As the title states, this is a thread to converse about Open Source hardware without any NSA, FSB or Chinese backdoors. What options might we have in the future and what options are available at the moment that are fully auditable against government-imposed backdoors?
I recently read something about how tech stuff in the USSR always came with an instruction manual so it can be repaired. Can’t have backdoors if you know how every part works. Can still have attack vectors, however.
Probably not, i think the best you can do is choose which state is gonna have the backdoor into your device. In which case i’d pick the proletarian state of China over a bourgeois state. Hardware has to be made by someone somewhere, it doesn’t get created in a void, and depending on where the manufacturer is located they will be subject to the political pressures of their respective state. States will always have a vested interest in having as much access as possible.
Hardware backdoors you mean?
Because exploits will always exist and the west in particular will always pay well for them, plunge money into finding them, and exploit them for advanced malware and device surveillance and control campaigns.
There is zero credible evidence China, unlike the west deliberately puts hardware backdoors or spying equipment in their electronics. There is the likelihood they like all states use software exploitation of vulnerabilities to gain access to and conduct legitimate activities such as defense against hostile powers, surveillance of spies and agents and probable spies and agents for hostile powers, etc.
Is it illegal to not have backdoors in a system? It seems silly to have backdoors at all for that is a guaranteed vulnerability that can be exploited by any number of people in the manufacture of the product.
I’d like to see it. If your actions are on the side of the proletariet why would you need backdoors on your products? There are other methods of tracing and preventing reactionary violence other than hardware backdoors.
It’s not that it’s illegal not to have them. It’s more because the class interests of tech company boardmembers and institutional shareholders match up with the class interests of capitalist governments, especially the unelected and unaccountable deep state elements.
There was an interesting book I read most of a while ago called Surveillance Valley. It goes into the history of computers and the internet and how they’ve always been used by the reactionary capitalist class and their state apparatus to better oppress the masses. Although it’s not written in a class conscious way and the author is very liberal.
companies like Purism, Pine64, system 76, framework, thinkpenguin and many other privacy focused companies do produce digital products that meet the needs of customers that want privacy. Often they don’t have a very good marketing team to sell to that many people because many people don’t value privacy anymore. Most free libre open source software is run by non profits that seek to build privacy respecting software. The original software can be used by anyone and the more profitable companies with a better marketing budget copy the software that works, then builds a surveillance apparatus on top of it. RISKV is an example of a open source hardware that does not surveil the customers. https://riscv.org/
RISC-V is only an ISA though. The important part is the implementation. Someone can design a chipset that implements RISC-V but at the same time still has backdoors, undocumented instructions and requires proprietary firmware to boot. Likewise, someone could theoretically make a chipset that implements x86_64, has no backdoors and Just Works™ with libreboot.
RISC-V does not mean no backdoors or other spookiness. But a processor that is indeed void of such things is more likely going to be a RISC-V than an x86_64/ppc64/aarch64/etc. since RISC-V is a free ISA that anyone can use.
correct, but a company can make it not have spookyness if they wanted to.
There are some companies which value user privacy and device control but unfortunately they’re in the minority. I don’t see things fundamentally changing at an industry wide scale until we get capitalists out of tech.
Another thing to consider is that the average person just doesn’t care about privacy, at least not digital privacy and all the myriad ways it is or can be violated. Call it poor education, lack of interest, or simple resignation to something that seems inevitable.
Ultimately it will not be sufficient to have an open source hardware chip. The tools and machinery to fabricate the chip will have to be open source as well. There is a whole supply chain to consider.
can you give some examples?
