What's that? Encryption's OK now? UK politicos Brexit from Whatsapp to Signal It's not just the European Union the UK's ruling party wishes to leave. According to the Guardian, the recently victorious Conservative party is switching from WhatsApp to Signal, in order to accommodate its new influx of MPs. Unlike WhatsApp, which has a hard limit of 256 members for a group, Signal supports an unlimited …
I for one appreciate when a comment is left to explain the reasoning for a down vote. But, maybe some just like banging at the button. Though, I do have this paranoid suspicion that there are paid political trolls trying to incite divisiveness on all the topics involving government or Microsoft. Can anyone confirm or deny my suspicions? Or, will the trolls just down-vote this too?
Or, will the trolls just down-vote this too?
By saying the above, you just asked to be down-voted. Instead of trying to think of some logical reason, sometimes there isn't one, I think the word 'mischief' sums it up. Yes some people just like to do the opposite of what you would expect..because... Isn't that a great thing though, having the choice to not conform to the majorities will.
@truetalk: It's currently at 23 up, 9 down. Whichever way you voted, if at all, your comment is civil and constructive. And, to be clear, I welcome civil discourse in a space like this and do not expect herd mentality. As such, I only down vote when I think something employs misinformation or flawed reasoning. Note that at this point, no one has provided any specific explanation for a particular down vote. I will simply continue to be curious about this. Thank you for the comment.
All it takes to spy on these private conversations is an invisible member. The creators of the software can easily pop an invisible person in the group automatically when it's created. They can then log the whole conversation. When you think about the business model then that's obvious they are doing so. It's the Jeffry Epstein business model.
In the very first episode of Gerry Anderson's ThunderBirds, Scott Tracy reacts to a indicator flashing in Thunderbird 1 which is warning that the top-secret rocket ship is being filmed, and responds by melting the film in the camera.
I expect this is another promised development which has gone the way of the jet pack and the monkey butler.
I friend of the family was in Burma when Obama visited. He was due to drive past their apartment building. People were outside waiting for his motorcade. They were using iPhones and tablets to take photos. Unfortunately they had trouble getting them to take pictures at that moment. The family friend was unable to take a photo and could see other people struggling.
You know one of the first things that was developed with a noddy neural network and some spare time ?
A mechanism for subtly refactoring English into several semantically identical, but subtly different texts. Think of a precis but instead of summarising, you simply reword, with appropriate punctuation.
The idea being that you feed in your "memo" and then issue the unique outputs to your staff. If one gets leaked, you damn well know the point of origin.
It also had a happy side effect of alerting the sender to any unauthorised collaborations, should a recipient be thick enough (and they were) to comment that they appeared to have a different copy.
It was taken far enough to validate it worked, and then it was made *very* clear that it was not at all suitable for modern politics.
So, with a little effort I too can run the incriminating text which may or may not have yellow feathers [1] through a noddy neural network before forwarding it to the leakhole of my choice? Do you have a spec. for this NN, please?
Actually, one's natural language skills should be good enough to do such refactoring, it's probably quicker and less likely subtly to alter the meaning of the message.
[1] Canary, as in the unfortunate birds used to warn of low oxygen/high CO levels dahn t'pit.
>It also had a happy side effect of alerting the sender to any unauthorised collaborations
Definitely can't have (Conservative) MP'ssheep actually talking to each other, they might gang up and get the 1922 Committee to do something like demand a Referendum...
The idea being that you feed in your "memo" and then issue the unique outputs to your staff. If one gets leaked, you damn well know the point of origin.
Well, unless the leaker is smart enough to run the thing they want to leak through a similar system.
Well, Signal has a desktop app, doesn't it? And that app has access to the plain text of your messages. And it's open source: you can build it & run it. You can build & run modified versions of it: versions which, perhaps, log that plain text to a file.
Not that I have done this, you understand.
