• @[email protected]
    link
    fedilink
    493 days ago

    That would be too obvious and thus ineffective. In reality it is more likely that they have inserted bugs into various open source software covertly, like we saw with xz.

    • @Hugin
      link
      21 day ago

      There was at least one attempt. Back before git the linux kernel was in 1 central repo. There was also a backup repo. It was compromised with a very clever backdoor.

      The backdoor was caught but only because it didn’t have a reference to the mainline repo.

      if ((options == (__WCLONE|__WALL)) && (current->uid = 0)) retval = -EINVAL;

      Note the user uid is being set (=) to root instead of being checked(==) for root.

      The full story.

      https://freedom-to-tinker.com/2013/10/09/the-linux-backdoor-attempt-of-2003/

    • @x00z
      link
      English
      72 days ago

      Looking at leaks of the past, it’s probably more likely that they have an arsenal of bug exploits instead of backdoors when it comes to opensource stuff.

      • @[email protected]
        link
        fedilink
        22 days ago

        Yeah actually that makes more sense than what I originally said. The US is one of the main buyers of gray-market zero day bugs, way cheaper and less risk than trying to covertly implement bugs.

    • @habitualTartare
      link
      193 days ago

      More likely it’s probably a non-free repository that many people choose to use like an Intel driver or something.

  • @[email protected]
    link
    fedilink
    223 days ago

    Why would they bother with the 1% of 4% of Linux users that use their single distro, they’d be better off targeting windows or mobile users.

  • slazer2au
    link
    English
    163 days ago

    No doubt, but why limit it to a single distro family when you can backdoor the kernel or a package 90% of people use?

    • @jqubed
      link
      83 days ago

      Not just the NSA, that kind of reach is accessible to a lot more governments! I’m pretty sure I read a story about that exact tactic earlier this year that looked like it was coming from China. Maybe no way to know for sure who’s actually behind it, but I would expect any government that has interests in spying on other nations is trying to play that game.

      • @foggy
        link
        53 days ago

        It was almost catastrophic.

        quick explanation

        Much better explanation

  • @JubilantJaguar
    link
    103 days ago

    Let’s not be unduly pessimistic. Some basic rules continue to apply. By its nature, open-source software is always going to be a pretty solid guarantee against mass surveillance. If a lot of users are affected, the backdoor is going to be discovered and closed pretty quickly. That leaves the problem of individualized surveillance, where exploits are used against high-value targets. But these are by definition expensive. This fact constitutes a kind of protection for everybody else. That’s the way I see it.

  • @saltesc
    link
    42 days ago

    It’s Arch.

    Think of the kind of people that use it and the shit they say and do. Now wonder what they do alone.

    It’s definitely Arch and the target demographic has gobbled it up none the wiser.