technology

24116 readers

286 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.

founded 5 years ago

MODERATORS

context@hexbear.net

SexUnderSocialism@hexbear.net

gaycomputeruser@hexbear.net

Wakmrow@hexbear.net

SwitchyandWitchy@hexbear.net

I MAY be alone on this but i think this whole “Signalgate” thing is a psyop made to make the app look bad and have the government look into it or shut it down (hexbear.net)

submitted 1 day ago by NoahFuel@hexbear.net to c/technology@hexbear.net

20 comments fedilink hide all child comments

Think about it: A privacy‑focused app the government dislikes used by activists and dissidents gets dragged into a scandal it didn’t technically cause and that scandal becomes political justification for scrutiny and possible investigation

When something protects privacy, shields activists, can’t be surveilled, and is widely used by people the government considers “enemies,”

then any incident, especially a dumb mistake by a public figure becomes an opportunity to push the narrative that "its bad"

Hegseth literally invited a journalist into a private Signal group. The app didn’t leak. He did.

But the public takeaway is shaping up to be:

“Signal is unsafe.”

Activists, dissidents, and “uenemies” use Signal heavily. When an app becomes central to organizing or communication for groups the government dislikes, it moves up the target list.

TL:DR, “This scandal feels like it’s being weaponized to smear Signal and justify government pressure

you are viewing a single comment's thread
view the rest of the comments

[–] PorkrollPosadist@hexbear.net 20 points 1 day ago* (last edited 1 day ago) (1 children)

Not to say that decentralization solves everything, but I see all of these centralized "but we do E2EE tho" apps as deeply flawed. Especially when they require phone numbers to sign up. You are just WhatsApp without Facebook's bad reputation! Assuming they are completely above board (not intelligence ops in themselves, but subject to legal pressure), we can take their word that there are no plaintext records the government can subpoena, but as a centralized service, they construct essentially one point the government needs to watch. They can correlate when messages are going in with when messages are coming out to assemble graphs of communications networks. With subpoena power, they can trivially figure out who the individual nodes are in those graphs, who they are communicating with, what their location is (they have your phone number), and with zero-day attacks at their disposal, they can exfiltrate the plaintext from end-user devices - if the social network information doesn't provide enough insight for them to roll up troublemakers without needing to burn these.

There is an old manta among cryptographers and Free Software advocates that "there is no such thing as security through obscurity." I'm calling bullshit. While it is not a substitute for sound cryptography, the clever application of stenography goes a long way. Every day you can avoid being noticed is a day the investigation has been delayed. Every investigation which gets started late, or never starts at all, creates blind-spots to the state. Public key cryptography is a crucial tool, but there is a hyper-fixation on it while alternate methods are overlooked. Classic practices of tradecraft, like one time pads, dead drops, hiding messages inside innocuous mediums. The discipline to opt for radio silence instead of constantly dinging the "Revolution HQ" server with you E2EE messaging app as you roam from WiFi access point to WiFi access point. The pre-arrangement of signaling procedures, where an innocuous post on a mediocre blog, a classified ad with the correct words in it, or the arrangement of flower pots on a balcony can let somebody know it is time to move to phase 2, or establish a meeting in a predetermined location, or retrieve a package from a specific garbage can on the Hudson River Greenway.

These apps are actually much more secure when being used by police and state officials. In this case, they don't need to worry about investigators with subpoena power. The threat model is simplified to the cryptographic fundamentals, and the security of the devices implementing them. Foreign intelligence is still a threat, but they don't have the blanket physical access to these networks that the US security state does.

[–] bobs_guns@lemmygrad.ml 6 points 1 day ago

Yeah pretty much bang on, good post. I still use them but I am not actively organizing revolutionary activities so my threat model is not that stringent.