Exemptions! You can register with the Telephone Preference Service (TPS) in an attempt to decline Marketing calls (and any sensible Marketing company would comply), however Political Parties are exempt and don’t need to check the list to see if you’re interested in their “marketing”. Politics at its best.
And both apps are based on the same app: Signal!*
Another advantage to Signal: It's not owned by Facebook. You know, the company whose entire raison d'être is to sell as much info about you as it can?
*OK, yes, I know. They both actually use Signal's e2e encryption protocol, which isn't quite the same thing. I'm just being snarky.
** https://www.wired.com/story/ditch-all-those-other-messaging-apps-heres-why-you-should-use-signal/
Signal is owned by Signal and the people of tge world as it is licensed under the GPL 3.0 and all sources are available from here: https://github.com/signalapp
Better than the proprietary FB messenger any day. Plus if someone comes along and buys it, then tries to do bad things with it, we can all just take back control by forking it.
That doesn't answer the question. GPL companies can be bought, and a buyer can do things to make it distinctly unrewarding for a third-party to pick up development.
Signal getting bought out seems entirely plausible. A buyer hostile to its GPL heritage is less likely, but I wouldn't care to rule it out.
But yes, of course GPL is better than closed source. No argument there.
As the poster a bit above me also noted.
The part in the article "Unfortunately, Signal doesn't allow group moderators to block individuals from taking screenshots, which would frustrate the process of leaking a conversation to the press." is kind of laughably stupid... What self respecting leaker doesn't have at least one burner phone that can take pictures of the screen on another phone? I mean you do use a separate phone for the leaking stuff to others right?
Unfortunately, Signal doesn't allow group moderators to block individuals from taking screenshots, which would frustrate the process of leaking a conversation to the press.
Completely nonsense functionality.........
just use an external camera on the phone screen........ that is how useful that function is....
How has the IT security guy allowed them to continue to use whatsapp all this time knowing that while it has E2E encryption, it makes backups of your chats unencrypted on google servers?
It only needs one person in a group to enable backups form the constant nags and E2E encryption doesnt matter as its sitting on googles servers for various alphabet agencies to access, even those not supposed to access it.
Consider nothing said on whatsapp as safe since they added this front door in to your messages. I only wonder what politicians could have said that other countries could have used as intelligence to their advantage.
This isn't shocking to most IT professionals. Most of the government's in the west didn't start getting serious about systems security until a few years ago. While the defense/intel departments started locking things down in 2007 and then even tighter after Snowden leaks, the rest of the govt's spent money on everything but. This includes personnel with talent and understanding on encryption.
When it comes to communication applications, the underlying routines are all similar. Most of the code is out on the Internet for anyone to use. When it comes to encryption, none of them create their own protocols or cipher suites. They use what's available. This comes down to someone who understands which cipher suites are secure, and which are not-so-secure.
...and for those out there who think FIPS 140 cipher suites are unbreakable, you need to think again. FIPS 140 only approves cipher suites up to and including the "SECRET" classification level (by US DOD definition). So they may or may not be good for TS/SCI classification level. There is a different publication for the cipher suites usable for higher classifications.
I don't even have a smartphone, but wouldn't they have native and app Screen Capture utilities, like Spectacle on Linux, or KSnaphot, anyway ?
No need to photo anything.
.
.
Obviously other OSs have snapshooting: crude as it may be for Apple:
On macOS, a user can take a screenshot of an entire screen by pressing ⌘ Cmd+⇧ Shift+3, or of a chosen area of the screen by ⌘ Cmd+⇧ Shift+4. This screenshot is saved to the user's desktop, with one PNG file per attached monitor
Android does, on hard keys.
It's usually either Power + Home or Power + Volume Down.
However, it is possible for an app (or GUI element) to tell the OS that it would prefer not to be involved in screenshots.
This is really useful on desktop OS because it's easy to forget that you've got Sekrit Fing half-visible when taking a screenshot of Public Thing, and it's nice if it automatically hides itself.
It's not security though. It's only a defence against accidental screenshots, not intentional ones.
