peacefan
Gold Member
netflix series 'spycraft', season 1 episode 5 is hugely incomplete since the deployment of the israeli-developed rootkit spyware 'pegasus', which was recently exposed in just about all major western media news outlets,
as an end-user application programmer since the age of 5 (i'm now 44), i believe it is now possible for governments to infiltrate any phone in use today (not just smartphones) without the user's knowledge.
in the future, the only safe smartphone or internet connected device is a device with it's operating system compiled from a download of the device's operating system's source code, which is then installed on the device.
to further complicate things, this compiling must be done with device operating system source code that is downloaded from a website with a verified[2] ip address and starttls/tls website encryption certificate. check the entire certificate permission chain for anomalies. any indication of those is clear indication that you might well be under a 'middle-man attack', which would deliver corrupted operating system component updates or source codes for other apps or operating systems.
a secure tor-networked[1] operating system like linux, itself also checked by someone or a team including a cyber security expert, competent c++ programmer and operating system expert,
[2] you verify it by requesting the DNS records with a trusted linux computers 'nslookup' and 'dig' terminal app commands, from multiple locations around the world, where you can trust the local dns servers. be sure to check for DNS poisoning.
[1] tor-networks are only safe to use for downloading sourcecodes while they remain uninfiltrated with content-poisoning nodes (connected computers).
i believe this trend to only intensify from here on.
the creators of the series 'spycraft' seem to agree with me, based on their detailed description of how audio recording and poison spycraft evolved in the 20th century.
from here on, no password or 2-step verification method at all is safe anymore. it is simply recorded and/or transmitted at the input level.
having *ever* used your fingerprints or your phone's facial recognition features to log in or unlock apps' features, means thet these can be used to open other devices or rooms or buildings that you aim to protect with your biometrics, your face's picture or your fingerprint(s).
summary & in simple terms :
- biometric login is not safe at all anymore if you ever use it on a networked device.
- people everywhere and especially those that work for government, will be vulnerable to a total disappearance of privacy and identity security.
as soon as a program like 'pegasus', or any of it's more capable successors, hits the open market, or sees the arrival of an app that can package all a person's personal and biometric data and then sell it on some tor-networked digital market place, even modeately wealthy criminals could become the next advanced spy organisation, capable of anonymous assasination to blackmail or reputation-destruction of politicians (or anyone for that matter).
as also explained in glaring detail in the same previously mentioned episode of 'spycraft', China has chosen to impose doctrine on it's people through what's called a social credit system.
but it also increases the chances of corruption at every level of public office.
and, the more data about people is recorded on a large scale, the more these people become vulnerable to attack by digital or real-world impersonation.
social media or (vdeo-)chat app use is especially dangerous.
digital- and real-world impersonation becomes possible with the first picture of themselves that people post anywhere on the internet at all under their own name, and photo accurate 3d-rendered video impersonations of you become possible in any video background setting (unreal engine 5 and the computers sold around 2025 and later will be especially good at this) ,as soon as you've used any video chat app, up to the point of including the generated audio of any text message of the attacker's choice to go along with the video. even lip movements would be digitally synced to whatever the attacker wants to have you appear to say in a video message / chat.
even your phone's physical location could be constantly tapped if it's not encased in a EM and sound shielded box (which i recommend for each diplomat's and intel officer's car, possibly disguised as cool container or hidden layer beneath or behind any of the car's control panels).
this is possible by manipulating both what you see in your phone's browser (or ahy device connected to it via virtual hotspot software built into your phone's OS), for instance the cryptographic hash values that are supposed to convince you a piece of software can be trusted.
in addition, any (video-)chat app on such an infiltrated phone can record and/or transmit your entire chat history as it happens to any other device anywhere on the public internet, encrypted and/or camouflaged inside other file formats.
i believe ti to be inevitable that this technology will lead into the grey and black criminal worlds.
so governments had better prepare.
if the population is to be digitally profiled and policed (even the west would to that against (domestic) terrorists),
then the police itself must also be policed,
and the civilians and government personnel given state-verified binary install files for operating systems for *every* internet-connected device sold in the public domain.
ideally, governments would force companies to hand out their source codes for operating systems and all apps run on that operating system.
it would be the death of closed source as a business model, but it would mean that the government and it's allies can use it to secure the operating systems first and upon each update (to catch the CVE vulnerabilities), and an increasing circle of apps second, by having government employees who have been background checked and who are kept under permanent observation themselves, examine the device operating system or app source code in detail, and then declaring it fit for compilation into a trustworty installation binary, on a trustworthy, source-code-checked non-networked[1] computer.
