Urgh. Very bleak, VST. But accurate. Cell phone use is so ubiquitous now, that there seems almost no way out. I would love to aim for your fourth mitigation measure but know, at best, maybe I will only ultimately achieve it in part (which defeats the object). Point 6 seems intriguing - I would hope that some smart and savvy programmers are working on unhackable stuff, but we would have to have a way of knowing if it's to be trusted or not. And also, it requires one to become quite savvy, oneself. Presumably one would have to uninstall corrupted stuff and reinstall incorruptible stuff, etc. So it would become a thing for nerds and not just your everyday IT-compromised paeon. I was interested that you said things are infiltrated at hardware level already. How is that? Also, I heard that people make use of Faraday bags. Is there anything to that? Maybe people will end up resorting to using two devices. One for their innocuous everyday unavoidable stuff like banking and using damned OTPs. And the other, hopefully anonymised, for doing the stuff that reveals their personalities and what they are looking at, saying, and asking.
"This month, news reports based on leaked documents said that the NSA itself has used that tactic, working with U.S. companies to insert secret backdoors into chips and other hardware to aid its surveillance efforts."
As users, trust in tech is a literal act of faith, and nothing is unhackable. The weakest part of any system is the human. The Internet of Things is literally unsecured. 95% of users have no idea what their connected devices are doing or how, let alone whether they are creating secure connections to the web and what they send and where they send it to. Various people and websites trawl the web for open IoT addresses like camera feeds and they can be tapped into and viewed.
This website at one time amalgamated open IoT camera feeds:
Depending upon the nature of the hack, uninstalling things wouldn't fix anything, especially if it is at the OS level. Firmware could be reflashed to remove a corrupted firmware provided that it had not delivered a payload elsewhere into the network/system etc.
Faraday cages/bags/boxes simply block electromagnetic signals thereby rendering devices incapable of sending/receiving signals past the cage. This makes the device inoperable over the wireless signal pathway but it doesn't affect what's running on the phone e.g. a hack that monitors device usage/content and reports/uploads periodically. You have to take the device out of the faraday cage to use it. The CIA's Hive hack was a way for a compromised device to upload target data to a seemingly innocuous website that was owned by the CIA :
See more CIA capabilities at Wikileaks Vault 7 articles.
Almost all people are unlikely to change their behaviour. Given the public revelations about hacking and surveillance, few people do anything of note to guard against it. What it comes down to is a perception of risk and reward. If you are no one, why would you be targeted, and by whom? So why bother worrying? This, of course, utterly ignores the fact that non-state actors operate in the same or similar ways and have even adapted CIA tools for their own ends. The CIA itself was hacked and its hacking tools arsenal stolen and sold, then later given away on the web. Modifications of their attack tools are out there. You may recall major ransomware events that affected businesses and individuals? That tech is related to state level hacking tools. Also, I have personal awareness of a UK farming company that was hit by ransomware in 2018. The police and the security services were involved with the ransom into the sub £10m IIRC. There was zero publicity about the event. As I recall, the ransom was not paid and the hackers did allow the programme to do damage, although memory is flaky as it was a secondhand account of the events. If it is police policy that a business held hostage with ransomware must adopt total silence then there is no way the public would know of the scale of the problem unless it manifested in the obvious change in a business' service provision.
Most people cannot be bothered to try using two devices even though it makes sense in a lot of ways, if you want a degree of privacy and plausible deniability. This begs the question of why people need to use social media for the transmission of things that used to be routinely private and only accessible in the home or limited physical release e.g. photographs. As we see now, all of that content is being stolen by big tech across the board and hoovered up to feed their growing systems and AI. And no creator of that content is being paid in anyway. They are literally having their digital footprint stolen and mined for corporatocratic and state benefits and profits, and they don't even know.
The sad thing is that in the face of such bleakness, many repeat the slogan "nothing to hide, nothing to fear" but that is nonsense spouted by fools.
