Who controls our tech?

Topic

New Reply

ON SECURITY By Susan Bradley The other day I spotted a USA Today article by Kim Komando about how to ensure Chinese tech wasn’t spying on you. She wro
[See the full post at: Who controls our tech?]

Susan Bradley Patch Lady

8 users thanked author for this post.

katiedid, fisher75, DLivesInTexas, Norio, lmacri, schmootoo, Lars220, rc primak

Reply | Quote

Replies

“I think all technology should be investigated.”

I agree wholeheartedly… but it’s not a chore for the faint-hearted, especially using tools like Wireshark.

Even more basic tools such as Nir Sofer’s CurrPorts (with logging enabled) produces a log on clean–installed devices that leave you wondering just what the heck is going on in the background.

It’s easy to see how reliant Microsoft is on third-party providers – content delivery networks like Akamai – but the number of outbound connections from a freshly-installed Windows 10 box is an eye-opener.

5 users thanked author for this post.

wavy, TechTango, Fred, Michael432, rc primak

Reply | Quote

At our house we abandoned Windows in favor of Linux Mint when MS threw W7 under the bus.  I object to invasive telemetry by MS and the other mega players in the on-line world- we avoid anything Google-related, for example, and eschew social media.  Having these entities peering in our cyber “windows”, (small w), especially with a profit motive, is off-putting to say the least.

2 users thanked author for this post.

Charlie, Mothy

Reply | Quote

Did you choose Ubuntu? Then you still need to check for telemetry. Same with RedHat and Fedora. I haven’t taken an interest in Mint in this regard, so I won’t post about that distro. My point is, Linux by itself is no guarantee against spying.

-- rc primak

Reply | Quote

Every platform wants to build in the ability to know if the operating system is working.  Remind me to fire up a distro for a similar test.

Susan Bradley Patch Lady

1 user thanked author for this post.

rc primak

Reply | Quote

Exactly my point. Could you test Mint sometime for telemetry? Some here claim it doesn’t do telemetry; I am skeptical of that claim.

-- rc primak

Reply | Quote

Per this blog post from founder and lead developer of Linux Mint Clem Lefebvre:

 

https://blog.linuxmint.com/?p=4030

 

“We can’t measure anything with precision because there’s nothing in your computer which sends data to us and we don’t configure Linux Mint in a way that even allows us to count how many users we have. In other words, there is nothing in Linux Mint that is common to all users and that we could rely on to establish statistics.”

Linux Mint 21.1 LTS (Cinnamon). Windows 8.1 Pro virtual machine (with Classic/Open Shell) via VirtualBox.

7 users thanked author for this post.

wavy, rc primak, ronjwal, Rick Corbett, Cybertooth, DLivesInTexas, Slowpoke47

Reply | Quote

I doubt that Lenovo machines are phoning home to China. Making allegations is easy; FUD is easy.

If they were doing this, surely someone somewhere has some logs that show what was happening. When people accused Microsoft (via Windows) of spying on people, there were all kinds of blogs and sites that posted all of the traffic from Windows. When doing a local search resulted in packets being sent to Bing, it was reported. When a fresh install of Windows 10 was sending packets to tracking domains (third party, not MS), that was reported. We know Windows is very “chatty” with Microsoft, because it has been documented.

There are millions of Lenovos out there. Has anyone got a log from a gateway or router that shows mysterious packets sent to China from any of them, or even to mysterious (unknown) western servers that could be acting as proxies for China? Is there a Wireshark dump somewhere that shows anything unusual that cannot be explained by normal means?

If there ever was such a thing, I would be very interested to know where on the PC the packets originated. Was it just a modification to the default Windows installation, or does it go deeper? One of the first things I do when I buy a new PC is to wipe the OS it came with and install my own, so if it was just in the OS, it would be gone. But what if there was some kind of spyware apparatus in the UEFI? Would those packets even show up on Wireshark? They surely would be seen by the gateway to the WAN, though, no matter where on the PC they originated.

