Remember that most hacking is not done by breaking encryption and running code. It’s %100 social engineering. The weakest point is always a person.
This is why I don’t subscribe to the Signal E2EE hype cult.
The fact that Signal doesn’t hide the anonymity of its users, and forces everyone to use phone numbers is a huge red flag.
SimpleX is the way to go, always making sure you never say anything that can point to you in any chat.
Yeah, they caught the Dread Pirate Roberts because he leaked some account name, IIRC. There is no such thing as perfect opsec. 😬
Jami is an option also.
Yeah, but different use cases.
Yes. And the only person I know to have interacted with state security agencies in professional area has told me a few times that any security system based on cryptography is of no real use. Like perpetuum mobile, snake oil, and so on.
If your information is protected by cryptography, it could as well be protected by using “Aesopean language” or memorized by loyal courier or put on paper note in a secret place. You have a secret and a message, ultimately. If your secret place can be predicted, then your secret key can be stolen. If your loyal courier can be drugged\tortured\intimidated, so can be you or your addressee or your cryptography means’ providers to give up the secret key or the message contents or to sabotage your tools.
“Aesopean language” is how they really do it for anything important, it’s pretty naturally learned from culture (one case where spy movies and such show it right), it doesn’t require niche expertise, and it does require common context that can’t be fully reconstructed in most cases. The fuzziness of meaning is a feature, so is the disconnect of responsibility.
Unfortunately I’m autistic and impaired in that exact part of human communication, but honestly some of famous people whose jobs involve being enlightened black belt masters of that are autistic, so perhaps I’m just dumb.
EDIT: But it’s funny that once I thought that the commonly imagined way this works is a trap for illiterate people, and technical means like cryptography are what really should be used. Perhaps, again, some sort of autistic compensation. Now I know better.
Most activism groups aren’t really screening for membership.
Usually it’s, “you want to join ? Cool, I’ll add you.”
Edit: Just read the article. They went out of their way to try to make it sound like this group was up to something other than legally show up to immigrant court and keep watch for heinous police behavior.
The memo did not provide any further details about the individual or their alleged past calls for violence and offered no specifics or evidence to explain why the FBI characterized them as “anarchist violent extremists”. The courtwatch efforts have been non-violent, and the FBI did not respond to an inquiry seeking specific examples of violence and did not answer questions about whether law enforcement had ongoing access to the private group.
We are starting to learn that the world with computers and the Internet is like the world without them, except with them.
There were those medieval German secret courts with their secret judgements and assassins fulfilling those. And there were various masonic and such groups. And even secret societies of revolutionaries.
All they were was crime groups, interest clubs and elites pastime, in the end.
But it all started really working with mass politics. Because secrecy of a group requiring communication and adding new members can’t be preserved, and once it’s broken, it’s just a few people challenging the power. While a crowd with torches (because nobody gives days off for demonstrations at daytime ; yes, torches were not a Nazi thing, they were common for all “worker” parties) doesn’t need secrecy - its idea’s survival is guaranteed not by secrecy, but by inability to stop its spread.
Oh so it’s an activist group that’s doing valuable work but has no need to background check for security. Makes sense, basically every activist or political group is on signal these days.
I guess “FBI infiltrated group of immigration activist” would be boring and not fitting the FUD about encrypted messaging…
Understand that encryption is useless if 1 or more of the parties in a group is already compromised. That’s the problem. Signal’s encryption is great, but you are not anonymous in it. Additionally, even if, like me, you only use your handle and hide your phone number, most people tend to name your contact with your name anyway, effectively breaking the purpose. I use signal only because I’m sure my data is not being sucked as with WhatsApp, but I’m not dreaming for a second that someone will not fuck up at some point and give me away, so I keep stuff I don’t want out there to personal interactions.
Wouldn’t be surprised if they went undercover as a member and was just accepted to the group.
My guess as well. Historically, the FBI has spent substantial resources infiltrating groups deemed even the smallest threat to state power.
Lowest barrier to entry
Imagine saying “Feds should follow the law” is an extreme anarchist statement.
What you allow them, they do. It’s always so. That right to bear arms - see, when most people think that “Feds should follow the law” is a normal statement, then in a society where carry is normalized one can just not be afraid of repeating it and demanding its fulfillment. Including in crowds near migration courts. While for those disagreeing it’s not convenient.
(I don’t like school shootings, but schools can be guarded with armed adults, which is far easier to do if you arm personnel and not send police there, which is easy with legal carry. I also don’t like political murders, but politicians are not in short supply, or, as we say in Russian, “there’s [as plenty] of them as of shit behind a bathhouse”.)
