You used “either”, then “nor”, sorry I lost the point you were making. Wasn’t sure on your point about the adversary already owning the pipe.
Tailored exploitation is a good point though.
Admittedly RPi isn’t any current advice except for outdated hobbyist advice. If I cared to defend against nation state I’d avoid gen purpose CPU’s altogether and focus on in house manufactured minimal circuits, possibly fpga’s and printers or some other trusted peripherals. I’d build my own keyboards too.
The poster was concerned about video being hacked. This would be hard to hide, at least for being owned in real-time, if one were keeping track of the packets coming and going. If you’re whitelisting all your outbound and disallowing inbound, and if your decoupled passive nids is set up right you at least have the physical network layer covered.
If you’re targeted for tailored exploitation then you’d be considering a scif anyway if you really have something that important to hide. In a pinch, a faraday cage would probably be a good idea if you can set it up right. Don’t trust any devices that come in or out.
> The poster was concerned about video being hacked. This would be hard to hide, at least for being owned in real-time, if one were keeping track of the packets coming and going.
How would keeping track of packets detect a compromised web cam absolutely? An SSL-encrypted connection to Amazon servers, for example, could easily be used to exfiltrate pictures, audio and even low-bandwidth recordings while still blending in with typical, expected Web traffic.
You’re right. One can’t assure that won’t happen unless you can ensure that every outgoing packet hasn’t been tampered with inside your computer. But that problem can also be tackled as part of a solution to reduce risk but not eliminate it.
How about simply using a new style of webcam that uses a physical shutter when active? Any reason I can’t go on amazon and buy one? Are these illegal?
Sadly you’d want analog push button switch on mics only. Latch as well ok if done securely.
You could jump through tons of hoops to minimize risk for the above but given the complexity of a typical computer, most won’t have a chance as you noted.
If you whitelisted all your activity and took the other precautions noted (and if you have clean hygiene) then it would be much more difficult for your strong adversary as your nation state would need to own your box remotely. And it is possible to defend against that sort of thing. Yes if you just have indiscriminate traffic coming and going, defense becomes astronomically more difficult.
Tailored exploitation is a good point though.
Admittedly RPi isn’t any current advice except for outdated hobbyist advice. If I cared to defend against nation state I’d avoid gen purpose CPU’s altogether and focus on in house manufactured minimal circuits, possibly fpga’s and printers or some other trusted peripherals. I’d build my own keyboards too.
The poster was concerned about video being hacked. This would be hard to hide, at least for being owned in real-time, if one were keeping track of the packets coming and going. If you’re whitelisting all your outbound and disallowing inbound, and if your decoupled passive nids is set up right you at least have the physical network layer covered.
If you’re targeted for tailored exploitation then you’d be considering a scif anyway if you really have something that important to hide. In a pinch, a faraday cage would probably be a good idea if you can set it up right. Don’t trust any devices that come in or out.