Comment on The FBI spied on a Signal group chat of immigration activists, records reveal
atrielienz@lemmy.world 22 hours ago
I don’t know who still needs to hear this, so I’m going to say it again for the people in the back.
Assume every form of communication you have is being spied on.
If you’re using an app like signal or similar, make sure you and everyone else in the chat has encryption enabled.
Verify the other users in the chat.
Do not plan any activity that could be considered a criminal enterprise on an electronic device with a connection to the internet.
This had nothing to do with encryption. 99.99% of breaches aren’t some pen hack, it’s social engineering of someone to gain access. You have all the best software and practices in place, but if the dumbass on the fourth floor decides that they’re gonna let someone in who’s called them from Microsoft, then it doesn’t matter.
They let the FBI into the chat because they don’t know opsec for shit.
I agree that you’re right. My thought was it was more likely that they socially engineered their way into getting invited to the chat.
This is why I said that a lot of people are the weakest link in their own secured communications networks.
I just got downvoted in the comments above for basically having the EXACT same sentiment. I fucking hate it here.
The difference is they gave solid sound advice on opsec, and your comment seemed more in line with distrusting signal’s tech. One of these comments makes sense, the other doesn’t.
Just don’t care about down votes.
Yeah. I dunno man. I’m sorry.
But like. A lot of the time security/privacy fails like this are user-inflicted. Either because people don’t understand the apps and services they use, or because other people are as vigilant about auditing their networks (the people, the hardware the software).
Fair point!
darklamer@lemmy.dbzer0.com 22 hours ago
PSA: There’s no way to disable encryption in Signal.
atrielienz@lemmy.world 22 hours ago
That’s why I said an app like signal. People assume that every app works the same. Telegram had issues with encryption where all parties didn’t have encryption enabled but one or more of the parties involved assumed the chat was still encrypted.
However I should probably change that to read more along the lines of: know the features and settings of your app and ensure that encryption settings are set to maximize the protection of privacy.
I’m gonna have to workshop that. It’s a mouthful.
Either way, thank you for pointing that out.