208
this post was submitted on 03 Oct 2024
208 points (97.7% liked)
DeGoogle Yourself
9014 readers
2 users here now
A community for those that would like to get away from Google.
Here you may post anything related to DeGoogling, why we should do it or good software alternatives!
Rules
-
Be respectful even in disagreement
-
No advertising unless it is very relevent and justified. Do not do this excessively.
-
No low value posts / memes. We or you need to learn, or discuss something.
Related communities
!privacyguides@lemmy.one !privacy@lemmy.ml !privatelife@lemmy.ml !linuxphones@lemmy.ml !fossdroid@social.fossware.space !fdroid@lemmy.ml
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This argument assumes that they'd only do something if they could get perfect coverage, which isn't very compelling for me. IMO the question should be "would it give enough access to more information to be worth it", not "it's only worth it if it gives access to all information".
And, as the other commenter mentioned, it is difficult to get some Chinese phones, though not impossible and if this whole line of thought plays into that, the reasoning is probably as much about cutting off their access to this kind of thing as it would be about making it harder to avoid western agencies doing this. They've said the first one out loud (they being politicians justifying blocking Huawei), and wouldn't have said the second part either way.
Doing this and not covering like half of the phones out there would be even dumber, and way too risky. It's not just about Chinese phones, the most popular smartphone vendor, Samsung, is from South Korea. Yeah, South Korea is a US ally, and the NSA might have some kind of crazy deal in place with them to backdoor their phones, but that would exponentially increase the risk, as not only would the NSA and all the US phone manufacturers have to keep this a secret, the South Korean government as well as Samsung, which is a massive corporation with hundreds of thousands of employees, would also have to make sure that none of this gets leaked to the public. This is way too unrealistic, and can easily be dismissed as a conspiracy theory.
I think you're greatly overestimating the number of people who would need to be involved. It could be done by one person in the right RTL design position. ASIC validation doesn't involve exhaustively searching for any backdoors that bridge between something accessible with low privileges to something that is supposed to require higher privileges.
And if someone else did notice that, there's a good chance it would just be a "thanks for reporting that, I'll fix it" without a root cause investigation about how it got there, especially if it gets reported to the one who put it there in the first place.