Privacy

43114 readers

782 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

183

It started to stop kids vaping [pot] in school bathrooms. Then they stuck it in poor people's homes. | DEF CON Snitch Puck Talk, October 2025 (lemmy.ml)

submitted 3 weeks ago* (last edited 3 weeks ago) by brbposting@sh.itjust.works to c/privacy@lemmy.ml

19 comments fedilink hide all child comments

A lotta vapes are reportedly chock full of lead, so kids probably shouldn't be puffing clouds in the bathroom stall, but was there any reason to design the most exploitable version of a product to alert school administrators about it?
The manufacturer was happy to expand to Section 8 (USA, subsidized) housing in spite of script kiddies, rogue employees, or legit employees working under new guidelines being able to root into the Motorola Halo 3C and use its fully-functioning microphones to invade privacy.
The frog is boiling slowly: pay more for your car insurance when your insurer buys your driving data today; risk your home insurance when you don't install this "fire prevention" spyware tomorrow.

DEF CON 33 - Unmasking the Snitch Puck: IoT surveillance tech in the school bathroom - Reynaldo, nyx: YouTube
83,126 views, Oct 10, 2025

you are viewing a single comment's thread
view the rest of the comments

[–] fubarx@lemmy.world 25 points 3 weeks ago

The minute the Pi4 compute module showed up, the jig was up.

For the secure boot scheme to be really secure, you have to generate a unique key for each device. Most vendors don't bother because it means each firmware update has to be signed and encrypted for each unique device. This also means you have to have the infrastructure for device attestation. You can't just stick an update file on a public S3 bucket or FTP site like the good old days.

Some end up reusing the same product key, so if it's compromised, all devices in that family can be hacked. But even that's too much for some vendors.

Instead, they just wing it, and go back to the bad old habits (no encryption, or symmetric keys embedded in firmware) that get them featured in DefCon presentations.