> Hyperbole about a crappy thing, like the bloatware pre-installed on most new laptops and phones by the vendor? An open secret, with discussion about it suppressed?
Personally, I worry about things like IME based on an entirely hypothetical theory: I think many of the big tech companies are riddled with spies from a variety of nations.
My rationale for this is simply that if I was in charge of a spy agency's offensive cybersecurity group, my top priority would be placing agents in Microsoft, Apple, Google, Cloudflare, Juniper, Cisco and so on. They'd have orders be careless in undetectably subtle ways - nobody's imprisoning a guy just because he added log4j to the codebase in 2010. To me this seems well within the capabilities of a spy agency with a multi-billion-dollar budget and tens of thousands of employees.
Even with code reviews, I doubt anyone could deliver a project like IME with no security bugs, if five of their peers were compromised by different nations' spy agencies.
If you think that's completely believable and what else would spy agencies be doing in the modern age, you'd be very suspicious of IME. But if you think that's an undisprovable conspiracy theory with no solid evidence whatsoever, you might think IME sounds just fine.
> my top priority would be placing agents in Microsoft, Apple, Google, Cloudflare, Juniper, Cisco
Interesting thought. Or more likely, I'd guess, spy agencies might recruit existing Big Tech company employees who have access to sensitive and desirable things. That's usually how it happens, reportedly, when American security clearance holders get caught doing bad things: they aren't deep cover agents who spent years working their way into position, they approached or got approached by foreign agents because of their position.
Personally, I worry about things like IME based on an entirely hypothetical theory: I think many of the big tech companies are riddled with spies from a variety of nations.
My rationale for this is simply that if I was in charge of a spy agency's offensive cybersecurity group, my top priority would be placing agents in Microsoft, Apple, Google, Cloudflare, Juniper, Cisco and so on. They'd have orders be careless in undetectably subtle ways - nobody's imprisoning a guy just because he added log4j to the codebase in 2010. To me this seems well within the capabilities of a spy agency with a multi-billion-dollar budget and tens of thousands of employees.
Even with code reviews, I doubt anyone could deliver a project like IME with no security bugs, if five of their peers were compromised by different nations' spy agencies.
If you think that's completely believable and what else would spy agencies be doing in the modern age, you'd be very suspicious of IME. But if you think that's an undisprovable conspiracy theory with no solid evidence whatsoever, you might think IME sounds just fine.