...given the argument for backdooring e2e has always been that to make sure Law Enforcement (TM) have got access and there is pretty much zero chance of an online group of hundreds of politicians not containing at least one either willing collaborator of The Services or someone who could easily be, ahem, convinced to help.
I'll get my coat.
I can't find the source now but I thought I read somewhere a while back that 'those in the know about these things' didn't rate Signal too highly from a security standpoint, as it uses a "roll your own" encryption algo —which is generally considered to be a silly idea.
Same half-remembered source led me to using Wire [wire.com] when looking for an encrypted messenger as being: 1: Swiss based, 2: Uses tried & tested encryption algos, 3: Also open source
I'm not saying Wire is perfect [the mobile apps, especially, have bugs which have persisted for years] but it's pretty usable. I'm just wondering if Signal would have been a better choice?
You might be getting confused with Telegram, which does have its own home-baked, and apparently somewhat half-baked, crypto system?
Crypto is indeed hard to get right, and we are all better off using systems which have been peer-reviewed by experts in the field and proven(?) to be robust.
Signal's Moxie Marlinspike is reputedly well respected for his cryptography and security knowledge, but, given the subject and what is potentially at stake, there's always that small nagging doubt that potentially a double-bluff is being played, and that that's what They want you to think...?
Signal is acknowledged to have the best encryption protocol, which is why it has been adopted by WhatApp, Google and others. Unfortunately, partly because of the quality of the encryption, group management has traditionally been difficult as groups are essentially a series of individual chats. This is due to change soon as a now have a way to secure accounts with even less metadata. Both articles of full of technical detail but worth reading if you're interested in the kind of problems they're looking to solve and the solutions they've come up with.
Wire is okay but suffering from having no real USP. Threema, also based in Switzerland, offers stuff for businesses.
But for basic group, particularly when you want this to be public, and chat stuff Telegram is about the best, especially as WhatsApp is soon due to start including advertising.
"Swiss headquarters, EU servers". That's where wire has gone wrong.
Threema is totally Swiss, been around a few years:
https://threema.ch/en
"What does the name “Threema” stand for?
Threema started life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Really? Another phone with a decent camera will get around that. What about mobile screen recording? Is that a thing? Let me look...
for the fruit users Go to the Photos app and select your screen recording. Some apps may not allow you to record audio.
and for our droid users
https://www.wondershare.com/screen-recorder/free-android-screen-recording-app.html
Just wondering how many of these politcal types will express their appreciation of Signal by making donations?
Signal Technology Foundation is an independent 501c3 nonprofit. The team at Signal is committed to the mission of developing open source privacy technology that protects free expression and enables secure global communication. Your contribution fuels this cause. No advertisements. No trackers. No kidding.
Your donation helps pay for the servers, bandwidth, and continued development of an app that is used by millions of people every day for secure, free, and instantaneous communication anywhere in the world.
Please make a donation today
https://signal.org/donate/
This is laughable.
Snowden needed assistance (from J. Assange) on how to use a data scraper, keystroke recorder (to steal credentials) as well as other simple hacking tools.
Snowden isn't some fantastic hacker and definitely not a computer engineer. He was a below average consultant working for a defense contractor. Which means, you need some computer training and a security clearance to get the job. No need to handle responsibility, just an ability to follow written directions.
He's not exactly someone I'd count on to provide advice or an endorsement for anything regarding encryption.
Now, if I needed advice on how to run like a beotch--coward, then he's the one to seek out.
Despite the fact we know he worked with the NSA's hacking department, TAO, and various contractors in a technical and engineer roll so obviously knows his stuff....his endorsement is probably not related to his skills/lack of skills on cryptography.
What he brings to the table is knowledge of the x-keyscore database and data retrieval system. Knowing what data they can and cannot slurp up as well as knowing what protocols/algorithms/encryptions cause the NSA problems (at least up until the end of his time there) so can make informed recommendations based on that alone.
Hate can blind you to the obvious.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
