Speek! - A privacy focused p2p messenger that never exposes your IP address

submitted by hsota from github.com

all 9 comments
sorted by:
top
newinsightfulfun

[–]jostiniane 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

holy based, good job! finally, awesome software that's not js shit.. is there a way we can help.. (I guess my skills as a backend dev are deprecated with this)

I would love to see this coming to Android too..

[–][deleted]  (13 children)

[deleted]

    [–][deleted]  (11 children)

    [deleted]

      [–][deleted]  (10 children)

      [deleted]

        [–]newguy 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (9 children)

        There's no reason to "suspect", it's a known fact, at least for Intel processors. Probably AMD too.

        https://hothardware.com/news/researchers-figured-out-how-to-turn-off-intel-management-engine-11-thanks-to-nsa

        The built in backdoor is called the "Intel Management Engine" and it's a full separate computer built in to your cpu that has internet access and everything.

        [–][deleted]  (8 children)

        [deleted]

          [–]newguy 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (3 children)

          lol excactly. I don't think it's possible to turn off in software, honestly.

          even that github just "reduces it's ability" to hijack your computer

          [–]LarrySwinger2 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (2 children)

          It just runs while booting the PC, and the TCP/IP stack is deleted, so it can never phone home anyway. There'd have to be a secondary, impossibly compact TCP/IP stack in the remaining code. Highly unlikely.

          [–]newguy 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (1 child)

          There's other ways to deliver info down a network besides just TCP/IP. And also you have no way of knowing what's actually being sent on the line

          [–]LarrySwinger2 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

          What kind of stack? Can it fit in the 300 kB that me_cleaner leaves? The chip programmers didn't anticipate me_cleaner, so what are the chances that enough functionality remains intact to spy on you? It'd imply that the TCP/IP stack is partially a decoy to give people a false sense of privacy after they neutralize it... At one point you've entered the domain of paranoia.

          [–]LarrySwinger2 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (3 children)

          Neat. Me too. Here's how to verify it.

          [–][deleted]  (2 children)

          [deleted]

            [–]LarrySwinger2 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (1 child)

            I think it's overly paranoid. It's plausible that some of the vulnerabilities are inserted deliberately by the NSA, but Meltdown and Spectre are side-effects of how they build the processors, and they build them that way to make them more performant. Also: deliberate vulnerabilities are inserted covertly, i.e. Intel itself wouldn't know about it. They'd be steered toward bad design decisions by spooks who infiltrate the company. That's more difficult to do. I haven't seen proof of people being affected by this type of thing en masse.

            Companies do leave their vulnerabilities in software untreated for a long time so that spy agencies can abuse them. But that's different from a deliberate insertion. Also: I know of this being done at the OS level with Windows and macOS, but not with respect to processors.

            Even cleaning ME is something you do to be on the safe side. There's no actual proof of it phoning home without any type of provisioning (even though a packet sniffer in the network, on the router or another PC through which traffic is routed, would pick it up). It should be noted that the information about spying programs may be put out there to paralyze people.

            Btw, the repo didn't get updated in 4 years... Does me_cleaner even work for modern hardware?

            It's possible, but more difficult and risky. This thread explains how it's done. I don't know if that works for 11th gen. CPUs, though. Everything gets more difficult with the 11th gen., especially standby, since the new standby mode (I believe it's called s0) makes use of the ME. Star labs fixed that issue on their Starbooks. Other laptops with 11th gen CPUs will deplete more energy while suspended, and it will take longer to get out of suspend, possibly 10 seconds.

            There's something odd going on: the above link shows you how to neutralize 10th gen CPUs, but apparently, Purism has trouble with it. The Librem 14 only has the HAP bit set, but no code removed. Haven't they found that thread? Or possibly they don't use me_cleaner.

            Also: Are there similar tools for AMD platforms?

            No. Reverse engineering of it still isn't far enough. There are AMD computers where the BIOS gives you the option to disable PSP, but there's no verification that this actually does disable it.

            [–]jostiniane 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

            it's a huge market, from a hobbyist point of view, I wouldn't support anything I don't see as open enough.. For instance I would go Gnu/Linux and F-droid only.. But from a business perspective wanting to see your project used more, Windows and MacOSX matter more.