Until we actually see such a report, it is pure conjecture, and given how many Lenovos are sold (millions annually) vs. how many reports I have seen (none), it does not look like there’s anything going on.

For the average user, I don’t think there is any threat from China even if it was true, as I have posted in the past. Most of the people of the world are of no interest to a foreign government. If we were privy to information vital to national security, that would be different, but most of us by far are not in that group. Given the choice, I would rather have China spy on me than Microsoft, Google, or Apple.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
XPG Xenia 15, i7-9750H/16GB & GTX1660ti, KDE Neon
Acer Swift Go 14, i5-1335U/16GB, KDE Neon

3 users thanked author for this post.

katiedid, Ben Myers, rc primak

Reply | Quote

Back in 2015, I found Lenovo spying on Thinkpad users

Lenovo collects usage data on ThinkPad, ThinkCentre and ThinkStation PCs

https://www.computerworld.com/article/2984889/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html

Forced the company to respond

http://news.lenovo.com/article_display.cfm?article_id=2080

Like Susan, I am addicted to the keyboards.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

5 users thanked author for this post.

wavy, ronjwal, wdburt1, Fred, Cybertooth

Reply | Quote

@Michael432, about the Hosts file section in the link from your post above:

When Windows 10 was first coming out, I remember reading that the new OS was hard-coded to connect to certain Microsoft servers regardless of what the user put in the Hosts file; as a result, that file was no longer viewed as an effective way to limit/disable Windows telemetry.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

rc primak

Reply | Quote

I have heard that too, not sure if it has been confirmed. It makes sense, especially with Windows Update. Microsoft has put much effort into insuring that Windows Update continues to function, so ignoring the hosts file for some/all server names that WU uses would not be a surprise.

 

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

2 users thanked author for this post.

rc primak, Cybertooth

Reply | Quote

HA!  YOU are addicted to keyboards?  This computer has an IBM 101 clicky keyboard manufactured on April 6, 1992.  It goes with me whenever I switch out hardware for a newer system.  The touch give perfect tactile feedback, albeit with the clicking noise.  I get as close to touch typing as I’ll ever get with it.  Other keyboards drive me bonkers, especially smaller laptop keyboards on smaller laptops.

Me too!

Reply | Quote

What controls your public utilities? What controls your federal and state programs, physical sites, and computer sites? What controls commercial sites? What controls aviation communication? What controls stop lights? What control emergency communication?

Think computer fire sale.
https://www.urbandictionary.com/define.php?term=fire%20sale

Carpe Diem {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1778 x64 i5-9400 RAM16GB HDD Firefox114.0b8 MicrosoftDefender

1 user thanked author for this post.

rc primak

Reply | Quote

Ascaris wrote:

I would rather have China spy on me than Microsoft, Google, or Apple.

I still vote for “none of the above.”

8 users thanked author for this post.

wavy, Cybertooth, DrBonzo, Charlie, SueW, rc primak, Douglas, Mothy

Reply | Quote

RE. Chinese spyware controversy in laptops by Lenovo and Apple:
Chinese spy chips are found in hardware used by Apple, Amazon, Bloomberg says; Apple, AWS say no way
UPDATED FRI, OCT 5 2018
CNBC
https://www.cnbc.com/2018/10/04/chinese-spy-chips-are-said-to-be-found-in-hardware-used-by-apple-amazon-apple-denies-the-bloomberg-businessweek-report.html

Will Wireshark pick this up? While this was never definitively proven, the US government sent back a lot of orders. That was allegedly going on at the Foxconn plant in China.

IoT devices are notoriously insecure, so they actually pose a far greater threat than fully-functional computers or phones. IoT needs its own sub-net, if not a separate network of its own. Moving the Roomba to the sub-net is prudent. I do suspect that there is something residual creating the traffic with the HP identifiers.

-- rc primak

3 users thanked author for this post.

wavy, Fred, Cybertooth

Reply | Quote

Warning: Nerdy.

