There is another varient of why an update might pose a threat after purchase

Posted Mar 3, 2026 17:44 UTC (Tue) by brunowolff (guest, #71160)
Parent article: Garrett: To update blobs or not to update blobs

A government might require the manufacturer to target your IP address with a hostile update to avoid doing a black bag update to your machine. You'd have to be a pretty high value target for this to happen.

to post comments

There is another varient of why an update might pose a threat after purchase

Posted Mar 3, 2026 17:54 UTC (Tue) by mjg59 (subscriber, #23239) [Link]

If we're talking about an otherwise free OS, they'd need to compel the manufacturer (to modify and sign the update) and also whatever third party channel is used to distribute that (either a distro or the LVFS). There's various ways we could mitigate this (additional parties hosting hashes of each update, remote attestation of the service so we can verify we're communicating with something running the published source code, that kind of thing) if it feels like a sufficient therat.

There is another varient of why an update might pose a threat after purchase

Posted Mar 3, 2026 17:54 UTC (Tue) by eharris (guest, #144549) [Link]

Did I mention "offline"? How does "the government" get at my (our) offline stuff?

There is another varient of why an update might pose a threat after purchase

Posted Mar 3, 2026 18:48 UTC (Tue) by rgmoore (✭ supporter ✭, #75) [Link]

You'd have to be a pretty high value target for this to happen.

It depends on how easy it is to do and how easy to hide. If it's easy enough both ways, an abusive government could just do it to everyone. They might not extract any data right away, but having the capability whenever they want it without any need for additional steps before they start spying would be handy. Depending on what capabilities they have to automatically analyze the data, they might very well want to spy on everyone all the time just in case.

There is another varient of why an update might pose a threat after purchase

Posted Mar 5, 2026 17:57 UTC (Thu) by Nahor (subscriber, #51583) [Link]

> You'd have to be a pretty high value target for this to happen.

Define "high value"? Because if you have a vindictive leader *cough**cough*, pretty much anybody can become "high value" for pretty much any reason. Or if you have a corrupt police force *cough**cough*, the backdoor can be used to plant evidence on an otherwise low-value/innocent target (scapegoat), or to spy on an ex-.

And, "value" changes overtime. Read about communism in the USA before vs after the WWII and subsequent McCarthyism. Being a communist wasn't something to be ashamed of before WWII and the USSR. Then came McCarthy, the Cold War, and the communist witch hunts.

Also, "value" implies a "cost". The lower the cost, the lower the value needs to be for a target to become "valuable".

Basically, "nothing-to-hide" is a fallacy: https://en.wikipedia.org/wiki/Nothing_to_hide_argument

And for that matter, you may not be the target specifically, but your computer might (e.g. for DDoS purpose)

TLDR; YES, you're unlikely to ever become a target. But NO, you don't need to be "high value" to become one; anybody can become one, at any time, for any reason.