this post was submitted on 21 Apr 2025
206 points (97.2% liked)

BuyFromEU

3391 readers
227 users here now

Welcome to BuyFromEU - A community dedicated to supporting European-made goods and services!

We also invite you to subscribe to:

Logo generated with mistral le chat Banner by Christian Lue on unsplash.com

founded 2 months ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
206
The full guide to switching from big US tech to supporting more ethical and EU-based companies! (Redone with OSs added) (lemmy.world)
submitted 2 days ago by [email protected] to c/[email protected]
41 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 1 day ago (1 children)

Bvp47

[–] [email protected] 2 points 1 day ago (1 children)

Having not heard of this one, I was curious so checked some sites about it, like:

https://www.reddit.com/r/linux4noobs/comments/kd0yml/does_the_nsa_have_a_backdoor_to_linux_this/

https://www.theregister.com/2022/02/23/chinese_nsa_linux/

https://www.bleepingcomputer.com/news/security/nsa-linked-bvp47-linux-backdoor-widely-undetected-for-10-years/

My quick impression from those seems to match what was said by some commenters on the FreeBSD forum - https://forums.freebsd.org/threads/nsa-linked-bvp47-linux-backdoor-widely-undetected-for-10-years.84258/

msplsh: This looks like an implant that opens a backdoor, not an intrinsic backdoor built into the OS.

and:

sko: From el reg: To us it seems whoever created the code would compromise or infect a selected Linux system and then install the backdoor on it. So if someone already gained privileges to install anything on one of your machines, it doesn't matter what it is - this host is compromised and has to be nuked from orbit.

So, unless I'm missing something this is not really about "the Linux kernel devs being compromised by NSA" as much as the endless list of Windows-targetting malware is not about "the NT kernel devs being compromised by NSA".

[–] [email protected] 1 points 1 day ago (1 children)

If this is the case, this still wouldn't exclude a NSA compromise though. There is the ban of Russian contributions.

You can say this is all about politics and the war, but then those politics are clearly aligned with US agencied interests. American contributions are still allowed despite the US being just as much as if not more of a threat to security and privacy. Just like they're just as war mongering.

[–] [email protected] 1 points 23 hours ago

I don't know the details of that part directly, but I do remember reading things like this which seemed to indicate delisting of some maintainers (positions of responsibility, as opposed to blocking all developer contributions) who were associated with certain sanctioned Russian companies. This seems to be in line with standard sanctions being imposed by many companies & organisations in various countries (not just USA). Regardless of personal opinions about whether that was "right, wrong, or otherwise" at the time it at least seems a far cry from "an NSA compromise".