It's fact that it's possible, the question is just if Google is doing it. I know some apps that have been proven to track mouse movement to identify users and prevent botting. They want to identify users because it's against ToS to have multiple accounts and also to prevent banned users from making new accounts. Tracking mouse movement is extremely accurate way to uniquely identify users. Google would have no problems doing this if they wanted to, the question is just if they are doing that. I think it would be coping to say they aren't but that's my opinion based on my perspective on big tech and google.
Everyone reading this should start to contact websites/companies who use cloudflare and tell them in simple and few words that it's a problem and link them to a video or article that explains more, maybe even to this HN topic. We are not many, maybe 1-2% of their users/customers I keep reading people saying but I have in the past been able to get big tech companies to change to a friendlier tech. You would be surprised how effective it is to contact them about it. Maybe they have a tech support who already has same opinion as you but they can't make any change until a customer makes a complaint about it, then they happily see it as their opporunity to finally make a change.
That's same for almost all surveillance/tracking tech. It's always trivial for criminals/abusers to bypass. The surveillance is just about controlling the sheep.
To become a freelancer you first need to be a professional with a lot of work experience. Then you can start doing some freelance on the side and make it grow. It's very difficult to start your career as freelance.
To find part time job you first need to be able to find a job at all.
Basically no matter what, it all begins with getting work experience, probably full time, then after that you can start looking for part time or freelance.
So the charger won't work without the data wire and it could destroy the laptop.
It's so crazy because I've seen in these tech communities people saying it's recommended to cut the data wires and everyone is upvoting it. I guess that's another popular misconception going around that it's generally fine to cut a data wire.
The charger will work, just at a low/slow power. No destruction, unless it's non-conformant (the source should only increase the volts/amps if it detects the correct signalling from the drain... and this should is defined in the USB certification specs).
You may want to charge without a data-wire, or use a cable with a correct power-negotiation chip if you don't know/trust the source (eg a charging nook in a library/school/bar/airport.. anywhere public). Some devices are very trusting of power sources, or have been (security is improving, modern phones require unlock before they even acknowledge they accept/send data).
> You may want to charge without a data-wire, or use a cable with a correct power-negotiation chip if you don't know/trust the source (eg a charging nook in a library/school/bar/airport.. anywhere public).
There's an alternate charging interface you can use that's pretty widely available and I'd highly recommend--the 120/240VAC outlets all over the place!
Yeah yeah, I'm only half kidding. If you're going out to the bar you're probably not gonna shove a USB charger in your pocket. But in most of the rest of those situations (library, school, airport) and more you _probably_ have a few things you're carrying with you. Just leave a small adapter and cable rolling around the bottom of your bag and you don't have to worry about this. (Or at least you're into the realm of _wildly_ theoretical attacks.)
This doesn't just avoid the potential security issues... A lot of those charging lockers and things are not exactly well designed or well engineered. If you use your own charger you also know some weird cheap out-of-spec setup isn't going to damage your phone and there won't be any incompatibilities with the charger/cable/device that leave you charging at 7.5W.
There’s data, but then there’s also the “CC” pins. CC is mandatory for USB-C. It is what does the communication for PD. So, it’s data, but a very specific type of data.
> I have a cable here that I use to charge my laptop with 65W PD but it doesn't make a data connection. Does it do some black magic?
The magic is that USB-C has not one, but _several_ mostly independent "data" connection wires. Chargers normally do not use or care about the USB 2.0 data channel (or the separate USB 3.0 data channel), they only care about the separate "configuration" channel used for USB-PD negotiation; IIRC, according to the standard pure chargers are even supposed to short together the USB 2.0 wires, to signal to older USB B or micro-B devices "I'm a dumb passive charger which can provide more than just 2.5W of power".
So, if you have a broken cable which does not have the USB 2.0 wires connected (which AFAIK is not allowed by the standard), but has the power and configuration wires correctly connected, it might (or might not) work as a charge-only cable.
> The data lines weren't used for charging until fairly recently.
Several proprietary protocols (like Quick Charge) used the data lines to negotiate the power and voltage, then USB Battery Charging standardized a way to indicate being a charger through the data lines, and that was all before USB-C. So unless you were satisfied with very slow charging, the data lines were always necessary.
I asked about 0-day because I dont think anyone would use that on me. So if I know that it can only be done with a 0-day then I would practically be secure.
The first paragraph you made doesn't sound so convincing though with mostly "probably" and no source or explanation other than intel has put a lot of effort into protecting the boot rom and EC. If you or someone could elaborate further that would be great.
good answer, I will read more about uefi bootkits and blacklotus. It also reminds me that recently bootkitty uefi bootkit was in news. i saw a video about it a couple days ago.
Is it just from userspace you flash these firmware (other than boot rom)? Or can you flash externally as well if you have physical access?
This also means that just like you avoid a lot of malware by going to linux instead of windows which is what all hackers build their malware for, you can probably also avoid a lot of these firmware bootkits by flashing coreboot instead of having UEFI.
Both userspace or externally, including the boot ROM, from Windows or Linux.
You could flash coreboot and run your own secure boot chain etc on one machine, but this is absolutely not something you can do at organisational scale.
That said, only individuals worried about foreign intelligence services need to incorporate this into their threat model.
How would it be done externally? Is it done same way as flashing the boot rom? You just need to know where the chip is for the other components? No 0-days needed? Or do you need a 0-day to do this? Is that why you think only foreign intelligence agencies are the ones who can do this?
Also assume that the bios is password protected and it's configured in bios to not boot from a USB drive.
These are the type of vague answers i said i didn't want because they are not helpful. How do i know if you really know what you are talking about? No explanations or links to sources. "depends on the device" is almost not an answer at all.
BIOS password does help if they need to be able to boot from usb drive to flash firmware. Or do you know another way? Again, not talking about boot rom.
> "depends on the device" is almost not an answer at all.
If you ask extremely general questions, you're going to get extremely general answers. This is a discussion board, not a personal research service. You need to go and figure this out for the specific hardware you are concerned about.
> BIOS password does help if they need to be able to boot from usb drive to flash firmware.
That's the only circumstance in which it helps, but that's rarely necessary on modern machines.
But my questions aren't extremely general, i even asked very specifically if you are supposed to attach an external programmer to the component like keyboard or cam etc but you can't even answer that. You can't even give one example. Are you saying there is nothing at all in common with different device models like camera model b and camera model c? You don't physically manipulate with them in any way? Don't attach anything or what? Or do you shine a light on one model and breath on another? When you can't even make one example that makes it hard to believe you. You are just constantly deflecting and refusing to explain. It just seems like you are spreading FUD when you say it can be done but wont explain how. I'm not even asking for full step by step instruction, just a simple overview of what kind of process it is in general.
I think most people already know that air pollution is bad for health. The question is how big part in all these deaths did the air pollution have.
Are those face masks people use to "protect" themselves from covid effective at protecting from air pollution? I don't even know if asking these questions is worth it when there is so much censorship.
I have been making youtube videos for a long time on many different accounts. I don't know what else to say except try to choose topics that youtube won't give you trouble over so avoid things like privacy, crypto, politics. Then you just keep making videos and one day you win the lottery when the algorithm finally shines the light on you.
I think you have the same problem either way. NSA (most likely) recently was caught for putting backdoor in IOS. It doesn't matter how big the brand is.
Unfortunately it comes down to just needing to learn how to verify the hardware. If you only trust then you have lost.
