oxeo0/blog-contributions
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions.git synced 2025-07-02 06:46:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request 'Fix minor language issues in opsec/closedsource/index.html' (#216) from quiet14/blog-contributions:main into main

Browse source 
Reviewed-on: http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/pulls/216
yea i know i'm (and have been) guilty of spelling mistakes  over the years lol
to speed up the spell checking i recommend doing the following: http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/contribute/index.html (ctrl+f spelling) there's a llm that can check for spelling mistakes
This commit is contained in:
nihilist 2025-01-24 18:53:57 +01:00
commit 20c89d0293
1 changed files with 12 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

24
opsec/closedsource/index.html
View file

@ -8,7 +8,7 @@
<meta name="author" content="">
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
<title>Why can't I trust closed source software for Privacy ?</title>
<title>Why can't I trust closed source software for privacy?</title>
<!-- Bootstrap core CSS -->
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
@ -61,10 +61,10 @@
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-04-29</ba></p>
<h1>Why can't I trust closed source software for Privacy ? </h1>
<p>"Hey, i just wrote this code, i compiled it, it gave me this .exe file, run it on your computer!</p>
<p> What? You want the source code ? Hell no, just trust me bro!"</p>
<p>Or in other words, why can't i trust an adversary to not look at me when i install one of his cameras in my bedroom ?</p>
<h1>Why can't I trust closed source software for Privacy? </h1>
<p>"Hey, I just wrote this code, I compiled it, it gave me this .exe file, run it on your computer!</p>
<p> What? You want the source code? Hell no, just trust me bro!"</p>
<p>Or in other words, why can't I trust an adversary to not look at me when i install one of his cameras in my bedroom?</p>
</div>
</div><!-- /row -->
@ -77,7 +77,7 @@
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>What is closed source software?</b></h2>
<p>To briefly explain, any software out there was first written (a developer wrote some source code, for example in the go language), it was then compiled, and then the compilation produced a binary file (for example it became a .exe file on windows)</p>
<p>To briefly explain, any software out there was first written (a developer wrote some source code, for example in the Go language), it was then compiled, and then the compilation produced a binary file (for example it became a .exe file on windows)</p>
<img src="1.png" class="imgRz">
<p>The catch here is that when you try to reverse-engineer binary files, it's going to be very hard to figure out what the original source code was. This practice is called <a href="https://blog.nowhere.moe/binexp.html">Reverse Engineering</a>, a niche in cybersecurity, where someone tries to figure out what the original sourcecode was intended to be, with only the binary to work with.</p>
<p>One thing is for sure: you can't arrive at the original sourcecode from just the binary. It's mostly guess work.</p>
@ -97,7 +97,7 @@
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Privacy Is not a Spectrum</b></h2> </br> </br>
<p>Like we have explained <a href="../privacy/index.html">previously</a>, Privacy is binary, you are either being watched, or you are not being watched.</p>
<p>Like we have explained <a href="../privacy/index.html">previously</a>, privacy is binary, you are either being watched, or you are not being watched.</p>
<img src="6.png" class="imgRz">
<p><a href="https://discuss.privacyguides.net/t/should-privacy-guides-require-open-source-source-first-or-source-available-as-a-criteria-for-all-tools/22684/83">Whoever tries to tell you that "Privacy is a spectrum"</a> are just trying to justify that you should leave at least some closed source software on your computer if you don't feel like it, in the name of convenience.</p>
<p><b>No you should not, you either have privacy or you don't.</b> You definitely do not have privacy when there are 100 cameras from 100 different adversaries in your bedroom, <b>and it is the same thing as with leaving ONE camera from ONE adversary in your bedroom</b>, the simple fact remains, <b>you do not have privacy as long as there is at a camera pointed at you.</b></p>
@ -121,9 +121,9 @@
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Why is this relevant for Privacy ?</b></h2> </br> </br>
<h2><b>Why is this relevant for Privacy?</b></h2> </br> </br>
<p>Privacy as a usecase on your computer requires that you only run software from which you are able to read the sourcecode of:</p>
<p>I can just as easily write a software (let's say a chat application like Telegram), <b>I can make that software grab as much information as possible</b> like save the Computer model, serial number, get information on what other apps are running on your computer, what's the public IP address, take screenshots of what you're doing on your computer, <b>and I can make that application send all of that sensitive information to a remote server, while officially pretend that the additional network traffic is for "for telemetry purposes"</b>. </p>
<p>I can just as easily write a software (let's say a chat application like Telegram), <b>I can make that software grab as much information as possible</b> like save the computer model, serial number, get information on what other apps are running on your computer, what's the public IP address, take screenshots of what you're doing on your computer, <b>and I can make that application send all of that sensitive information to a remote server, while officially pretend that the additional network traffic is for "for telemetry purposes"</b>. </p>
<p>All i need is to simply prevent you from being able to read the sourcecode, that way you have no way to disprove that this isn't actually telemetry.</p>
<p>What's happening is that you have no visibility on what the software is doing, <b>it is not transparent</b></p>
<p>That's why the first step is always to ONLY use software that is fully free and open source (FOSS), <b>so that you are at least ABLE to know what the software you are running is actually doing.</b> To be able to achieve Transparent use.</p>
@ -134,7 +134,7 @@
<img src="../privacy/3.png">
<p>Keep that in mind, as this is the ABC of OPSEC you'll have to remember throughout the rest of the next blogposts i write, On any device of yours, there is only one type of acceptable software for Privacy, and that is FOSS software. It has always been this way, and will always remain this way.</p>
<p>If at any point in time you see people recommend closed-source software for privacy purposes, <b>you need to realize that they are either misled or are actively trying to mislead you into a false sense of security</b>, and you should remind them that <b><a href="https://discuss.privacyguides.net/t/should-privacy-guides-require-open-source-source-first-or-source-available-as-a-criteria-for-all-tools/22684/62">privacy and closed-source software are mutually exclusive.</a></b> hence the non-negociable need of using FOSS software for privacy.</p>
<p>If at any point in time you see people recommend closed-source software for privacy purposes, <b>you need to realize that they are either misled or are actively trying to mislead you into a false sense of security</b>, and you should remind them that <b><a href="https://discuss.privacyguides.net/t/should-privacy-guides-require-open-source-source-first-or-source-available-as-a-criteria-for-all-tools/22684/62">privacy and closed-source software are mutually exclusive.</a></b> hence the non-negotiable need of using FOSS software for privacy.</p>
</div>
</div><!-- /row -->
@ -172,8 +172,8 @@
<p>To conclude, here are the requirements you need to look for, for any software that you use:</p>
<ol>
<li><p>It must be FULLY free and open source (FOSS)</p></li>
<li><p>Ideally, if servers are involved, It must be self-hostable (for decentralisation) (meaning the serverside code must also be fully opensource)</p> (<a href="https://www.change.org/p/signal-foundation-resume-open-source-code-for-signal-server-do-not-close-source-it">see how this is no longer the case with Signal</a>)</li>
<li><p>It must implement privacy features like encryption</p></li>
<li><p>Ideally, if servers are involved, it must be self-hostable (for decentralisation) (meaning the serverside code must also be fully open-source)</p> (<a href="https://www.change.org/p/signal-foundation-resume-open-source-code-for-signal-server-do-not-close-source-it">see how this is no longer the case with Signal</a>)</li>
<li><p>It must implement privacy features like encryption.</p></li>
<li><p>It should not contain any telemetry, or any spyware.</p></li>
<li><p>It should ONLY do what it was originally meant to do.</p></li>
</ol>