this post was submitted on 25 Jul 2024
314 points (99.1% liked)

Technology

59381 readers
4029 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] freeman@sh.itjust.works 4 points 3 months ago (1 children)

Exploits don't care if you are actually the NSA or not. The NSA certainly knowns that yet they keep exploits secret at least from the public.

They have argued for key escrow for God's shake.

They are primarily an intelligence agency. If you are not likely to be targeted by the NSA you are also unlikely to be targeted by any of their adversaries. They don't give a shit if you get scammed, they are not the FBI, who also keep secret exploits and are anti-encryption.

Additionally using their "best" exploits on more simple targets still poses a risk to them being discovered and fixed. Therefore it's beneficial to them for everybody's security to be compromised. It also provides deniability.

Right. Their advice for the general public is a mix of "best practice" and risk. If an exploit is not actively exploited in the wild, they'll probably sit on it for intelligence purposes and instead recommend best practices (which are good) that doesn't impact their ability to use the exploit.

So trust them when they say do X, but don't take silence to mean you're good.