IoT really needs two seperate subnets, one where the devices can see each other and one where they can not.  More about VLANs here

https://routersecurity.org/vlan.php

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

3 users thanked author for this post.

wdburt1, rc primak, Fred

Reply | Quote

rc primak wrote:

RE. Chinese spyware controversy in laptops by Lenovo and Apple:
Chinese spy chips are found in hardware used by Apple, Amazon, Bloomberg says; Apple, AWS say no way
UPDATED FRI, OCT 5 2018
CNBC
https://www.cnbc.com/2018/10/04/chinese-spy-chips-are-said-to-be-found-in-hardware-used-by-apple-amazon-apple-denies-the-bloomberg-businessweek-report.html

It is fake news by Bloomberg. Has been denied by all and never proved to be true.
Not a single such chip has been presented.

2 users thanked author for this post.

rc primak, Fred

Reply | Quote

Due to the nature of our work, we removed all of our Lenovo computers from service years ago and replaced them with HP devices.

Yes, the retired PCs remain in storage and are updated periodically. But if we pull them off the shelf, we do not use them if sensitive material is involved.

Take a look at the Forbes’ 2020 article entitled Why Is U.S. Policy Tough On Huawei And TikTok But Not Lenovo?

https://www.forbes.com/sites/roslynlayton/2020/06/26/why-is-us-policy-tough-on-huawei-and-tiktok-but-not-lenovo/?sh=3b472e827b6e

Or the Computerworld’s article U.S. State Department to limit use of Lenovo PCs.

https://www.computerworld.com/article/2545522/u-s–state-department-to-limit-use-of-lenovo-pcs.html

When there are alternatives – why purchase PCs made by a Chinese company?

Reply | Quote

Kathy Stevens wrote:

When there are alternatives – why purchase PCs made by a Chinese company?

IMO, the more appropriate question should be,” Why avoid PCs made by a Chinese company?” The reasons given so far are nothing more than FUD and innuendo. If there is some evidence that they are compromised, let’s see it and base our discussion on facts. Otherwise, what are we even doing here?

If you have to avoid the purchase of certain brands because your company is involved in government contracts and has to respond to their political directives, that would be a valid concern at the company level– though not necessarily so at the level of those government critters who made the decisions in the first place, unless they are just trying to harm China with the FUD.

If that is the goal, to reduce the money flowing into the coffers of our largest geopolitical rivals, that is certainly a reasonable goal… but how realistic is it? My Dell XPS was made in China. Apple iThings are made in China. Every HP I have owned was made in China.

If  the connection to China makes a device suspect, then we’re really in trouble. Are there any that are not made in China?

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
XPG Xenia 15, i7-9750H/16GB & GTX1660ti, KDE Neon
Acer Swift Go 14, i5-1335U/16GB, KDE Neon

4 users thanked author for this post.

ronjwal, rc primak, geekdom, Alex5723

Reply | Quote

Kathy Stevens wrote:

Due to the nature of our work, we removed all of our Lenovo computers from service years ago and replaced them with HP devices.

Yes, the retired PCs remain in storage and are updated periodically. But if we pull them off the shelf, we do not use them if sensitive material is involved.

Take a look at the Forbes’ 2020 article entitled Why Is U.S. Policy Tough On Huawei And TikTok But Not Lenovo?

https://www.forbes.com/sites/roslynlayton/2020/06/26/why-is-us-policy-tough-on-huawei-and-tiktok-but-not-lenovo/?sh=3b472e827b6e

Or the Computerworld’s article U.S. State Department to limit use of Lenovo PCs.

https://www.computerworld.com/article/2545522/u-s–state-department-to-limit-use-of-lenovo-pcs.html

When there are alternatives – why purchase PCs made by a Chinese company?

And putting them online for the update make you feel MORE secure??
Of course it could be off line but what would be the point??

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

Wavy

We have no problem putting our retired Lenovo PCs on line periodically to update their operating systems and drivers.

All data files and apps, except VPN software, were wiped from the machines prior to removing them from service.

