azuth

Sure a dumb phone won’t record for Google. Current ones don’t and probably can’t be made to.

But recording would be trivial to implement even on a dumb phone if it becomes acceptable to the majority. Hell it could become a legal requirement.

We cannot run away from these issues by using old phones, old vehicles, ‘physical’ media etc. Eventually they will be unavailable. Some, old vehicles, really should be for other reasons.

Or as others have pointed out, you might not be recorded by your phone but you will be by the others’.

We need to persuade more people to actively oppose such measures outright. Defend privacy, control of our devices etc explicitly.

If you actually read his github you would know that there is a different version of the responsible component between the recovery environment and an installation. Only the RE has the issue.

I’ve read the XZ vulnerability. The very same thing can happen in a closed source corporate project. There are many arrests of foreign intelligence agents that worked in big tech amd/government. It would of course be easier to cover up. As would vulnerabilities discovered by ai, since they can limit who can check their code.

Were they the developers of the ssh package? Microsoft is the developer of the vulnerable bitlocker package and the ones who chose to ship it.

I am employed, most employers are obviously not as corrupt as the biggest corporations on the planet, they simply can’t afford to.

I agree we can’t know. We can know for FOSS software. You are treating uknownable as being less than the known bugs in Foss software. That’s dishonest, lad.

What are the indications that the BitLocker vulnerability is already being utilized?

Microsoft shipping a vulnerable version of the recovery environment. It is the ‘exploit’.

Alleged by a guy who was fired from Microsoft. I’d take that with a pinch of salt.

Such is the nature of closed source software. You select people who will remain complicit till they have a grievance against you. Even if they don’t and talked for moral reasons do you think they would not been fired for it?

That being said, open source repos are being attacked constantly with attempts at intentional malicious code injection - I’m sure you’ve heard of XZ Utils? How many others went through and are being exploited without anyone noticing?

Who knows. How many more went through at closed source software a limited amount of people can test in the same way?

They will be patched. There is also no indication that they 'be been known and exploited till recently.

This was allegedly deliberately non patched to be exploited.

Getting a system without bugs and security issues is impossible, you can at least avoid intentional compromise.