[1] you'd have to use a motherboard without bluetooth, wifi or NFC, and you'd obviously not stick a network card into any network connector on the pc.
and these policies would need to extend well beyond smartphone and desktop computer usage. they would need to include the entire industries of a country too.
to make it simple again : if country A makes a chip or any software at any level at all for any digital device or machine, and country B does not entirely trust that country A or the company making the chip or software,
then only by refusing to buy such technology without the source-code,
can countries, companies and individuals even begin to keep themselves safe from a huge range of anonymous well-hidden hard-to-trace attacks.
government-organised distribution and constant human source-code-level trust verification of all digital systems' operating systems and apps, combined with drastically enlarged application of internal affairs procedures (where a public officer can be observed by internal affairs staff in both office and private time) is the only way to ensure that the police and the state can protect not just the state, but the people living in it, and companies operating in it, as well.
as an end-user application programmer since the age of 5 (i'm now 44), i believe it is now possible for governments to infiltrate any phone in use today (not just smartphones) without the user's knowledge.
in the future, the only safe smartphone or internet connected device is a device with it's operating system compiled from a download of the device's operating system's source code, which is then installed on the device.
to further complicate things, this compiling must be done with device operating system source code that is downloaded from a website with a verified[2] ip address and starttls/tls website encryption certificate. check the entire certificate permission chain for anomalies. any indication of those is clear indication that you might well be under a 'middle-man attack', which would deliver corrupted operating system component updates or source codes for other apps or operating systems.
a secure tor-networked[1] operating system like linux, itself also checked by someone or a team including a cyber security expert, competent c++ programmer and operating system expert,
[2] you verify it by requesting the DNS records with a trusted linux computers 'nslookup' and 'dig' terminal app commands, from multiple locations around the world, where you can trust the local dns servers. be sure to check for DNS poisoning.
[1] tor-networks are only safe to use for downloading sourcecodes while they remain uninfiltrated with content-poisoning nodes (connected computers).
i believe this trend to only intensify from here on.
the creators of the series 'spycraft' seem to agree with me, based on their detailed description of how audio recording and poison spycraft evolved in the 20th century.
from here on, no password or 2-step verification method at all is safe anymore. it is simply recorded and/or transmitted at the input level.
having *ever* used your fingerprints or your phone's facial recognition features to log in or unlock apps' features, means thet these can be used to open other devices or rooms or buildings that you aim to protect with your biometrics, your face's picture or your fingerprint(s).
summary & in simple terms :
- biometric login is not safe at all anymore if you ever use it on a networked device.
- people everywhere and especially those that work for government, will be vulnerable to a total disappearance of privacy and identity security.
as soon as a program like 'pegasus', or any of it's more capable successors, hits the open market, or sees the arrival of an app that can package all a person's personal and biometric data and then sell it on some tor-networked digital market place, even modeately wealthy criminals could become the next advanced spy organisation, capable of anonymous assasination to blackmail or reputation-destruction of politicians (or anyone for that matter).
as also explained in glaring detail in the same previously mentioned episode of 'spycraft', China has chosen to impose doctrine on it's people through what's called a social credit system.
but it also increases the chances of corruption at every level of public office.
and, the more data about people is recorded on a large scale, the more these people become vulnerable to attack by digital or real-world impersonation.
social media or (vdeo-)chat app use is especially dangerous.
digital- and real-world impersonation becomes possible with the first picture of themselves that people post anywhere on the internet at all under their own name, and photo accurate 3d-rendered video impersonations of you become possible in any video background setting (unreal engine 5 and the computers sold around 2025 and later will be especially good at this) ,as soon as you've used any video chat app, up to the point of including the generated audio of any text message of the attacker's choice to go along with the video. even lip movements would be digitally synced to whatever the attacker wants to have you appear to say in a video message / chat.
even your phone's physical location could be constantly tapped if it's not encased in a EM and sound shielded box (which i recommend for each diplomat's and intel officer's car, possibly disguised as cool container or hidden layer beneath or behind any of the car's control panels).
this is possible by manipulating both what you see in your phone's browser (or ahy device connected to it via virtual hotspot software built into your phone's OS), for instance the cryptographic hash values that are supposed to convince you a piece of software can be trusted.
in addition, any (video-)chat app on such an infiltrated phone can record and/or transmit your entire chat history as it happens to any other device anywhere on the public internet, encrypted and/or camouflaged inside other file formats.
i believe ti to be inevitable that this technology will lead into the grey and black criminal worlds.
so governments had better prepare.
if the population is to be digitally profiled and policed (even the west would to that against (domestic) terrorists),
then the police itself must also be policed,
and the civilians and government personnel given state-verified binary install files for operating systems for *every* internet-connected device sold in the public domain.
ideally, governments would force companies to hand out their source codes for operating systems and all apps run on that operating system.
it would be the death of closed source as a business model, but it would mean that the government and it's allies can use it to secure the operating systems first and upon each update (to catch the CVE vulnerabilities), and an increasing circle of apps second, by having government employees who have been background checked and who are kept under permanent observation themselves, examine the device operating system or app source code in detail, and then declaring it fit for compilation into a trustworty installation binary, on a trustworthy, source-code-checked non-networked[1] computer.
[1] you'd have to use a motherboard without bluetooth, wifi or NFC, and you'd obviously not stick a network card into any network connector on the pc.
and these policies would need to extend well beyond smartphone and desktop computer usage. they would need to include the entire industries of a country too.
to make it simple again : if country A makes a chip or any software at any level at all for any digital device or machine, and country B does not entirely trust that country A or the company making the chip or software,
then only by refusing to buy such technology without the source-code,
can countries, companies and individuals even begin to keep themselves safe from a huge range of anonymous well-hidden hard-to-trace attacks.
government-organised distribution and constant human source-code-level trust verification of all digital systems' operating systems and apps, combined with drastically enlarged application of internal affairs procedures (where a public officer can be observed by internal affairs staff in both office and private time) is the only way to ensure that the police and the state can protect not just the state, but the people living in it, and companies operating in it, as well.
Last edited:
