[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: concrete steps for improving apt downloading security and privacy

On Wed, Jul 9, 2014 at 11:23 PM, Michael Stone <mstone@debian.org> wrote:
> I frankly find it hard to believe that someone who is unwilling to click
> past the first link when researching actually cares much about any kind of
> writeup of threat models. I'll make it simple: if you're completely
> unsophisticated and worried about a government hijacking your linux
> distribution to spy on you, there's nothing debian can do to help you. If
> you're low profile and uninteresting, the government doesn't care about you.
> If you're actually being targeted by well funded and sophisticated
> adversaries, they're going to get you unless you put a heck of a lot more
> effort in than clicking on the first link.

Someone who is unwilling to click past the first link /now/ may become
very willing to continue clicking once they read it.

"Debian will not protect you against nation-state adversaries" is a
very useful bit of information for many non-technical activists, which
often leads to the questions:
  * "Why?" (what powers can they use to subvert existing protections?)
  * "What /does/ protect you?" (what new protections need I put in
     place such that those powers cannot subvert them?)
It would be lovely to have the answers nearby.

Darius Jahandarie

Reply to: