Re: Downgrade attack?
I guess it must be a matter of perspective but once something _is_ potentially a spy tool I don't care whatsoever whether it can or cannot be anything else. I just want it off my system.
That would be pretty much everything then? Pretty much everything is potentially a spy tool.
One has to have a level of trust somewhere, but swivelling eyes and tin foil hats don't do much and it's usually the simpler spy methods that are still in use because they are easy and still work.
Are you so worried about keyloggers that you vet the OS and track what happens to every key press and where the message is relayed, including checking canary network traffic to see if key presses affect it in unexplained ways? That's nice, all it takes is a USB key logger which passes through the USB identification and includes a dirt cheap 3G mobile comms chip in it and all that effort is for nothing - these kind of USB key loggers are disturbingly common and nothing in the OS will be aware of it. This is just one relatively rare tech example and the most likely route of loss of data is still the human factor. i.e. printing the data and not destroying it appropriately, copying the data, just having weak passwords (who needs to hack a system and go to all that trouble when somebody has a weak password or shares it?).
Biting the hand that feeds IT
