• azuth@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    3
    ·
    4 months ago

    Exploits don’t care if you are actually the NSA or not. The NSA certainly knowns that yet they keep exploits secret at least from the public.

    They have argued for key escrow for God’s shake.

    They are primarily an intelligence agency. If you are not likely to be targeted by the NSA you are also unlikely to be targeted by any of their adversaries. They don’t give a shit if you get scammed, they are not the FBI, who also keep secret exploits and are anti-encryption.

    Additionally using their “best” exploits on more simple targets still poses a risk to them being discovered and fixed. Therefore it’s beneficial to them for everybody’s security to be compromised. It also provides deniability.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      Right. Their advice for the general public is a mix of “best practice” and risk. If an exploit is not actively exploited in the wild, they’ll probably sit on it for intelligence purposes and instead recommend best practices (which are good) that doesn’t impact their ability to use the exploit.

      So trust them when they say do X, but don’t take silence to mean you’re good.