Urgh. Very bleak, VST. But accurate. Cell phone use is so ubiquitous now, that there seems almost no way out. I would love to aim for your fourth mitigation measure but know, at best, maybe I will only ultimately achieve it in part (which defeats the object). Point 6 seems intriguing - I would hope that some smart and savvy programmers are working on unhackable stuff, but we would have to have a way of knowing if it's to be trusted or not. And also, it requires one to become quite savvy, oneself. Presumably one would have to uninstall corrupted stuff and reinstall incorruptible stuff, etc. So it would become a thing for nerds and not just your everyday IT-compromised paeon. I was interested that you said things are infiltrated at hardware level already. How is that? Also, I heard that people make use of Faraday bags. Is there anything to that? Maybe people will end up resorting to using two devices. One for their innocuous everyday unavoidable stuff like banking and using damned OTPs. And the other, hopefully anonymised, for doing the stuff that reveals their personalities and what they are looking at, saying, and asking.
Re hardware (2013):
"This month, news reports based on leaked documents said that the NSA itself has used that tactic, working with U.S. companies to insert secret backdoors into chips and other hardware to aid its surveillance efforts."
https://www.technologyreview.com/2013/10/08/176195/nsas-own-hardware-backdoors-may-still-be-a-problem-from-hell/
As users, trust in tech is a literal act of faith, and nothing is unhackable. The weakest part of any system is the human. The Internet of Things is literally unsecured. 95% of users have no idea what their connected devices are doing or how, let alone whether they are creating secure connections to the web and what they send and where they send it to. Various people and websites trawl the web for open IoT addresses like camera feeds and they can be tapped into and viewed.
This website at one time amalgamated open IoT camera feeds:
https://www.shodan.io/
Depending upon the nature of the hack, uninstalling things wouldn't fix anything, especially if it is at the OS level. Firmware could be reflashed to remove a corrupted firmware provided that it had not delivered a payload elsewhere into the network/system etc.
Faraday cages/bags/boxes simply block electromagnetic signals thereby rendering devices incapable of sending/receiving signals past the cage. This makes the device inoperable over the wireless signal pathway but it doesn't affect what's running on the phone e.g. a hack that monitors device usage/content and reports/uploads periodically. You have to take the device out of the faraday cage to use it. The CIA's Hive hack was a way for a compromised device to upload target data to a seemingly innocuous website that was owned by the CIA :
https://wikileaks.org//vault8/#Hive
See more CIA capabilities at Wikileaks Vault 7 articles.
Almost all people are unlikely to change their behaviour. Given the public revelations about hacking and surveillance, few people do anything of note to guard against it. What it comes down to is a perception of risk and reward. If you are no one, why would you be targeted, and by whom? So why bother worrying? This, of course, utterly ignores the fact that non-state actors operate in the same or similar ways and have even adapted CIA tools for their own ends. The CIA itself was hacked and its hacking tools arsenal stolen and sold, then later given away on the web. Modifications of their attack tools are out there. You may recall major ransomware events that affected businesses and individuals? That tech is related to state level hacking tools. Also, I have personal awareness of a UK farming company that was hit by ransomware in 2018. The police and the security services were involved with the ransom into the sub £10m IIRC. There was zero publicity about the event. As I recall, the ransom was not paid and the hackers did allow the programme to do damage, although memory is flaky as it was a secondhand account of the events. If it is police policy that a business held hostage with ransomware must adopt total silence then there is no way the public would know of the scale of the problem unless it manifested in the obvious change in a business' service provision.
Most people cannot be bothered to try using two devices even though it makes sense in a lot of ways, if you want a degree of privacy and plausible deniability. This begs the question of why people need to use social media for the transmission of things that used to be routinely private and only accessible in the home or limited physical release e.g. photographs. As we see now, all of that content is being stolen by big tech across the board and hoovered up to feed their growing systems and AI. And no creator of that content is being paid in anyway. They are literally having their digital footprint stolen and mined for corporatocratic and state benefits and profits, and they don't even know.
The sad thing is that in the face of such bleakness, many repeat the slogan "nothing to hide, nothing to fear" but that is nonsense spouted by fools.