this post was submitted on 03 Oct 2025

616 points (99.2% liked)

Technology

75758 readers

1852 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

L4s@lemmy.world

L3s@hackingne.ws

L4s@hackingne.ws

616

Head of the Signal app threatens to withdraw from Europe (www.bluewin.ch)

submitted 2 days ago by schizoidman@lemmy.zip to c/technology@lemmy.world

128 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] lmmarsano@lemmynsfw.com 10 points 2 days ago* (last edited 2 days ago) (1 children)

I don’t think you should comment on security if “open source” means anything to you

Anyone can look at the source, brah, and security auditors do.

For finding backdoors binary disassembly is almost as easy or hard as looking in that “open source”.

Are you in the dark ages? Beyond code review, there are all kinds of automations to catch vulnerabilities early in the development process, and static code analysis is one of the most powerful.

Analysts review the design & code, subject it to various security analyzers including those that inspect source code, analyze dependencies, check data flow, test dynamically at runtime.

There are implementations of some mechanisms from Signal.

Right, the protocol.

Can you confidently describe

Stop right there: I don't need to. It's wide open for review by anyone in the public including independent security analysts who've reviewed the system & published their findings. That suffices.

Do security researches have to say anything on DARPA that funds many of them?

They don't. Again, anyone in the public including free agents can & do participate. The scholarly materials & training on this aren't exactly secret.

Information security analysts aren't exceptional people and analyzing that sort of system would be fairly unexceptional to them.

Oh, the surveillance state will be fine in any case!

Even with state-level resources, it's pretty well understood some mathematical problems underpinning cryptography are computationally beyond the reach of current hardware to solve in any reasonable amount of time. That cryptography is straightforward to implement by any competent programmer.

Legally obligating backdoors only limits true information security to criminals while compromising the security of everyone else.

I do agree, though: the surveillance state has so many resources to surveil that it doesn't need another one.

[+] vacuumflower@lemmy.sdf.org -8 points 2 days ago

In short - something "everyone being able to look upon" is not an argument. The real world analogies are landmines and drug dealers and snake oil.

Even with state-level resources, it’s pretty well understood some mathematical problems underpinning cryptography are computationally beyond the reach of current hardware to solve in any reasonable amount of time.

You are not speaking from your own experience, because which problems are solved and which are not is not solely determined by hardware you have to do it by brute force. Obviously.

And nation states can and do pay researchers whose work is classified. And agencies like NSA do not, for example, provide reasoning for their recommended s-boxes formation process. For example.

Solving problems is sometimes done analytically, you know. Mostly that's what's called solving problems. If that yields some power benefits, that can be classified, you know. And kept as a state secret.

Are you in the dark ages? Beyond code review, there are all kinds of automations to catch vulnerabilities early in the development process, and static code analysis is one of the most powerful.

People putting those in are also not in the dark ages.

Stop right there: I don’t need to. It’s wide open for review by anyone in the public including independent security analysts who’ve reviewed the system & published their findings. That suffices.

There are things which were wide open for review by anyone for thousands of years, yet we've gotten ICEs less than two centuries ago, and electricity, and so on. And in case of computers, you can make very sophisticated riddles.

So no, that doesn't suffice.

They don’t.

Oh, denial.

Again, anyone in the public including free agents can & do participate. The scholarly materials & training on this aren’t exactly secret.

There have been plenty of backdoors found in the open in big open source projects. I don't see how this is different. I don't see why you have to argue, is it some religion?

Have you been that free agent? Have you participated? How do you think, how many people check things they use? How often and how deeply?

Information security analysts aren’t exceptional people and analyzing that sort of system would be fairly unexceptional to them.

Yes, but you seem to be claiming they have eagle eyes and owl wisdom to see and understand everything. As if all of mathematics were already invented.

Legally obligating backdoors only limits true information security to criminals while compromising the security of everyone else.

It's not about obligating someone. It's about people not working for free, and those people working on free (for you) stuff might have put in backdoors which it's very hard to find. Backdoors usually don't have the "backdoor" writing on them.

I do agree, though: the surveillance state has so many resources to surveil that it doesn’t need another one.

Perhaps the reason they have so many resources is that they don't miss opportunities, and they don't miss opportunities because they have the resources.