As such, there is little information to harvest if the Chinese central government orders such action.

Therefore, there is no risk of sharing personal and enterprise data with Lenovo and their “Big Brother”

See the Forbes article As China Tech Crackdown Continues, Don’t Overlook The Danger Of Lenovo at

https://www.forbes.com/sites/roslynlayton/2022/12/28/as-china-tech-crackdown-continues-dont-overlook-the-danger-of-lenovo/?sh=4d032f1f5d72

 

2 users thanked author for this post.

wavy, Cybertooth

Reply | Quote

Big fan of Nirsoft software. Did not know that Currports had a logging feature. For spying on Windows as it spies on us, I use two DNS programs from Nirsoft

https://www.nirsoft.net/utils/dns_query_sniffer.html
https://www.nirsoft.net/utils/dns_lookup_view.html

and another program that logs all outbound TCP requests
https://www.nirsoft.net/utils/tcp_log_view.html

The telemetry/spying is brutal as these programs illustrate. Here is an example

Windows 10 spies on your use of System Settings
https://michaelhorowitz.com/Windows10.spying.onsettings.php

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

2 users thanked author for this post.

rc primak, Cybertooth

Reply | Quote

I think that Susan’s premise is flawed. Any spy software from China would not phone home to an IP address in China. That’s too obvious. If I was writing such software, I would phone home to a large data center in the US and use a name like these

s.ntv.io
tag.bounceexchange.com
live.rezync.com
logx.optimizely.com
a6709203f34992a5095d2bc7ceaf2ec504f651a8.cws.conviva.com

which were all seen in the CNN.com home page (thanks to DNS tracing by a Nirsoft.net program)

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

2 users thanked author for this post.

rc primak, GandalfGrey

Reply | Quote

Didn’t see anything but what I wrote about.

Microsoft.

Irobot pinging me

HP scanner software left behind on my Sisters computer (AH HA FOUND IT).

Nothing else.

Susan Bradley Patch Lady

1 user thanked author for this post.

rc primak

Reply | Quote

And only be triggered when something interesting was going on.
‘If they could they did’ would be my mantra. Of course same with us…

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

Susan Bradley wrote:

Didn’t see anything but what I wrote about. Microsoft. Irobot pinging me HP scanner software left behind on my Sisters computer (AH HA FOUND IT). Nothing else.

Umm… what?

Sorry but… your post makes no sense.

1 user thanked author for this post.

Fred

Reply | Quote

Michael said “Any spy software from China would not phone home to an IP address in China”.  I only saw the computer phoning home to Microsoft, receiving pings from my irobot vacuum cleaner (mistakenly set up on the same wifi) and an HP scanner software loaded up on my Sister’s computer looking for the now missing HP scanner/printer.  What I wrote about.

Susan Bradley Patch Lady

1 user thanked author for this post.

rc primak

Reply | Quote

What the heck are you on about? I understand Michael’s post. Your response is incomprehensible.

1 user thanked author for this post.

Fred

Reply | Quote

What is incomprehensible about only seeing three types of pings? None of which is suspect.

Are you saying a ping to a known Microsoft server could be Chinese spying?

Or that the iRobot or HP pings are phoning home to China?

-- rc primak

Reply | Quote

[Fred]

Rick Corbett wrote:

What the heck are you on about? I understand Michael’s post. Your response is incomprehensible.

Many very many times posts here at Woody’s were (are?) deleted and banned in a xenophobic way, telling that they are/were politically driven (telling that they were unthermining the U.S. way of thinking and freedom, perhaps? [Just thinking openly…])
Now there is this Wireshark’ed “poof” in a bit larger article, that isn’t conclusive at all and softening the datamining-thoughts; this is not politically driven?
It might be interesting to publish thoughts about why the Ukrainian electronical warfare is resulting in …. , In what actually?
…. On the edge or in the middle of WW3 (that nobody is paricipating), the electronical one, in Europe and Asia? Again Wireshark will not help and prove anything.

