Follow

Uncomfortable facts: It's probably a lot easier for local law enforcement to get a warrant to seize and examine your personal computers directly than it is for them to successfully get your data out of a FAANG company.

The FAANG companies hate doing that work and argue about it all the damn time. Your local judge probably feels like a zillion bucks sending cops to seize assets. And they've feel like a kobuhzillion bucks ordering you to your face to unlock the computer or face contempt charges.

I mean, I'm sorry. But this is true.

Β· Β· 6 Β· 2 Β· 7

Hollow out a space in your door, put your raspberry Pi in there, then run wires to the hinges and run the 5v through the hinges via a hidden wire in the doorframe.

IDK maybe that'll hide it.

Show thread

@endomain
a. Why do you think it's hard to get a warrant for FAANG companies, especially when they produce transparency reports?
b. Even if it were more difficult, seizing your computers is not something that will be a covert action like it when they take your data from other people's computers
c. In the US, you don't have to testify against yourself (including giving up passwords), at least for now. When a person's data is taken from FAANG, they don't need your password

@adam

a) Because they refuse a metric ton of data requests, and that's in said transparency reports.

b) That's true, but it's actually not a very common threat model. While folks *have* certainly hidden their secret terrorist plans in email drafts, usually the security threat FAANG privacy intrusions present is comprehensive anonymization.

YMMV in other countries.

c) I regret to inform you that all they do is say, "We think this person has child porn" and then even if you don't have child porn, the game is done. The entire notion of the 5th is a sham in modern america and it has been for decades.

YMMV in other countries.

@endomain They might complain about it but they don't really do much work there. Here's Facebook transparency report: 140k requests in 6 months, 74% satisfied. How many seconds do you think a real human spends on each request?

@angdraug Yeah, that's 25% rejected.

What's the warrant rejection rate of your local courts? How many times has a FISA court rejected a warrant requests, if we're on the subject of courts enabling bad behavior.

@angdraug Again, none of these things are "good". I'm not saying "FAANG products are good for privacy." They're obviously not.

I'm saying, the idea that someone running a NextCloud or w/e is "more secure" is extremely dependent on how you define the threat model and what you're actually doing.

If you're actually planning to kidnap a state governor, FDE on a USB drive that a RPi is using probably is probably no better; it may even be worse. Obviously, don't do those things and this is no problem.

@endomain FISA are a tiny fraction of the legal requests big tech get (btw it's not just GAFA: minus Netflix, plus telcos). Also, exceptionally dangerous idiocy like plots to kidnap state governors is what these SHOULD be used for.

What I don't like is sweeping innocent bystanders in excessively broad data collection, and that's much easier to abuse with the APIs big tech provide to LE than by sending officers to knock on doors.

I'd love to see the local court stats to compare.

@angdraug Law enforcement requesting data deanonymization and drag nets are a real problem, but less so for FAANG than for comms providers; and we have essentially no choice about comms providers.

@endomain i find this is only the case for local law enforcement, and even then they cant force you to unlock your computer (Depending on where you are). for the local law enforcement threat model, i believe youre correct though

@y0x3y They *absolutely* can just trump up a child porn charge and then we've seen that's sufficient to overrule your 5th amendment rights. Similarly, there appears to be no restriction on forcing you to use your biometrics on devices.

And this assumes that the cops play "by the rules" inasmuch as they do not threaten you or use the threat of asset forfeiture to bankrupt you, which they routinely do.

@endomain yes to all of these. biometrics arent protected in the same way passwords are, made up allegations will force your hand and so will underhanded shady tactics. youre right for local law enforcement model, but thats a very specific model i guess is how i feel. outside of america it seems to be less of a concern

@endomain FAANG is such a weird acronym. these companies don't have all that much in common with each other beyond being really, really big.

@technomancy It's kind of a good way to look at it. Every company on this list is where it is because of its size allowing it to effectively break down market economics and have massive political impact.

There are plenty of more innovative companies, staffed with smarter and more creative people. But their lack of capitalization means they have an overwhelming probability of falling into one of these black holes, or imploding due to lack of capital.

@endomain but like ... the cops busting in to get access to your Netflix account? seems very far-fetched.

Sign in to participate in the conversation
hackers.town

A bunch of technomancers in the fediverse. Keep it fairly clean please. This arcology is for all who wash up upon it's digital shore.