Comment

Comment on The FBI spied on a Signal group chat of immigration activists, records reveal

SleeplessCityLights@programming.dev ⁨4⁩ ⁨months⁩ ago

Remember that most hacking is not done by breaking encryption and running code. It’s %100 social engineering. The weakest point is always a person.

source

Sort:hotnew top

herseycokguzelolacak@lemmy.ml ⁨4⁩ ⁨months⁩ ago
This is why I don’t subscribe to the Signal E2EE hype cult.

The fact that Signal doesn’t hide the anonymity of its users, and forces everyone to use phone numbers is a huge red flag.

source
- jjlinux@lemmy.zip ⁨4⁩ ⁨months⁩ ago
  SimpleX is the way to go, always making sure you never say anything that can point to you in any chat.
  
  source
  - iknowitwheniseeit@lemmynsfw.com ⁨4⁩ ⁨months⁩ ago
    Yeah, they caught the Dread Pirate Roberts because he leaked some account name, IIRC. There is no such thing as perfect opsec. 😬
    
    source
  - HulkSmashBurgers@reddthat.com ⁨4⁩ ⁨months⁩ ago
    Jami is an option also.
    
    jami.net
    
    source
    jjlinux@lemmy.zip ⁨4⁩ ⁨months⁩ ago
    Yeah, but different use cases.
    
    source
vacuumflower@lemmy.sdf.org ⁨4⁩ ⁨months⁩ ago
Yes. And the only person I know to have interacted with state security agencies in professional area has told me a few times that any security system based on cryptography is of no real use. Like perpetuum mobile, snake oil, and so on.

If your information is protected by cryptography, it could as well be protected by using “Aesopean language” or memorized by loyal courier or put on paper note in a secret place. You have a secret and a message, ultimately. If your secret place can be predicted, then your secret key can be stolen. If your loyal courier can be drugged\tortured\intimidated, so can be you or your addressee or your cryptography means’ providers to give up the secret key or the message contents or to sabotage your tools.

“Aesopean language” is how they really do it for anything important, it’s pretty naturally learned from culture (one case where spy movies and such show it right), it doesn’t require niche expertise, and it does require common context that can’t be fully reconstructed in most cases.

Unfortunately I’m autistic and impaired in that exact part of human communication, but honestly some of famous people whose jobs involve being enlightened black belt masters of that are autistic, so perhaps I’m just dumb.

source
SnoringEarthworm@sh.itjust.works ⁨4⁩ ⁨months⁩ ago
Most activism groups aren’t really screening for membership.

Usually it’s, “you want to join ? Cool, I’ll add you.”

source
- vacuumflower@lemmy.sdf.org ⁨4⁩ ⁨months⁩ ago
  We are starting to learn that the world with computers and the Internet is like the world without them, except with them.
  
  There were those medieval German secret courts with their secret judgements and assassins fulfilling those. And there were various masonic and such groups. And even secret societies of revolutionaries.
  
  All they were was crime groups, interest clubs and elites pastime, in the end.
  
  But it all started really working with mass politics. Because secrecy of a group requiring communication and adding new members can’t be preserved, and once it’s broken, it’s just a few people challenging the power. While a crowd with torches (because nobody gives days off for demonstrations at daytime ; yes, torches were not a Nazi thing, they were common for all “worker” parties) doesn’t need secrecy - its idea’s survival is guaranteed not by secrecy, but by inability to stop its spread.
  
  source
- captainlezbian@lemmy.world ⁨4⁩ ⁨months⁩ ago
  Oh so it’s an activist group that’s doing valuable work but has no need to background check for security. Makes sense, basically every activist or political group is on signal these days.
  
  source