Remix clone Hacker News

You can watch network traffic for data leaving the device. Trust but verify.

3eb7988a1663 16 hours ago | parent | next [-]

For something as compressible as voice, I do not know how you would feel confident that data was not slipping through. Edge transcription models (eg Whisper) are continuing to get better, so it would be possible for malware to send a single bit if a user says a trigger word.

▲

lxgr 17 hours ago | parent | prev [-]

Good luck auditing even just a single day of moderately active web browsing.

▲

kube-system 15 hours ago | parent [-]

It's easier than reading all of the code in Ubuntu.

▲

lxgr 14 hours ago | parent [-]

But still entirely impossible. So does it matter?

▲

perching_aix 14 hours ago | parent [-]

Network traffic monitoring is routinely done at enterprises. It's usually part-automated using the typical approaches (rules and AI), and part-manual (via a dedicated SOC team).

There are actual compromises caught this way too, it's not (entirely) just for show. A high-profile example would be Kaspersky catching a sophisticated data exfiltration campaign at their own headquarters: https://www.youtube.com/watch?v=1f6YyH62jFE

So it is definitely possible, just maybe not how you imagine it being done.

▲

lxgr 10 hours ago | parent [-]

I do believe that it sometimes works, but it's effectively like missile defense: Immensely more expensive for the defender than for the attacker.

If the attacker has little to lose (e.g. because they're anonymous, doing this massively against many unsuspecting users etc.), the chance of them eventually succeeding is almost certain.

	▲	perching_aix 6 hours ago \| parent [-]
		All cyberdefenses I'm aware of are asymmetric in nature like that, unfortunately.