It becomes one every anti left scare (red, but also green and lavender)
The FBI’s report from August, prepared by its New York division, does not make clear how the bureau accessed the Signal group
The question I’m most curious to have answered
Sounds like they joined a large group chat as a member
The FBI, the documents show, gained access to conversations in a “courtwatch” Signal group that helps coordinate volunteer activists who monitor public proceedings at three New York federal immigration courts. The US government has repeatedly been accused of violating immigrants’ due process rights at those courts.
I’ve always felt like Signal isn’t half as secure as it claims to be, and articles like this don’t help that feeling…
Read and research a little before just repeating what you hear some saying. Signal is regularly audited by individuals and institutions, and every time it comes back as the top in terms of encryption. But encryption means nothing if a group, or even 1 individual in a group, is compromised.
Why’s that exactly… who’s not to say they just joined the huge group undercover? Or randomly added to a sensitive group aka the journalist debacle a few months ago.
I’m literally just talking, giving an opinion. Nothing was that fucking deep, just talking about my feelings about how a supposedly secure encrypted website was infiltrated by the motherfucking FBI…
And I’m downvoted? Fucking why? Every day Lemmy gets a little more like Reddit. Shit like this is why the numbers go down. Just spread that negativity—make everyone feel like shit.
Downvote this while you’re at it! Fuck yall!
Get a grip
Many subscribe to the “vote on comments based on how useful the information is” theory, myself included. Based on that your feeling, despite how valuable it is to you personally, isn’t particularly valuable to the discussion. Its not personal.
Your feelings and opinion are wrong in this case.
They could mislead people into sharing your opinion/feeling and then you’d both be wrong.
You’re getting downvoted because you’re wrong and are contributing the opposite of a benefit to a conversation around the security of signal without any facts or proof other than your “gut”.
That is not upvote worthy. People are correct to downvote your comment to let others know that they shouldn’t take it with any degree of seriousness. That’s how this works. That’s how the whole comment voting system is supposed to work.
Your feelings are not special when they muddy the waters of facts.
It’s as secure as it can be in the modern world really.
But none of the technology matters if you let an FBI agent into your super secure encrypted group chat.
why is this downvoted? its not even that wild a comment. Signal fans need to chill a bit.
edit: fanboyism is strong in this thread, damn.
It’s down voted because it’s utter misinformation AND feelings have no relevance in documented information.
because it’s completely unsubstantiated bullshit?
why would anyone upvote “someone’s feelings” on a technical subject?
this is a technology we’re talking about: there is an objective right and wrong, feelings are irrelevant. especially when those feelings are completely baseless.
the better question is: why would anyone upvote this garbage?
I don’t know who still needs to hear this, so I’m going to say it again for the people in the back.
Assume every form of communication you have is being spied on.
If you’re using an app like signal or similar, make sure you and everyone else in the chat has encryption enabled.
Verify the other users in the chat.
Do not plan any activity that could be considered a criminal enterprise on an electronic device with a connection to the internet.
If you’re using an app like signal or similar, make sure you and everyone else in the chat has encryption enabled.
PSA: There’s no way to disable encryption in Signal.
That’s why I said an app like signal. People assume that every app works the same. Telegram had issues with encryption where all parties didn’t have encryption enabled but one or more of the parties involved assumed the chat was still encrypted.
However I should probably change that to read more along the lines of: know the features and settings of your app and ensure that encryption settings are set to maximize the protection of privacy.
I’m gonna have to workshop that. It’s a mouthful.
Either way, thank you for pointing that out.
This had nothing to do with encryption. 99.99% of breaches aren’t some pen hack, it’s social engineering of someone to gain access. You have all the best software and practices in place, but if the dumbass on the fourth floor decides that they’re gonna let someone in who’s called them from Microsoft, then it doesn’t matter.
They let the FBI into the chat because they don’t know opsec for shit.
I agree that you’re right. My thought was it was more likely that they socially engineered their way into getting invited to the chat.
This is why I said that a lot of people are the weakest link in their own secured communications networks.
deleted by creator
I just got downvoted in the comments above for basically having the EXACT same sentiment. I fucking hate it here.
The difference is they gave solid sound advice on opsec, and your comment seemed more in line with distrusting signal’s tech. One of these comments makes sense, the other doesn’t.
Yeah. I dunno man. I’m sorry.
But like. A lot of the time security/privacy fails like this are user-inflicted. Either because people don’t understand the apps and services they use, or because other people aren’t as vigilant about auditing their networks (the people, the hardware the software).
Fair point!
Just don’t care about down votes.
deleted by creator
Shocking revelation.
