Author: marc Date: To: dng Subject: Re: [DNG] A Devuan kernel?
Hello Jimmy
> Today Linux is pretty much owned by the NSA, including it's developers, not
> many educated eyes out there anymore to spot and report malware. Things have
> changed.
So there is a nice poster around with a grumpy cat saying
"The NSA broke my internet, so I am building a GNU one". I
understand the sentiment.
However: Loads of eyes are looking at the kernel, and if
I were to trust my intuition, I'd say that the back doors
are more likely (or more numerous) in the processor,
its microcode, the graphics card firmware and the ACPI
nonsense.
So: Coding a new kernel is probably one of the more expensive
security exercises. Rebuilding from source is cheap, but it
is unclear if it would remove the backdoors (keywords "On
trusting trust", duckduckgo them, yandex it).
However: The big security improvement you - Jimmy Johnson
aka field.engineer@??? can make without requiring any
special skills is to stop using gmail.
Google has pioneered many of the major privacy abuses:
- the overt scanning of people's mail via gmail
- the gathering of access point data via its streetview cars
(got them into trouble in France, the rest of the world
didn't want to notice)
- its worldwide web tracking effort via google anal itics,
fonts.googleapis, doubleclick.nyet
- the major spyware known as chrome and its associated
corruption of mozilla
Summary: Google is probably *the* entity which has
moved the Overton window towards the view that spying is
socially acceptable.
So: I struggle to reconcile your security concerns with
your use of gmail. So maybe once you stop using gmail
I'll examine your views on the NSAs kernel ownership
more seriously