* _ the metaverse is poisonous _ *

• This reply was modified 2 months, 1 week ago by Fred.
• This reply was modified 2 months, 1 week ago by Fred.
• This reply was modified 2 months, 1 week ago by Fred.

Reply | Quote

Taking a step back, there is potential spying by China and the well known spying by Microsoft/Windows.

I would think it is very hard to track down any spying by China, assuming it exists. There are many advanced tricks that can be applied and I would think any phoning home activity would  be hidden from Windows itself. One example of a potential trick:  I often see data leaving the WAN port of my router with a private IP address (think 10.x.x.x) as the destination. Maybe a bug, maybe spying. No way for me t know.

As for the spying that Microsoft does, there is a ton of it. This is easily seen with the DNS logging programs from Nir Sofer at nirsoft.net.

 

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

2 users thanked author for this post.

Rick Corbett, Slowpoke47

Reply | Quote

For those averse to MS data collection, time to move on.  Once the usual lot of mega internet players saw what a revenue cow that practice is, (q.v. Google), they got on board.

Linux Mint is a better system, can be had without cost if you wish, and there is no telemetry.  I as a non-tech user am pleased to be there.

2 users thanked author for this post.

wdburt1, rc primak

Reply | Quote

10.x.x.x IP addresses are used by Comcast for their modems and equipment. Comcast also assigns this range of IP addresses to everything on the user’s home network, unless you manually reset things.

-- rc primak

1 user thanked author for this post.

DLivesInTexas

Reply | Quote

Mis-understanding.

I was referring to a 10.something IP address leaving the WAN port. In theory, this should never happen as it is one of a group of IP address (along with 192.168.x.x and others) that are reserved for internal use only. No doubt, you are referring to internal (LAN side) use which is normal. I often see internal-only IP addresses trying to leave the WAN port and get out on the Internet. Puzzling. This is not something a consumer router makes visible.

Again, just an example of advance tricks the hardware manufacturer might pull to hide their spying. IPv6 might be another. I am sure there are many other schemes that I can not even imagine. Simply looking for IPs in China seems simplistic.

 

 

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

1 user thanked author for this post.

rc primak

Reply | Quote

Ever consider that the Chinese uploads the info to spy balloons and not thru the internet?

 

 

Reply | Quote

That would still be recorded as WAN activity. Even if the whole idea were feasible, which it is not.

-- rc primak

Reply | Quote

Michael432 wrote:

Forced the company to respond

http://news.lenovo.com/article_display.cfm?article_id=2080

That URL returns a ‘404 Not found’ error so maybe Lenovo pulled the plug on it.

Reply | Quote

Michael432 wrote:

Warning: Nerdy.

IoT really needs two seperate subnets, one where the devices can see each other and one where they can not.  More about VLANs here

https://routersecurity.org/vlan.php

Michael may I ask why 2 are needed?

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

One VLAN/subnet one where IoT devices can not see each other is a given (in my opinion). That is, each IoT device can only access the Internet. Any malicious device in this group will think it is the only device on the LAN.

But there are also IoT devices that need to communicate with other devices in your home. Perhaps wireless speakers that you control with a mobile app. You could lump all of these in the same VLAN/subnet and while way better than nothing, is not the absolute best isolation. If only one or two devices fit this profile, isolate them in their own VLANs and give them their own SSID. But, this assumes a router can create 3 or 4 or more SSIDs.  And, it assumes you don’t mind connecting to a different SSID to talk to just one device.

Security will always be the enemy of convenience.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

1 user thanked author for this post.

wavy

Reply | Quote

Obvious now that you explained it. Thanks Michael

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

Hi Susan, your preference to the Lenovo laptop keyboard struck a chord with me as I too have preferences regarding the hardware that connects us to our computers. Since I spend countless hours using these systems I strive for optimal efficiency, functionality, and comfort. I do not have experience with Lenovo but will be checking soon as I’m ready for an upgrade. Which specific  model or models have you used and are currently using?

Thank you!

Alan

Reply | Quote