Since someone went ahead and resurrected this thread, let me throw my 2 cents in. #1 If you dig a little you will learn that SELinux code was released under the GPL license. That means that they were legally bound to release the source code. That's not saying that they could have been the typical 3 letter agency and use it and hide it from public eyes, but it would have been become public knowledge sooner or later. #2 Since the source code has been released anyone can inspect the code and look for security vulnerabilities. In 15 years it is still the most secure code to date. Linus and Ted wouldn't have implemented it into the mainstream kernel if it was flawed in any way. #3 The NSA has since abandoned and regretted developing SELinux under the GPL license because they were legally bound to release the source code. http://www.nsa.gov/selinux Here is a couple of articles for a good read: http://linux.slashdot.org/story/00/12/22/0157229/nsa-releases-high-security-version-of-linux (Before) http://www.geek.com/news/nsa-suddenly-sours-on-open-source-547831/ (After) Question #1: What is the most secure Linux distro that Edward Snowden himself uses? Answer: Tails/Tor. SELinux is implemented in Tails. Question #2: Who is one of the major donators to Tails? Answer: Look it up, the answer might surprise you.
My thread/posts are more than 1.5 years old and you are replying today to it. I take the chance to post my updated thoughts. It's right. The contribution of the NSA to SELInux is not that huge problem I previously thought. I also have some info of kernel developers. This applies purely to SELInux itself, I mean its source code. It does not apply to the (current) sense/Use of SELinux on Android, though (original context of the thread). The basic statement is right, the dream of a free Android is over...it is not that much NSA development related as I thought, that's the difference. I am referring / had referred to that what happened to Samsung Android..... Samsung digitally signs their kernel partition. SELinux is enforcing. When knowing what SELinux is then one knows one can constantly apply new security policies to restrict other 'apps'/modifications. setenforce 0 does not work on Samsung kernels since they are not compiled to have that feature. Recompiling the source with permissive mode or to have this option would result in a kernel which has another signature. Flashing such a mod kernel breaks signature and KNOX warranty bit will be set to void. Some still actual quotes to reconsider the concept of SELinux (updated with new enforcing policies for the manufacturer's interests)--->modification prevented due to kernel signing----> KNOX warranty void: "People who are not aware of something ‘bad’ are not affected." "Abuse happens there where traffic is recorded, not on a particular OS." "The joke is that those who want to steal and those who want to protect are the same" "Security concepts issued by co-operators of the NSA remain doubtful no matter what tech / security level they have."
That statement is only meaningful as a response to someone else's accusation of paranoid. No one can stand outside of another's mind and deem them to be paranoid, rather than aware. I remember a time when anyone that thought they were being monitored by their government was bona fide, 100% mentally ill. Now, the only people that DON'T think they are being surveilled by their government are the stupid. Yesterday's insanity is today's normal, and yesterday's normal are today's idiots. I mostly wanted to respond to the idea that paranoia and awareness are basically the same thing, it's really about the degree to which one puts into it and what the opinions are of those around them. Most of the people using the word "paranoid" are stupid. Wanted to say that too. Stupid people hate awareness, and the people that are aware.
as long somethig get massive it will be control it, hack it, invider by virus, etc, this is being hapening always and it will be, everyone want to get a piece of the cake. thats human kind
@November_Zulu: I agree. If You allow your awareness to adversely affect your psyche, then it becomes a bad thing for You and a source of comedic fodder for others. Sometimes, it's best not to say anything and allow others to learn from their own mistakes. If something looks "fishy" to Me, I'll mention it once. Those with intellect will look into it and make their own determinations as to the validity of my words and the impact of my statement(s) on their own lives. Usually, they'll come back and ask questions. If I have a logical explanation, and I can back up my statements with proof, I'm aware. if I can't prove it, then I'm paranoid. If someone else proves my hypotheses, then I'm vindicated, and no longer paranoid. Truth is, it's all about the presentation. (See; P.T. Barnum)
“Just because you're paranoid doesn't mean they aren't after you.” - Author Joseph Heller, from his novel "Catch-22"
Apple has gone with "security through obscurity" AKA "hiding the flaws"; compare OS X with any of the BSDs (including the least secure - PC-BSD) or even Windows 10 in terms of security. Another problem is that security - in any OS - WILL make the OS itself harder for ordinary use; Snowden pointed THAT out as well. And the REAL reason NSA is resented is because it is BETTER at penetrating than any other agency of its type - not because there aren't other agencies of its type. Look at GCHQ, for example - it is not only older than NSA, it is, in fact, the model FOR the predecessor TO NSA - the "Black Chamber" of the Department of War. Look at what other nations have tried to do in the LEGAL arena merely since San Bernadino (I'm referring to the UK and "Snooper", the Pakistanis and Blackberry, and the PRC and darn near every OS under the moon). The conundrum the NSA faces is that encryption is quite legal for Americans to use - encryption qua encryption is quite legal. However, all encryption is - at its core - a lock; and like locks, it can be picked/defeated. The value of encryption - like the value of locks - is based on how tough the lock is - including defenses built into the lock itself (such as self-destruct). The problem for law enforcement - and the NSA - is the same problem faced with those that pick locks - getting what you're after without destroying what you're after. And why is it a problem for law enforcement? Consider crimes from corruption to wire fraud to premeditated murder - computers and electronic devices are used in all of them, and have been for years. Now throw tough-but-user-friendly (even relatively user-friendly) encryption into the mix (such as hardware-assisted encryption). The police want the evidence - the lock is defending said evidence - that is the REAL conundrum - do you want the crooks to get away with it - at the cost of lives and real money?
Freedom cannot be valued in £$€... So, this is a no-brainer... However, lives - quite another conundrum, sure...
But 1) does this mean the NSA has access? And if so does that also apply for devices in other countries? After all, they have no jurisdiction there...
