this post was submitted on 16 Oct 2023
1763 points (99.3% liked)
internet funeral
6966 readers
284 users here now
ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤart of the internet
What is this place?
• [email protected] with text and titles
• post obscure and surreal art with text
• nothing memetic, nothing boring
• unique textural art images
• Post only images or gifs (except for meta posts)
Guidlines
• no video posts are allowed
• No memes. Not even surreal ones. Post your memes on [email protected] instead
• If your submission can be posted to [email protected] (I.e. no text images), It should be posted there instead
This is a curated magazine. Post anything and everything. It will either stay up or be lost into the void.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I'm writing the way I do because you're bringing up points that are incredibly easy to disprove as if they're some kind of gotcha. "They might store the data" seems like a good point until you remember that even that stored data has to be transmitted at some point. How would you have me reply to these non-arguments?
Because it's sufficient to prove that the device doesn't just not respond. That was the initial point I was replying to. Why do I have to find any possible counter-arguments when they weren't brought up?
Yes, because it's sufficient to disprove the additional point you brought up. Just do it until the heat death of the universe if you want to be sure. You're the one theorizing they might store the data locally. Create a full hypothesis, and I can tell you how to disprove it.
You make it sound like "gathering data on the average amount of traffic in your requests generally" is complicated, and like you don't already have the data from the previous two points.
And you could still see this through statistical analysis.
It's the only way your points make full sense. It's a simple truth of the universe that transmitting more information requires transmitting more information. The only way to get around this is the aforementioned infinite compression algorithm. Any other method is detectable through statistical means.
It was never supposed to be a “gotcha”, it’s just the obvious question that arises based on what you said. I didn’t think my ideas were clever. Your thesis when you started this thread was that there was an easy way to be sure that the mute is real, and you gave it. You sound like a person who simply can’t stand to just say “oh right, I misspoke” or even just “ah yes, I oversimplified”, so you act like obviously everything I bring up was implied all along, with a touch of rudeness as punishment. Even though, again, your point about there needing to be a zero-compression algorithm made it seem like there was nothing else left to account for, even though there was.
I would not be surprised at all if there is a way to detect with high confidence whether the mute does what it should, and for all I know that has been done. I was really just wanting to hear what I was missing by bringing up the obvious questions that a non-security expert like me would wonder. It seemed like it couldn’t be as straightforward as you said, and through your responses in fact it isn’t. You really have to ask yourself what you were even trying to accomplish with posting on this topic at all based on your reaction to those very simple, non-threatening questions.
And I gave the obvious answers to those obvious questions.
Sorry, but that's a mis-representation. Somebody said "Also muting it probably doesn’t stop it listening, it just stops its response.", and I replied to that with a simple way to show it's not the case. I didn't bring in a thesis, I brought up a counter-argument.
You're free to show me where I went wrong, but I don't see it. Somebody said "what if A?", and I responded "it can't be A due to X". Then you came in "what if B?", I said "it can't be B due to Y". Then you came in again and I responded again. Where did I supposedly oversimplify or mis-speak? People kept bringing up hypotheses, and I kept bringing up counter-arguments.
Yes, if someone makes a different argument, previous counter-arguments won't fit. Seems pretty obvious?
And I gave you answers for your "obvious questions". It would help a lot if you formulate your questions as questions. You formulated them as arguments, to which I replied with counter-arguments.
The answers to the questions you brought up are as straightforward as I said. The answer to other questions isn't as straightforward, because I didn't answer those questions.
When there isn't any stored data to be sent, they could easily send fake/random data in requests though. So then it's not detectable if data is stored and sent or not. How would you make up for that?
That's actually a good point! Random data is unlikely since it would be noticable due to differences in size of the compressed traffic (random data doesn't compress), but fake data would not be distinguishable from just looking at traffic.
Luckily there are still things you can do, like analyzing the firmware itself (especially when you can inject your MitM proxy cert). It has been done before, and it's reasonable to assume such a technique would have been found by security researchers by now.
Wow, the tone of your replies sure has changed.
Any additional analysis of my comments you'd like to share?
Damn, and just when you were improving.