this post was submitted on 27 Oct 2024
9 points (90.9% liked)

Privacy

204 readers
1 users here now

Protecting your anonymity and data online the communist way

founded 4 years ago
MODERATORS
 

Think about it. It was released (read: forcibly shoved down our throats) by Google and came out of nowhere when there were zero problems with the decades old and extremely well researched incumbent image/video formats that the web was already using (i.e. jpg, png, gif, mp4, etc). Google has confirmed ties to the US three-letter agencies through PRISM, as well as AFAIK all but confirmed ties to the Israeli government. BlastPass was reportedly apart of Israel’s Pegasus hacking suite for years before the vulnerability went public, and was actively exploited by Israel to track down political dissidents. It’s also the worst type of vulnerability there is, a buffer overflow resulting in arbitrary code execution, meaning once you exploit it you can do literally anything to the target device, from an image format, the type of file most people would never suspect to be capable of doing that (and indeed most developers never suspected that either, considering how everyone from Mozilla to Apple seemingly just took Google source code and incorporated it into their own software, no questions asked).

Maybe I’m just overly cynical, but I’m having a really hard time believing that such a critical vulnerability in such a widespread code base would be accidental, especially in the age of automated testing, fuzzing, and when the industry generally has a very good understanding of how to prevent memory vulnerabilities. The vulnerability was there since they very beginning of the standard and we’re to believe one of the largest software companies simply failed to spot it for years? I don’t think Hanlon’s Razor should apply to companies like Google because they have a long and shameless pattern of malice and have long exhausted their benefit of the doubt.

I have a sneaking suspicion that WebP was planned as a Trojan horse from the start to backdoor as much software as possible, and Google sold the exploit to the US and Israel govts. Why else would Google so relentlessly push an image format of all things unless there was some covert benefit to themselves? (An image format that’s not even patented/licensed mind you so they’re definitely not making money that way.)

What do you think?

top 4 comments
sorted by: hot top controversial new old
[–] darkcalling@lemmygrad.ml 10 points 1 week ago

I think it's a bit of a stretch to say WebP was created purely so zionist and US intelligence could have an exploit to use against people. It was created because Google serves a lot of images and had an inherent interest in lowering the costs of doing so via compression.

The more reasonable explanation is this was discovered and not patched because it was being used by "friendly" intelligence, not patched until independent actors discovered it at which point the jig was up. Same thing with how Russia accused the US of exploiting an Apple iPhone vulnerability to hack Kaspersky employees, it's not likely they had Apple build it so much as they forced them not to patch it after they built it or asked them to and they agreed.

Hardware backdoors in intel processors? Sure, I'll buy that, it makes sense and the tools to poke about at it are very expensive and specialized. Designing and deploying and bullying the web onto a new image standard just so you can exploit one vulnerability in it that could be discovered and patched at any time? Ehh.

Why else would Google so relentlessly push an image format of all things unless there was some covert benefit to themselves?

Reduced bandwidth and control of the standard. Meaning they themselves don't have to pay licensing royalties to someone else which is also a consideration and benefit. See for example Microsoft's Embrace, Extend, Extinguish philosophy, tech companies have reasons to want to control the software and standards that are most commonly used for reasons like that.

[–] felipeforte@lemmygrad.ml 5 points 1 week ago (1 children)

It's plausible that they left it intentionally (not unheard of), but I believe the format was designed to diminish costs of storing images

[–] CriticalResist8@lemmygrad.ml 3 points 6 days ago

I was going to say that too. Webp and webm is very efficient at reducing file size, and Google deals in data storage a lot - Google drive, YouTube, Google images... It helps them directly to reduce storage costs

[–] freagle@lemmygrad.ml 3 points 1 week ago