Apparently what happened is that French police installed some of malware on the phones to read the messages, and this was now decided to be legal in the UK.
FrostyPolicy@suppo.fi 3 months ago
Wonder how they’d manage that as they both are E2EE.
RmDebArc_5@sh.itjust.works 3 months ago
linearchaos@lemmy.world 3 months ago
Damn, we’ll need those linux phones working soon.
smeeps@lemmy.mtate.me.uk 3 months ago
Then they enforce the chipmakers to put backdoors in the chips themselves
bjoern_tantau@swg-empire.de 3 months ago
What would that change?
lastweakness@lemmy.world 3 months ago
You’d have enough control over the software that you can ensure nothing like this happens
linearchaos@lemmy.world 3 months ago
What would that change?
To be honest, it ‘could’ change everything. You don’t need to run ‘phone’ hardware. You could assemble a handled computer with a 5G modem out of consumer-available parts.
Even if we didn’t go that far, we would get our own LUKS encryption with keys we chose and if we knew we couldn’t trust the hardware, we could take precautions. They can attack apple and android easily enough because it’s just two platforms, one vulnerability in android and you’re into 50% of the population.
While we at it with wishlists, maybe we could do some hardware version of tpm/dpapi and manage to relatively safely encrypt the ram as well.
pwalker@discuss.tchncs.de 3 months ago
Honestly mentioning Enchrochat together with other mainstream message clients is kind of misleading. The Enchrochat message client was also E2EE. However Enchrochat was also a company that sold their own mobile phones with a prorietary OS on it together with own sim cards and only those phones were able to connect to each other. And law enforcment had enough evidence that they sold those hardware in shady untracable ways similar to drugs. At that point there was no western government that didn’t want to help seizing their infrastructure and taking over their update services for example.
The bigger problem however for the general public is that certain politicians want to break encryption all together by forcing companies to implement backdoors on client side. This has been an ongoing discussion for 2 years in EU parliament and it has to stop: eff.org/…/now-eu-council-should-finally-understan…
conciselyverbose@sh.itjust.works 3 months ago
And law enforcment had enough evidence that they sold those hardware in shady untracable ways similar to drugs
It doesn’t matter. Using that phone or app cannot possibly be anywhere close to probable cause for a search.
redditReallySucks@lemmy.dbzer0.com 3 months ago
With a warrant they could probably force signal/whatsapp to inject Malware into their apps to spy on users.
Don’t know how possible it is with signal and their reproducible builds. They would need to add this to the source code of the app.
otter@lemmy.ca 3 months ago
Could they though, I thought signal would just leave the market
30p87@feddit.org 3 months ago
Especially with Signal being open source. What stops the official Signal company from advertising another fork?
einkorn@feddit.org 3 months ago
The server software is not open source.
massive_bereavement@fedia.io 3 months ago
Untrue. Stop spreading FUD:
https://github.com/signalapp/Signal-Server30p87@feddit.org 3 months ago
There’s a grain of truth in the claim: We don’t know for sure if the original open source version is actually running on the server.
einkorn@feddit.org 3 months ago
In that case: They started publishing code AGAIN.
The server soft has been available, then not, and apparently now again.
30p87@feddit.org 3 months ago
That’d be irrelevant, because as long as only the clients hold the keys (which we can verify, as those are not only open source but also are under our control, meaning we can check that the upstream open source version is installed and no private keys are being exchanged) there’s no way anyone can read the messages, except the owner of the private key.
EngineerGaming@feddit.nl 3 months ago
Messages - yes, but there is also metadata. When ALL communication goes through the same servers, it becomes kind of a problem.
kubica@fedia.io 3 months ago
"Gruyere Signal"
Routhinator@startrek.website 3 months ago
WhataApp has MITM on the server side which is how Facebook scans your messages for targeted adverts. E2EE on WhatsApp was a fantasy the moment Facebook bought it.
umami_wasbi@lemmy.ml 3 months ago
Looks like they just hack the phone
otter@lemmy.ca 3 months ago
en.m.wikipedia.org/wiki/EncroChat
So this sounds like the ANOM phone story with extra steps?
original_reader@lemm.ee 3 months ago
How does one get an “implant” onto a phone?
Plopp@lemmy.world 3 months ago
You implant it, duh.