Privacy

31258 readers

652 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

[email protected]

How big threat do you think Intel ME is in reality, not in theory? (lemmy.wtf)

submitted 3 days ago by [email protected] to c/[email protected]

31 comments fedilink hide all child comments

When it comes to Intel Management Engine, I actually think it's not a threat if you neutralize it. I mean to just set the HAP bit on it. Because if that isn't enough then that means all computers in the world which use Intel CPU can be accessed by NSA but if NSA had this much power then it seems obvious that they aren't using it and why wouldn't they use it?

There's a github project to neutralize/disbale Intel ME: https://github.com/corna/me_cleaner Disable is overwriting intel ME as much as possible with zeros, leaving only a little remaining to be able to boot the computer. The newer the intel chips are, the less likely it is to be able to disable it. But all chip sets can be neutralized which means to set the HAP bit which is an official feature. In theory we can't actually trust the HAP bit to really disable intel ME permanently. It's more like asking Intel to do what they have promised because it's proprietary. But I think it really does permanently disable it because otherwise NSA would be abusing this power.

That's why I think the newer laptop models are better because it's probably not necessary to disable, it's enough to just neutralize withthe HAP bit. And with a newer modern laptop they can have open source Embedded Controller firmware which is better than proprietary Embedded Controller firmware.

I'm interested to hear what you think as well.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 45 points 3 days ago (7 children)

I choose not to think about it or include it in my mental threat model, the same way I choose to not worry about thermonuclear warheads.

If there’s some exploitable backdoor and Intel gets owned, we’re all boned and there’s nothing we can really do about it. I don’t have anti-ballistic-missile systems, and I also don’t have the capability to make an entire hardware/firmware/os from scratch.

So instead focus on the things you can control and are more likely to happen. Don’t plan for doomsday, plan for every day.

[–] [email protected] 9 points 3 days ago (5 children)

I would go on eBay and buy a Libreboot machine from 2009 and prior (X200, T500, etc.) These systems have 100% no blobs in the firmware and can have the IME fully disabled. I use these as my daily and I'm fine.

[–] [email protected] 21 points 3 days ago (4 children)

Most people need more than a brick for their daily.

[–] [email protected] 1 points 4 hours ago

100% disagree that "most people" need more than a brick.

load more comments (3 replies)

load more comments (4 replies)