this post was submitted on 06 Jul 2023
106 points (99.1% liked)

Technology

60129 readers
3373 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
top 15 comments
sorted by: hot top controversial new old
[–] tdawg 11 points 2 years ago

If only the French people could do something in response 🤔

[–] [email protected] 10 points 2 years ago

the members of parliament in the camp of President Emmanuel Macron inserted an amendment limiting the use of remote spying to “when justified by the nature and seriousness of the crime” and “for a strictly proportional duration.” They noted that a judge must approve any use of the provision, while the total duration of the surveillance cannot exceed six months.

Oh okay, required judge approval, time limits and serious crimes only is something at least...

They said sensitive professions, including doctors, journalists, lawyers, judges and MPs, would not be legitimate targets.

Ah, yes. So none of the ruling class then have to be concerned then, their positions will always be deemed somehow "too sensitive" for the provision to apply.

Another helpful tool in white collar crime for those with existing resources, and blue collar criminals can continue to be made an example of to convince everyone that the justice system is functioning well. I hope this article is just overstating the actual issues for fearmongering, for the French people's sake.

[–] TheOneWithTheHair 10 points 2 years ago (3 children)

If it passed in France, how long until the U.S. needs to "get hard on" crime?

[–] AbidanYre 11 points 2 years ago (1 children)

At least the French will riot over that kind of shit.

[–] [email protected] 5 points 2 years ago

Not just riot, they will ensure heads roll.

[–] [email protected] 8 points 2 years ago

You say that like it hasn't been happening already for two decades.

https://www.cnet.com/news/privacy/fbi-taps-cell-phone-mic-as-eavesdropping-tool/

I can't read French so I only have others' translations and intepretations to rely on, but from what I understand, the differences here are that,

  1. France lawmakers are being direct with their legislation, rather than relying on precedence or judges' interpretations of anti-terrorism or national security bills; and

  2. Privileged conversations (e.g. between client and attorney) can still be admissible when recorded surreptitiously this way.

Apparently it would still need to be pre-approved by a judge. That doesn't inspire much confidence in it not being hand-wave allowed, though.

[–] FoxyWaffles42 8 points 2 years ago (1 children)

Time for the French to dust off their guillotines

[–] BustedPancake 5 points 2 years ago* (last edited 2 years ago)

They've been dusted for a while now, we're just taking our time with the sharpening of the blade. We don't want to make the same mistake again, having to drop it twice or thrice on someone. It's inhumane and all, you know?

[–] InvaderDJ 2 points 2 years ago (1 children)

The question isn't whether they would do this or not. Every government would allow this, either legally or not. And lots do already.

My question is on the how. Specifically things like remote activating cameras and microphones. Location data can be gotten by ISP and wireless carriers. But how would they activate features on the phone or laptop? It would have to be malware right? That's what people should be worried about and should be explicitly blocked in the law.

[–] graphite 2 points 2 years ago* (last edited 2 years ago) (1 children)

Both Intel and AMD have backdoors created in their chips.

[–] InvaderDJ 1 points 2 years ago (1 children)

Are you talking about the management engine? Has that been proven to allow this type of access where they can enable the webcam or microphone without user permission?

[–] graphite 2 points 1 year ago* (last edited 1 year ago) (1 children)

Yes, IME.

Has that been proven to allow this type of access where they can enable the webcam or microphone without user permission?

It can read from your memory. It has access to the PCI bus. It runs in ring -3. Apparently it also runs MINIX.

It can operate without you being aware of what it's doing.

So, yes.

[–] InvaderDJ 1 points 1 year ago (1 children)

I need to look into this it sounds like. I’ve heard people say it can enable back door access, but it’s only been rumors and hypotheticals based on its access rights. If it can for example enable your webcam without any type of notification it’s happening that would be very concerning.

[–] graphite 1 points 1 year ago* (last edited 1 year ago)

I’ve heard people say it can enable back door access, but it’s only been rumors and hypotheticals based on its access rights.

Out of curiosity, how is your knowledge?

If it can for example enable your webcam without any type of notification it’s happening that would be very concerning.

From a theoretical standpoint, given that it apparently has access to the same physical memory, all that would be needed is to know the correct memory addresses to read a single frame from.

How the kernel allocates that and maps it appropriately is both driver-specific and OS-specific.

Technically speaking, it could be that there are specific pools of physical addresses reserved for such things. The vram for an integrated card has at least a portion which is typically shared, so that's worth taking into account as well, because the boundaries could be device specific or standard specific.

I'd personally have to research more myself, but if we're operating off of Murphy's law, then I'd wager that, yes, it's very possible. Perhaps even if your kernel module for the camera driver is disabled by the host OS.

It's certainly possible that the IME lane access is restricted in terms of what IO will be considered valid, but given that it isn't documented, and given that it runs a multitasking, Unix-OS...that alone says a lot. Maybe not enough to be certain, but a lot.

Previously it was running an RTOS. So, you have constant time tasks. Now that it isn't running an RTOS, there has to be a reason. Maybe it's designed to aid branch prediction - if it is, though, then it probably has access to the instructions that are being executed by the host CPU. If that's the case, then that implies that there are restrictions in the page mapping mechanism with respect to what physical addresses can be virtually mapped - assuming any protection at all.

You see where I'm going with this?