linux - lol - cheeky wink :)

That one particular EFI rootkit targets Windows and not Linux. If your implication is that somehow Linux is magically immune to being targeted by EFI rootkits, it would be interesting to learn more about why you believe that -- perhaps you could cite a source supporting such a claim?

Overall, it's clear that you are familar with how Tor works and how Tails works. Those are powerful tools when used within their limits. But neither one is infinitely powerful, and both can be undermined by malicious low-level firmware.

flighty_sloth

Andy If the compromised firmware injects malicious software into TAILS OS as it's booting, at that point it could directly monitor everything you're doing at the OS level and the TOR network would irrelevant.

Andy

Sorry Guys, I've been away for a while :) buying secure Laptop with Wolf Security and just bought two Pixel 8 Pros. BTW latest GOS update crashed the kernel :(
Did you Guys ever discover the acid test for Tails+Tor? (now combined)
Did any of you Guys tell the Guardian their security for whistleblowers was broken?

« Previous Page