45
submitted 3 weeks ago* (last edited 3 weeks ago) by Joker@sh.itjust.works to c/privacy@programming.dev

Does that mean that other apps like signal for example have back doors?

Do criminals have a knowledge of exploits in the recommended messaging apps?

you are viewing a single comment's thread
view the rest of the comments
[-] WhatAmLemmy@lemmy.world 40 points 3 weeks ago* (last edited 3 weeks ago)

You're missing the #1 reason organized criminals prefer their own service. To have trusted staff who control everything — the servers, code development & deployment — whom can't be ordered by a court to shut off access to individuals at any time, or provide metadata, eavesdrop, etc.

The weakest link with legal services like Signal is that they can be compelled by law enforcement, the judicial system, and government... That's an enormous risk for any organized crime operation. Even a minimal amount of metadata collection can do a lot of damage, especially if it's analyzed over months/years, and especially when performed by an advanced persistent threat actor like a nation state.

[-] MTK@lemmy.world 13 points 3 weeks ago

I disagree, stupid self developed systems leak so much more, I think the number 1 reason is, surprise surprise, stupid people.

Also plenty of criminals and organized crime also use standard tools like telegram (which is way worse then signal)

[-] refalo@programming.dev 17 points 3 weeks ago

I think you're both right. I think the non-stupid people with successful self-developed systems simply aren't talked about, because they don't get caught, because they're not stupid.

[-] RonSijm@programming.dev 4 points 3 weeks ago

It probably depends on the level of the criminals and organized crime groups. I saw this Youtube video a couple weeks ago that talks about the history of how organized crime groups were using encrypted communication https://www.youtube.com/watch?v=gigIOc_0PKo (And how they were honey-potted by the FBI to use an FBI-hosted service, lol)

Organized crime groups that make 100s of millions should be capable enough to hire skilled developers and sysops to host self-managed services. At some point if they make enough money, investing in self-managed communication becomes preferable over using telegram or signal.

[-] MTK@lemmy.world 1 points 3 weeks ago* (last edited 3 weeks ago)

There are multi million companies that get hacked left and right, money does not mean intelligent security measures.

Also, best option is the big ones, anyone who wants real security and privacy should use something that already exists. Sure, maybe not signal (even though for anything less then a state actor it is plenty) but there are plenty of self-hosted or decentralized communication apps out there.

Anyone who builds their own app is very likely making a bad decision.

Just a reminder that one of the most wanted man in the world by the most capable state in the world (Snowden) is using signal

[-] Scoopta@programming.dev 1 points 3 weeks ago

Theoretically signal only has your phone number and time of sign up which means theoretically it shouldn't matter if the legal system asks them for information.

[-] FizzyOrange@programming.dev 8 points 3 weeks ago

... theoretically. In practice if the NSA used a secret court order that banned them from talking about it and made them update the app to reveal plaintext for one particular person, I don't see how they could get out of that (other than by breaking the law and risking jail).

I think the chances of that are very small though.

[-] prex@aussie.zone 5 points 3 weeks ago

There is legislation in Australia that allows precicely this. Then 5 eyes or Interpol or whatever for everyone else.

[-] Scoopta@programming.dev 2 points 3 weeks ago* (last edited 3 weeks ago)

...that's a terrifying but also plausible prospect. Guess it's a reason not to use the published app and instead build it yourself.

[-] refalo@programming.dev 7 points 3 weeks ago* (last edited 3 weeks ago)

Yea and if a nation-state knows your phone number, they can track your exact whereabouts in real-time. Let's not pretend like we know better than them about what information matters :)

[-] Scoopta@programming.dev 1 points 3 weeks ago

...yeah and if they went to signal to ask about you they're going to provide signal your phone number as it's the only identifier they have in their system...so the nation state already had that to begin with, it isn't sensitive info despite what it can be used for.

this post was submitted on 03 Dec 2024
45 points (97.9% liked)

Privacy

1321 readers
1 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS