for example if i only use it to browse the internet and maybe download games from play store but i dont install extensions and use https only, can i still be hacked and my operating system destroyed?? what can i do to avoid that?? i only use my chromebook for python

    • Kache@lemm.ee
      link
      fedilink
      arrow-up
      9
      ·
      11 months ago

      Technically, anything can be “hacked”, but that’s the same kind of technically as “any car can be broken into”.

      Just like there are ways to mitigate getting your car broken into, there are ways to mitigate getting your system compromised.

    • Synthead@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      11 months ago

      Exactly. Just be responsible and don’t do anything dumb with your security. Do the typical stuff right like using a password manager and updating your software often. With your programming, don’t skip ssl validation, don’t have unauthenticated connections that matter, don’t shell out, etc. On your local system, use permissions correctly, keep a local firewall, and all that good stuff. You should be fine, but it’s never 100%.

      • RightHandOfIkaros@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        1
        ·
        edit-2
        11 months ago

        If you think about it, computers are just rocks that humans tricked into thinking.

        Rocks can be hacked. Especially rocks.

  • 0x4E4F@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    13
    ·
    edit-2
    11 months ago

    Rule of thumb: If a human made it, it can be hacked/cracked/disassembled/reverse engineered.

  • FuglyDuck@lemmy.world
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    1
    ·
    11 months ago

    …if i only use it to browse the internet and….

    Any and every device connected to the Internet net can be hacked. I’m not sure why they’d want to, however.

    Even if your data was of particular value, it’d be far more cost effective to just pay Google for it.

  • governorkeagan@lemdro.id
    link
    fedilink
    English
    arrow-up
    6
    ·
    11 months ago

    You don’t necessarily need to do something for the device to be hacked. There could be an exploit that affects all devices running ChromeOS (or any OS for that matter).

    TL;DR: Yes you can.

  • zeppo@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    11 months ago

    Operating systems that are locked down like iOS or ChromeOS remove one major vector of compromise, which is people accidentally or being tricked into installing malicious programs. However, explicit installation is different than an exploit, which can be triggered by a text message or merely visiting a webpage. For instance, there has been a string of iOS exploits related to iMessage attachment processing, or the explot related to webp that was revealed a few months ago. So, yeah, but on ChromeOS, who cares? You can reset it easily and your files are stored on Google servers, anyway. Use 2FA for your account and if you’re not a high profile target, it’s unlikely anyone will try that hard.

  • Snot Flickerman@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    4
    ·
    11 months ago

    Do you have security clearance?

    Does your job involve any confidential (in any way, trade secrets, etc) information?

    Do you work in any sort of IT or information security?

    Those are the kind of things that make you a target of hacking. Generally, if you’re not out dilly-dallying about in dangerous, unsavory parts of the internet, you’re not risking getting infected. So, you would have to be a target.

    Most people are not targets. We ignore spam emails because we recognize them. We don’t go to strange websites because we don’t recognize them. Most of us have menial jobs where we have little control or access and so targeting us for corporate espionage would largely be pointless. Even if you work a menial job that is targeted (you work at a T-Mobile outlet, for example, which have seen thefts of the customer-service devices used to modify people’s accounts) it’s not you being targeted, it’s the company.

    If you have reason to believe you may be a target, then you probably need to take more precaution.

    However, if you’re just a fucking Joe Schmoe like myself, it’s probably a slightly overblown worry and you should be fine.

      • ahornsirup@sopuli.xyz
        link
        fedilink
        arrow-up
        2
        ·
        11 months ago

        Or just straight up mine that crypto on someone else’s power bill. Much less obvious, so people may not even realise that their systems are compromised.

        • whaleross@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          11 months ago

          Or bot nets that do nothing until somebody pays the owner to deploy an untraceable proxy or brute force or ddos attack. There are so many reasons for bad actors to hit up as many machines as possible, regardless who is behind the keyboard.