How can I trust my computer again?

You're not the only one who wants to trust their computer more.

There are a few projects working on creating a good root of trust at boot time.

For example, there's Raptor Computing Systems' Talos platform (1) with libre bootware for a desktop computing experience; Bunnie Huang's precursor (2) which is a handheld and mostly solves your problem, and variations on libreboot/coreboot which can be shoe-horned into existing hardware such as Dasharo(3) on to the PC Engines APU2.

(1) https://www.raptorcs.com/blog/08212017001.php (2) https://www.crowdsupply.com/sutajio-kosagi/precursor (3) https://pcengines.github.io/

On the other hand, you may not need to trust your computer if you don't connect it to a network and all information flows only towards it on read-only media.

If NSO (a small group of engineers) can monitor an iPhone with zero click, knowing only the phone number, including that of high rank officials, what do you think of capabilities of state-level actors?!

Yes, anything connected can be recorded, probably by dozens of organizations.

These capabilities are probably kept extremely secret. We will not know much about them until perhaps decades later.

Use a free os and maybe older cpu if the paranoia goes that way. Turn off javascript and the client side of websites will remain yours.

The other direction is to stop caring or at least rationalize why most of your worries are unfounded (like who cares what kinds of kitten pictures I'm interested in?).

You could also look at an open source hardware like system 76, purism, slimbook etc. I’m looking at replacing my Mac. I love my Lenovo work laptop but I trust it as far as I can throw it. A little better with my personal MacBook Pro, but not by much. I too share the sentiment, trust no website. It’s quite sad watching where we are going as a society and as time passes, my desire to use the internet is diminishing. But what about my kids? What is their digital future?

On your computer

It is possible this is happening, but not likely. A reasonable way out, I think is to purchase a new SSD twice as big as your current drive. Do a fresh install of your operating system, programs, etc.

Be very, very careful with what web browsers and extensions you install on your freshly setup machine.

Now - I am the poster child for advocating for capability based security, and frequently point out that NO computer is secure. Yet, I'm typing this on a Windows 10 laptop. It could easily get compromised by any reasonably angry hacker or spy agency. There's nothing I can do about that. However, those a very low probability events, so I don't worry about what I can't change.

If you work on technologies that are military sensitive, or worth more than a few million dollars, consult your security team for guidance, not this random guy from the internet.

I'm hoping eventually to have an OS that is a daily driver with Capability Based Security. Until then, there's always the small threat to live with. We're all mortal after all, and you can't stop death either.

On Websites

Yes, everything IS recorded and archived. It is, or will be, fed into a neural network as a way to increase engagement, or any other number of commercial and political purposes. Don't type or share anything into the internet you will ever regret saying.

IMHO you cannot trust it and you are being sensible.

I would have the attitude of: dont worry as who cares about my stuff.. except that i think our society is not at a place where this is valid. we dont have the means to address it if we are acted againt.

also using the techniques you are forced into by doing this (e.g. face to face chats about things very important to you) is a security measure that humatiy needs.

I fully get the attitude of: i am going to enjoy my life to the fullest while i can and if i get fucked down the road so be it. but i cannot stomach it myself.

the diversity of humanity is a great safety net and the key driver of this is our independand risk/reward calculations.

.. one way or another be at peace with your decision. I just accept lots of people around me get more out of technology (and are probably more productive or efficient as a result).. i kind of err on the side of so long as you are happy for the time that you are blessed with life and you are not screwing anyone else over just do your thing, as know one knows when the ride is going to end.

EDIT: to be clear i am here posting bullshit on HN, so its not like i dont engage etc.. i just pretty much treat everything on a computer with the same level of privacy/security: none.

The question is not one of trust or lack thereof towards a machine, but towards whoever is responsible for the software running on it (that includes the websites loaded by the browser).

The more one knows about the software, the better one can judge what software can be entrusted with what information.

Hawthorn effect.

And yes there is some potential analysis of everything

We used to believe that we were watched only by God.

Now we know it is both Him and the Five Eyes intelligence dragnet

Here might be a way to make yourself feel better.

When you search or do anything, make some notes of why you are doing what you are doing. Input those notes into search to at least give the surveillance AI, who probably doesnt really care that much about you, some context and you have the explaining done that you feel you need psychologically.

It is normal to fear actions being taken out of context.

Provide some reasons and imput those to effectively make yourself feel better.

If you are doing genuinely bad stuff then maybe use burners and move 3rd world.

"I'm finding it hard to shake the conviction that anything I input on my computer or a website is being recorded and analyzed."

I share your concern, but 'analytics', 'telemetry', 'web beacons' (whatever it's euphemistically called) have been adopted wholesale by developers when creating software. It is rarely questioned by developers because it have become so normal.

An uncomfortable truth is that it is often developers who incorporate user tracking in their software. It doesn't matter if the software is an OS, a desktop app or a SaaS 'cloud' app.

For example, Microsoft's Visual Studio Code is a desktop app that collects telemetry. Electron makes it easy to embed analytics in an app - something developers are eager to do.

Google's ChromeOS is a 'cloud' OS used by millions of school kids in the US. It is not possible to use the full features of the OS without a Google account. Even if user data is 'anonymised' and aggregated we are talking about volumes of data that are simply enormous.

User tracking in software is a juggernaut that shows no sign of slowing down, particulary with the popularity of SaaS. [1]

What do developers have to say about this pervasive tracking?

Developers are more likely to defend their favourite tech company rather than question or scrutinise their tracking practices.

[1] This is a Figma blog post about how Notion was designed using Figma:

"It was around that time we noticed Ivan in Figma. He suddenly popped to the top of our most active user list — spending upwards of 18+ hours a day in our design tool."

https://www.figma.com/blog/design-on-a-deadline-how-notion-p...

The last time this story was posted on HN, the snippet above passed without any comment - and was considered a perfectly normal use of user tracking.

Years ago I started developing a new theory on randomness, logic and supertasks and took all my notes and experimental results into Google Docs. Researched for months on any scientific papers that would go deeper into these topics, and realized that nobody have previously explored some of the questions my theory pointed to. I became more paranoic on some Google researcher having access to my documents and developing the theory on their own, with way more computational resources. So I poisoned the docs with fallacies and fake data while transfering them on paper.

The web != your computer.

You can improve your privacy on the web but you can never expect it to be perfect, disconnect your computer from the web and you will have excellent privacy (unless you are a target of state level intelligence services)

There are many ways to think about this.

Do you trust cloud providers such as Google, Microsoft or Dropbox? If yes, just continue using their services. (I use Google Drive for example.)

If no: There are lots of alternatives that are self-hosted. If you trust a VPS provider you can host it there. If not, you can have a mini-PC running in your wardrobe. There you can host e.g. Obsidion, Joplin, etc.

For communication I warmly recommend Signal.

Unplug the ethernet cable and turn off the wi-fi. The internet isn't the interesting part of computing anyway.

If I think this I tend to ask myself "who would be interested?" In my case the answer is no one!

Use Linux and self host your stuff at home or on a VPS that is not from a megacorp.

Get qubes os that way you might be able to trust some of your computer again. Websites well you should not trust them.