Privacy

49328 readers

697 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

111

[Discussion] Which privacy apps / services do you think are most likely US government honeypots? (lemmy.ml)

submitted 2 weeks ago by dessalines@lemmy.ml to c/privacy@lemmy.ml

108 comments fedilink hide all child comments

IE like Crypto AG:

In 2020, it was revealed that the Swiss company, Crypto AG, which provided secure communications services to ~120 governments throughout the 20th century, was secretly ran by the CIA and West German Intelligence. The CIA and later NSA were able to read encrypted communications for many countries such as Saudi Arabia, Iran, Italy, Indonesia, Iraq, Libya, Jordan and South Korea.

you are viewing a single comment's thread
view the rest of the comments

[–] Korkki@lemmy.ml 27 points 2 weeks ago (13 children)

Signal I think. I don't mean that the end2end algorithm or messaging itself are itself unsafe, the algo has been shown to be secure. This is what people usually rebuke this with, with the reminder of Signal's OSS nature.

The issue the servers and the social networking data that can be harvested. The server code only partially exists in public and we just have to trust that that is actually what is running on whatever AWS server without tampering and self hosting is nearly impossible in practice if technically possible and nobody does it. The social network data (who talks to who) is more valuable than the actual messages logs, which give a massive, but mainly useless datasets. Until LLMs, like 10-15 years ago they were basically impossible to parse for any useful info without using large quantities of eye pairs. Basically if you are an organizer, criminal, government, part of a hunted opposition, you will leak the whole core group structure of your org with attached phone numbers. Whoever with that data can then target their devices and persons with other means. Plus it's literally built on top of CIA money. I think signal is totally safe and adequate for friends and family type of use, but not much else, but then all in all so is whatsapp, mostly since signal and Whattsapp share the same end to end algorithm.

[–] SteleTrovilo@beehaw.org -2 points 2 weeks ago (10 children)

It's funny how every poster who criticizes Signal inevitably makes a technical error. In your case, the claim that "Basically if you are an organizer, criminal, government, part of a hunted opposition, you will leak the whole core group structure of your org with attached phone numbers" entirely lacks basis. The Signal client - the OSS part we can and do control - does not divulge phone numbers.

You have this theory that Signal's servers are storing communication records. (While there is no evidence to support this, it's valuable to consider what they could do.) So the data that would be captured here is a network of hashed phone numbers and literally undecryptable messages. It's impossible for the adversary to determine any phone numbers they don't already know this way.

And since you can make a Signal account with a burner phone and create a "username", even a known phone number becomes useless against targets who don't want to be identified.

[–] dessalines@lemmy.ml 15 points 2 weeks ago* (last edited 2 weeks ago) (3 children)

All speculation. You gave them your phone number (which also means your real identity), so you should assume they have it. And because its a US-based company, it must adhere to US laws including key disclosure laws, which make it illegal for any signal employee to tell you that any US government agency has asked for this information.

https://en.wikipedia.org/wiki/National_security_letter

So the data that would be captured here is a network of hashed phone numbers and literally undecryptable messages

With this data you can build social networking graphs: who is talking to who, and when.

Also this is all the more suspect when you consider that US military / government agencies like OTF fund signal, and constantly try to push signal in privacy spaces.

[–] Moovau@lemmy.ml 1 points 1 week ago

They could pull a Lavabit if presented with gag order, but of course, no way to know for sure how they would react.

load more comments (2 replies)

load more comments (8 replies)

load more comments (10 replies)